[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Overriding conf file with symlink under /etc considered harmful

I am CCing debian-custom, as this is an issue for all CDDs.  Please followup 
there.  Sorry if this is ground that has been covered already here or in 
-devel, but the traffic on these two lists is considerable, and I have only 
just skimmed as I have found time, so quite likely I missed this the first 
time it came up.

On Fri, Apr 09, 2004 at 04:48:00AM +0200, Jonas Smedegaard wrote:
> Ok, let me rephrase: Overriding a conffile with a symlink is not handled
> properly in Debian.

OK, now I understand you.

> this is not a problem for developers, but for users. Please read on...

Got it.

> Debian Policy is for package maintainers, not for local systems
> administrators. I warned earlier that Skolelinux packages breaks policy
> by making changes to conffiles of other packages, but was then told that
> Skolelinux packages does not do that - they just provide scripts for the
> local admin to do the changes automatically (and runs those scripts
> through debconf). I honestly did not buy that argument, but didn't want
> to waste more time on the issue - I made my point, and it wasn't accepted.

Hm.  Furnish an example?  Do you mean the dhcp3.conf symlink is made by a
debconf script run from a package other than dhcp3-server?  This seems a bit
fishy.  If the script modifying another package's conf files is run through
debconf, then I, too, would say the package does indeed modify other
scripts' conffiles and is in violation of policy.  But it's all a matter of
interpretation.  Also, it is not an easy problem to solve for CDDs because a 
CDD aims to configure a Debian system in some sane way.  It is cumbersome to 
have to coordinate with the package maintainers of all packages contained 
within a CDD to make a mechanism that will assist in configuring the system 
the way we want it, but that appears to be the only policy-compliant option.

> So, the packages are not in violation with Debian Policy because the
> tampering of other packages is (in a smart way) left to the local admin.
> I therefore do *not* complain about a breach of policy, but about an
> unwise thing for (developers to persuade) local admins to do.

Where "persuasion" is the debconf question (defaulting to "no"?) "do you 
want to modify this other package's conf file?"

> Try this:
> ~ 1) Install dhcp3-server
> ~ 2) Replace manually /etc/dhcp3/dhcpd.conf with a symlink
> ~ 3) Update dhcp3-server to a newer version (with changes to the
> conffile, so that the "do you want to update this file" dialogue appears.
> As far as I remember (as a local admin I stopped using symlinks some
> time ago), the update proces now no longer warns about upgrades, but
> just silently ignores them. This is bad, because the whole point of the
> warning is that if the conffile is updated it is quite possible those
> changes are needed, even if changed locally.

Why is this?  Is it because the symlink itself does not change?  I should 
think md5sum would catch this.  And I don't see a "no dereference" option 
for md5sum.  Or is there a date check in there too?  I'm confused about what 
leads to this problem.

 ,-.  nSLUG    http://www.nslug.ns.ca   synrg@sanctuary.nslug.ns.ca
 \`'  Debian   http://www.debian.org    synrg@debian.org
  `          [ gpg 395C F3A4 35D3 D247 1387 2D9E 5A94 F3CA 0B27 13C8 ]
             [ pgp 7F DA 09 4B BA 2C 0D E0 1B B1 31 ED C6 A9 39 4F ]

Reply to: