Can you please fix these lintian warnings? Should be quite easy. W: ec2-init: copyright-refers-to-versionless-license-file usr/share/common-licenses/GPL W: ec2-init: init.d-script-missing-lsb-section /etc/init.d/rightscale-init E: ec2-init: init.d-script-does-not-implement-required-option /etc/init.d/rightscale-init restart E: ec2-init: init.d-script-does-not-implement-required-option /etc/init.d/rightscale-init force-reload
Also, some init scripts use echo instead of the lsb_* functions. This really ought to be fixed first. debian/ec2-init.rightscale-init.init looks questionable and also has some security issues: - Uses static file names without further checks in /tmp, allowing symlink attacks - Calls apt-get update/install in an init script, which is really not the way things work: please just make those dependencies - wgets and installs third-party software (http://rubyforge.org/frs/download.php/45905/rubygems-1.3.1.tgz) without any further checks (signatures, checksums, etc.) - uses /opt/ which distro packages must not touch - calls lsb_release without depending on it - changes apt sources without further checks or questions - assumes that there is an "ubuntu" user and mucks around in /home. Ubuntu packages must not touch /home. By and large, this is totally inappropriate as an init script. Setup should be run in postinst, Ubuntu packages should be pulled in as dependencies, and automatically installing third-party packages subverts our trust chain and packaging policy. Please just package the gem and depend on it. Likewise, ./ec2-init calls regenerate_ssh_host_keys() if ec2-wait-for- meta-data-service() succeeds. Can the latter ever succeed on a non-ec setup? It must not ever, ever, ever change host keys on a normal system. Packages shuold be installable on a normal system without wreaking havoc. Especially those which have a totally inconspicuous package description like ec2-init. Please at least change the package description to say "THIS IS NOT THE PACKAGE YOU WANT!!!!11!!!", or (preferably) make it inert on a normal system. Please don't get yourself sucked into the deep black hole that automatix was. Perhaps this isn't appropriate as a package at all, but rather should be an installer-like script on its own, much like ubuntu-vm- builder. Then it can build its own chroot and bang on it as it wants, without endangering normal Ubuntu installations which apt-get install this package? ** Changed in: ec2-init (Ubuntu) Status: New => Incomplete -- [MIR] ec2-init https://bugs.launchpad.net/bugs/434693 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
