Frans Pop wrote: > Because a dpkg-reconfigure needs to ask the question even if a keymap is > installed. if [ ! -e /etc/whatever_file ] || [ "$1" = reconfigure ]; then # ask question fi > I decided on /tmp as the file really _is_ a temporary file: exists only for > the duration of the installation. And I made sure it was in a temp > directory that could be said to be "controlled" by D-I because of its name. > As you said yourself: there's absolutely no attack vector. The only reason there is no serious attack vector is because console-common only checks if the file exists. /tmp/debian-installer/ is not "controlled" by d-i post-installation. If I want to prevent the admin from seeing the keymap question, I can now do it, on any Debian system. This *is* a minor security hole. > > The other option would be debconf preseeding, and preseeding > > console-data/keymap/policy seen should avoid the question. And would be > > less ugly than a flag file. > > But it would affect an 'aptitude reinstall' of the package. I don't expect reinstallation of a package to re-ask configuration values. If I want that, I purge the package before reinstalling. -- see shy jo
Attachment:
signature.asc
Description: Digital signature