Re: How to troubleshoot conffile files problems
On Friday, 3 December 2021 02:46:43 AEDT Tong Sun wrote:
> ----
> grep: /etc/dbab/dbab.list-: No such file or directory
> cat: /etc/dbab/dbab.addr: No such file or directory
> ----
>
> They should be there but I have no idea why they are not.
Note that this isn't just about conffile handling in the package, these error
messages also highlight bugs in the scripts that this package includes in
/usr/sbin.
* The scripts are assuming that files exist and do not test whether they exist.
A conffile can be removed by the admin at any time; the software might not be
able to work in that case, but it should exit with an informative error
message not malfunction.
* The scripts do not handle errors properly (at all, really). I think you need
to go through each script line by line and ask "what might make this command
fail?", "can that failure be prevented?", "if not, what should happen after
failure?"
* The scripts have at least predictable temp-file issue that allow an
unprivileged user to do arbitrary damage to a system, overwriting any file they
choose with a simple "ln -s /some/victim/file /tmp/dbab-map.adblock.conf" prior
to the admin installing or upgrading the package, or running that script.
* maintainer scripts should try very very hard to avoid failing (non-zero exit
code) as that failure can be quite awkward to recover from. Failing the
postinst because there's a blank line in the config file, for instance, seems
pretty harsh.
regards
Stuart
--
Stuart Prescott http://www.nanonanonano.net/ stuart@nanonanonano.net
Debian Developer http://www.debian.org/ stuart@debian.org
GPG fingerprint 90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7
Reply to: