Debian Bug report logs - #688891
psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf

version graph

Package: psad; Maintainer for psad is Franck Joncourt <franck@debian.org>; Source for psad is src:psad.

Reported by: Andreas Beckmann <anbe@debian.org>

Date: Wed, 26 Sep 2012 17:03:01 UTC

Severity: serious

Tags: patch, squeeze-ignore

Found in versions psad/2.2-2, psad/2.1.7-1, psad/2.2-3

Fixed in version psad/2.2-3.1

Done: gregor herrmann <gregoa@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Wed, 26 Sep 2012 17:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Beckmann <debian@abeckmann.de>:
New Bug report received and forwarded. Copy sent to Franck Joncourt <franck@debian.org>. (Wed, 26 Sep 2012 17:03:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Andreas Beckmann <debian@abeckmann.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Wed, 26 Sep 2012 18:58:50 +0200
[Message part 1 (text/plain, inline)]
Package: psad
Version: 2.2-2
Severity: serious
Tags: squeeze-ignore
User: debian-qa@lists.debian.org
Usertags: piuparts
Control: found -1 2.1.7-1

Hi,

during a test with piuparts I noticed your package modifies conffiles.
This is forbidden by the policy, see
http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files

10.7.3: "[...] The easy way to achieve this behavior is to make the
configuration file a conffile. [...] This implies that the default
version will be part of the package distribution, and must not be
modified by the maintainer scripts during installation (or at any
other time)."

Note that once a package ships a modified version of that conffile,
dpkg will prompt the user for an action how to handle the upgrade of
this modified conffile (that was not modified by the user).

Further in 10.7.3: "[...] must not ask unnecessary questions
(particularly during upgrades) [...]"

If a configuration file is customized by a maintainer script after
having asked some debconf questions, it may not be marked as a
conffile. Instead a template could be installed in /usr/share and used
by the postinst script to fill in the custom values and create (or
update) the configuration file (preserving any user modifications!).
This file must be removed during postrm purge.
ucf(1) may help with these tasks.
See also http://wiki.debian.org/DpkgConffileHandling

In https://lists.debian.org/debian-devel/2012/09/msg00412.html and
followups it has been agreed that these bugs are to be filed with
severity serious.

debsums reports modification of the following files,
from the attached log (scroll to the bottom...):

  /etc/psad/psad.conf


cheers,

Andreas
[psad_2.2-2.log.gz (application/x-gzip, attachment)]

Marked as found in versions psad/2.1.7-1. Request was from Andreas Beckmann <debian@abeckmann.de> to submit@bugs.debian.org. (Wed, 26 Sep 2012 17:03:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Wed, 10 Oct 2012 17:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Wed, 10 Oct 2012 17:51:03 GMT) Full text and rfc822 format available.

Message #12 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Wed, 10 Oct 2012 19:47:06 +0200
[Message part 1 (text/plain, inline)]
On Wed, 26 Sep 2012 18:58:50 +0200, Andreas Beckmann wrote:

> Package: psad
> Version: 2.2-2
> Severity: serious
> Tags: squeeze-ignore
> User: debian-qa@lists.debian.org
> Usertags: piuparts
> Control: found -1 2.1.7-1
> 
> during a test with piuparts I noticed your package modifies conffiles.
> This is forbidden by the policy, see
> http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files

> debsums reports modification of the following files,
> from the attached log (scroll to the bottom...):
> 
>   /etc/psad/psad.conf

Looks like #675231. The fix in -2 (set back the variable in preinst)
doesn't help against the underlying cause which is that the package
ships /etc/psad/psad.conf and then modifies it in postinst.

I think the way to go is:
- revert the change in preinst
- install psad.conf to /usr/share/psad/ or similar instead of
  /etc/psad
- copy it to /etc/psad if /etc/psad/psad.conf doesn't exist
- rm -f /etc/psad/psad.conf in postrm/purge

What makes me a bit unhappy is the unconditional replacing in
postinst; this will also overwrite any changes made by the admin. I
guess it could be limited to the case where the file still contains
_CHANGEME_, and (maybe, if this is necessary) to the case where the
current value doesn't match `hostname`.

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Beach Boys: Darlin'
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#688891; Package psad. (Wed, 10 Oct 2012 20:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Franck Joncourt <franck@debian.org>:
Extra info received and forwarded to list. (Wed, 10 Oct 2012 20:12:03 GMT) Full text and rfc822 format available.

Message #17 received at 688891@bugs.debian.org (full text, mbox):

From: Franck Joncourt <franck@debian.org>
To: gregor herrmann <gregoa@debian.org>, 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Wed, 10 Oct 2012 21:30:17 +0200
Hi gregor,

I have to check this bug too, but I have been working on fwknop so far : 
CVE + FTBS on mips.

I will check your proposal tommorow, and see if I can fix it as soon as 
possible to make it work properly.

Regards,

--
Franck



Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Wed, 10 Oct 2012 20:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Wed, 10 Oct 2012 20:24:03 GMT) Full text and rfc822 format available.

Message #22 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: Franck Joncourt <franck@debian.org>
Cc: 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Wed, 10 Oct 2012 22:21:55 +0200
[Message part 1 (text/plain, inline)]
On Wed, 10 Oct 2012 21:30:17 +0200, Franck Joncourt wrote:

> I have to check this bug too, but I have been working on fwknop so
> far : CVE + FTBS on mips.
> I will check your proposal tommorow, and see if I can fix it as soon
> as possible to make it work properly.

Cool, thanks!

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Joe Cocker: Feeling Alright
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#688891; Package psad. (Mon, 15 Oct 2012 06:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Franck Joncourt <franck@debian.org>:
Extra info received and forwarded to list. (Mon, 15 Oct 2012 06:42:03 GMT) Full text and rfc822 format available.

Message #27 received at 688891@bugs.debian.org (full text, mbox):

From: Franck Joncourt <franck@debian.org>
To: gregor herrmann <gregoa@debian.org>, 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Mon, 15 Oct 2012 08:31:52 +0200
Hi Gregor,

I have not found the time to work on psad since Wedneday, so if you want to fix 
psad please do so. I let you know when I am ready to work on it.

Regards,

--
Franck




Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Sun, 21 Oct 2012 15:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Sun, 21 Oct 2012 15:24:03 GMT) Full text and rfc822 format available.

Message #32 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: Franck Joncourt <franck@debian.org>, 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Sun, 21 Oct 2012 17:22:10 +0200
[Message part 1 (text/plain, inline)]
Control: tag -1 + patch

On Mon, 15 Oct 2012 08:31:52 +0200, Franck Joncourt wrote:

> I have not found the time to work on psad since Wedneday, so if you
> want to fix psad please do so. I let you know when I am ready to
> work on it.

Sorry for my late reply, I was mostly away from $HOME during the last
week.

I'm attaching a diff that implements my ideas from the last mail;
still, I'm not sure about the unconditional replacing in the postinst
...

Cheers,
gregor
 
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Dido: Hunter
[688891.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from gregor herrmann <gregoa@debian.org> to 688891-submit@bugs.debian.org. (Sun, 21 Oct 2012 15:24:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#688891; Package psad. (Tue, 23 Oct 2012 00:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Franck Joncourt <franck@debian.org>:
Extra info received and forwarded to list. (Tue, 23 Oct 2012 00:03:02 GMT) Full text and rfc822 format available.

Message #39 received at 688891@bugs.debian.org (full text, mbox):

From: Franck Joncourt <franck@debian.org>
To: gregor herrmann <gregoa@debian.org>
Cc: 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Mon, 22 Oct 2012 22:22:06 +0200
Le 21/10/2012 17:22, gregor herrmann a écrit :

Hi Gregor,

> On Mon, 15 Oct 2012 08:31:52 +0200, Franck Joncourt wrote:
>
>> I have not found the time to work on psad since Wedneday, so if you
>> want to fix psad please do so. I let you know when I am ready to
>> work on it.
>
> Sorry for my late reply, I was mostly away from $HOME during the last
> week.

No problem :)

> I'm attaching a diff that implements my ideas from the last mail;

Thank you very much.

> still, I'm not sure about the unconditional replacing in the postinst
> ...

In the postinst script the psad.conf file is left in place if one is found, and 
if none, the embedded copie is placed in /etc/psad. So I am not sure what you 
mean by unconditional.

Regards,
Franck



Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Tue, 23 Oct 2012 06:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Tue, 23 Oct 2012 06:21:03 GMT) Full text and rfc822 format available.

Message #44 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: Franck Joncourt <franck@debian.org>
Cc: 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Tue, 23 Oct 2012 08:16:19 +0200
On Mon, 22 Oct 2012 22:22:06 +0200, Franck Joncourt wrote:

> >I'm attaching a diff that implements my ideas from the last mail;
> Thank you very much.

You're welcome :)
 
> >still, I'm not sure about the unconditional replacing in the postinst
> >...
> In the postinst script the psad.conf file is left in place if one is
> found, and if none, the embedded copie is placed in /etc/psad. So I
> am not sure what you mean by unconditional.

Sorry for being unclear; I didn't mean replacing the file, but
udpating the values within the file, i.e. lines 44/45 (in git):

  44     NAME=`hostname`
  45     update_conf "$NAME" "HOSTNAME" "/etc/psad/psad.conf"

This will overwrite the HOSTNAME variable in the file (also on
updates), which could have been been changed by the admin. - And
that's where I'm not sure ...

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   BOFH excuse #294:  PCMCIA slave driver 



Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Sun, 28 Oct 2012 14:15:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Sun, 28 Oct 2012 14:15:06 GMT) Full text and rfc822 format available.

Message #49 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: Franck Joncourt <franck@debian.org>
Cc: 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Sun, 28 Oct 2012 15:13:01 +0100
[Message part 1 (text/plain, inline)]
On Sun, 28 Oct 2012 14:58:49 +0100, Franck Joncourt wrote:

> >Sorry for being unclear; I didn't mean replacing the file, but
> >udpating the values within the file, i.e. lines 44/45 (in git):
> >
> >   44     NAME=`hostname`
> >   45     update_conf "$NAME" "HOSTNAME" "/etc/psad/psad.conf"
> >
> >This will overwrite the HOSTNAME variable in the file (also on
> >updates), which could have been been changed by the admin. - And
> >that's where I'm not sure ...
> 
> The solution I can find is to leave this entry as _CHANGEME_ in
> psad.conf and maybe add a note in the README.debian file.
> It does not prevent the daemon to start. I think that would be
> better than overwriting any existing value set by the admin.

Thanks, that was the missing piece for me :)
(That the daemon also works with _CHANGEME_.)

In this case /etc/psad/psad.conf could be installed as before, and
the postinst (and removal in postrm) can just be dropped ... Nice.

Yes, this sounds easier.


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Nick Drake: Which Will
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#688891; Package psad. (Sun, 28 Oct 2012 15:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Franck Joncourt <franck@debian.org>:
Extra info received and forwarded to list. (Sun, 28 Oct 2012 15:57:03 GMT) Full text and rfc822 format available.

Message #54 received at 688891@bugs.debian.org (full text, mbox):

From: Franck Joncourt <franck@debian.org>
To: gregor herrmann <gregoa@debian.org>, 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Sun, 28 Oct 2012 16:19:48 +0100
I have updated the package accordingly

http://anonscm.debian.org/gitweb/?p=collab-maint/psad.git;a=summary

I am about to upload the package. I just need to update my system to run 
the latest lintian on it and that should be ok.

Regards,
Franck




Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Sun, 28 Oct 2012 16:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Sun, 28 Oct 2012 16:33:03 GMT) Full text and rfc822 format available.

Message #59 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: Franck Joncourt <franck@debian.org>
Cc: 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Sun, 28 Oct 2012 17:31:52 +0100
[Message part 1 (text/plain, inline)]
On Sun, 28 Oct 2012 16:19:48 +0100, Franck Joncourt wrote:

> I have updated the package accordingly
> http://anonscm.debian.org/gitweb/?p=collab-maint/psad.git;a=summary

Looks good!
 
> I am about to upload the package. I just need to update my system to
> run the latest lintian on it and that should be ok.

Excellent, thanks.


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: STS: Aber niemals
[signature.asc (application/pgp-signature, inline)]

Reply sent to Franck Joncourt <franck@debian.org>:
You have taken responsibility. (Sun, 28 Oct 2012 16:51:10 GMT) Full text and rfc822 format available.

Notification sent to Andreas Beckmann <debian@abeckmann.de>:
Bug acknowledged by developer. (Sun, 28 Oct 2012 16:51:11 GMT) Full text and rfc822 format available.

Message #64 received at 688891-close@bugs.debian.org (full text, mbox):

From: Franck Joncourt <franck@debian.org>
To: 688891-close@bugs.debian.org
Subject: Bug#688891: fixed in psad 2.2-3
Date: Sun, 28 Oct 2012 16:47:25 +0000
Source: psad
Source-Version: 2.2-3

We believe that the bug you reported is fixed in the latest version of
psad, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 688891@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Franck Joncourt <franck@debian.org> (supplier of updated psad package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 28 Oct 2012 15:47:04 +0100
Source: psad
Binary: psad
Architecture: source amd64
Version: 2.2-3
Distribution: unstable
Urgency: low
Maintainer: Franck Joncourt <franck@debian.org>
Changed-By: Franck Joncourt <franck@debian.org>
Description: 
 psad       - Port Scan Attack Detector
Closes: 688891
Changes: 
 psad (2.2-3) unstable; urgency=low
 .
   * Fix "modifies conffiles (policy 10.7.3): /etc/psad/psad.conf"
     (Closes: #688891). Thanks gregoa to help me fix this.
     - Reverted the changes from 2.2-2 in d.psad.preinst.
     - Removed the d.psad.postinst script which updated the HOSTNAME variable
       from psad.conf. The psad daemon can start without the default value in
       psad.conf (_CHANGEME_).
   * Removed the /var/run/psad directory in d.psad.postrm when purging the
     package.
Checksums-Sha1: 
 c03f7b87abaa1781709bc16abe0a1cc3cc7c897c 1184 psad_2.2-3.dsc
 c2dee269b6a5d628ea2107d655ea66fd7f26f446 12554 psad_2.2-3.debian.tar.gz
 e1663cdeacc671737cbe6e9fa835506977389a16 198252 psad_2.2-3_amd64.deb
Checksums-Sha256: 
 9c582c3e80b5bc790721b6a7a5555ffefd4f3427cdfea9a9bd20927d75b3614d 1184 psad_2.2-3.dsc
 5ad0a40b2a1ac5027b1c0a8724cd2316ee3e78a02e0865cceacc3258f38abe1c 12554 psad_2.2-3.debian.tar.gz
 65d827db04948a43ac126d5419f948df5a44ff7d978b9e1485c88029e196f2d6 198252 psad_2.2-3_amd64.deb
Files: 
 e8e9a9e30294a25c6897b4b537b963a6 1184 admin optional psad_2.2-3.dsc
 f771af9e8add67ba7601195b6dd455a6 12554 admin optional psad_2.2-3.debian.tar.gz
 e2efbfabe5c3a0b536105dbd9ed525a2 198252 admin optional psad_2.2-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlCNYR4ACgkQxJBTTnXAif4wzQCePlc9VTD8wgmsJ2Oi97uVaRMt
DwcAoLAVbR247/KZeiP/GrQvRyNUuZg4
=kMcz
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#688891; Package psad. (Sun, 28 Oct 2012 18:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Franck Joncourt <franck@debian.org>:
Extra info received and forwarded to list. (Sun, 28 Oct 2012 18:48:03 GMT) Full text and rfc822 format available.

Message #69 received at 688891@bugs.debian.org (full text, mbox):

From: Franck Joncourt <franck@debian.org>
To: gregor herrmann <gregoa@debian.org>
Cc: 688891@bugs.debian.org
Subject: Re: Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
Date: Sun, 28 Oct 2012 14:58:49 +0100
Hi Gregor,

Le 23/10/2012 08:16, gregor herrmann a écrit :
> On Mon, 22 Oct 2012 22:22:06 +0200, Franck Joncourt wrote:
>
>>> I'm attaching a diff that implements my ideas from the last mail;
>> Thank you very much.
>
> You're welcome :)
>
>>> still, I'm not sure about the unconditional replacing in the postinst
>>> ...
>> In the postinst script the psad.conf file is left in place if one is
>> found, and if none, the embedded copie is placed in /etc/psad. So I
>> am not sure what you mean by unconditional.
>
> Sorry for being unclear; I didn't mean replacing the file, but
> udpating the values within the file, i.e. lines 44/45 (in git):
>
>    44     NAME=`hostname`
>    45     update_conf "$NAME" "HOSTNAME" "/etc/psad/psad.conf"
>
> This will overwrite the HOSTNAME variable in the file (also on
> updates), which could have been been changed by the admin. - And
> that's where I'm not sure ...

The solution I can find is to leave this entry as _CHANGEME_ in 
psad.conf and maybe add a note in the README.debian file.
It does not prevent the daemon to start. I think that would be better 
than overwriting any existing value set by the admin.

Regards,

Franck




Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Thu, 01 Nov 2012 20:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Andreas Beckmann <debian@abeckmann.de>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Thu, 01 Nov 2012 20:57:03 GMT) Full text and rfc822 format available.

Message #74 received at 688891@bugs.debian.org (full text, mbox):

From: Andreas Beckmann <debian@abeckmann.de>
To: 688891@bugs.debian.org
Cc: gregor herrmann <gregoa@debian.org>
Subject: Re: Bug#688891 closed by Franck Joncourt <franck@debian.org> (Bug#688891: fixed in psad 2.2-3)
Date: Thu, 01 Nov 2012 21:56:04 +0100
Control: found -1 2.2-3

On 2012-10-28 17:51, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the psad package:
> 
> #688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf

This seems to be fixed for upgrades from testing (psad 2.2-2), but
upgrades from squeeze (psad 2.1.7-1) now generate an unwanted prompt:

  Setting up psad (2.2-3) ...
  Installing new version of config file /etc/init.d/psad ...
  Installing new version of config file /etc/psad/ip_options ...

  Configuration file `/etc/psad/psad.conf'
   ==> Modified (by you or by a script) since installation.
   ==> Package distributor has shipped an updated version.
     What would you like to do about it ?  Your options are:
      Y or I  : install the package maintainer's version
      N or O  : keep your currently-installed version
        D     : show the differences between the versions
        Z     : start a shell to examine the situation
   The default action is to keep your current version.
  *** psad.conf (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing psad
(--configure):
   EOF on stdin at conffile prompt
  configured to not write apport reports
  Errors were encountered while processing:
   psad

This was already reported as #675231 and fixed in 2.2-2.

Andreas



Marked as found in versions psad/2.2-3; no longer marked as fixed in versions psad/2.2-3 and reopened. Request was from Andreas Beckmann <debian@abeckmann.de> to 688891-submit@bugs.debian.org. (Thu, 01 Nov 2012 20:57:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Sun, 04 Nov 2012 15:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Sun, 04 Nov 2012 15:21:03 GMT) Full text and rfc822 format available.

Message #81 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: Andreas Beckmann <debian@abeckmann.de>, 688891@bugs.debian.org
Subject: Re: Bug#688891: closed by Franck Joncourt <franck@debian.org> (Bug#688891: fixed in psad 2.2-3)
Date: Sun, 4 Nov 2012 16:16:31 +0100
[Message part 1 (text/plain, inline)]
On Thu, 01 Nov 2012 21:56:04 +0100, Andreas Beckmann wrote:

> > #688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
> This seems to be fixed for upgrades from testing (psad 2.2-2), but
> upgrades from squeeze (psad 2.1.7-1) now generate an unwanted prompt:
> 
>   Setting up psad (2.2-3) ...
>   Installing new version of config file /etc/init.d/psad ...
>   Installing new version of config file /etc/psad/ip_options ...
> 
>   Configuration file `/etc/psad/psad.conf'
>    ==> Modified (by you or by a script) since installation.
>    ==> Package distributor has shipped an updated version.
>      What would you like to do about it ?  Your options are:
>       Y or I  : install the package maintainer's version
>       N or O  : keep your currently-installed version
>         D     : show the differences between the versions
>         Z     : start a shell to examine the situation
>    The default action is to keep your current version.
>   *** psad.conf (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing psad
> (--configure):
>    EOF on stdin at conffile prompt
>   configured to not write apport reports
>   Errors were encountered while processing:
>    psad
> 
> This was already reported as #675231 and fixed in 2.2-2.

Gnarf. Sorry for missing this.

I've been thinking about this a bit, and I'm not sure what the
elegant solution is.

What I've tried now is:
- add back the revert-changes part to the preinst
- but guard it with a version check so that it adds back _CHANGEME_
  only for upgrades from versions before this replacement was removed
  from the postinst

This seems to allow upgrades from 2.1.7-1; it also changes back the
value to _CHANGEME_ which is a bit ugly.

Debdiff attached.


Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Bruce Springsteen: Nothing Man
[688891_2.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Sun, 18 Nov 2012 16:21:42 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Sun, 18 Nov 2012 16:21:42 GMT) Full text and rfc822 format available.

Message #86 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: Andreas Beckmann <debian@abeckmann.de>, 688891@bugs.debian.org
Subject: Re: Bug#688891: closed by Franck Joncourt <franck@debian.org> (Bug#688891: fixed in psad 2.2-3)
Date: Sun, 18 Nov 2012 17:20:10 +0100
[Message part 1 (text/plain, inline)]
On Sun, 04 Nov 2012 16:16:31 +0100, gregor herrmann wrote:

> > > #688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf
> > This seems to be fixed for upgrades from testing (psad 2.2-2), but
> > upgrades from squeeze (psad 2.1.7-1) now generate an unwanted prompt:

> What I've tried now is:
> - add back the revert-changes part to the preinst
> - but guard it with a version check so that it adds back _CHANGEME_
>   only for upgrades from versions before this replacement was removed
>   from the postinst
> 
> This seems to allow upgrades from 2.1.7-1; it also changes back the
> value to _CHANGEME_ which is a bit ugly.

Hi Franck,

did you have the time to look into this bug and my patch?

If it helps I can upload it.


Cheers,
gregor
 
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Element of Crime: You
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#688891; Package psad. (Sun, 18 Nov 2012 21:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Franck Joncourt <franck@debian.org>:
Extra info received and forwarded to list. (Sun, 18 Nov 2012 21:21:03 GMT) Full text and rfc822 format available.

Message #91 received at 688891@bugs.debian.org (full text, mbox):

From: Franck Joncourt <franck@debian.org>
To: gregor herrmann <gregoa@debian.org>, 688891@bugs.debian.org
Subject: Re: Bug#688891: closed by Franck Joncourt <franck@debian.org> (Bug#688891: fixed in psad 2.2-3)
Date: Sun, 18 Nov 2012 22:11:26 +0100
Hi Gregor,

Le 18/11/2012 17:20, gregor herrmann a écrit :

> did you have the time to look into this bug and my patch?

The patch looks good to me even if this is not very elegant indeed.

> If it helps I can upload it.

I would appreciate. Thanks for your help gregor.

Regards,

Franck



Information forwarded to debian-bugs-dist@lists.debian.org, Franck Joncourt <franck@debian.org>:
Bug#688891; Package psad. (Sun, 18 Nov 2012 21:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Franck Joncourt <franck@debian.org>. (Sun, 18 Nov 2012 21:33:03 GMT) Full text and rfc822 format available.

Message #96 received at 688891@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: Franck Joncourt <franck@debian.org>
Cc: 688891@bugs.debian.org
Subject: Re: Bug#688891: closed by Franck Joncourt <franck@debian.org> (Bug#688891: fixed in psad 2.2-3)
Date: Sun, 18 Nov 2012 22:29:39 +0100
[Message part 1 (text/plain, inline)]
Control: tag -1 + pending

On Sun, 18 Nov 2012 22:11:26 +0100, Franck Joncourt wrote:

> >did you have the time to look into this bug and my patch?
> The patch looks good to me even if this is not very elegant indeed.

Thanks for checking!
 
> >If it helps I can upload it.
> I would appreciate. Thanks for your help gregor.

You're welcome; and: uploaded (to DELAYED/1 in case Andreas or
someone else wants to check again).


Cheers,
gregor, attaching the recent debdiff

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Funny van Dannen: Der Wind
[688891_3.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Added tag(s) pending. Request was from gregor herrmann <gregoa@debian.org> to 688891-submit@bugs.debian.org. (Sun, 18 Nov 2012 21:33:03 GMT) Full text and rfc822 format available.

Reply sent to gregor herrmann <gregoa@debian.org>:
You have taken responsibility. (Mon, 19 Nov 2012 21:51:03 GMT) Full text and rfc822 format available.

Notification sent to Andreas Beckmann <debian@abeckmann.de>:
Bug acknowledged by developer. (Mon, 19 Nov 2012 21:51:03 GMT) Full text and rfc822 format available.

Message #103 received at 688891-close@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: 688891-close@bugs.debian.org
Subject: Bug#688891: fixed in psad 2.2-3.1
Date: Mon, 19 Nov 2012 21:47:43 +0000
Source: psad
Source-Version: 2.2-3.1

We believe that the bug you reported is fixed in the latest version of
psad, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 688891@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <gregoa@debian.org> (supplier of updated psad package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 18 Nov 2012 22:25:13 +0100
Source: psad
Binary: psad
Architecture: source amd64
Version: 2.2-3.1
Distribution: unstable
Urgency: low
Maintainer: Franck Joncourt <franck@debian.org>
Changed-By: gregor herrmann <gregoa@debian.org>
Description: 
 psad       - Port Scan Attack Detector
Closes: 688891
Changes: 
 psad (2.2-3.1) unstable; urgency=low
 .
   * Non-maintainer upload with maintainer's approval.
   * Fix "modifies conffiles (policy 10.7.3): /etc/psad/psad.conf", second try:
     - add back changes to d.psad.preinst that revert changes to
       /etc/psad/psad.conf
     - but only for upgrades from versions before 2.2-3
     (Closes: #688891)
Checksums-Sha1: 
 0ed87dad15f9c76932a03c8f95e7383d9d2736e2 1832 psad_2.2-3.1.dsc
 78fe524fd37386d916096eb1d98f50549f361077 12927 psad_2.2-3.1.debian.tar.gz
 c9fa2aca62d7cbf0366f2f895e50296835017360 200710 psad_2.2-3.1_amd64.deb
Checksums-Sha256: 
 0bc8352e56e34a27e52f734ebd4eb29f9f76e88b1c3406550c583cd5ab5b71ee 1832 psad_2.2-3.1.dsc
 82b8d636b7ea97991f4ab14640c19f234693c03920179652e9810aa26e8d67cc 12927 psad_2.2-3.1.debian.tar.gz
 ca7a0882debfc4b753594464b1ab0b534601851ba2a11876b1bc5191b63e86f6 200710 psad_2.2-3.1_amd64.deb
Files: 
 4aa2cc1b48ed74d4950722cee6b376bc 1832 admin optional psad_2.2-3.1.dsc
 804577dc382ad8b3cc7ea431b0cfcee0 12927 admin optional psad_2.2-3.1.debian.tar.gz
 f61f0808885d57c064310fd7d55e827d 200710 admin optional psad_2.2-3.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQqVLEAAoJELs6aAGGSaoGT64QAKPujvsnoL2msGVdFR0diQz9
27Dv85zqaWXs0lMiTmLR0L9uXP8fdI2uxrK/t8BdUVoIuRQmax9T6zjlHvMGJv+1
W9PwlhxFHAmctkTFCl7aeWIGpdV/imlC9+QtLMPgjm87bG79ChBXeBHcrKDfyieY
zYxx9Ub2RJhf5GyWRa6MPQWcC0jdBhvdz5iZJDOT0daeKnUW/auesV3k5U0gevpj
y/FKHKT+bI0oX/aEf9k1ooeRUBAHvSRhiUx0YmoTDi28POBidn9nNAmtxSnMVUhE
87SH9+Akgogr9pCi9qP/nuDDdpZPuM2uDUvgzHB51Xj/3dAh8cL5+8Ei0KpKXEcc
QENvKGSvHLu1/uYoDscww7VnF25IeC16oFbZnBBaOIYTxiIaQUIlnvI1v6CiotEg
jxHHa3OJHvT2T0mvc961KeOV80xUtLFTFJerMYBwmGtECpb70kGUWanUrknQoL5L
GI9LPmSlFk5LrJRJdU5KoVDFhj+Ie3+mk+IQBNPCC0NBheXN9Ot1D3xtL2sW6LzJ
smfGkors950dOPU21or/exuMl2O2atdwFyYZmrxIcQAZYGZf1Jt7EEvAP13oXIvI
5Bg+04bXUCIaWCrt18IyqKnuWA1dT0BRwe1greyzhUKMToZI3RqrjuWL7vrKYyzO
qmeleUUyFvmssMYLvIjP
=VInN
-----END PGP SIGNATURE-----




Changed Bug submitter to 'Andreas Beckmann <anbe@debian.org>' from 'Andreas Beckmann <debian@abeckmann.de>' Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Sat, 26 Jan 2013 06:31:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 08:04:58 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.