Bug#905177: bind9: prompting due to modified conffiles which were not modified by the user: /etc/bind/named.conf.options

[Andreas Beckmann]

Followup-For: Bug #905177

Hi,

the situation is a bit tricky for upgrades that had bind9 from squeeze
or older installed: there /etc/bind/named.conf.options was a conffile.
Which is something dpkg remembers (with an outdated md5sum). The content
of the file have been updated over time s.t. we don't need to handle
md5sums in the preinst depending on whether the first installation
happened in lenny or wheezy :-)

We cannot move the file aside in case dpkg knows it as a conffile:

  Setting up bind9 (1:9.11.5.P4+dfsg-1) ...
  Installing new version of config file /etc/apparmor.d/usr.sbin.named ...
  Installing new version of config file /etc/bind/bind.keys ...
  Installing new version of config file /etc/bind/named.conf.default-zones ...
  
  Configuration file '/etc/bind/named.conf.options'
   ==> Deleted (by you or by a script) since installation.
   ==> Package distributor has shipped an updated version.
 What would you like to do about it ?  Your options are:
  Y or I  : install the package maintainer's version
  N or O  : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
   The default action is to keep your current version.
  *** named.conf.options (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing 
package bind9 (--configure):
   end of file on stdin at conffile prompt
  Processing triggers for systemd (241-1) ...
  Processing triggers for libc-bin (2.28-8) ...
  Errors were encountered while processing:
   bind9

That's from squeeze -> wheezy -> jessie -> stretch -> buster. Notice the
  "Deleted (by you or by a script) since installation."

My proposed solution you can find in the attached patch. It passes my
tests starting from lenny as well as starting from wheezy.
I create a backup as .dpkg-old and then edit the file in-place to match
the content of the yet-to-be-installed-conffile. In that case dpkg does
not see a content conflicht, does not prompt about it and updates the
md5sum of the conffile to the new version in its database.

Andreas
>From a714533a17508d0f5f2084c15a42801458f7eeeb Mon Sep 17 00:00:00 2001
From: Andreas Beckmann 
Date: Sun, 24 Mar 2019 22:51:53 +0100
Subject: [PATCH] bind9.preinst: cope with ancient conffile named.conf.options

In squeeze and earlier /etc/bind/named.conf.options was a conffile.
On upgrades from such a version dpkg will remember it as an obsolete
conffile with an outdated md5sum. Therefore we must not move it aside in
this case (which dpkg would take as a deletion by the local admin),
instead we edit it in place to match the to-be-installed version in
order to avoid prompting and make dpkg update the md5sum.

Closes: #905177
---
 debian/bind9.preinst | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/debian/bind9.preinst b/debian/bind9.preinst
index 464ffc627..66b06abaa 100644
--- a/debian/bind9.preinst
+++ b/debian/bind9.preinst
@@ -20,7 +20,15 @@ case "$1" in
theirs=$(md5sum /etc/bind/named.conf.options | sed 's/ .*$//')
mine=56919cbc0d819c9a303a8bdeb306b5f1
if [ "$mine" = "$theirs" ]; then
-   mv /etc/bind/named.conf.options 
/etc/bind/named.conf.options.dpkg-old
+   if [ -n "$(dpkg-query -f '${Conffiles}' -W bind9 | grep 
/etc/bind/named.conf.options)" ]; then
+   # dpkg knows /etc/bind/named.conf.options as a conffile 
(from squeeze or older)
+   # cannot move the outdated file aside to avoid dpkg 
noticing deleted-by-local-admin
+   # therefore edit it in place to make it match the 
to-be-installed version
+   cp -p /etc/bind/named.conf.options 
/etc/bind/named.conf.options.dpkg-old
+   sed -i '26{/^$/d}; 23{/auth-nxdomain no;/d}' 
/etc/bind/named.conf.options
+   else
+   mv /etc/bind/named.conf.options 
/etc/bind/named.conf.options.dpkg-old
+   fi
fi
fi
 ;;
-- 
2.11.0



bind9_1:9.11.5.P4+dfsg-1.log.gz
Description: application/gzip

Bug#905177: bind9: prompting due to modified conffiles which were not modified by the user: /etc/bind/named.conf.options

[Bernhard Schmidt]

Control: tags -1 help

Am 01.08.2018 um 18:56 schrieb Andreas Beckmann:

Hi,

> Suggestion: In the preinst check whether you are upgrading from <<
> 9.11.2+dfsg-6 and whether the file matches the version installed in
> stretch (md5sum/...) and move it aside (maybe there were more possible
> files installed by older versions, check for all of them). In the
> postinst delete the backup. Restore it on failed-upgrade.
> 
> If the file was manually modified (i.e. does not match any known hash),
> do nothing and let dpkg prompt the user.
> 
> I don't mind reviewing some patches.

Thanks for the suggestion, sounds like a plan. I'll see what I can come
up with. Not really much time at the moment though, so any takers would
be welcome.

Bernhard

Bug#905177: bind9: prompting due to modified conffiles which were not modified by the user: /etc/bind/named.conf.options

[Andreas Beckmann]

On 2018-08-01 18:05, Bernhard Schmidt wrote:
> So the file is there and not marked as conffile, because it has been
> created in postinst. Now in Buster the file is properly shipped as
> conffile (since commit 9ddbb41a71236815d246180b454850ec4ef7862d,
> included in 9.11.2+dfsg-6.
> 
> It is only appearing now because the named.conf.options has now been
> changed from the version contained in Stretch in 9.11.4+dfsg-2.

> But the
> underlying bug is in Stretch.

Not really. There is nothing wrong with the handling in stretch.
Using conffiles is just superior :-)
You just need to migrate properly ...

> I have no idea how to properly deal with this.

Suggestion: In the preinst check whether you are upgrading from <<
9.11.2+dfsg-6 and whether the file matches the version installed in
stretch (md5sum/...) and move it aside (maybe there were more possible
files installed by older versions, check for all of them). In the
postinst delete the backup. Restore it on failed-upgrade.

If the file was manually modified (i.e. does not match any known hash),
do nothing and let dpkg prompt the user.

I don't mind reviewing some patches.


Andreas

Bug#905177: bind9: prompting due to modified conffiles which were not modified by the user: /etc/bind/named.conf.options

[Bernhard Schmidt]

Am 01.08.2018 um 12:00 schrieb Andreas Beckmann:

Hi,
I can reproduce this in a container upgrading Stretch to Buster.

Configuration file '/etc/bind/named.conf.options'
 ==> File on system created by you or by a script.
 ==> File also in package provided by package maintainer.
   What would you like to do about it ?  Your options are:
Y or I  : install the package maintainer's version
N or O  : keep your currently-installed version
  D : show the differences between the versions
  Z : start a shell to examine the situation
 The default action is to keep your current version.
*** named.conf.options (Y/I/N/O/D/Z) [default=N] ? d
--- /etc/bind/named.conf.options2018-08-01 15:40:01.840772576 +
+++ /etc/bind/named.conf.options.dpkg-new   2018-07-16
18:49:50.0 +
@@ -20,7 +20,5 @@

//
dnssec-validation auto;

-   auth-nxdomain no;# conform to RFC1035
listen-on-v6 { any; };
 };
-


AFAICT this is caused by the version in Stretch, which did not ship
/etc7bind/named.conf.options at all, but created it in postinst

===
if [ -f /etc/bind/named.conf.options ]; then
[...]

else
cp /usr/share/bind9/named.conf.options
/etc/bind/named.conf.options
chmod 644 /etc/bind/named.conf.options
fi
===

So the file is there and not marked as conffile, because it has been
created in postinst. Now in Buster the file is properly shipped as
conffile (since commit 9ddbb41a71236815d246180b454850ec4ef7862d,
included in 9.11.2+dfsg-6.

It is only appearing now because the named.conf.options has now been
changed from the version contained in Stretch in 9.11.4+dfsg-2. But the
underlying bug is in Stretch.

I have no idea how to properly deal with this.

Best Regards,
Bernhard

Bug#905177: bind9: prompting due to modified conffiles which were not modified by the user: /etc/bind/named.conf.options

[Andreas Beckmann]

Package: bind9
Version: 1:9.11.4+dfsg-2
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package failed the piuparts
upgrade test because dpkg detected a conffile as being modified and then
prompted the user for an action. As there is no user input, this fails.
But this is not the real problem, the real problem is that this prompt
shows up in the first place, as there was nobody modifying this conffile
at all, the package has just been installed and upgraded...

This is a violation of policy 10.7.3, see
https://www.debian.org/doc/debian-policy/#behavior,
which says "[These scripts handling conffiles] must not ask unnecessary
questions (particularly during upgrades), and must otherwise be good
citizens."

https://wiki.debian.org/DpkgConffileHandling should help with figuring
out how to do this properly.

In https://lists.debian.org/debian-devel/2009/08/msg00675.html and
followups it has been agreed that these bugs are to be filed with
severity serious.

>From the attached log (scroll to the bottom...):

  Setting up bind9 (1:9.11.4+dfsg-2) ...
  Installing new version of config file /etc/apparmor.d/usr.sbin.named ...
  Installing new version of config file /etc/bind/bind.keys ...
  
  Configuration file '/etc/bind/named.conf.options'
   ==> File on system created by you or by a script.
   ==> File also in package provided by package maintainer.
 What would you like to do about it ?  Your options are:
  Y or I  : install the package maintainer's version
  N or O  : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
   The default action is to keep your current version.
  *** named.conf.options (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing 
package bind9 (--configure):
   end of file on stdin at conffile prompt
  Processing triggers for libc-bin (2.27-5) ...
  Errors were encountered while processing:
   bind9


cheers,

Andreas


bind9_1:9.11.4+dfsg-2.log.gz
Description: application/gzip