Bug#794933: apache2-suexec-custom: prompting due to modified conffiles which were not modified by the user: /etc/apache2/conf-available/security.conf

To: Andreas Beckmann <anbe@debian.org>, 794933@bugs.debian.org
Subject: Bug#794933: apache2-suexec-custom: prompting due to modified conffiles which were not modified by the user: /etc/apache2/conf-available/security.conf
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sat, 25 Jun 2016 22:36:33 +0200
Message-id: <[🔎] 34928557.9nB1FzUL6b@k>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 794933@bugs.debian.org
In-reply-to: <574B204B.8070703@debian.org>
References: <20150808093814.32010.34089.reportbug@zam581.zam.kfa-juelich.de> <alpine.DEB.2.11.1605281859560.9946@eru.sfritsch.de> <574B204B.8070703@debian.org>

Hi Andreas,

sorry this took so long. I was rather busy in June.

On Sunday 29 May 2016 19:00:59, Andreas Beckmann wrote:
> On 2016-05-28 22:21, Stefan Fritsch wrote:
> > I think I have a patch that does this correctly.
> 
> Sounds promising. Be Is it generic enough s.t. it could be reused by
> other packages with similar problems? (right now I remember squid
> and libreoffice, but I think there were more)

It's still a long way to a dh_fixbrokenconffiles, but I could imagine 
that people with the same problem may want to get inspired by the 
code.

> 
> > Is it possible with piuparts to test these upgrade paths:
> > 
> > wheezy -> jessie 8.0 -> stretch
> > wheezy -> jessie 8.recent -> stretch
> > wheezy -> jessie 8.0 -> jessie 8.recent -> stretch
> > 
> > It may be a bit complicated because 8.0 is not on the mirrors
> > anymore.
> we could use archive.d.org
> 
> > If yes, would you have time to do the testing? Thanks in advance.
> 
> If you help me a bit :-) It will require some scripting ... and
> maybe some new piuparts features to be coded - on my side.
> 
> Do you have only one set of new packages for stretch to be tested or
> are there new packages targeting jessie as well?

I am only planning for a fix in stretch. Puting the same complicated 
logic into jessie seems too risky to me.

> 
> So the upgrade path will actually be
> 
> wheezy -> jessie X.Y -> stretch+new

yes

> (or up to wheezy -> jessie X.Y -> jessie X.Z(+new) -> stretch ->
> stetch+new)
> 
> (with a "reference" ending in plain stretch, to see if you actually
> fixed something)
> 
> Build the packages for amd64 and put them together with a
> Packages.gz on some webspace. If it's more than one source package
> for a distro - no problem, throw them all into one repo. Version
> must be higher than the version in stretch, s.t. I can use stretch
> + your repo and have apt do the right thing.

I have put them here:

deb http://www.sfritsch.de/~stf/794933/2.4.20-3~test1/ ./

Signed with my gpg key (or use https).

> Can you find the sources.list entry needed to install jessie 8.0
> from archive.d.org? (Full jessie 8.0, not just a few packages.)

With these release dates

2015-04-26 8.0
2015-06-06 8.1
2015-09-05 8.2

I have found:

http://snapshot.debian.org/archive/debian/20150601T041739Z/

You will need to set Acquire::Check-Valid-Until=false in the apt 
config.

> 
> Then I need a list of packages (indivudal ones or sets, from wheezy)
> to be tested on these upgrade paths. And there is the option
> --with-recommends, if needed.

Installing only apache2.2-common on wheezy should do the trick and 
pull in apache2 when upgrading to jessie.

> You'll get some logfiles to analyze in return.

Thanks again for your help :)

> 
> Sounds not too complicated :-)
> 
> 
> Andreas
> 
> PS: Do you want to do tests with user-modified conffiles as well?
> These should probably get prompts and "fail". Requires a recipe for
> modification.

Let's try the unmodified case first.

Cheers,
Stefan

Reply to:

Prev by Date: Processed: tagging 827472, tagging 827444, tagging 827258
Next by Date: Bug#828236: apache2: FTBFS with openssl 1.1.0
Previous by thread: Processed: tagging 827472, tagging 827444, tagging 827258
Next by thread: Bug#828236: apache2: FTBFS with openssl 1.1.0
Index(es):
- Date
- Thread