Bug#794933: apache2-suexec-custom: prompting due to modified conffiles which were not modified by the user: /etc/apache2/conf-available/security.conf
Here is a status update.
In 2.4.10-10+deb8u2 in the Debian 8.2 point release, I have included this
fix:
* Fix upgrade logic: When upgrading from wheezy with apache2.2-common
but without apache2 installed to jessie, part of the conffile handling
logic would not run, causing outdated conffile content to be kept.
This is part of the solution for bug #794933. The other part will be
included in the upgrade to Debian 9 (stretch).
This means that systems that were upgraded from wheezy direcly to jessie
8.2 or newer won't encounter the bug.
But those systems that were upgraded to an early version of jessie now
have some conffiles with old contents from wheezy instead of the new
content from jessie. And dpkg thinks that the user changed the conffiles,
which will cause conffile questions during the next upgrade that changes
the affected conffiles.
To avoid these questions, I intend to
* include the correct content of the conffiles base64 encoded in the
preinst. This is very ugly but there seems to be no other way. In preinst,
the files of the new package are not unpacked, yet.
* check in preinst if the conffiles on disk match the wheezy versions
* if yes, replace them with the correct version (and save backup copies)
* let dpkg do the upgrade. dpkg will not ask questions about the affected
conffiles because they already have exactly the same content as in the new
package.
* in postinst, delete the saved copies of the old content
I think I have a patch that does this correctly.
Is it possible with piuparts to test these upgrade paths:
wheezy -> jessie 8.0 -> stretch
wheezy -> jessie 8.recent -> stretch
wheezy -> jessie 8.0 -> jessie 8.recent -> stretch
It may be a bit complicated because 8.0 is not on the mirrors anymore.
If yes, would you have time to do the testing? Thanks in advance.
Cheers,
Stefan
Reply to: