Packages with incomplete .md5sum files
Hi,
the following packages from wheezy ship files that are excluded from
the .md5sums file:
gridsite: FILE WITHOUT MD5SUM /var/lib/gridsite/.gacl
gridsite: FILE WITHOUT MD5SUM /var/lib/gridsite/gridsitefoot.txt
gridsite: FILE WITHOUT MD5SUM /var/lib/gridsite/gridsitehead.txt
libreoffice-common: FILE WITHOUT MD5SUM /var/lib/libreoffice/share/config/javasettingsunopkginstall.xml
nfs-common: FILE WITHOUT MD5SUM /var/lib/nfs/state
nfs-kernel-server: FILE WITHOUT MD5SUM /var/lib/nfs/etab
nfs-kernel-server: FILE WITHOUT MD5SUM /var/lib/nfs/rmtab
nfs-kernel-server: FILE WITHOUT MD5SUM /var/lib/nfs/xtab
r-base-core-dbg: FILE WITHOUT MD5SUM /usr/lib/debug/usr/bin/Rscript
r-base-core-dbg: FILE WITHOUT MD5SUM /usr/lib/debug/usr/lib/R/bin/Rscript
r-base-core: FILE WITHOUT MD5SUM /usr/bin/R
r-base-core: FILE WITHOUT MD5SUM /usr/bin/Rscript
r-base-core: FILE WITHOUT MD5SUM /usr/lib/R/bin/Rscript
r-base-core: FILE WITHOUT MD5SUM /usr/lib/R/etc/Renviron.ucf
r-base-core: FILE WITHOUT MD5SUM /usr/share/R/doc/html/packages.html
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/backdoorports.dat
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/cn
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/de
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/en
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/zh
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/i18n/zh.utf8
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/mirrors.dat
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/programs_bad.dat
rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/suspscan.dat
For sid there are additionally:
pcp: FILE WITHOUT MD5SUM /var/lib/pcp/config/pmie/config.default
pcp: FILE WITHOUT MD5SUM /var/lib/pcp/config/pmlogger/config.default
pcp: FILE WITHOUT MD5SUM /var/lib/pcp/config/pmlogger/crontab
There are also several aspell and ispell dictionary hashes affected by
this bug, see #690216 for a list of packages and files. What needs to
happen there is quite clear, so I excluded them from this list.
Excluding shipped files from .md5sums looks seriously wrong for files
in /usr and at least questionable in /var/lib.
Such excludes were probably added to work around "debsums reports a
modified file in $pkg" bugs, but that is the wrong approach. If a state
file (in /var/lib) is shipped by the package and actively modified by
the package, it will be overwritten on every upgrade. Instead of
shipping the file maintainer scripts (and maybe triggers) should be
used to create/update them on package installation/upgrade and clean
them up during remove/purge.
How should we proceed with these packages? Should I file bugs? With
which severity?
Andreas
Reply to: