Your message dated Tue, 31 Mar 2015 04:34:42 +0000
with message-id <[email protected]>
and subject line Bug#599896: fixed in dbconfig-common 1.8.50
has caused the Debian Bug report #599896,
regarding dbconfig-common should only ask admin password on upgrades when needed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
599896: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599896
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dbconfig-common
Version: 1.8.46
Severity: wishlist
I made a custom proprietary "company-website" deb package for internal
use in my company. This package uses dbconfig-common for prompting
database connection details and installing/upgrading MySQL tables. It
ships the following files related to dbconfig-common:
/usr/share/dbconfig-common/data/company-website/install/mysql
/usr/share/dbconfig-common/data/company-website/upgrade/mysql/3.3
/usr/share/dbconfig-common/data/company-website/upgrade/mysql/3.8
/usr/share/dbconfig-common/data/company-website/upgrade/mysql/4.1
and no other files in /usr/share/dbconfig-common.
dbconfig-common works, but asks on upgrades of company-website for the
mysql administrator password even though, in my opinion, it could avoid
asking this question. Yes, I know about the option to save the password
in debconf database, and it is a useful workaround with no security
implications (see below), but dbconfig-common could do even better.
Here is why I think that the question can be avoided on upgrades of my
package. Let's consider the upgrade from 4.0 to 4.1. All SQL statements
that should be executed are
in /usr/share/dbconfig-common/data/company-website/upgrade/mysql/4.1,
and the documentation says that they are executed as a package-specific
user. There is no "upgrade-dbadmin" directory. I.e., since there are no
SQL statements that have to be executed as admin, there is no reason to
ask for the admin password in this case.
Further, there is already a "debian-sys-maint" mysql user with admin
rights and stored password. So, why not use it unconditionally for mysql
admin activities instead of asking for the admin password? In other
words, because this user exists, giving an option of not saving the
mysql admin password in debconf database is a security theater, with
unneeded questions as the only effect.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dbconfig-common depends on:
ii debconf [debconf-2.0] 1.5.35 Debian configuration
management sy
ii ucf 3.0025+nmu1 Update Configuration File:
preserv
dbconfig-common recommends no packages.
Versions of packages dbconfig-common suggests:
ii mysql-client-5.1 [virtual-mys 5.1.49-1 MySQL database client
binaries
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: dbconfig-common
Source-Version: 1.8.50
We believe that the bug you reported is fixed in the latest version of
dbconfig-common, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Gevers <[email protected]> (supplier of updated dbconfig-common package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 30 Mar 2015 20:46:21 +0200
Source: dbconfig-common
Binary: dbconfig-common
Architecture: source all
Version: 1.8.50
Distribution: experimental
Urgency: medium
Maintainer: Paul Gevers <[email protected]>
Changed-By: Paul Gevers <[email protected]>
Description:
dbconfig-common - common framework for packaging database applications
Closes: 497035 506511 533777 581646 599896 607171 665742 673840 703365 705222
705335 708339 723885
Changes:
dbconfig-common (1.8.50) experimental; urgency=medium
.
* Prevent running upgrades twice on error (Closes: #708339)
* Revert (undocumented) purge logic change in 1.8.48.
* Fix and unify error handling (Closes: #581646, #497035, #723885)
* Move reset internal/reconfiguring from postinst to dbc_postinst_cleanup
* Replace all debconf priorities with a variable (Closes: #607171)
* Raise priorities when retrying after error
* Check for existance of dbc_logfile before writing (Closes: #705335)
* Remove some unneeded code
* Drop database during reinstall (Closes: #665742)
* Check if database exists before dropping
* Fix for #573524 was incomplete, also forget passwords in debconf during
reconfigure (they can be filled during dbc_preseed_package_debconf)
* Only ask for dbadmin password if needed for updates (Closes: 599896)
* Fix typo in dbc_migrate: password-confirm -> app-password-confirm
* Fix prerm to ask admin_pass if needed during maintainer code
(Closes: #705222)
* Unify the error handling; also (Closes: #723885)
* Make check for DEBIAN_FRONTEND case insensitive (LP: #1406700)
* Don't use dbc_dballow as variable name in dbconfig-generate-include
(Closes: #533777)
* Fix regression in one of the previous uploads which broke preseeding
by packages using dbconfig-common
* Allow the admin to specify the domain for the GRANT calls (MySQL)
(Closes: #673840, #506511)
* Allow backup from password questions (Closes: #703365)
* Insert the name of the dbadmin into the debconf templates to avoid
confusion
* Improvements to the test script
* Update d/copyright to machine-readable format
* Update TODO
* Update Debconf templates, including review from debian-l10n. No
call for review on purpose yet.
Checksums-Sha1:
2a99a38f43dfba17a3cf36ff84c029bbf07263f5 1364 dbconfig-common_1.8.50.dsc
3e140aa4cb857f23c4f3d6bbfc137d2a74f47172 190528 dbconfig-common_1.8.50.tar.xz
db36e148dad4a77c170122304fc0fb9bcc5bf2bf 540284 dbconfig-common_1.8.50_all.deb
Checksums-Sha256:
4b97ab6ff1e7a713cf36115d210f26a926c3c421c37e3eb99032645b838d4c44 1364
dbconfig-common_1.8.50.dsc
f5e60ae75548ed87b1724ff68b358caa7982aefd39c3388085324a06ea6caea8 190528
dbconfig-common_1.8.50.tar.xz
690334a3ab3d20a27665a0ab33e21b32231c2a86825ef234d8e2152e5cb26fdd 540284
dbconfig-common_1.8.50_all.deb
Files:
97ce6730fb240b4cb7570298bb5c1f60 1364 admin optional dbconfig-common_1.8.50.dsc
cf155e3e4f25989e00aad4c28fe9eb44 190528 admin optional
dbconfig-common_1.8.50.tar.xz
4f35069b77b89b2b71b3680999af990e 540284 admin optional
dbconfig-common_1.8.50_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVGiI5AAoJEJxcmesFvXUKMckIALpA5k4xkY94CIGWGPwIWsNG
uOy0xfEmrA0hQY9lCgaG1Ew92pTO2aZI6ZlbWcZD7JtVKbOiiZHbrs1XUwrbTnpd
ul9y+RsVvZAT4iIL6Z9kU54iI2/S+zr/r8u1Mp0hmxmgZaf/g2abIWuuwRchJelU
Vc3Y878JgueyQSJkWOCfDGh6tfQtP5jekzPkii0m3uzjJsBfd4+E5n3hv7ota4Ho
yYbn/cbn4gfijC5QstX39PG16L48vLGRo0fvg5H3vOX2W0pSSv13ap/TQMzi8JIz
mhao2pWfvqVr8jTB+PGkYp5tUcmqKD0yO6ui6+9IbE2OpjVdE78MR7Z2dAXfQ6U=
=sfim
-----END PGP SIGNATURE-----
--- End Message ---
