Re: A couple of questions
In case Justin's mail didn't answer all your questions...
Shachar Shemesh <debian@shemesh.biz> wrote:
> Well, you would need a helper program to actually change it, as the
> password is encrypted. Otherwise, yes it's a configuration file.
Well, the line is a bit blurry here, I admit. Note that passwords in
/etc/shadow are encrypted, but the admin can still modify the
(encrypted) passwords by hand in that file. This is not an argument
against placing the file under /etc.
IMHO, whether /etc or /var is more appropriate depends on whether you
consider the file as configuration data for the program, or not.
Specifically, do you expect an admin to simply copy that file to another
system if he wants the same passwords in the other system? If yes---and,
I am tempted to say, if the file is in text format, because seeing
binary stuff under /etc kinda hurts my eyes---, then I'd choose /etc. If
not (i.e., if you consider the file as simply storing a "state" for your
program), /var sounds more appropriate.
> Debhelper(1) says:
>
>> V3 This mode works like V2, with the following additions:
>> - Every file in etc/ is automatically flagged as a conffile by
>> dh_installdeb.
>
> You are right, I am thoroughly confused. It seems to me that if I
> follow the policy version 3 or above (and we all agree that I should),
> then every configuration file (that must be placed under /etc
> according to 10.7.2) will also be a conffile, contradicting 10.7.1.
I see your reasoning. They key to avoid the confusion here is to
understand the meaning of "Every file in etc/" in debhelper(1).
It means "Every file *shipped in a binary package* (.deb) under etc/".
Note: the fact that "etc/" is used instead of "/etc/" is a slight
indication---the directory is relative... to the package build
directory.
debhelper really doesn't know what you can do in your maintainer scripts
(preinst, postinst, prerm...) since they are shell scripts with
full-blown syntax. It cannot (reliably) know by inspecting them whether
they create something under /etc or not. It can only look at what is
going to end up in the .deb files you are creating and act based on
these observations.
conffiles are the ones that cause all the dpkg prompts on upgrade: "File
modified by you or a script, do you want to install the new package
maintainer's version, to keep the file as is, to see a diff, to
background the process and examine the situation? etc."
When you ship a file under etc/ in a .deb (in debhelper compat
levels >= 3), you are saying: "This is a reasonable default
configuration file for my package, and I wish it to be installed
automatically in /etc when installing the package from "purge" state,
and to cause the aforementioned conffile prompt to appear on upgrades if
it was modified by the admin."
> While I am confused, I have to say your explanation did not help me.
> The way I see it, a password file is a configuration file, but not a
> conffile. All
Right (I suppose there is no "default password file" that the user would
be likely to accept on upgrades).
> configuration files, be them conffiles or not, should go into /etc,
> but debhelper compatibility version 3 (and, by induction, version 4)
> does not allow me to place a file there that is not a conffile.
It does. Just don't ship it in the .deb, but as Justin said, have it
created by postinst, or by one of the programs shipped in the package,
for instance.
--
Florent
Reply to: