Followup-For: Bug #689508 Control: tag -1 patch Doing longterm dist-upgrade tests with piuparts (starting in lenny/squeeze and going release by release up to stretch) I'm still running into false positive reports for modified files that are actually obsolete conffiles still "owned" by the package that shipped them in the past. A common case is a former conffile that is now a configuration file managed by ucf (and is no longer matching the ancient md5sum). Making dpkg "forget" about the conffile is difficult if the name is still being used (dpkg-maintscript-helper rm_conffile could be abused in non-intuitive ways).
The attached patch unconditionally excludes all obsolete conffiles. Maybe that is not the optimal approach and a new command line option should be used instead (and then we could discuss whether obsolete conffiles should be ignored by default - I would say yes). Andreas
>From 54097a012d33c8c05e143a91d627394405c4ec71 Mon Sep 17 00:00:00 2001 From: Andreas Beckmann <a...@debian.org> Date: Fri, 21 Apr 2017 01:35:49 +0200 Subject: [PATCH] ignore obsolete conffiles even if still 'owned' by the package according to dpkg, the obsolete conffile either no longer exists (in this case the old md5sum should be still valid) or is managed differently (e.g using ucf) and the md5sum is outdated and likely causes a false positive report of a modified file --- debsums | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debsums b/debsums index faee262..1a748fb 100755 --- a/debsums +++ b/debsums @@ -262,7 +262,7 @@ my %replaced; $package_name{$field{"Package"}} = $field{"binary:Package"}; } $installed{$field{"binary:Package"}}{Conffiles} = { - map m!^\s*/(\S+)\s+([\da-f]+)!, split /\n/, $field{Conffiles} + map m!^\s*/(\S+)\s+([\da-f]+)!, grep {!/ obsolete$/} split /\n/, $field{Conffiles} } if $field{Conffiles}; for (split /,\s*/, $field{Replaces}) -- 2.11.0