tag 714796 + patch
thanks
On 2013-07-02 23:41, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package modifies conffiles.
> This is forbidden by the policy
> debsums reports modification of the following files,
> from the attached log (scroll to the bottom...):
>
> /etc/default/ferm
The problem is that postinst unconditionally overwrites the value of the
ENABLED= variable in /etc/default/ferm with whatever was stored in debconf.
I just experienced this during an upgrade whereby I explicitly disabled
ferm by setting ENABLED=no yet after the upgrade, it was ENABLED=yes.
This resulted in me being locked out of the system.
The attached trivial patch fixes this by using the debconf value only as
the default, when no ENABLED= is present.
Christian
>From 52f20b4c7483847efcc121135f3fb91469e22a98 Mon Sep 17 00:00:00 2001
From: Christian Kastner <deb...@kvr.at>
Date: Sun, 16 Mar 2014 11:30:24 +0100
Subject: [PATCH] Do not unconditionally overwrite ENABLED= in
/etc/default/ferm
---
debian/ferm.postinst | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/debian/ferm.postinst b/debian/ferm.postinst
index 0f8ea64..84b1146 100644
--- a/debian/ferm.postinst
+++ b/debian/ferm.postinst
@@ -37,10 +37,7 @@ if [ "$action" = configure ]; then
# If the admin deleted or commented some variables but then set
# them via debconf, (re-)add them to the configuration file
grep -Eq '^ *ENABLED=' /etc/default/ferm || \
- echo "ENABLED=" >> /etc/default/ferm
-
- # substitute value
- sed -i "s/^ENABLED=.*$/ENABLED=\"$VALUE\"/" /etc/default/ferm
+ echo "ENABLED=$VALUE" >> /etc/default/ferm
# make the firewall configuration readable only by root and group adm
if [ -d /etc/ferm ]; then
--
1.9.0
