Bug#762584: apache2: silently changes user configuration /etc/logrotate.d/apache2
Package: apache2 Version: 2.4.10-2 Severity: important Preliminary note: this particular bug is not about the default, but silent configuration change. Due to * Keep fewer logs by default. Instead of 52 weekly logs, keep 14 daily logs. The daily graceful restart also has the advantage of regenerating things like TLS session ticket keys more often. Closes: #759382 the /etc/logrotate.d/apache2 file, which is a user configuration file, has silently been modified, not due to internal change (such as an option rename), but with a real change of the behavior. It is really bad to change user configuration without asking him first. Contrary to what the changelog says, it is not just the default that has changed, but the configuration of existing apache2 web servers (actually the rotation of their log files), which may have run like that for years. This is almost against the Debian policy, which says that local changes must be preserved (this would be a serious bug). In this particular case, this is not a local change, but only because the Debian package had some default settings that could be fine for the user, and there was no way for the user to explicitly say that he wanted to choose (keep) this configuration. After noticing this change with a manual diff on one machine, with diffmon the day after on another machine (otherwise it would have remained unnoticed), I had to change it back manually. -- Package-specific info: -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2 depends on: ii apache2-bin 2.4.10-2 ii apache2-data 2.4.10-2 ii lsb-base 4.1+Debian13 ii mime-support 3.56 ii perl 5.20.0-6 ii procps1:3.3.9-7 Versions of packages apache2 recommends: ii ssl-cert 1.0.34 Versions of packages apache2 suggests: ii apache2-doc 2.4.10-2 pn apache2-suexec-pristine | apache2-suexec-custom none ii apache2-utils2.4.10-2 ii epiphany-browser [www-browser] 3.12.1-1 ii iceape [www-browser] 2.7.12-1+b1 ii iceweasel [www-browser] 24.8.0esr-1~deb7u1 ii links [www-browser] 2.8-2 ii links2 [www-browser] 2.8-2 ii lynx-cur [www-browser] 2.8.9dev1-2 ii midori [www-browser] 0.4.3+dfsg-0.1 ii surf [www-browser] 0.6-1 ii uzbl [www-browser] 0.0.0~git.20120514-1.1 ii w3m [www-browser]0.5.3-17 Versions of packages apache2-bin depends on: ii libapr1 1.5.1-3 ii libaprutil1 1.5.3-3 ii libaprutil1-dbd-sqlite3 1.5.3-3 ii libaprutil1-ldap 1.5.3-3 ii libc62.19-11 ii libldap-2.4-22.4.39-1.1+b1 ii liblua5.1-0 5.1.5-7 ii libpcre3 1:8.35-3 ii libssl1.0.0 1.0.1i-2 ii libxml2 2.9.1+dfsg1-3 ii perl 5.20.0-6 ii zlib1g 1:1.2.8.dfsg-2 Versions of packages apache2-bin suggests: ii apache2-doc 2.4.10-2 pn apache2-suexec-pristine | apache2-suexec-custom none ii epiphany-browser [www-browser] 3.12.1-1 ii iceape [www-browser] 2.7.12-1+b1 ii iceweasel [www-browser] 24.8.0esr-1~deb7u1 ii links [www-browser] 2.8-2 ii links2 [www-browser] 2.8-2 ii lynx-cur [www-browser] 2.8.9dev1-2 ii midori [www-browser] 0.4.3+dfsg-0.1 ii surf [www-browser] 0.6-1 ii uzbl [www-browser] 0.0.0~git.20120514-1.1 ii w3m [www-browser]0.5.3-17 Versions of packages apache2 is related to: ii apache2 2.4.10-2 ii apache2-bin 2.4.10-2 -- Configuration Files: /etc/apache2/mods-available/userdir.conf changed: IfModule mod_userdir.c UserDir public_html UserDir disabled root Directory /home/*/public_html AllowOverride FileInfo AuthConfig Limit Indexes Options=MultiViews Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Limit GET POST OPTIONS Require all granted /Limit LimitExcept GET POST OPTIONS Require all denied /LimitExcept /Directory /IfModule
Bug#762584: apache2: silently changes user configuration /etc/logrotate.d/apache2
On 2014-09-23 14:43:49 +0200, Arno Töll wrote: We install this file through dh_installlogrotate and it is listed as a conffile in the binary package of apache2. That means, it will be handled like any other configuration file in Debian with special care and it won't overwrite changes YOU made. OK, but then, is there any reason not to announce it in the NEWS file? This is a significant configuration change! However, the Debian default is to overwrite configuration changes when the file was untouched by the user, and this is a policy compliant behavior. If you dislike this behavior, you can hint dpkg to whatever you prefer - it's not a bug in the package though. Unfortunately it doesn't seem to be possible to hint dpkg: according to the dpkg(1) man page, all the conffile related options are in the case If a conffile is missing or If a conffile has been modified (while here it exists, but was not modified because the default was OK). -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762584: apache2: silently changes user configuration /etc/logrotate.d/apache2
On 23.09.2014 15:01, Vincent Lefevre wrote: On 2014-09-23 14:43:49 +0200, Arno Töll wrote: We install this file through dh_installlogrotate and it is listed as a conffile in the binary package of apache2. That means, it will be handled like any other configuration file in Debian with special care and it won't overwrite changes YOU made. OK, but then, is there any reason not to announce it in the NEWS file? This is a significant configuration change! This is a change like the ones which happen every day in Debian during an update. It's not newsworthy I think. Unfortunately it doesn't seem to be possible to hint dpkg: according to the dpkg(1) man page, all the conffile related options are in the case If a conffile is missing or If a conffile has been modified (while here it exists, but was not modified because the default was OK). You're looking for --force-confold. See http://raphaelhertzog.com/2010/09/21/debian-conffile-configuration-file-managed-by-dpkg/ for all details. -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Bug#762584: apache2: silently changes user configuration /etc/logrotate.d/apache2
On 2014-09-23 15:06:08 +0200, Arno Töll wrote: On 23.09.2014 15:01, Vincent Lefevre wrote: On 2014-09-23 14:43:49 +0200, Arno Töll wrote: We install this file through dh_installlogrotate and it is listed as a conffile in the binary package of apache2. That means, it will be handled like any other configuration file in Debian with special care and it won't overwrite changes YOU made. OK, but then, is there any reason not to announce it in the NEWS file? This is a significant configuration change! This is a change like the ones which happen every day in Debian during an update. It's not newsworthy I think. Well, I disagree. I often upgrade my machines, often see changes, but these are rather internal changes. Unfortunately it doesn't seem to be possible to hint dpkg: according to the dpkg(1) man page, all the conffile related options are in the case If a conffile is missing or If a conffile has been modified (while here it exists, but was not modified because the default was OK). You're looking for --force-confold. See http://raphaelhertzog.com/2010/09/21/debian-conffile-configuration-file-managed-by-dpkg/ for all details. No, --force-confold does something different: it keeps the old conffile only when it has been *modified* by the user. And it doesn't prompt. It does not seem to be possible to have: If the version of a conffile in the package did change, always prompt (even if the user did *not* modify the conffile). -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#762584: apache2: silently changes user configuration /etc/logrotate.d/apache2
On Tuesday 23 September 2014 15:21:35, Vincent Lefevre wrote: OK, but then, is there any reason not to announce it in the NEWS file? This is a significant configuration change! This is a change like the ones which happen every day in Debian during an update. It's not newsworthy I think. Well, I disagree. I often upgrade my machines, often see changes, but these are rather internal changes. I think a news entry is a good idea in this case. A significant number of people will want to tune the default values. And people upgrading from wheezy will see so many apache news entries that another one won't hurt. I will add one retroactively to 2.4.10-2. People who already have that version installed won't see it, but people who upgrade from an earlier version will. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org