As I was extremely tired last night I decided to quit the discussion until after some sleep. On Monday 17 December 2007, Joey Hess wrote: > Frans Pop wrote: > > Because a dpkg-reconfigure needs to ask the question even if a keymap > > is installed. > > if [ ! -e /etc/whatever_file ] || [ "$1" = reconfigure ]; then > # ask question > fi Having d-i write an /etc/whatever_file for this still seems very ugly to me. > The only reason there is no serious attack vector is because > console-common only checks if the file exists. /tmp/debian-installer/ is > not "controlled" by d-i post-installation. If I want to prevent the > admin from seeing the keymap question, I can now do it, on any Debian > system. This *is* a minor security hole. Does not change the fact that the probability of anyone abusing that "hole" is about 0 and the effects if they do so is about null. On a scale from 1 to 100 I would personally rate this security issue at about -0. That said, I totally agree that this is not something that should be implemented as a general mechanism and after some reflection I've come to the conclusion that your suggestion to set the "seen" flag is probably the best solution. The (tested) patch below for kbd-chooser's post-base-installer hook script implements this by first "preseeding" the template in the D-I environment and then using debconf-copydb to propagate it to the target system. If there is a clean way to set the flag directly in the target environment, please propose an alternative patch. If this patch is acked, I will implement it in kbd-chooser and Christian can then revert the changes in console-common and console-data at his convenience. I don't think there's any need to rush new uploads for those packages. It would have been ever so nice if this discussion could have been taken place _before_ the other solution had been implemented. Lessons for the future: - if someone proposes a patch with an RFC and some reservations, please don't just upload the patch but allow some time for feedback - if someone posts an RFC it would be nice if more people took the trouble to read it, consider the issue and post their opinion; preferable with arguments (even if they agree) and alternatives (if they don't) Cheers, FJP ==== +# Avoid displaying console-data's keymap policy question +cd_template=console-data/keymap/policy +cd_policy="Don't touch keymap" +if ! db_set $cd_template "$cd_policy"; then + db_register debian-installer/dummy $cd_template + db_set $cd_template "$cd_policy" + db_subst $cd_template ID $cd_template +fi +db_fset $cd_template seen true +debconf-copydb -p $cd_template configdb target_configdb apt-install console-tools console-data console-common || true
Attachment:
signature.asc
Description: This is a digitally signed message part.