Processed: Re: Bug#814446: tomcat8: wants to overwrite admin configuration on upgrade

2016-02-25 Thread Debian Bug Tracking System 
Processing control commands:

> severity -1 important
Bug #814446 [tomcat8] tomcat8: wants to overwrite admin configuration on upgrade
Severity set to 'important' from 'serious'

-- 
814446: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814446
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#814446: tomcat8: wants to overwrite admin configuration on upgrade

2016-02-25 Thread Emmanuel Bourg 
Control: severity -1 important

I'm downgrading the severity to important for the following reasons:
- this issue has been there for years in the previous tomcat packages
- the actual policy violation seems to be debatable
- the RC bug prevents the latest version containing security fixes from
reaching testing and then jessie-backports

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#814446: tomcat8: wants to overwrite admin configuration on upgrade

2016-02-12 Thread Emmanuel Bourg 
Hi Thorsten,

Thank you for reporting this issue. I've also encountered this case when
upgrading tomcat7 and I agree this is rather annoying.

However I'm not sure to know what should be done here. I was under the
impression this dialog was actually expected when a package updates a
modified configuration file. The Policy §10.7.3 states (about
configuration files handled by maintainer scripts):

   "...it is the responsibility of the package maintainer to provide
   maintainer scripts which correctly create, update and maintain the
   file and remove it on purge. [...] These scripts must be idempotent
   [...], must cope with all the variety of ways dpkg can call
   maintainer scripts, must not overwrite or otherwise mangle the
   user's configuration without asking"

So I'm tempted to think that asking if the file should be overwritten or
not is actually compliant with the policy.

What behavior would you expect in this situation? Ignoring the update?
Merging the changes? (ucf has a --three-way option to allow merging the
changes, I don't know if it would help here).

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#814446: tomcat8: wants to overwrite admin configuration on upgrade

2016-02-11 Thread Thorsten Glaser 
Package: tomcat8
Version: 8.0.32-1
Severity: serious
Justification: Policy 10.7.3 (MUST), 3.9.1 (SHOULD)

On upgrade, I got asked by ucf to replace my config:

   │ --- /etc/default/tomcat8 2016-01-12 17:11:53.730570427 +0100
   │ +++ /tmp/tomcat8.rNFl7ipDcy 2016-02-11 17:24:28.959519437 +0100
   │ @@ -18,7 +18,7 @@
   │  # response time). If you use that option and you run Tomcat on a 
machine with
   │  # exactly one CPU chip that contains one or two cores, you should 
also add
   │  # the "-XX:+CMSIncrementalMode" option.
   │ -JAVA_OPTS="-Djava.awt.headless=true -Xmx2048m -XX:+UseConcMarkSweepGC"
   │ +JAVA_OPTS="-Djava.awt.headless=true -Xmx2048m -XX:+UseConcMarkSweepGC 
-Dfile.encoding=UTF-8
   │ -Djava.security.egd=file:/dev/./urandom -XX:MaxPermSize=128m"
   │
   │  # To enable remote debugging uncomment the following line.
   │  # You will then be able to use a java debugger on port 8000.
   │ @@ -38,16 +38,9 @@
   │
   │  # Location of the JVM temporary directory
   │  # WARNING: This directory will be destroyed and recreated at every 
startup !
   │ -JVM_TMP=/tmp/tomcat8-temp
   │ +#JVM_TMP=/tmp/tomcat8-temp
   │
   │  # If you run Tomcat on port numbers that are all higher than 1023, 
then you
   │  # do not need authbind. It is used for binding Tomcat to lower port 
numbers.
   │  # (yes/no, default: no)
   │  #AUTHBIND=no
   │ -
   │ -JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding=UTF-8"
   │ -
   │ -export LC_ALL=C.UTF-8
   │ -
   │ -JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"
   │ -JAVA_OPTS="${JAVA_OPTS} -XX:MaxPermSize=128m"

This is 100% changing my own settings (merging some options,
removing two others) and 0% package-provided configuration
changes, and as such violates Policy (cf. #812574).

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.3.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages tomcat8 depends on:
ii  adduser3.113+nmu3
ii  debconf [debconf-2.0]  1.5.58
ii  tomcat8-common 8.0.32-1
ii  ucf3.0033

Versions of packages tomcat8 recommends:
pn  authbind  

Versions of packages tomcat8 suggests:
pn  libtcnative-1 
pn  tomcat8-admin 
pn  tomcat8-docs  
pn  tomcat8-examples  
pn  tomcat8-user  

-- Configuration Files:
/etc/tomcat8/catalina.properties changed [not included]
/etc/tomcat8/context.xml changed [not included]
/etc/tomcat8/server.xml changed [not included]
/etc/tomcat8/tomcat-users.xml changed [not included]

-- debconf information:
  tomcat8/username: tomcat8
  tomcat8/javaopts: -Djava.awt.headless=true -Xmx2048m -XX:+UseConcMarkSweepGC 
-Dfile.encoding=UTF-8 -Djava.security.egd=file:/dev/./urandom 
-XX:MaxPermSize=128m
  tomcat8/groupname: tomcat8

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.