Debian Bug report logs - #546665
l7-protocols: overwrites user configuration files

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jakub Wilk <ubanus@users.sf.net>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: l7-protocols: overwrites user configuration files

Date: Mon, 14 Sep 2009 23:58:32 +0200

Package: l7-protocols
Version: 20090528-1
Severity: serious
Justification: Policy 10.8.3

l7-protocols would happily overwrite user configuration files:

# ls -l /etc/l7-protocols/extra/http-itunes.pat 
-rw------- 1 root root 30 Sep 14 22:57 /etc/l7-protocols/extra/http-itunes.pat

# dpkg -i /path/to/l7-protocols_20090528-1_all.deb 
[...]
Unpacking l7-protocols (from .../l7-protocols_20090528-1_all.deb) ...
Setting up l7-protocols (20090528-1) ...

# ls -l /etc/l7-protocols/extra/http-itunes.pat*
lrwxrwxrwx 1 root root 45 Sep 14 22:57 /etc/l7-protocols/extra/http-itunes.pat -> /usr/share/l7-protocols/extra/http-itunes.pat


-- 
Jakub Wilk

Message #10 received at 546665@bugs.debian.org (full text, mbox, reply):

From: Alan Woodland <awoodland@debian.org>

To: Piotr Lewandowski <piotr.lewandowski@gmail.com>

Cc: Jakub Wilk <ubanus@users.sf.net>, 546665@bugs.debian.org

Subject: Re: Bug#546665: l7-protocols: overwrites user configuration files

Date: Thu, 17 Sep 2009 19:44:14 +0100

2009/9/17 Piotr Lewandowski <piotr.lewandowski@gmail.com>:
> Hi Alan,
>
> I need your advice what to do with my first RC-bug. :)

I would normally recommend CC'ing discussions relating to how to fix
the bug to the bug report itself - someone else might read the bug and
have something relevant to offer to the discussion, or alternatively
if the bug takes a while to fix it shows someone contemplating an NMU
why the solution is non-trivial and how you've considered fixing it
(which as the maintainer you're likely to know the repercussions of
the 'obvious' fix better than someone who first saw the package 5
minutes ago).

> * Jakub Wilk <ubanus@users.sf.net>, 2009-09-14 23:58:
>>
>> Package: l7-protocols
>> Version: 20090528-1
>> Severity: serious
>> Justification: Policy 10.8.3
>>
>> l7-protocols would happily overwrite user configuration files:
>>
>> # ls -l /etc/l7-protocols/extra/http-itunes.pat -rw------- 1 root root 30
>> Sep 14 22:57 /etc/l7-protocols/extra/http-itunes.pat
>>
>> # dpkg -i /path/to/l7-protocols_20090528-1_all.deb [...]
>> Unpacking l7-protocols (from .../l7-protocols_20090528-1_all.deb) ...
>> Setting up l7-protocols (20090528-1) ...
>>
>> # ls -l /etc/l7-protocols/extra/http-itunes.pat*
>> lrwxrwxrwx 1 root root 45 Sep 14 22:57
>> /etc/l7-protocols/extra/http-itunes.pat ->
>> /usr/share/l7-protocols/extra/http-itunes.pat
>
> I've talked to Jakub about this issue and we've came up with some possible
> solutions (none of which are ideal):
>
> 1) /etc/l7-protocols would be a symlink to /usr/share/l7-protocols managed
> by maintainer scripts of l7-protocols. It is not clear what to do during
> removal (and before purge) - we shouldn't leave a dangling symlink in /etc.

I would avoid this one:
mkdir /etc/l7-protocols/local-custom
# really makes it in /usr/share/l7-protocols is a bad idea

> 2) Patch l7-filter-userspace to look into /usr/share/l7-protocols for
> protocol definitions rather than /etc/l7-protocols. Then l7-protocols could
> provide no /etc/l7-protocols at all.
This might be a sensible option, although it's a significant deviation
from what upstream do. There are definitely other packages that take
this approach.

Would it be possible to make it look in both /etc/l7-protocols (which
gets installed/created empty by default) *and*
/usr/share/l7-protocols? That might make sense from a behaviour point
of view.

> 3) l7-protocols maintainer would maintain symlink farm, just like
> ca-certificates does. (This would be a significant maintenance burden,
> though.)
I don't much like this one, it seems like over-engineering the problem
with all that it would entail.

> 4) Just put all the protocol definitions into /etc/l7-protocols and make
> them conffiles.
That's an interesting one. They fall nicely into a grey area with
regards to what is/isn't really a conf file.

> 5) Mark symlinks in /etc/l7-protocols as conffiles. I don't know if it
> really would help, though.
To be honest I'm not actually sure what the behaviour would be in that
case either! Would be interesting to try it and see, if it works this
would be quite a good solution.

> What do you think?

I think I'd rank the solutions in order of preference 5 (if it
works!), 2 (adding both locations), 4, 2 (changing the location), 3, 1

How trivial would a patch for 2 be?

Alan

Message #15 received at 546665@bugs.debian.org (full text, mbox, reply):

From: Jakub Wilk <ubanus@users.sf.net>

To: Alan Woodland <awoodland@debian.org>, 546665@bugs.debian.org

Subject: Re: Bug#546665: l7-protocols: overwrites user configuration files

Date: Fri, 18 Sep 2009 22:10:44 +0200

* Alan Woodland <awoodland@debian.org>, 2009-09-17, 19:44:
>> 2) Patch l7-filter-userspace to look into /usr/share/l7-protocols for
>> protocol definitions rather than /etc/l7-protocols. Then l7-protocols could
>> provide no /etc/l7-protocols at all.
>This might be a sensible option, although it's a significant deviation
>from what upstream do. There are definitely other packages that take
>this approach.
>
>Would it be possible to make it look in both /etc/l7-protocols (which
>gets installed/created empty by default) *and*
>/usr/share/l7-protocols? That might make sense from a behaviour point
>of view.

That would be doable but not quite trivial.

But what should be the semantics of -p option in that case? Should 
/usr/share/l7-protocols be always read, or only if -p is not given?

-- 
Jakub Wilk

Message #20 received at 546665@bugs.debian.org (full text, mbox, reply):

From: Alan Woodland <alan.woodland@gmail.com>

To: Jakub Wilk <ubanus@users.sf.net>

Cc: 546665@bugs.debian.org

Subject: Re: Bug#546665: l7-protocols: overwrites user configuration files

Date: Fri, 18 Sep 2009 21:37:04 +0100

2009/9/18 Jakub Wilk <ubanus@users.sf.net>:
> * Alan Woodland <awoodland@debian.org>, 2009-09-17, 19:44:
>>>
>>> 2) Patch l7-filter-userspace to look into /usr/share/l7-protocols for
>>> protocol definitions rather than /etc/l7-protocols. Then l7-protocols
>>> could
>>> provide no /etc/l7-protocols at all.
>>
>> This might be a sensible option, although it's a significant deviation
>> from what upstream do. There are definitely other packages that take
>> this approach.
>>
>> Would it be possible to make it look in both /etc/l7-protocols (which
>> gets installed/created empty by default) *and*
>> /usr/share/l7-protocols? That might make sense from a behaviour point
>> of view.
>
> That would be doable but not quite trivial.
>
> But what should be the semantics of -p option in that case? Should
> /usr/share/l7-protocols be always read, or only if -p is not given?
>
I'd say it should look in /etc/l7-protocols and
/usr/share/l7-protocols if there is no -p given and where ever the
user specifies if -p is given. That way it's pretty much minimal
change from upstream (you could patch the manpage to say the default
path is /usr/share... and /etc/...).

I think it'd probably be worth getting a second opinion though on this
one really, try asking on debian-devel@lists.debian.org perhaps to see
what the collective wisdom is.

Alan

Message #25 received at 546665@bugs.debian.org (full text, mbox, reply):

From: Piotr Lewandowski <piotr.lewandowski@gmail.com>

To: Alan Woodland <awoodland@debian.org>

Cc: Jakub Wilk <ubanus@users.sf.net>, 546665@bugs.debian.org

Subject: Re: Bug#546665: l7-protocols: overwrites user configuration files

Date: Fri, 18 Sep 2009 22:43:13 +0200

* Alan Woodland <awoodland@debian.org>, 2009-09-17 19:44:
>> 1) /etc/l7-protocols would be a symlink to /usr/share/l7-protocols managed
>> by maintainer scripts of l7-protocols. It is not clear what to do during
>> removal (and before purge) - we shouldn't leave a dangling symlink in /etc.
>I would avoid this one:
>mkdir /etc/l7-protocols/local-custom
># really makes it in /usr/share/l7-protocols is a bad idea
(...)
>> 5) Mark symlinks in /etc/l7-protocols as conffiles. I don't know if it
>> really would help, though.
>To be honest I'm not actually sure what the behaviour would be in that
>case either! Would be interesting to try it and see, if it works this
>would be quite a good solution.
(...)
>I think I'd rank the solutions in order of preference 5 (if it
>works!), 2 (adding both locations), 4, 2 (changing the location), 3, 1

Unfortunately, it seems that solutions 5 and 1 are not applicable due to 
#421344[1] (dpkg: does not gracefully handle symlink conffiles). :/

[1] http://bugs.debian.org/421344

-- 
Piotr Lewandowski

Message #30 received at 546665-close@bugs.debian.org (full text, mbox, reply):

From: Piotr Lewandowski <piotr.lewandowski@gmail.com>

To: 546665-close@bugs.debian.org

Subject: Bug#546665: fixed in l7-protocols 20090528-2

Date: Wed, 30 Sep 2009 22:46:20 +0000

Source: l7-protocols
Source-Version: 20090528-2

We believe that the bug you reported is fixed in the latest version of
l7-protocols, which is due to be installed in the Debian FTP archive:

l7-protocols_20090528-2.diff.gz
  to pool/main/l/l7-protocols/l7-protocols_20090528-2.diff.gz
l7-protocols_20090528-2.dsc
  to pool/main/l/l7-protocols/l7-protocols_20090528-2.dsc
l7-protocols_20090528-2_all.deb
  to pool/main/l/l7-protocols/l7-protocols_20090528-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 546665@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Piotr Lewandowski <piotr.lewandowski@gmail.com> (supplier of updated l7-protocols package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 27 Sep 2009 17:56:30 +0200
Source: l7-protocols
Binary: l7-protocols
Architecture: source all
Version: 20090528-2
Distribution: unstable
Urgency: low
Maintainer: Piotr Lewandowski <piotr.lewandowski@gmail.com>
Changed-By: Piotr Lewandowski <piotr.lewandowski@gmail.com>
Description: 
 l7-protocols - protocol definitions for the Linux layer 7 packet classifier
Closes: 546665
Changes: 
 l7-protocols (20090528-2) unstable; urgency=low
 .
   * Do not ship symlinks in /etc (closes: #546665).
   * Minimize debian/rules.
   * debian/control: add Vcs-* fields.
Checksums-Sha1: 
 9e657ed4a364507d3e24b3899aebd4c050598e5a 1184 l7-protocols_20090528-2.dsc
 22c90ac303cb691ba4255bb1ec15ec796bd30af6 6799 l7-protocols_20090528-2.diff.gz
 6551d39286782a9e5b9c0fbd3a3100ec96774ccc 64424 l7-protocols_20090528-2_all.deb
Checksums-Sha256: 
 7c7e31bded9c78184c62c398eff365fa589a31754a5b9bed909c9175bfba6351 1184 l7-protocols_20090528-2.dsc
 516e468e91d5b62c5b7b0964e1672b930d95f6dcf1298d524c130c23346fd919 6799 l7-protocols_20090528-2.diff.gz
 ed6e8387cd1e279131b6e4cea23f79c5357f387979e7d95784c78852a9a92366 64424 l7-protocols_20090528-2_all.deb
Files: 
 3f26353f0311d2600eff848fd52e0a54 1184 net extra l7-protocols_20090528-2.dsc
 a8b4bd53b1d6d81c6ccda77a2f21bc54 6799 net extra l7-protocols_20090528-2.diff.gz
 5320636189eaa55e0ed8e2dd686c92ae 64424 net extra l7-protocols_20090528-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrDz4cACgkQ1FNW1LDdr0KJ4ACfTROCXDkpmBl0nMYMLAUy3va4
MtcAn09JCXUTYflNwMV8fIYqiWrZjxa5
=63WW
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.