Bug#988299: marked as done (shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE)

To: Steve McIntyre <steve@einval.com>
Subject: Bug#988299: marked as done (shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 09 May 2021 23:21:03 +0000
Message-id: <[🔎] handler.988299.D988299.16206022347947.ackdone@bugs.debian.org>
Reply-to: 988299@bugs.debian.org
References: <20210509231632.GH16813@tack.einval.com> <[🔎] 162060150425.14413.11952555573815907295.reportbug@zam504.zam.kfa-juelich.de>

Your message dated Mon, 10 May 2021 00:16:32 +0100
with message-id <20210509231632.GH16813@tack.einval.com>
and subject line Re: Bug#988299: shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
has caused the Debian Bug report #988299,
regarding shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
988299: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988299
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
From: Andreas Beckmann <anbe@debian.org>
Date: Mon, 10 May 2021 01:05:04 +0200
Message-id: <[🔎] 162060150425.14413.11952555573815907295.reportbug@zam504.zam.kfa-juelich.de>

Package: shim-signed
Version: 1.34~1+deb10u1+15.4-2~deb10u1
Severity: serious
User: debian-qa@lists.debian.org
Usertags: piuparts

Hi,

an upgrade test with piuparts revealed that your package installs files
over existing symlinks and possibly overwrites files owned by other
packages. This usually means an old version of the package shipped a
symlink but that was later replaced by a real (and non-empty)
directory. This kind of overwriting another package's files cannot be
detected by dpkg.

This was observed on the following upgrade paths:

  buster -> buster-proposed-updates

For /usr/share/doc/PACKAGE this may not be problematic as long as both
packages are installed, ship byte-for-byte identical files and are
upgraded in lockstep. But once one of the involved packages gets
removed, the other one will lose its documentation files, too,
including the copyright file, which is a violation of Policy 12.5:
https://www.debian.org/doc/debian-policy/ch-docs.html#copyright-information

For other overwritten locations anything interesting may happen.

Note that dpkg intentionally does not replace directories with symlinks
and vice versa, you need the maintainer scripts to do this.
See in particular the end of point 4 in
https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#details-of-unpack-phase-of-installation-or-upgrade

It is recommended to use the dpkg-maintscript-helper commands
'dir_to_symlink' and 'symlink_to_dir' (available since dpkg 1.17.14)
to perform the conversion, ideally using d/$PACKAGE.maintscript.
See dpkg-maintscript-helper(1) and dh_installdeb(1) for details.


>From the attached log (scroll to the bottom...):

0m27.4s ERROR: FAIL: silently overwrites files via directory symlinks:
  /usr/share/doc/shim-signed/NEWS.Debian.gz (shim-signed:amd64) != /usr/share/doc/shim-signed-common/NEWS.Debian.gz (?)
    /usr/share/doc/shim-signed -> shim-signed-common
  /usr/share/doc/shim-signed/changelog.gz (shim-signed:amd64) != /usr/share/doc/shim-signed-common/changelog.gz (shim-signed-common)
    /usr/share/doc/shim-signed -> shim-signed-common
  /usr/share/doc/shim-signed/copyright (shim-signed:amd64) != /usr/share/doc/shim-signed-common/copyright (shim-signed-common)
    /usr/share/doc/shim-signed -> shim-signed-common


cheers,

Andreas

Attachment: shim-signed_1.34~1+deb10u1+15.4-2~deb10u1.log.gz
Description: application/gzip

--- End Message ---

--- Begin Message ---

To: Andreas Beckmann <anbe@debian.org>, 988299-close@bugs.debian.org
Subject: Re: Bug#988299: shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
From: Steve McIntyre <steve@einval.com>
Date: Mon, 10 May 2021 00:16:32 +0100
Message-id: <20210509231632.GH16813@tack.einval.com>
In-reply-to: <[🔎] 162060150425.14413.11952555573815907295.reportbug@zam504.zam.kfa-juelich.de>
References: <[🔎] 162060150425.14413.11952555573815907295.reportbug@zam504.zam.kfa-juelich.de>

Source: shim-signed
Version: 1.36~1+deb10u1

Thanks for the report Andreas! This was fixed in the upload today of
version 1.36~1+deb10u1.

On Mon, May 10, 2021 at 01:05:04AM +0200, Andreas Beckmann wrote:
>Package: shim-signed
>Version: 1.34~1+deb10u1+15.4-2~deb10u1
>Severity: serious
>User: debian-qa@lists.debian.org
>Usertags: piuparts
>
>Hi,
>
>an upgrade test with piuparts revealed that your package installs files
>over existing symlinks and possibly overwrites files owned by other
>packages. This usually means an old version of the package shipped a
>symlink but that was later replaced by a real (and non-empty)
>directory. This kind of overwriting another package's files cannot be
>detected by dpkg.
>
>This was observed on the following upgrade paths:
>
>  buster -> buster-proposed-updates
>
>For /usr/share/doc/PACKAGE this may not be problematic as long as both
>packages are installed, ship byte-for-byte identical files and are
>upgraded in lockstep. But once one of the involved packages gets
>removed, the other one will lose its documentation files, too,
>including the copyright file, which is a violation of Policy 12.5:
>https://www.debian.org/doc/debian-policy/ch-docs.html#copyright-information
>
>For other overwritten locations anything interesting may happen.
>
>Note that dpkg intentionally does not replace directories with symlinks
>and vice versa, you need the maintainer scripts to do this.
>See in particular the end of point 4 in
>https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#details-of-unpack-phase-of-installation-or-upgrade
>
>It is recommended to use the dpkg-maintscript-helper commands
>'dir_to_symlink' and 'symlink_to_dir' (available since dpkg 1.17.14)
>to perform the conversion, ideally using d/$PACKAGE.maintscript.
>See dpkg-maintscript-helper(1) and dh_installdeb(1) for details.
>
>
>From the attached log (scroll to the bottom...):
>
>0m27.4s ERROR: FAIL: silently overwrites files via directory symlinks:
>  /usr/share/doc/shim-signed/NEWS.Debian.gz (shim-signed:amd64) != /usr/share/doc/shim-signed-common/NEWS.Debian.gz (?)
>    /usr/share/doc/shim-signed -> shim-signed-common
>  /usr/share/doc/shim-signed/changelog.gz (shim-signed:amd64) != /usr/share/doc/shim-signed-common/changelog.gz (shim-signed-common)
>    /usr/share/doc/shim-signed -> shim-signed-common
>  /usr/share/doc/shim-signed/copyright (shim-signed:amd64) != /usr/share/doc/shim-signed-common/copyright (shim-signed-common)
>    /usr/share/doc/shim-signed -> shim-signed-common
>
>
>cheers,
>
>Andreas


-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
The two hard things in computing:
 * naming things
 * cache invalidation
 * off-by-one errors                  -- Stig Sandbeck Mathisen

--- End Message ---

Reply to:

References:
- Bug#988299: shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
  - From: Andreas Beckmann <anbe@debian.org>

Prev by Date: Bug#988299: shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
Next by Date: Processing of fwupdate_12-4+deb10u4_source.changes
Previous by thread: Bug#988299: shim-signed: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
Next by thread: Processing of fwupdate_12-4+deb10u4_source.changes
Index(es):
- Date
- Thread