Re: WARNING: Re: debhelper & /usr/bin/passwd
Wichert Akkerman <[EMAIL PROTECTED]> writes: > [1 ] > Previously Remco Blaakmeer wrote: > > Is there any way of changing that default behaviour (e.g. some config > > file) apart from recompiling dpkg? I'd like to leave it disabled at all > > times no matter what the default is in the current dpkg package. > No. Are there other things that would be useful in a dpkg configuration > file? I can't think of anything at the moment. I'd like to be able to turn it off too. (At least RPM only does "--force-overwrites" during the initial install process.) Steve [EMAIL PROTECTED]
Re: WARNING: Re: debhelper & /usr/bin/passwd
hi Ship's Log, Lt. Brian May, Stardate 310199.1320: > I have noticed this behaviour, too. However, at the time, I assumed > the apt-get forced the file to be overwritten because the package > I was installing was required/base (ldso from memory, but this > problem has already been fixed). Now I am not so sure. > > Can you be certain that dselect doesn't give dpkg the --force-overwrite > option? I experienced this beheaviour too with ssh/cfs which are both in non-US This is a very bad thing as the ssh of cfs is something compleatly diferent and should be renamed. Greetings -- Alexander N. Benner - Christen im Internet - http://www.christen.net/ pgp : E7BCBEBD 53 5F 48 0A 0D 3E 4A 38 A8 11 B1 AF BE 08 C8 B0 You can't be american if you don't have children. I need a wife soon. MegaHAL
Re: WARNING: Re: debhelper & /usr/bin/passwd
Previously Remco Blaakmeer wrote: > Is there any way of changing that default behaviour (e.g. some config > file) apart from recompiling dpkg? I'd like to leave it disabled at all > times no matter what the default is in the current dpkg package. No. Are there other things that would be useful in a dpkg configuration file? I can't think of anything at the moment. Wichert -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/ pgpdIuSwjrO65.pgp Description: PGP signature
Re: WARNING: Re: debhelper & /usr/bin/passwd
Previously Stephen Zander wrote: > As does mine: and it lies! I've been testing package upgrades & dpkg > itself is very definately using --force-overwite The [*] marks are hardcoded in dpkg, and Daniel Jacobowitz forgot to change that when he made NMU 1.4.0.31 which turned --force-overwrite on by default. Wichert. -- == This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: [EMAIL PROTECTED] WWW: http://www.wi.leidenuniv.nl/~wichert/ pgpwD78HURI5b.pgp Description: PGP signature
Re: WARNING: Re: debhelper & /usr/bin/passwd
Craig Sanders wrote: >> As does mine: and it lies! I've been testing package upgrades & dpkg >> itself is very definately using --force-overwite > >which is a damn good thing. > >please, nobody suggest changing the default behaviour until dpkg has >a config file in /etc allowing each system admin to choose what the >default should be. > >i get really sick of apt/dselect upgrades not working in unstable >because some people have the mistaken belief that --force-overwrite >should default to off. > >yes, you can override it on the dpkg command linebut there is no way >to override it if you use dselect or apt. this is evil. Just my 2 cents: The dpkg online help should reflect the default setting. It should not give the impression that the default is off when it is in actual fact on. Any duplicate files in packages is a bug in the package, and users may not even be aware of the problem (ie it can scroll of the screen) unless the default is off. If a user installs package X and it overwrites a file with an older, buggy and/or incompatable version of file F, then IMHO it is going to be very difficult to diagnose why package Y stops working, especially if that user files a bug report against Y. If you want to use --force-overwrite, perhaps these problems should be logged somewhere. Also, bug could be made to report any potential problems when submitting a bug report. As an extreme example is when installing a new, buggy, package breaks your system because it overwrites (and potentially breaks) critical system files, for instance, this thread was started because a package overwrite: /usr/bin/passwd /usr/bin/chsh /usr/bin/chfn I think the default in dpkg should be off, but it should be possible to override it by environment variable, for those who know what they are doing. In fact, I am very surprised that this isn't already supported... Brian May <[EMAIL PROTECTED]>
Re: WARNING: Re: debhelper & /usr/bin/passwd
On Sat, Jan 30, 1999 at 10:06:30PM -0800, Stephen Zander wrote: > > "Brian" == Brian May <[EMAIL PROTECTED]> writes: > Brian> My versions of dpkg claim that --force-overwrite isn't on > Brian> be default (otherwise it should have [*] after it): > > As does mine: and it lies! I've been testing package upgrades & dpkg > itself is very definately using --force-overwite which is a damn good thing. please, nobody suggest changing the default behaviour until dpkg has a config file in /etc allowing each system admin to choose what the default should be. i get really sick of apt/dselect upgrades not working in unstable because some people have the mistaken belief that --force-overwrite should default to off. yes, you can override it on the dpkg command linebut there is no way to override it if you use dselect or apt. this is evil. craig -- craig sanders
Re: WARNING: Re: debhelper & /usr/bin/passwd
Brian May wrote: > >Unfortunatly, it looks like the current version of dpkg has > >--force-overwrite (which is what I meant to say above) enabled by default. > >And so anyone who ran dselect in the past 24 hours and upgraded from > >unstable has probably beeen bitten by this bad package. > > Can you be certain that dselect doesn't give dpkg the --force-overwrite > option? IIRC, I wrote the above after running dpkg on the broken debhelper package by hand and watching it overwrite the files. > My versions of dpkg claim that --force-overwrite isn't on be default > (otherwise it should have [*] after it): That means nothing, you can turn off options in dpkg without editing that output. (Bad design, IMHO.) -- see shy jo
Re: WARNING: Re: debhelper & /usr/bin/passwd
Stephen Zander wrote: >> "Brian" == Brian May <[EMAIL PROTECTED]> writes: >Brian> My versions of dpkg claim that --force-overwrite isn't on >Brian> be default (otherwise it should have [*] after it): > >As does mine: and it lies! I've been testing package upgrades & dpkg >itself is very definately using --force-overwite > > $ dpkg -l dpkg > ii dpkg 1.4.1 Package maintenance system for Debian Linux Version 1.4.0.27 seems OK here. I created two dummy test packages both containing the same file, and installed them. I will check the latest version tommorrow. I suggest that you should file a bug report against dpkg... Brian May <[EMAIL PROTECTED]>
Re: WARNING: Re: debhelper & /usr/bin/passwd
> "Brian" == Brian May <[EMAIL PROTECTED]> writes: Brian> My versions of dpkg claim that --force-overwrite isn't on Brian> be default (otherwise it should have [*] after it): As does mine: and it lies! I've been testing package upgrades & dpkg itself is very definately using --force-overwite $ dpkg -l dpkg ii dpkg 1.4.1 Package maintenance system for Debian Linux -- Stephen --- It should be illegal to yell "Y2K" in a crowded economy. :-) -- Larry Wall
Re: WARNING: Re: debhelper & /usr/bin/passwd
In article <[EMAIL PROTECTED]> you write: >Joey Hess wrote: >> I'd say installing debhelper 1.2.28 with --force-conflicts is a _very_ bad >> idea. > >Unfortunatly, it looks like the current version of dpkg has >--force-overwrite (which is what I meant to say above) enabled by default. >And so anyone who ran dselect in the past 24 hours and upgraded from >unstable has probably beeen bitten by this bad package. My understanding of dpkg/dselect/apt-get isn't extremely good, but anyway: I have noticed this behaviour, too. However, at the time, I assumed the apt-get forced the file to be overwritten because the package I was installing was required/base (ldso from memory, but this problem has already been fixed). Now I am not so sure. Can you be certain that dselect doesn't give dpkg the --force-overwrite option? My versions of dpkg claim that --force-overwrite isn't on be default (otherwise it should have [*] after it): dpkg forcing options - control behaviour when problems found: warn but continue: --force-,,... stop with error:--refuse-,,... | --no-force-,... Forcing things: auto-select [*](De)select packages to install (remove) them dowgrade [*] Replace a package with a lower version configure-any Configure any package which may help this one hold Process incidental packages even when on hold bad-path PATH is missing important programs, problems likely not-root Try to (de)install things even when not root overwrite Overwrite a file from one package with another overwrite-diverted Overwrite a diverted file with an undiverted version depends-version [!]Turn dependency version problems into warnings depends [!]Turn all dependency problems into warnings conflicts [!] Allow installation of conflicting packages architecture [!] Process even packages with wrong architecture overwrite-dir [!] Overwrite one package's directory with another's file remove-reinstreq [!] Remove packages which require installation remove-essential [!] Remove an essential package WARNING - use of options marked [!] can seriously damage your installation. Forcing options marked [*] are enabled by default.
Re: WARNING: Re: debhelper & /usr/bin/passwd
On Mon, 25 Jan 1999, Joey Hess wrote: > Joey Hess wrote: > > I'd say installing debhelper 1.2.28 with --force-conflicts is a _very_ bad > > idea. > > Unfortunatly, it looks like the current version of dpkg has > --force-overwrite (which is what I meant to say above) enabled by default. > And so anyone who ran dselect in the past 24 hours and upgraded from > unstable has probably beeen bitten by this bad package. Is there any way of changing that default behaviour (e.g. some config file) apart from recompiling dpkg? I'd like to leave it disabled at all times no matter what the default is in the current dpkg package. Remco -- rd31-144: 12:50am up 5 days, 38 min, 10 users, load average: 1.00, 1.02, 1.00
Re: WARNING: Re: debhelper & /usr/bin/passwd
In article <[EMAIL PROTECTED]>,
Joey Hess <[EMAIL PROTECTED]> wrote:
> Yesterday I fixed a bug in dh_link, bug #23255. That bug concerns a
>different package that diverts /usr/bin/{passwd,chsh,chfn}, and needed to
>set up some symlinks from "sysdb-wrapper" to them using dh_link.
Talk about heartstopping... I was wondering how on earth that escaped
my system...
--
almost called it today, turned to face the void along with the suffering
and the question- "Why am I?" [queensrÿche]
Re: WARNING: Re: debhelper & /usr/bin/passwd
Joey Hess wrote: > I'd say installing debhelper 1.2.28 with --force-conflicts is a _very_ bad > idea. Unfortunatly, it looks like the current version of dpkg has --force-overwrite (which is what I meant to say above) enabled by default. And so anyone who ran dselect in the past 24 hours and upgraded from unstable has probably beeen bitten by this bad package. -- see shy jo
Re: WARNING: Re: debhelper & /usr/bin/passwd
Hi Joey, Thanks! I won't file that bug report now. :) -Ossama __ Ossama Othman <[EMAIL PROTECTED]> 58 60 1A E8 7A 66 F4 44 74 9F 3C D4 EF BF 35 88 1024/8A04D15D 1998/08/26
WARNING: Re: debhelper & /usr/bin/passwd
Good greif. I'm sorry about this snafu. You weren't hit by an exploit
attempt, just by a debhelper package I managed to leave some junk in. This
is fixed in version 1.2.29, and it only affected version 1.2.28.
Background:
Yesterday I fixed a bug in dh_link, bug #23255. That bug concerns a
different package that diverts /usr/bin/{passwd,chsh,chfn}, and needed to
set up some symlinks from "sysdb-wrapper" to them using dh_link. As I tested
dh_link, I created a debian/links file that generated those 3 symlinks. And
then I forgot to remove it and when debhelper built, it happily made the 3
symlinks in the binary package.
I'd say installing debhelper 1.2.28 with --force-conflicts is a _very_ bad
idea. So long as you don't force things dpkg won't let it install all the
way or remove /usr/bin/{passwd,chsh,chfn}. As I said, I've verified that
1.2.29 doesn't have this problem. If you install debhelper 1.2.29 and find
yourself missing /usr/bin/{passwd,chsh,chfn}, you'll have to reinstall
passwd.deb to get them back.
Ossama Othman wrote:
> Hi Mitch,
>
> > Could you please post the version(s) you have and which mirror you
> > got it from?
>
> Sure! chsh and chfn were also in debhelper! I got debhelper using
> dselect/apt. Here is all the info you requested:
>
> % cat /etc/apt/sources.list
> deb http://http.us.debian.org/debian unstable main contrib non-free
> deb http://non-us.debian.org/debian-non-US unstable non-US
>
> % dpkg -l debhelper
> ii debhelper 1.2.28 helper programs for debian/rules
>
> % dpkg --listfiles debhelper | grep /usr/bin/
> /usr/bin/dh_builddeb
> /usr/bin/dh_clean
> /usr/bin/dh_compress
> /usr/bin/dh_du
> /usr/bin/dh_fixperms
> /usr/bin/dh_gencontrol
> /usr/bin/dh_installchangelogs
> /usr/bin/dh_installcron
> /usr/bin/dh_installdeb
> /usr/bin/dh_installdebfiles
> /usr/bin/dh_installdirs
> /usr/bin/dh_installdocs
> /usr/bin/dh_installexamples
> /usr/bin/dh_installinit
> /usr/bin/dh_installmanpages
> /usr/bin/dh_installmenu
> /usr/bin/dh_makeshlibs
> /usr/bin/dh_md5sums
> /usr/bin/dh_movefiles
> /usr/bin/dh_shlibdeps
> /usr/bin/dh_strip
> /usr/bin/dh_suidregister
> /usr/bin/dh_testdir
> /usr/bin/dh_testroot
> /usr/bin/dh_testversion
> /usr/bin/dh_undocumented
> /usr/bin/dh_debstd
> /usr/bin/dh_installemacsen
> /usr/bin/dh_installwm
> /usr/bin/dh_link
> /usr/bin/dh_listpackages
> /usr/bin/passwd
> /usr/bin/chsh
> /usr/bin/chfn
>
> Okay, I think we can be pretty sure the last three entries don't belong
> there. What do you think is the problem?
>
> Thanks,
> -Ossama
> __
> Ossama Othman <[EMAIL PROTECTED]>
> 58 60 1A E8 7A 66 F4 44 74 9F 3C D4 EF BF 35 88 1024/8A04D15D 1998/08/26
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
see shy jo
