Stupid Hacks

We do a lot of things to work around upstream or infrastructure failures. Ideally, these upstream issues will eventually be fixed, and we should remove the hack at that time. Here's a list of things we do, organized by package. This page should be periodically reviewed, and when the upstream condition is fixed in all release that we care about, the hack should be removed.


In athena-auto-update, in warn(), we check if a previous warning occurred. The only reason we do this is so that 2 consecutive warnings is defined as a failure. Nagios is unable to handle a condition such as "If service FOO has been in state WARN for at least N hours, change the state to FAIL." So we generate that logic on the client (from Nagios' perspective) end.

We use timeout(1) due in the aptitude --download-only code because of  DebianBug:629266 and #1020. This is a terrible idea and downloads that take > 30m will fail.


In snapshot-run, as of Natty, a patch to sudo causes it to no longer run initgroups(3), and thus it doesn't pick up the group changes when we add users to the admin group, etc. Therefore, we manually add a line to sudoers inside the chroot. We should write our own wrapper which calls initgroups(3) and then exec's whatever we want. The only reason we use sudo inside snapshot-run's schroot invocation is because it runs initgroups(3) for us. Gone as of Precise, we now have our own wrapper

Tokens briefly broke in Natty due to bugs in pam-afs-session. See #928 and r25223 through r25225. Should be fixed in Precise.


The only reason the initscript exists is because we can't invoke "lpadmin" while the CUPS server is down. This is, arguably, a bug in CUPS. It only affects installs over PXE (or done as root or something). It's possible that the right thing to do is drop in a policy-rc.d during the PXE install that does permit starting the CUPS daemon. Significant testing is required.

the PXE installer

  • We scribble over check-missing-firmware because it fails on RTL8169 chipsets. See r25352.
  • We don't have date(1), but we do have an NTP which answers on the daytime port. $(nc -w1 13)