Package: nessusd Version: 2.2.8-1 Severity: important If a user enters 'Y' to install the package maintainers version of nessusd.conf, the upgrade will fail. It fails, because the package maintainer's version of nessusd.conf does not contain any line matching /^ca_file=/ - the config file has not set up a certificate authority. It then fails during "/etc/init.d/nessusd start"
Now on a fresh install, nessusd.postinst checks for -f of /var/lib/nessus/CA/cacert.pem and /var/lib/nessus/CA/servercert.pem and if either of them does not exist, nessus_mkcert is called and so the /^ca_file/ line is appended to nessusd.conf. But when the user requests installion of the package maintainer's version of nessusd.conf, this sequence of events takes place: * the file /var/lib/nessus/CA/cacert.pem exists, and therefore nessus_mkcert is not run * nessusd.conf is not modified * "/etc/init.d/nessusd start" therefore fails * "apt-get dist-upgrade" therefore fails Summar summarum: When asked which version of nessusd.conf to keep, keeping the current (valid) one is the only choice that doesn't break. I was expecting that choosing the package maintainers version of a config file should always be a valid choice. This assumption leads me to call this an important bug. If that is not valid, perhaps the severity should be less. -- System Information: Debian Release: 4.0 Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.lyta Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages nessusd depends on: ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries ii libnasl2 2.2.8-1 Nessus Attack Scripting Language, ii libnessus2 2.2.8-2 Nessus shared libraries ii libssl0.9.8 0.9.8c-4 SSL shared libraries ii libwrap0 7.6.dbs-11 Wietse Venema's TCP wrappers libra ii nessus-plugins 2.2.8-1 Nessus plugins ii openssl 0.9.8c-4 Secure Socket Layer (SSL) binary a nessusd recommends no packages. -- debconf information: * nessusd/province: None * nessusd/country: US * nessusd/srvlifetime: 3650 * nessusd/certificate: * nessusd/location: Copenhagen * nessusd/organization: CapMon * nessusd/califetime: 1460 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
