Hi! I am trying to put the finishing touches on a package of Diogenes, a web content management system. The package relies on a MySQL database, and this database is created based on some information provided by the user through debconf. I am down to one lintian warning :
W: diogenes: postinst-uses-db-input N: It is generally not a good idea for postinst scripts to use debconf N: commands like db_input. Typically, they should restrict themselves to N: db_get to request previously acquired information, and have the config N: script do the actual prompting. My debian/postinst and debian/config are heavily based on those of the horde2 package so I checked, and sure enough the "db_input" in postinst which is causing the warning came from horde2. It concerns the MySQL admin user and password, which is in fact already asked for in the debian/config file. I can see how it is a Bad Thing to prompt the user for input both in postinst and in config, but the fact still stands that it's the way it's done in horde2, and I'm sure there must be a good reason for it! Any ideas here? Is there any scenario (recovering from a failed install..) which would involve running the postinst without the config, and hence justify the prompt for the admin user/password? In a similar line of thought, the admin password is stored in the debconf database in config and reset in postinst, so I suppose that means that if for some reason the installation fails, we still have the password stored in database. Any pointers to policy reference on dealing with this? Thanks for your time and have a pleasant day! Jeremy -- http://www.jerryweb.org/ : JerryWeb.org http://sailcut.sourceforge.net/ : Sailcut CAD http://mpf70.sourceforge.net/ : MPman MP-F70 support for Linux
