On 2014-03-16 11:45, Christian Kastner wrote:
> On 2013-07-02 23:41, Andreas Beckmann wrote:
>> during a test with piuparts I noticed your package modifies conffiles.
>> This is forbidden by the policy
>
>> debsums reports modification of the following files,
>> from the attached log (scroll to the bottom...):
>>
>> /etc/default/ferm
>
> The problem is that postinst unconditionally overwrites the value of the
> ENABLED= variable in /etc/default/ferm with whatever was stored in debconf.
>
> I just experienced this during an upgrade whereby I explicitly disabled
> ferm by setting ENABLED=no yet after the upgrade, it was ENABLED=yes.
> This resulted in me being locked out of the system.
>
> The attached trivial patch fixes this by using the debconf value only as
> the default, when no ENABLED= is present.
Eh, I just noticed that the original value was quoted, which I didn't
do. Updated patch attached.
Christian
>From f0fbd0876e8bbbdbedb04955219ce4b8f2f53bef Mon Sep 17 00:00:00 2001
From: Christian Kastner <deb...@kvr.at>
Date: Sun, 16 Mar 2014 11:30:24 +0100
Subject: [PATCH] Do not unconditionally overwrite ENABLED= in
/etc/default/ferm
---
debian/ferm.postinst | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/debian/ferm.postinst b/debian/ferm.postinst
index 0f8ea64..f13c9b8 100644
--- a/debian/ferm.postinst
+++ b/debian/ferm.postinst
@@ -37,10 +37,7 @@ if [ "$action" = configure ]; then
# If the admin deleted or commented some variables but then set
# them via debconf, (re-)add them to the configuration file
grep -Eq '^ *ENABLED=' /etc/default/ferm || \
- echo "ENABLED=" >> /etc/default/ferm
-
- # substitute value
- sed -i "s/^ENABLED=.*$/ENABLED=\"$VALUE\"/" /etc/default/ferm
+ echo "ENABLED=\"$VALUE\"" >> /etc/default/ferm
# make the firewall configuration readable only by root and group adm
if [ -d /etc/ferm ]; then
--
1.9.0
