On Mon, Aug 17, 2009 at 04:18:13PM -0700, Steve Langasek wrote: > On Sun, Aug 16, 2009 at 09:55:29PM +0200, Serafeim Zanikolas wrote: > > Package: debian-policy > > Version: 3.8.2.0 > > Severity: normal > > > Hello policy makers :) > > > update-inetd is seriously bug infested, IMHO to some extent because of the > > issue below. > > > Policy 11.2 says: > > > If a package wants to install an example entry into `/etc/inetd.conf', > > the > > entry must be preceded with exactly one hash character (`#'). Such > > lines > > are treated as "commented out by user" by the `update-inetd' script and > > are not changed or activated during package updates. > > [presumably, "not changed" here implies also "not deleted"] > > > Effectively this means that we cannot distinguish between two entirely > > different things: local-admin-policy and examples generated by postinst > > maintainer scripts. > > > Now how does this lead to bugs? Say I install ftp-daemon-a, which adds an > > example entry to /etc/inetd.conf, and then I uninstall the package. The > > example entry will survive the package's removal (even if prerm calls > > update-inetd, it won't be removed because it's indistinguishable from > > local-admin-policy). > > > Then I decide to install ftp-daemon-b. If the package's postinst calls > > update-inetd to enable the new service, the new entry won't be added because > > it's apparently local-admin-policy that ftp should be disabled. > > > A potential fix would be to prescribe that example entries added by > > maintainer > > scripts are preceded with '#<example># ' (to be consistent with '#<off># ' > > which is what update-inetd uses by default to denote disabled entries). > > I would suggest disallowing example entries altogether; let packages use the > '#<off>#' syntax instead. Or is there some reason I'm missing why we would > want to support so many different ways for packages to add lines to > update-inetd?
I would really rather we went with the proposal I put forward in this thread: http://lists.debian.org/debian-devel/2009/03/msg00496.html in this message: http://lists.debian.org/debian-devel/2009/03/msg00573.html This is a relatively simple task, just one that needs a reasonably labour-intensive transition over a few releases of the fixed update-inetd package 1) Add functionality to process fragments in addition to command-line args. 2) Update all packages calling update-inetd to ship a fragment. At this point both the old and new mechanisms will still work, with the inetds using /etc/inetd.conf. 3) Switch inetds to use the appropriate generated config file. 4) Update all packages to remove use of update-inetd with arguments (maybe make it into a dpkg trigger?) 4) Remove old update-inetd code to leave only new clean and simple code. At this point, /etc/inetd.conf is obsolete and unused. Unfortunately, I lack the time to write the code and push this forward, otherwise I would have tried to get this done for Squeeze. But it's not technically difficult to do, it just needs time. The advantage of this approach is that is removes *all* of the many update-inetd bugs by throwing the whole mess into the bin. It should also allow a smooth transition, though the above example plan doesn't account for migrating active settings over to the new config file fragments. It shouldn't be too hard to do. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
