Hi Joachim, On 2013-02-06 18:21, Joachim Wiedorn wrote: > Michael Stapelberg wrote on 2013-02-06 13:11: >> Do you need a sponsor for that? What’s the current status? > > After uploading (09.01.) to mentors [1] I have asked the release team about > pre-approval (28.01.) [2] because we need this package in testing/wheezy > for solving the first half of RC bug #661482. Until now I haven't got any > answer from release team. > > So, yes I search for an sponsor, but it would be also important to get a > positive answer of the release team, then we could patch hylafax, too.
I'm not sure what the actual problem is that needs to be resolved here ... and whether your approach is the appropriate one. A short review on capi4hylafax ... capi4hylafax.prerm looks borked: having the #DEBHELPER# token inside the else branch looks wrong. capi4hylafax.init: * shouldn't the "Please edit the file /etc/hylafax/config.faxCAPI"... message be restricted to starting the daemon? Why repeat it for stop etc? * copy_slash_etc is run unconditionally - on start, on stop, regardless of the run_capi4hylafax setting. Shouldn't it be sufficent to do this on start/restart/reload? But back to the original problem ... *why* does /var/spool/hylafax need to be owned by uucp:uucp? Isn't it generally problematic to have root write to a non-root-owned directory (copy_slash_etc in capi4hylafax.init and the equivalent functionality in hylafax.init) - think about symlinks created by an unprivileged process with write permissions in that directory ... similarly the maintainer scripts must be careful on remove/purge when acting on this unprivileged directory. As there is bin/ and etc/ this looks like some daemon should be running jailed there ... but I didn't see anything in the initscripts. The only candidate I have seen is $SPOOLDIR/FIFO - but if uucp:uucp is needed to create that FIFO, wouldn't (as root) mkfifo $SPOOLDIR/FIFO ; chown uucp:uucp $SPOOLDIR/FIFO be sufficient? Looking at hylafax-server, it ships a whole bunch of empty directories owned by uucp:uucp in /var/spool/hylafax ... that is OK. Only shipping non-empty directories owned by non-root is problematic: /var/spool/hylafax/ /var/spool/hylafax/config/ which comes with a bunch of files uucp:uucp can modify anything in there ... Andreas PS: don't try this on a real system !!!!! (added some X intentionally) # apt-get install hylafax-server # su uucp -c "rm -rf /etc" # does not work, of course # su uuXcp -c 'mXv /var/spoXol/hylafax/bin /var/spool/hXylafax/b!n' # su uXucp -c 'lXn -s /eXtc /vXar/spool/hylXafax/bin' # apt-get install --reinstall hylafax-server # find /etc find: `/etc': No such file or directory PPS: for a save upgrade of hylafax-server with /var/spool/hylafax/ no longer owned by uucp:uucp the safest approach should be preinst: if dpkg --compare-versions "$2" lt <VERSION~> ; then if [ -d /var/spool/hylafax ] && \ [ $(stat -c '%u:%g' /var/spool/hylafax) != 0:0 ]; then rm -rf /var/spool/hylafax -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org