Bug#688891: psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf

Sun, 21 Oct 2012 08:24:14 -0700 

Control: tag -1 + patch

On Mon, 15 Oct 2012 08:31:52 +0200, Franck Joncourt wrote:

> I have not found the time to work on psad since Wedneday, so if you
> want to fix psad please do so. I let you know when I am ready to
> work on it.

Sorry for my late reply, I was mostly away from $HOME during the last
week.

I'm attaching a diff that implements my ideas from the last mail;
still, I'm not sure about the unconditional replacing in the postinst
...

Cheers,
gregor
 
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Dido: Hunter

diff -Nru psad-2.2/debian/changelog psad-2.2/debian/changelog
--- psad-2.2/debian/changelog	2012-06-05 23:06:57.000000000 +0200
+++ psad-2.2/debian/changelog	2012-10-21 17:14:31.000000000 +0200
@@ -1,3 +1,15 @@
+psad (2.2-2.1) UNRELEASED; urgency=low
+
+  * Non-maintainer upload.
+  * Fix "modifies conffiles (policy 10.7.3): /etc/psad/psad.conf"
+    - revert changes in debian/psad.preinst from 2.2-2
+    - install psad.conf to /usr/share/psad instead of /etc/psad
+    - copy it to /etc/psad in debian/psad.postinst if it doesn't exist
+    - remove in in debian/psad.postrm (purge)
+    (Closes: #688891)
+
+ -- gregor herrmann <gre...@debian.org>  Sun, 21 Oct 2012 17:05:38 +0200
+
 psad (2.2-2) unstable; urgency=low
 
   * d.psad.preinst: Revert the changes done by the postinst script in the
diff -Nru psad-2.2/debian/psad.dirs psad-2.2/debian/psad.dirs
--- psad-2.2/debian/psad.dirs	2012-06-05 23:06:57.000000000 +0200
+++ psad-2.2/debian/psad.dirs	2012-10-21 17:17:05.000000000 +0200
@@ -4,3 +4,4 @@
 var/lib/psad
 etc/psad
 etc/psad/snort_rules
+usr/share/psad
diff -Nru psad-2.2/debian/psad.postinst psad-2.2/debian/psad.postinst
--- psad-2.2/debian/psad.postinst	2012-06-05 23:06:57.000000000 +0200
+++ psad-2.2/debian/psad.postinst	2012-10-21 17:13:00.000000000 +0200
@@ -38,6 +38,9 @@
 
 if [ "$1" = "configure" ]; then
 
+    if [ ! -e /etc/psad/psad.conf ]; then
+    	cp /usr/share/psad/psad.conf /etc/psad/psad.conf
+    fi
     NAME=`hostname`
     update_conf "$NAME" "HOSTNAME" "/etc/psad/psad.conf"
  
diff -Nru psad-2.2/debian/psad.postrm psad-2.2/debian/psad.postrm
--- psad-2.2/debian/psad.postrm	2012-06-05 23:06:57.000000000 +0200
+++ psad-2.2/debian/psad.postrm	2012-10-21 17:13:44.000000000 +0200
@@ -27,6 +27,11 @@
     if [ -d /var/log/psad ]; then
         rm -rf /var/log/psad/*
     fi
+
+    # Handle the generated configuration file
+    if [ -e /etc/psad/psad.conf ]; then
+        rm -f /etc/psad/psad.conf
+    fi
  
 fi
 
diff -Nru psad-2.2/debian/psad.preinst psad-2.2/debian/psad.preinst
--- psad-2.2/debian/psad.preinst	2012-06-05 23:06:57.000000000 +0200
+++ psad-2.2/debian/psad.preinst	2012-10-21 17:09:24.000000000 +0200
@@ -1,51 +1,14 @@
 #!/bin/sh
 
+# This script is only intended to fix bug #497574.
+# We check for an upgrade from Psad older than 2.1.5 and remove the old
+# Psad process if needed.
 #
-# Update_conf
-#
-# This function searchs a key entry in a file and updates its value with the new
-# one.
-#
-# Syntax:
-#
-#    update_conf new_val key conffile
-#      -> new_val ... : Value to set for the key value
-#      -> key ....... : Name of the key to be updated
-#      -> conffile .. : File to search
-#
-update_conf ()
-{
-        local new_val
-        local key
-        local conffile
-
-        new_val=$1
-        key=$2
-        conffile=$3
-
-        cp $conffile $conffile.old
-
-        old_val=`awk '$1 == "'$key'" { print $2 }' $conffile`
-        awk '$1 == "'$key'" { gsub("'$old_val'","'$new_val';",$0); \
-                           print $0 } \
-                 $1 != "'$key'" { print $0 }' \
-                 $conffile.old > $conffile
-
-        rm $conffile.old
-}
+# NB: As some commands can return an exit code other than 0 we do not use
+# *set -e* at the beginning.
 
 if [ "$1" = "upgrade" ]; then
 
-    # Revert changes added to the configuration file by the postinst script
-    update_conf "_CHANGEME_" "HOSTNAME" "/etc/psad/psad.conf"
-
-    # This script is only intended to fix bug #497574.
-    # We check for an upgrade from Psad older than 2.1.5 and remove the old
-    # Psad process if needed.
-    #
-    # NB: As some commands can return an exit code other than 0 we do not use
-    # *set -e* at the beginning.
-
     status=1;
     if [ -x "`which dpkg 2>/dev/null`" ]; then 
         dpkg --compare-versions 2.1.5 gt $2
diff -Nru psad-2.2/debian/rules psad-2.2/debian/rules
--- psad-2.2/debian/rules	2012-06-05 23:06:57.000000000 +0200
+++ psad-2.2/debian/rules	2012-10-21 17:17:21.000000000 +0200
@@ -9,6 +9,7 @@
 DESTDIR_BIN     = $(CURDIR)/debian/$(PROGRAM)/usr/bin/
 DESTDIR_SBIN    = $(CURDIR)/debian/$(PROGRAM)/usr/sbin/
 DESTDIR_ETC     = $(CURDIR)/debian/$(PROGRAM)/etc/$(PROGRAM)/
+DESTDIR_SHARE   = $(CURDIR)/debian/$(PROGRAM)/usr/share/$(PROGRAM)/
 
 CFLAGS = -Wall -g
 ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
@@ -47,7 +48,7 @@
 
 	$(INSTALL_DATA) signatures $(DESTDIR_ETC)
 	$(INSTALL_DATA) auto_dl $(DESTDIR_ETC)
-	$(INSTALL_DATA) psad.conf $(DESTDIR_ETC)
+	$(INSTALL_DATA) psad.conf $(DESTDIR_SHARE)
 	$(INSTALL_DATA) pf.os $(DESTDIR_ETC)
 	$(INSTALL_DATA) ip_options $(DESTDIR_ETC)
 	$(INSTALL_DATA) snort_rule_dl $(DESTDIR_ETC)

Attachment: signature.asc
Description: Digital signature

Reply via email to