[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Pkg-aide-maintainers] Bug#879272: Bug#815188: aide: 30_aide_apt uses apt internals

On Sat, Oct 21, 2017 at 02:19:25PM +0200, Julian Andres Klode wrote:
> I don't see why you can't just query apt for locations and which files
> there are. We have tools for that.

While I fully understand the issue, I am reluctant to automatically
generate configuration like that. I admit that the aide package is
somewhat inconsistent to itself here, regarding apt and other packages,
and I do understand that apt is special here since it is present on each
and every Debian system.

Given the available time frame, I am however satisfied enough with the
60-of-100 accopmlishment that we currently have, and believe that we're
doing "good enough" a service by catering for apt's default
configuration. We place the burden of adapting aide's configuration to
the local admin when she feels it necessary to configure apt to use
other layouts etc.

I really appreciate apt's flexibility and your efforts, but I don't
think that aide needs to show the same automatic flexibility level. Its
reports are only useful to an experienced admin anyway.

> Per-component release files as in
>         echo "$LISTSDIR/${HOST}${HOSTPATH}_dists_${dist}_${c}_source_(Sources|Release)$ VarFile"
> are not fetched, so drop that?

Done. Committed.

> Preferably also don't hardcode /var/lib/apt/lists and friends, but use
> 
>  eval $(apt-config shell VARDIR Dir::State/d)
>  eval $(apt-config shell LISTSDIR Dir::State::Lists/d)
>  eval $(apt-config shell VARDIR Dir::Cache/d)
>  eval $(apt-config shell CACHEDIR Dir::Cache::Archives/d)
>  eval $(apt-config shell LOGDIR Dir::Log/d)
> 
> So you actually check the directories apt uses if they have been
> reconfigured.

We are not checking them, we are excluding them from being checked. And
the hard-coded path in the aide rules will hopefully make it more
obvious when apt's configuration has been changed accidentally.

> You also do some parsing or something of sources.list files, does that
> work with deb822-style sources files?

Of course not :-(

> > when they change their package layout, this is something that cannot be
> > avoided. We are trying to stay current especially for a package as
> > important as apt, but of course that does not always work.
> > 
> > The only way to stop aide from "using" apt internals this way would be
> > to have apt ship an /etc/aide/aide.conf.d/31_apt_apt file containing
> > current rules reflecting the files that apt regularly changes on
> > updates.
> > 
> > Please indicate whether you want to do that in future, and we will
> > happily remove our own apt rule from aide. Until this has been sorted
> > out, we need to continue shipping a rule "using" apt internals with
> > aide, hence the "wontfix" tag.
> 
> Nah, that stuff is too nasty.

Fair enough. Then it's wontfix. Sorry about that. No offense intended.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421
Reply to: