On 2014-03-16 11:45, Christian Kastner wrote: > On 2013-07-02 23:41, Andreas Beckmann wrote: >> during a test with piuparts I noticed your package modifies conffiles. >> This is forbidden by the policy > >> debsums reports modification of the following files, >> from the attached log (scroll to the bottom...): >> >> /etc/default/ferm > > The problem is that postinst unconditionally overwrites the value of the > ENABLED= variable in /etc/default/ferm with whatever was stored in debconf. > > I just experienced this during an upgrade whereby I explicitly disabled > ferm by setting ENABLED=no yet after the upgrade, it was ENABLED=yes. > This resulted in me being locked out of the system. > > The attached trivial patch fixes this by using the debconf value only as > the default, when no ENABLED= is present.
Eh, I just noticed that the original value was quoted, which I didn't do. Updated patch attached. Christian
>From f0fbd0876e8bbbdbedb04955219ce4b8f2f53bef Mon Sep 17 00:00:00 2001 From: Christian Kastner <deb...@kvr.at> Date: Sun, 16 Mar 2014 11:30:24 +0100 Subject: [PATCH] Do not unconditionally overwrite ENABLED= in /etc/default/ferm --- debian/ferm.postinst | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/debian/ferm.postinst b/debian/ferm.postinst index 0f8ea64..f13c9b8 100644 --- a/debian/ferm.postinst +++ b/debian/ferm.postinst @@ -37,10 +37,7 @@ if [ "$action" = configure ]; then # If the admin deleted or commented some variables but then set # them via debconf, (re-)add them to the configuration file grep -Eq '^ *ENABLED=' /etc/default/ferm || \ - echo "ENABLED=" >> /etc/default/ferm - - # substitute value - sed -i "s/^ENABLED=.*$/ENABLED=\"$VALUE\"/" /etc/default/ferm + echo "ENABLED=\"$VALUE\"" >> /etc/default/ferm # make the firewall configuration readable only by root and group adm if [ -d /etc/ferm ]; then -- 1.9.0