Bug#689111: marked as done (libchado-perl: conffile not in /etc (policy 10.7.2): /usr/share/gmod/chado/load/etc/load.conf)

[Debian Bug Tracking System]

Your message dated Sat, 13 Oct 2012 09:17:50 +0000
with message-id <e1tmxqw-0006gx...@franck.debian.org>
and subject line Bug#689111: fixed in libchado-perl 1.22-4
has caused the Debian Bug report #689111,
regarding libchado-perl: conffile not in /etc (policy 10.7.2): 
/usr/share/gmod/chado/load/etc/load.conf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
689111: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689111
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libchado-perl
Version: 1.22-3
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package modifies shipped
files that appear to be configuration files, but are in /usr instead of
/etc.  This is forbidden by the policy, see
http://www.debian.org/doc/debian-policy/ch-files.html#s-config-files

10.7.2: "Location: Any configuration files created or used by your
package must reside in /etc. [...]

Continuing with the bug template for modified conffiles, as that may be
the next problem you will encounter:

10.7.3: "[...] The easy way to achieve this behavior is to make the
configuration file a conffile. [...] This implies that the default
version will be part of the package distribution, and must not be
modified by the maintainer scripts during installation (or at any
other time)."

Note that once a package ships a modified version of that conffile,
dpkg will prompt the user for an action how to handle the upgrade of
this modified conffile (that was not modified by the user).

Further in 10.7.3: "[...] must not ask unnecessary questions
(particularly during upgrades) [...]"

If a configuration file is customized by a maintainer script after
having asked some debconf questions, it may not be marked as a
conffile. Instead a template could be installed in /usr/share and used
by the postinst script to fill in the custom values and create (or
update) the configuration file (preserving any user modifications!).
This file must be removed during postrm purge.
ucf(1) may help with these tasks.
See also http://wiki.debian.org/DpkgConffileHandling

In https://lists.debian.org/debian-devel/2012/09/msg00412.html and
followups it has been agreed that these bugs are to be filed with
severity serious.

debsums reports modification of the following files,
from the attached log (scroll to the bottom...):

0m29.3s ERROR: FAIL: debsums reports modifications inside the chroot:
  /usr/share/gmod/chado/load/etc/load.conf


And while we are at it ... you might have a look at dbconfig-common for
setting up a database ... and /etc/gmod/gmod-chado.conf should not be
world readable as it contains a DB password ... and the postinst script
does not handle database password in a secure way: passing it on the
command line, echoing it to a file before restricting permissions on the
file, ...


cheers,

Andreas

libchado-perl_1.22-3.log.gz
Description: GNU Zip compressed data

--- End Message ---

--- Begin Message ---

Source: libchado-perl
Source-Version: 1.22-4

We believe that the bug you reported is fixed in the latest version of
libchado-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Olivier Sallou <osal...@debian.org> (supplier of updated libchado-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 09 Oct 2012 14:27:37 +0200
Source: libchado-perl
Binary: libchado-perl chado-utils
Architecture: source all
Version: 1.22-4
Distribution: unstable
Urgency: low
Maintainer: Debian Med Packaging Team 
<debian-med-packag...@lists.alioth.debian.org>
Changed-By: Olivier Sallou <osal...@debian.org>
Description: 
 chado-utils - tools to add/extract data from Chado
 libchado-perl - database schema and tools for genomic data
Closes: 689111
Changes: 
 libchado-perl (1.22-4) unstable; urgency=low
 .
   * debian/rules: fix permissions on gmod-chado file
     and remove unneeded file load.conf (Closes: #689111).
   * debian/postinst: fix permissions on pgpass file
     (Closes: #689111).
Checksums-Sha1: 
 bfdcb030ee29e51aad9cf0227e4a0dca84421be6 2532 libchado-perl_1.22-4.dsc
 3a1af6ac0a945e4a4168b12a3054c1e26b4257c8 14954 
libchado-perl_1.22-4.debian.tar.gz
 bbb4933d1042477b21cc7a52c700361f67c2a166 4772496 libchado-perl_1.22-4_all.deb
 f1dbe71f328f16461624c3abe5825c6542bc1ba2 148446 chado-utils_1.22-4_all.deb
Checksums-Sha256: 
 d710c9fc2c8584ea3de03d2ae4d73105cec56c5894a96764c54a4b8bc2563155 2532 
libchado-perl_1.22-4.dsc
 7250aaa6f81eea3262471bb1da5012cb84f6d955820e61428d15525feea60098 14954 
libchado-perl_1.22-4.debian.tar.gz
 cb850cf6e2a6af5a706c0fcee3bdca60c726f3d59e0615bf596fdd4a27d1102e 4772496 
libchado-perl_1.22-4_all.deb
 7fca71e7c1df3b73a471fcf14f4edfa2a7652b680f6c7e09cf1e7ff036637808 148446 
chado-utils_1.22-4_all.deb
Files: 
 e6e1f6031cd2c7625704c6720de6d8ed 2532 perl optional libchado-perl_1.22-4.dsc
 a0303d81e0cf4338828346633753cdb7 14954 perl optional 
libchado-perl_1.22-4.debian.tar.gz
 deaeb460f2b53e7548227e11c7736a53 4772496 perl optional 
libchado-perl_1.22-4_all.deb
 0ec62280127accf91007b640d65e658a 148446 perl optional 
chado-utils_1.22-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQeS4mAAoJEHjcaNsybYQ4rKoP/iEuP2SIbKg6O08sXT38iFwl
2V44WhoGHz8iAeHZuY5qbco8OdP+gUeNVcmqxt8KBU9SISXLUP4lIIJ88XDz03C/
/+tSRFjHC/8PKW+Ag5vQNEb8n+a98e4eQPJbfXn7h+rskEjm7K6qB3kM4Lcp6uSb
HYOhMGGReEY0sDGsyC141ZLJU8NzjxWI9XbrqvZN+CYEyYrcjr7meiuWGt2qPJn2
YUUe1NGP7f8pu7pJm0KgrDnTIvaci6Ik1rPHtiWo7rhu+Bj6j/wdV1p9nj+/wae8
0DMH15tXhZF0L+2LN4MGDCYvZOqFYWbSKJggmPiytgIfVUq7d/M8aLqxx1Ypd1N3
GDcBkNyZsm+8845LbvMqk94atf6MVGIRktjHUOBNvvwnFSEOY/qM2ZEAP6o+ppc8
FthkKlO/SWgCX5l95GLq3+CE+zs6Y97WmskbHp2r1V/kbuhLcVf/QwKFrd3kORON
wGNwKgTTfz/ueXLkyvJ+jFhe8TARyPSYjaD5FkDbSrEfKPJZ5xVAzNRODG9jqRiS
4Wt9gBoCj7FyUECxmsThiP+9e6flnfD/QCiQ7DsE8NuwEMO28UlWN0mKRs5pzLzx
TAi2io0YJQHJcRnr3jahgsOSqqLmF9fjRZYY7F7JA7XyhdZW8isfPtBOoTOTKG15
f6xJaZznrMwmS0wz47Gb
=pGIC
-----END PGP SIGNATURE-----

--- End Message ---