On 03/19/2018 02:42 PM, Julian Gilbey wrote: > Package: ntpsec-ntpviz > Version: 1.0.0+dfsg1-5 > Severity: serious > > I installed the ntpsec suite, then purged the ntp packages. > Unfortunately, this zapped the /var/log/ntpstats directory, which is > needed by ntpsec-ntpviz. There needs to either been some agreement > between ntp and ntpsec about the use of this directory, or ntpsec > needs to use a different log directory.
We have the same situation in reverse too, it seems. Keeping the same log directory between ntp and ntpsec is desirable, for several reasons: - The log format is the same. - Logs are not lost on conversions from ntp to ntpsec or ntpsec to ntp. - ntpsec-ntpviz is co-installable with ntp and works. This might be desirable, if someone wants to continue using ntp but use ntpviz to create useful graphs. - IIRC, the default /etc/ntp.conf from ntp references this path, so keeping the logging path the same means we don't need to change /etc/ntp.conf on conversions from ntp<->ntpsec. Likewise for /var/lib/ntp, where the drift file is stored. There again, it is very desirable to keep the same drift file upon conversions from ntp<->ntpsec. Otherwise, accuracy is lost until the new ntpd has a chance to recalculate the drift value. Related, there's the issue of the ntp user (and ntp group). Those should not be removed until /var/log/ntpstats is gone. The ntpsec-ntpviz package also needs the ntp user and group, so coordination is required there too. An alternative would be to _copy_ the log files and drift file on initial installation of ntpsec. This has some downsides: - Only ntp -> ntpsec conversions benefit. If someone goes the other way, or goes to ntpsec and then back, logs are still lost, unless ntp also adopts a copying approach (but then why copy instead of share?). - ntpsec needs to sed /etc/ntp.conf to change the paths. This breaks logging if someone moves back to ntp, unless ntp also seds the config file (again then why not just share?). - This breaks anything else that someone might be doing with the log files (and drift file, but that seems unlikely). - We still need to coordinate on the ntp user (and group), unless ntpsec uses a different user (and group) too. If so, then I'm deviating from upstream naming (and years of user history with ntp). Another alternative would be for both packages to simply _not_ delete any of these things. I have wrapped the `rm -rf` with a check for ntp. Here is what I have in ntpsec.postrm now: if ! LANG=C dpkg -s ntp > /dev/null 2>&1 then rm -rf /var/lib/ntp/ rm -rf /var/log/ntpstats/ fi if ! LANG=C dpkg -s ntpsec-ntpviz 2> /dev/null | \ grep -qE "^Status: (hold|install)"; then deluser --system --quiet ntp || true fi I suggest the same for ntp.postrm, but with "ntp" changed to "ntpsec": if ! LANG=C dpkg -s ntpsec > /dev/null 2>&1 then rm -rf /var/lib/ntp/ rm -rf /var/log/ntpstats/ fi if ! LANG=C dpkg -s ntpsec-ntpviz 2> /dev/null | \ grep -qE "^Status: (hold|install)"; then deluser --system --quiet ntp || true fi Is this acceptable on the ntp side? If not, can you propose a different solution? -- Richard