Ticket #383 (closed defect: fixed)
config-package-dev quoting bug fails to disallow transformation of generated conffiles
Reported by: | andersk | Owned by: | |
---|---|---|---|
Priority: | low | Milestone: | The Distant Future |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
Our original intention with the config-package-dev API was to disallow transformation of a generated conffiles, because there is no md5sum with which to check that the file is unmodified in the current build environment. Instead, one should transform the source of the generated conffile, e.g. /usr/share/kerberos-configs/krb.conf.template instead of /etc/krb.conf.debathena, as I think we do with all the current Debathena packages.
However, a quoting bug in check-files.mk causes this test to never trip:
$(call debian_check_files_tmp,%): package = $(shell dpkg -S $(name) | grep -v "^diversion by" | cut -f1 -d:) $(call debian_check_files_tmp,%): $(truename) [ -n $(package) ] …
since both [ -n ] and [ -n foo ] return true.
Apparently XVM is a consumer of this API bug (/etc/postgresql/8.3/main/postgresql.conf in invirt-database), although that could easily be fixed.
Attachments
Change History
comment:1 in reply to: ↑ description Changed 15 years ago by andersk
comment:3 Changed 14 years ago by broder
attachment:config-package-dev_trac383.diff makes the simple quoting change to fix this.
I've tested it against a current package that correctly uses DEB_TRANSFORM_FILES (alpine-config), and verified that it succeeds.
I've also tested it against a fake version of debathena-ssh-server-config that uses DEB_TRANSFORM_FILES instead of pulling the config file out of the postinst. That version successfully triggered the check and errored out.
Replying to andersk:
As it turns out, this led to a bug in Invirt’s /etc/postgresql/8.3/main/postgresql.conf. (Specifically, the production servers ended up with a different locale configured than the dev servers, and an incorrect postgresql.conf eventually trickled back from prod to dev when invirt-database-server was built on prod.)