[Pkg-iscsi-maintainers] Bug#832344: open-isns-server: unowned files after purge (policy 6.8, 10.8): /etc/isns/auth_key
Christian Seiler
christian at iwakd.de
Sun Jul 24 13:54:00 UTC 2016
Control: tags -1 + moreinfo
On 07/24/2016 03:02 PM, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package left unowned files on
> the system after purge, which is a violation of policy 6.8 (or 10.8):
>
> https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-removedetails
>
> Filing this as important as having a piuparts clean archive is a release
> goal since lenny.
Well, there's a problem here:
- any software using libisns0 uses /etc/isns/auth_key as the
default private DSA key when talking to other iSNS clients
and/or servers
- open-isns-server listens to the network by default, and
not having a key file installed will cause the server to
not required authentication (bad security-wise) or, if we
change the default configuration to require auth, not
start absent that file
=> For this reason, we generate auth_key (+ it's public
key counterpart) in postinst for open-isns-server
If we have the scenario that one installs open-isns-server and
later purges it again, and doesn't use any other iSNS-related
software in the mean time, then yes, postrm should remove it.
However, there are two other scenarios:
1. One installs some other iSNS-related software, manually
creates auth_key there (for example for the discoveryd),
and then installs open-isns-server by accident, purging it
afterwards, auth_key should _not_ disappear in that moment.
2. One installs open-isns-server first, then installs other
related software that also uses auth_key. After that one
wants to purge open-isns-server - auth_key is now in use
by other software in the mean time.
(Also, one can use -server and e.g. -discoveryd on the same
computer, and in that case upstream uses the same key by
default.)
We should _not_ remove auth_key when purging open-isns-server,
because we simply don't know whether other software might need
it or not.
For this reason, the postrm scripts of all related packages
contain logic to purge files once the _last_ package that
might make use of these files is removed:
http://sources.debian.net/src/open-isns/0.96-1/debian/open-isns-server.postrm/
http://sources.debian.net/src/open-isns/0.96-1/debian/open-isns-discoveryd.postrm/
http://sources.debian.net/src/open-isns/0.96-1/debian/open-isns-utils.postrm/
http://sources.debian.net/src/open-isns/0.96-1/debian/libisns0.postrm/
So instead of simply purging open-isns-server, if one then
afterwards does apt-get autoremove --purge - and one has only
installed open-isns-server manually - that will indeed get
rid of the auth_key file.
Of course, if you have any better way of handling this, I'm
all ears. But otherwise I don't really see a way how to deal
with this properly.
Regards,
Christian
More information about the Pkg-iscsi-maintainers
mailing list