Bug#789772: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd
control: reopen -1 Hi, On Freitag, 10. Juli 2015, Andreas Beckmann wrote: Followup-For: Bug #789773 [...] attached is a piuparts logfile that demonstrates what will happen if fusionforge-shell is installed and the user upgrades openssh-server to a version that comes with an updated version of /etc/pam.d/sshd: [...] openssh-server (--configure): end of file on stdin at conffile prompt Errors were encountered while processing: openssh-server E: Sub-process /usr/bin/dpkg returned an error code (1) That is exactly the prompting that must not happen if the conffile was not modified by the user. thus reopening. cheers, Holger signature.asc Description: This is a digitally signed message part.
Processed: Re: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd
Processing control commands: reopen -1 Bug #789773 {Done: b...@debian.org} [fusionforge-shell] fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd Bug reopened Ignoring request to alter fixed versions of bug #789773 to the same values previously set -- 789773: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789773 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd
Processing control commands: reopen -1 Bug #789772 {Done: b...@debian.org} [fusionforge-mta-exim4] fusionforge-mta-exim4: modifies conffiles (policy 10.7.3): /etc/exim4/exim4.conf.template /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs Bug reopened Ignoring request to alter fixed versions of bug #789772 to the same values previously set -- 789772: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789772 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd
Version: 6.0.2+20150708-1 Followup-For: Bug #789773 Hi Sylvain, attached is a piuparts logfile that demonstrates what will happen if fusionforge-shell is installed and the user upgrades openssh-server to a version that comes with an updated version of /etc/pam.d/sshd: 1m9.3s ERROR: Command failed (status=100): ['chroot', '/tmp/piupartss/tmpJ9G9Hg', 'apt-get', '-yf', 'dist-upgrade'] Reading package lists... Building dependency tree... Reading state information... The following packages will be upgraded: openssh-client openssh-server openssh-sftp-server debconf: delaying package configuration, since apt-utils is not installed 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/1057 kB of archives. After this operation, 136 kB disk space will be freed. (Reading database ... 10209 files and directories currently installed.) Preparing to unpack .../openssh-sftp-server_6.7p1-6+foobar_amd64.deb ... Unpacking openssh-sftp-server (1:6.7p1-6+foobar) over (1:6.7p1-6) ... Preparing to unpack .../openssh-server_6.7p1-6+foobar_amd64.deb ... Unpacking openssh-server (1:6.7p1-6+foobar) over (1:6.7p1-6) ... Preparing to unpack .../openssh-client_6.7p1-6+foobar_amd64.deb ... Unpacking openssh-client (1:6.7p1-6+foobar) over (1:6.7p1-6) ... Processing triggers for systemd (222-1) ... Setting up openssh-client (1:6.7p1-6+foobar) ... Setting up openssh-sftp-server (1:6.7p1-6+foobar) ... Setting up openssh-server (1:6.7p1-6+foobar) ... Configuration file '/etc/pam.d/sshd' == Modified (by you or by a script) since installation. == Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** sshd (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing package openssh-server (--configure): end of file on stdin at conffile prompt Errors were encountered while processing: openssh-server E: Sub-process /usr/bin/dpkg returned an error code (1) That is exactly the prompting that must not happen if the conffile was not modified by the user. BTW, there is pam-auth-update. Could this be used to achieve the desired result? Andreas fusionforge-shell.log.gz Description: application/gzip
Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd
Package: fusionforge-shell Version: 6.0.1-1 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, during a test with piuparts I noticed your package modifies conffiles. And this is not even a conffile shipped by your package. This is forbidden by the policy, see https://www.debian.org/doc/debian-policy/ch-files.html#s-config-files 10.7.3: [...] The easy way to achieve this behavior is to make the configuration file a conffile. [...] This implies that the default version will be part of the package distribution, and must not be modified by the maintainer scripts during installation (or at any other time). Note that once a package ships a modified version of that conffile, dpkg will prompt the user for an action how to handle the upgrade of this modified conffile (that was not modified by the user). Further in 10.7.3: [...] must not ask unnecessary questions (particularly during upgrades) [...] If a configuration file is customized by a maintainer script after having asked some debconf questions, it may not be marked as a conffile. Instead a template could be installed in /usr/share and used by the postinst script to fill in the custom values and create (or update) the configuration file (preserving any user modifications!). This file must be removed during postrm purge. ucf(1) may help with these tasks. See also https://wiki.debian.org/DpkgConffileHandling In https://lists.debian.org/debian-devel/2012/09/msg00412.html and followups it has been agreed that these bugs are to be filed with severity serious. debsums reports modification of the following files, from the attached log (scroll to the bottom...): 2m49.1s ERROR: FAIL: debsums reports modifications inside the chroot: /etc/pam.d/sshd cheers, Andreas fusionforge-shell_6.0.1-1.log.gz Description: application/gzip