Bug#895371: ejabberd: conffile edited using ucf
Am 16.04.2018 um 10:17 schrieb Jonas Smedegaard:
> Excerpts from Philipp Huebner's message of april 16, 2018 9:38 am:
>> On Tue, 10 Apr 2018 19:39:14 +0200 Jonas Smedegaard wrote:
>>> The file /etc/default/ejabberd is registered as a conffile, but is
>>> also manipulated using ucf in postinst script. That is illegal,
>>> according to Policy § 10.7.3
>>
>> thanks for pointing this out!
>>
>> However, this is rather unfortunate, the current setup has been well
>> tested and in use for ages.
>>
>> Do you have an idea on how to achieve this in a policy-conform way?
>>
>> Not touching ejabberd.yml would mean to remove the debconf templates
>> for configuring ejabberd, not declaring ejabberd.yml a conffile would
>> mean putting in some extra effort for handling changes. Are
>> non-conffiles even allowed in /etc ?
>
> Debian Policy distinguishes between "configuration file" and "conffile"
> and describes, particular at §10.7.3, how to handle either. I believe
> the first step is to *not* ship the configuration file below /etc if it
> should not be a conffile ("man dh_installdeb" documents how any file
> below /etc shipped with a package is registered as a conffile).
>
> "man ucf" contains some documentation on transitioning from conffile to
> non-conffile. I believe that involves collecting md5sums of most
> possible previous pristine states (i.e. configfile as shipped unedited
> with the package) as possible.
>
>
> Hope that helps,
It does, and only now I realized you're talking about
/etc/default/ejabberd and not ejabberd.yml, so the problem is only a
fraction as tough as I thought, because we're already handling
ejabberd.yml the correct way and can simply duplicate that.
Should be fixed soon(ish)!
Thx again,
--
.''`. Philipp Huebner
: :' : pgp fp: 6719 25C5 B8CD E74A 5225 3DF9 E5CA 8C49 25E4 205F
`. `'`
`-
signature.asc
Description: OpenPGP digital signature
Bug#895371: ejabberd: conffile edited using ucf
Excerpts from Philipp Huebner's message of april 16, 2018 9:38 am:
On Tue, 10 Apr 2018 19:39:14 +0200 Jonas Smedegaard
wrote:
The file /etc/default/ejabberd is registered as a conffile, but is
also manipulated using ucf in postinst script. That is illegal,
according to Policy § 10.7.3
thanks for pointing this out!
However, this is rather unfortunate, the current setup has been well
tested and in use for ages.
Do you have an idea on how to achieve this in a policy-conform way?
Not touching ejabberd.yml would mean to remove the debconf templates
for configuring ejabberd, not declaring ejabberd.yml a conffile would
mean putting in some extra effort for handling changes. Are
non-conffiles even allowed in /etc ?
Debian Policy distinguishes between "configuration file" and "conffile"
and describes, particular at §10.7.3, how to handle either. I believe
the first step is to *not* ship the configuration file below /etc if it
should not be a conffile ("man dh_installdeb" documents how any file
below /etc shipped with a package is registered as a conffile).
"man ucf" contains some documentation on transitioning from conffile to
non-conffile. I believe that involves collecting md5sums of most
possible previous pristine states (i.e. configfile as shipped unedited
with the package) as possible.
Hope that helps,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
pgpftdsp0AOUO.pgp
Description: PGP signature
Bug#895371: ejabberd: conffile edited using ucf
Hi Jonas, On Tue, 10 Apr 2018 19:39:14 +0200 Jonas Smedegaard wrote: > The file /etc/default/ejabberd is registered as a conffile, but is also > manipulated using ucf in postinst script. That is illegal, according to > Policy § 10.7.3 thanks for pointing this out! However, this is rather unfortunate, the current setup has been well tested and in use for ages. Do you have an idea on how to achieve this in a policy-conform way? Not touching ejabberd.yml would mean to remove the debconf templates for configuring ejabberd, not declaring ejabberd.yml a conffile would mean putting in some extra effort for handling changes. Are non-conffiles even allowed in /etc ? Best wishes, -- .''`. Philipp Huebner : :' : pgp fp: 6719 25C5 B8CD E74A 5225 3DF9 E5CA 8C49 25E4 205F `. `'` `- signature.asc Description: OpenPGP digital signature
Bug#895371: ejabberd: conffile edited using ucf
Package: ejabberd Version: 18.03-1 Severity: serious Justification: Policy 10.7.3 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The file /etc/default/ejabberd is registered as a conffile, but is also manipulated using ucf in postinst script. That is illegal, according to Policy § 10.7.3: > The easy way to achieve this behavior is to make the configuration > file a conffile. This is appropriate only if it is possible to > distribute a default version that will work for most installations, > although some system administrators may choose to modify it. This > implies that the default version will be part of the package > distribution, and must not be modified by the maintainer scripts > during installation (or at any other time). - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlrM9r8ACgkQLHwxRsGg ASELFxAAlE2hJjPNX1UAp309gifGF3ayh5Xvzbo2W+c3W5BMNz+xH4f83zoVmk2M 423gXz1IMO92fT+cy9NT5btCJAwQN9wKpqveM/cQLJoqq0MQcI8EyDAhEyXeEZ4r cu1XjbSbg8uN+5WEijEVlN7aQbPAscT8VlJcy68tdBLuwiL2mgNoGCHg7QgHLZkt WIYfuuaRosuQn82bo9pftrVjQZxswmcnYBTsf4FTnUGx0JjG5Vbce6vUtdHu4R1L ZeBCXtgaUp6h0apy+CF+7jE8cA/HtgUvIAR6QhciDXefvE3rhuK/cb+NNo4DaGfi /2/Hg2KaN0tzLRnniF4pZvZdLs6w9Qm0dTzSTeq/lQ8bpCv7/2EdBdIxTUTZyf5r IYP9Wb6JLgtzS16r6irYL1MGXtIzyj1Ll8MOf7d12A21wDacSyZbfp5wZ86QGEwK aGbiNNu937bg79smfTNO16G9D+glYTrpFJdFl6dULOnP9SMB5EAvCLeLk+8UqwYT yofc87VIuq0lLI5sSwwKCck30w/ovekB1bbGw4Y7e0/UxFdcZDkr5tPLRqjsNzM5 A8Dp9Jq0/IWr82prtSnf//AKbS/WEthsYuiLZfAldrBIrZWQf2+HX+Jnw0LRV7iS My8e7R8jA7o0j+aHkM4rjAi+te4kvekpYIVzFoBDXwhFDg88whc= =eXEr -END PGP SIGNATURE-
