Bug#913696: debdelta: Script accesses internal dpkg database
Hi!
[ Sorry, it seems I missed replying to this. ]
On Sat, 2019-02-02 at 10:59:05 +0100, A Mennucc1 wrote:
> I see your point;
>
> but (as the name " dpkg_L_faster" suggests), using the dpkg commands to
> obtain meta-information is quite slow; so I will have to think about it
Ok, the dpkg_L function can be improved substantially by querying
multiple packages at once, batched up to the ARG_MAX command-line
limit. This should improve the query substantially up to or even
faster times than the current code.
If you need the entire files database, you could instead do something
like:
,---
dpkg-query \
--showformat='Package: ${Package}\nFiles:\n${db-fsys:Files}\n' \
--show
`---
> BTW: you write
>
> > And finally, the contents and its format, will be changing in
> > the near future.
> May you please point me to some more info regarding this change?
This would be .
Thanks,
Guillem
Bug#913696: debdelta: Script accesses internal dpkg database
Dear Guillem,
I see your point;
but (as the name " dpkg_L_faster" suggests), using the dpkg commands to
obtain meta-information is quite slow; so I will have to think about it
BTW: you write
> And finally, the contents and its format, will be changing in
> the near future.
May you please point me to some more info regarding this change?
Thanks,
a.
Il 14/11/18 04:13, Guillem Jover ha scritto:
> Source: debdelta
> Source-Version: 0.62
> Severity: important
> User: debian-d...@lists.debian.org
> Usertags: dpkg-db-access-blocker
>
> Hi!
>
> This package contains a script («debdelta»), which directly accesses
> the dpkg internal database, instead of using one of the public interfaces
> provided by dpkg. The code in do_patch_, should be switched to use:
>
> «dpkg-query --showformat='${Conffiles}\n' --show»
>
> to fetch the list of conffiles. Then _symlink_data_tree should be switched
> to always use dpkg_L, and dpkg_L_faster should be removed. Finally the
> code handling 'old-control-tree' should be switched to use something like:
>
> «dpkg-query --control-list»
>
>
> This is a problem for several reasons, because even though the layout and
> format of the dpkg database is administrator friendly, and it is expected
> that those might need to mess with it, in case of emergency, this
> “interface” does not extend to other programs besides the dpkg suite of
> tools. The admindir can also be configured differently at dpkg build or
> run-time. And finally, the contents and its format, will be changing in
> the near future.
>
> Thanks,
> Guillem
>
signature.asc
Description: OpenPGP digital signature
Bug#913696: debdelta: Script accesses internal dpkg database
Source: debdelta
Source-Version: 0.62
Severity: important
User: debian-d...@lists.debian.org
Usertags: dpkg-db-access-blocker
Hi!
This package contains a script («debdelta»), which directly accesses
the dpkg internal database, instead of using one of the public interfaces
provided by dpkg. The code in do_patch_, should be switched to use:
«dpkg-query --showformat='${Conffiles}\n' --show»
to fetch the list of conffiles. Then _symlink_data_tree should be switched
to always use dpkg_L, and dpkg_L_faster should be removed. Finally the
code handling 'old-control-tree' should be switched to use something like:
«dpkg-query --control-list»
This is a problem for several reasons, because even though the layout and
format of the dpkg database is administrator friendly, and it is expected
that those might need to mess with it, in case of emergency, this
“interface” does not extend to other programs besides the dpkg suite of
tools. The admindir can also be configured differently at dpkg build or
run-time. And finally, the contents and its format, will be changing in
the near future.
Thanks,
Guillem
