Packages with incomplete .md5sum files

To: debian-devel@lists.debian.org
Subject: Packages with incomplete .md5sum files
From: Andreas Beckmann <debian@abeckmann.de>
Date: Thu, 10 Jan 2013 09:21:38 +0100
Message-id: <[🔎] 50EE7A12.1030204@abeckmann.de>

Hi,

the following packages from wheezy ship files that are excluded from 
the .md5sums file:

  gridsite: FILE WITHOUT MD5SUM /var/lib/gridsite/.gacl
  gridsite: FILE WITHOUT MD5SUM /var/lib/gridsite/gridsitefoot.txt
  gridsite: FILE WITHOUT MD5SUM /var/lib/gridsite/gridsitehead.txt
  libreoffice-common: FILE WITHOUT MD5SUM /var/lib/libreoffice/share/config/javasettingsunopkginstall.xml
  nfs-common: FILE WITHOUT MD5SUM /var/lib/nfs/state
  nfs-kernel-server: FILE WITHOUT MD5SUM /var/lib/nfs/etab
  nfs-kernel-server: FILE WITHOUT MD5SUM /var/lib/nfs/rmtab
  nfs-kernel-server: FILE WITHOUT MD5SUM /var/lib/nfs/xtab
  r-base-core-dbg: FILE WITHOUT MD5SUM /usr/lib/debug/usr/bin/Rscript
  r-base-core-dbg: FILE WITHOUT MD5SUM /usr/lib/debug/usr/lib/R/bin/Rscript
  r-base-core: FILE WITHOUT MD5SUM /usr/bin/R
  r-base-core: FILE WITHOUT MD5SUM /usr/bin/Rscript
  r-base-core: FILE WITHOUT MD5SUM /usr/lib/R/bin/Rscript
  r-base-core: FILE WITHOUT MD5SUM /usr/lib/R/etc/Renviron.ucf
  r-base-core: FILE WITHOUT MD5SUM /usr/share/R/doc/html/packages.html
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/backdoorports.dat
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/cn
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/de
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/en
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/zh
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/zh.utf8
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/mirrors.dat
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/programs_bad.dat
  rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/suspscan.dat

For sid there are additionally:

  pcp: FILE WITHOUT MD5SUM /var/lib/pcp/config/pmie/config.default
  pcp: FILE WITHOUT MD5SUM /var/lib/pcp/config/pmlogger/config.default
  pcp: FILE WITHOUT MD5SUM /var/lib/pcp/config/pmlogger/crontab

There are also several aspell and ispell dictionary hashes affected by 
this bug, see #690216 for a list of packages and files. What needs to 
happen there is quite clear, so I excluded them from this list.

Excluding shipped files from .md5sums looks seriously wrong for files 
in /usr and at least questionable in /var/lib.

Such excludes were probably added to work around "debsums reports a 
modified file in $pkg" bugs, but that is the wrong approach. If a state 
file (in /var/lib) is shipped by the package and actively modified by 
the package, it will be overwritten on every upgrade. Instead of 
shipping the file maintainer scripts (and maybe triggers) should be 
used to create/update them on package installation/upgrade and clean 
them up during remove/purge.

How should we proceed with these packages? Should I file bugs? With 
which severity?


Andreas

Reply to:

Follow-Ups:
- Re: Packages with incomplete .md5sum files
  - From: Michael Gilbert <mgilbert@debian.org>
- Re: Packages with incomplete .md5sum files
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Bug#697835: ITP: mruby -- lightweight implementation of the Ruby language
Next by Date: Re: debian/* license of non-free packages
Previous by thread: Bug#697835: ITP: mruby -- lightweight implementation of the Ruby language
Next by thread: Re: Packages with incomplete .md5sum files
Index(es):
- Date
- Thread