Bug#689686: sysklogd: Do not ship /etc/syslog.conf as conffile (policy 10.7.4 Sharing configuration files)

Thu, 04 Oct 2012 22:51:18 -0700 

Package: sysklogd
Version: 1.5-6.2
Severity: serious

Hi

On Thu, Oct 04, 2012 at 11:25:12PM +0200, Salvatore Bonaccorso wrote:
> Hi
> 
> On Thu, Oct 04, 2012 at 10:07:12AM +0200, Andreas Beckmann wrote:
> > Package: sympa
> > Version: 6.1.11~dfsg-4
> > Severity: serious
> > User: debian...@lists.debian.org
> > Usertags: piuparts
> > 
> > Hi,
> > 
> > during a test with piuparts I noticed your package modifies conffiles.
> > And even worse, it's a conffile owned by a different package.
> > This is forbidden by the policy, see
> > http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files
> > 
> [..]
> > 
> > debsums reports modification of the following files,
> > from the attached log (scroll to the bottom...):
> > 
> >   /etc/syslog.conf
> 
> I had a look at this bugreport for sympa. This indeed seems to be a
> problem if one uses sysklogd. sysklogd provides
> /usr/sbin/syslog-facility and in sympa's postinst we have:
> 
> ----cut---------cut---------cut---------cut---------cut---------cut-----
> ## Setup a syslog facility
> if which syslog-facility >/dev/null 2>&1 \
>   && [ -e /etc/syslog.conf ] \
>   && ! grep -q "/var/log/sympa.log" /etc/syslog.conf \
>   && syslog-facility set all /var/log/sympa.log > /etc/sympa/facility \
>   && [ -x /etc/init.d/sysklogd ]; then
>         if which invoke-rc.d >/dev/null 2>&1; then
>                 invoke-rc.d sysklogd reload
>         else
>                 etc/init.d/sysklogd reload
>         fi
> fi
> ----cut---------cut---------cut---------cut---------cut---------cut-----
> 
> The problematic call is syslog-facility set all /var/log/sympa.log
> which will add a
> 
> local0.*                /var/log/sympa.log
> 
> to /etc/syslog.conf.

During looking at RC bugs for wheezy I noticed the bugreport on
sympa[1].

 [1]: http://bugs.debian.org/689578

Now, if sympa is used with sysklogd, sympa is modifying a conffile.

sysklogd ships on one side /etc/syslog.conf ans conffile but also
provides a binary /usr/sbin/syslog-facility which might be used to
setup or remove LOCALx facilities to /etc/syslog.conf.

If now this is invocated e.g. by sympa in maintainers script this
causes a sympa to motify a conffile violating policy 10.7.3.

If I'm reading policy 10.7.4[2] correctly then, sysklogd must provide
/etc/syslog.conf *not* as conffile but as configuration file. It
already provides as owning package a "program that the other packages
may use to modify the configuration file".

 [2]: http://www.debian.org/doc/debian-policy/ch-files.html#s10.7.4

Regards,
Salvatore

Attachment: signature.asc
Description: Digital signature

Reply via email to