[Pkg-dns-devel] Bug#816425: Bug#816425: unbound: re-enables upstream forwarding
Robert Edmonds
edmonds at debian.org
Tue Mar 1 21:49:20 UTC 2016
Jakub Wilk wrote:
> Hi Robert!
>
> * Robert Edmonds <edmonds at debian.org>, 2016-03-01, 14:58:
> >I just tested an upgrade from 1.5.7-1 to 1.5.7-2. dpkg says:
> >
> > Installing new version of config file /etc/resolvconf/update.d/unbound ...
> >
> >But it keeps the permission bits of the old version of the conffile (even
> >though I didn't touch them), which is surprising.
>
> Sounds like #192981.
Yeah, that sounds exactly like it.
> >I'm not entirely sure what the correct way is to migrate the permissions
> >on a conffile on an upgrade. Do we maybe need something like this in the
> >preinst?
> >
> > # XXX: Check if upgrading from a version less than 1.5.7-2~, then do:
> > if [ -f /etc/default/unbound ]; then
> > . /etc/default/unbound
> > case "x$RESOLVCONF" in xfalse|x0|xno)
> > RESOLVCONF="false"
> > *)
> > RESOLVCONF="true"
> > esac
> >
> > if ! $RESOLVCONF; then
> > if [ -f /etc/resolvconf/update.d/unbound ]; then
> > chmod -x /etc/resolvconf/update.d/unbound || true
> > fi
> > fi
> > fi
>
> s/RESOLVCONF/RESOLVCONF_FORWARDERS/g
Oh, right.
> My slight worry is that people who never edited /etc/default/unbound would
> retain forwarding enabled on upgrade, unlike people who installed the new
> version afresh. Is that intentional?
That was not intentional. What I actually wanted to do was disable the
RESOLVCONF_FORWARDERS functionality *especially* for people who never
edited /etc/default/unbound, because calling "unbound-control forward"
behind the admin's back would frequently break custom forwarding
configs.
So it actually doesn't matter what RESOLVCONF_FORWARDERS was set to...
> I'd rather let the maintainer script abort if chmod fails than to ignore the
> error.
>
> >That doesn't help for upgrades from 1.5.7-2, since /etc/default/unbound
> >will no longer exist. (Maybe we could specially check
> >/etc/default/unbound.dpkg-bak for upgrades from 1.5.7-2? Ugh.)
>
> Yeah, ugh. I don't think there's any pretty solution to this...
Hm, maybe it's as simple as:
# XXX: Check if upgrading from a version less than 1.5.7-3~, then do:
if [ -f /etc/resolvconf/update.d/unbound ]; then
chmod -x /etc/resolvconf/update.d/unbound
fi
That will annoy anyone who newly installed 1.5.7-2, then explicitly
chmod +x'd the file, but that's significantly fewer people than everyone
upgrading the package.
--
Robert Edmonds
edmonds at debian.org
More information about the pkg-dns-devel
mailing list