Re: Does debconf-set-selections automatically deletes values from debconf database once they are used?

To: debian-devel@lists.debian.org
Subject: Re: Does debconf-set-selections automatically deletes values from debconf database once they are used?
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 14 Nov 2016 00:54:12 +0000
Message-id: <[🔎] 20161114005412.GA25152@riva.ucam.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] CAMhVC3ZFCYT=V6Y1MACO0o3C1hd1NzWv=PPQFcBqb6-suhBpzQ@mail.gmail.com>
References: <[🔎] CAMhVC3ZFCYT=V6Y1MACO0o3C1hd1NzWv=PPQFcBqb6-suhBpzQ@mail.gmail.com>

On Sun, Nov 13, 2016 at 10:56:32PM +0200, Yuri Kanivetsky wrote:
>     # sudo debconf-set-selections <<< "mysql-community-server
> mysql-community-server/remove-data-dir boolean true"
> 
>     # echo GET mysql-community-server/remove-data-dir | debconf-communicate
>     0 true
> 
>     # apt purge mysql-*
>     ...
> 
>     # echo GET mysql-community-server/remove-data-dir | debconf-communicate
>     10 mysql-community-server/remove-data-dir doesn't exist

This happens because packages generally purge questions owned by them
from the debconf database when they themselves are purged.  This is up
to each package, but debhelper's standard debconf integration code gets
it right and packages generally don't deviate from that unless they have
some particularly good reason.

>     # sudo debconf-set-selections <<< "mysql-server
> mysql-server/root_password password 123456"
> 
>     # sudo debconf-set-selections <<< "mysql-server
> mysql-server/root_password_again password 123456"
> 
>     # echo GET mysql-server/root_password | debconf-communicate
>     0 123456
> 
>     # apt install mysql-server-5.6
>     ...
> 
>     # echo GET mysql-server/root_password | debconf-communicate
>     0

This happens because mysql-server-5.6's postinst script explicitly
clears the password from the debconf database in order to avoid it
staying around on disk.

> Why I can set a value when the package is not installed yet, but
> getting it after removing the package triggers an error?

These are consistent.  You can always set a question's value using
debconf-set-selections (it registers the question if it doesn't exist
yet, because debconf-set-selections is intended to be used for
preseeding).  Your first GET above succeeded because you'd preseeded the
value yourself; the second failed because when you purged the package it
removed the preseeded question.

> And more importantly, is the password still in debconf database after
> installing the package?

You were right to check, since it's possible for packages to get this
wrong, but no, it's not.

Also, by default, questions of "password" type go into a separate
debconf database which is only readable by root.  This isn't great
protection and packages should still ensure that passwords aren't left
there long-term, but it's better than nothing.

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Does debconf-set-selections automatically deletes values from debconf database once they are used?
  - From: Yuri Kanivetsky <yuri.kanivetsky@gmail.com>

Prev by Date: Re: debian/compat and debian/control debhelper dependency
Next by Date: Re: debian/compat and debian/control debhelper dependency
Previous by thread: Does debconf-set-selections automatically deletes values from debconf database once they are used?
Next by thread: Bug#844259: ITP: r-cran-rentrez -- GNU R interface to the NCBI's EUtils API
Index(es):
- Date
- Thread