subject:"Bug#789773\: fusionforge\-shell\: modifies conffiles \(policy 10.7.3\)\: \/etc\/pam.d\/sshd"

Bug#789772: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

2015-07-11 Thread Holger Levsen

control: reopen -1

Hi,

On Freitag, 10. Juli 2015, Andreas Beckmann wrote:
 Followup-For: Bug #789773
[...]
 attached is a piuparts logfile that demonstrates what will happen if
 fusionforge-shell is installed and the user upgrades openssh-server to a
 version that comes with an updated version of /etc/pam.d/sshd:
[...]
 openssh-server (--configure): end of file on stdin at conffile prompt
   Errors were encountered while processing:
openssh-server
   E: Sub-process /usr/bin/dpkg returned an error code (1)
 
 That is exactly the prompting that must not happen if the conffile
 was not modified by the user.

thus reopening.
 

cheers,
Holger


signature.asc
Description: This is a digitally signed message part.

Processed: Re: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

2015-07-11 Thread Debian Bug Tracking System

Processing control commands:

 reopen -1
Bug #789773 {Done: b...@debian.org} [fusionforge-shell] fusionforge-shell: 
modifies conffiles (policy 10.7.3): /etc/pam.d/sshd
Bug reopened
Ignoring request to alter fixed versions of bug #789773 to the same values 
previously set

-- 
789773: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789773
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Processed: Re: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

2015-07-11 Thread Debian Bug Tracking System

Processing control commands:

 reopen -1
Bug #789772 {Done: b...@debian.org} [fusionforge-mta-exim4] 
fusionforge-mta-exim4: modifies conffiles (policy 10.7.3): 
/etc/exim4/exim4.conf.template 
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
Bug reopened
Ignoring request to alter fixed versions of bug #789772 to the same values 
previously set

-- 
789772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789772
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

2015-07-10 Thread Andreas Beckmann

Version: 6.0.2+20150708-1
Followup-For: Bug #789773

Hi Sylvain,

attached is a piuparts logfile that demonstrates what will happen if
fusionforge-shell is installed and the user upgrades openssh-server to a
version that comes with an updated version of /etc/pam.d/sshd:

1m9.3s ERROR: Command failed (status=100): ['chroot', 
'/tmp/piupartss/tmpJ9G9Hg', 'apt-get', '-yf', 'dist-upgrade']
  Reading package lists...
  Building dependency tree...
  Reading state information...
  The following packages will be upgraded:
openssh-client openssh-server openssh-sftp-server
  debconf: delaying package configuration, since apt-utils is not installed
  3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  Need to get 0 B/1057 kB of archives.
  After this operation, 136 kB disk space will be freed.
(Reading database ... 10209 files and directories currently installed.)
  Preparing to unpack .../openssh-sftp-server_6.7p1-6+foobar_amd64.deb ...
  Unpacking openssh-sftp-server (1:6.7p1-6+foobar) over (1:6.7p1-6) ...
  Preparing to unpack .../openssh-server_6.7p1-6+foobar_amd64.deb ...
  Unpacking openssh-server (1:6.7p1-6+foobar) over (1:6.7p1-6) ...
  Preparing to unpack .../openssh-client_6.7p1-6+foobar_amd64.deb ...
  Unpacking openssh-client (1:6.7p1-6+foobar) over (1:6.7p1-6) ...
  Processing triggers for systemd (222-1) ...
  Setting up openssh-client (1:6.7p1-6+foobar) ...
  Setting up openssh-sftp-server (1:6.7p1-6+foobar) ...
  Setting up openssh-server (1:6.7p1-6+foobar) ...
  
  Configuration file '/etc/pam.d/sshd'
   == Modified (by you or by a script) since installation.
   == Package distributor has shipped an updated version.
 What would you like to do about it ?  Your options are:
  Y or I  : install the package maintainer's version
  N or O  : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
   The default action is to keep your current version.
  *** sshd (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing package 
openssh-server (--configure):
   end of file on stdin at conffile prompt
  Errors were encountered while processing:
   openssh-server
  E: Sub-process /usr/bin/dpkg returned an error code (1)
  

That is exactly the prompting that must not happen if the conffile
was not modified by the user.

BTW, there is pam-auth-update. Could this be used to achieve
the desired result?


Andreas


fusionforge-shell.log.gz
Description: application/gzip

Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

2015-06-24 Thread Andreas Beckmann

Package: fusionforge-shell
Version: 6.0.1-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package modifies conffiles.
And this is not even a conffile shipped by your package.
This is forbidden by the policy, see
https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files

10.7.3: [...] The easy way to achieve this behavior is to make the
configuration file a conffile. [...] This implies that the default
version will be part of the package distribution, and must not be
modified by the maintainer scripts during installation (or at any
other time).

Note that once a package ships a modified version of that conffile,
dpkg will prompt the user for an action how to handle the upgrade of
this modified conffile (that was not modified by the user).

Further in 10.7.3: [...] must not ask unnecessary questions
(particularly during upgrades) [...]

If a configuration file is customized by a maintainer script after
having asked some debconf questions, it may not be marked as a
conffile. Instead a template could be installed in /usr/share and used
by the postinst script to fill in the custom values and create (or
update) the configuration file (preserving any user modifications!).
This file must be removed during postrm purge.
ucf(1) may help with these tasks.
See also https://wiki.debian.org/DpkgConffileHandling

In https://lists.debian.org/debian-devel/2012/09/msg00412.html and
followups it has been agreed that these bugs are to be filed with
severity serious.

debsums reports modification of the following files,
from the attached log (scroll to the bottom...):

2m49.1s ERROR: FAIL: debsums reports modifications inside the chroot:
  /etc/pam.d/sshd


cheers,

Andreas


fusionforge-shell_6.0.1-1.log.gz
Description: application/gzip

Bug#789772: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

Processed: Re: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

Processed: Re: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

5 matches

Site Navigation

Mail list logo

Footer information