[Pkg-iscsi-maintainers] Bug#832344: open-isns-server: unowned files after purge (policy 6.8, 10.8): /etc/isns/auth_key

Sun Jul 24 13:54:00 UTC 2016

Control: tags -1 + moreinfo

On 07/24/2016 03:02 PM, Andreas Beckmann wrote:
> during a test with piuparts I noticed your package left unowned files on
> the system after purge, which is a violation of policy 6.8 (or 10.8):
> 
> https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-removedetails
> 
> Filing this as important as having a piuparts clean archive is a release
> goal since lenny.

Well, there's a problem here:

 - any software using libisns0 uses /etc/isns/auth_key as the
   default private DSA key when talking to other iSNS clients
   and/or servers

 - open-isns-server listens to the network by default, and
   not having a key file installed will cause the server to
   not required authentication (bad security-wise) or, if we
   change the default configuration to require auth, not
   start absent that file

   => For this reason, we generate auth_key (+ it's public
      key counterpart) in postinst for open-isns-server

If we have the scenario that one installs open-isns-server and
later purges it again, and doesn't use any other iSNS-related
software in the mean time, then yes, postrm should remove it.

However, there are two other scenarios:

1. One installs some other iSNS-related software, manually
   creates auth_key there (for example for the discoveryd),
   and then installs open-isns-server by accident, purging it
   afterwards, auth_key should _not_ disappear in that moment.

2. One installs open-isns-server first, then installs other
   related software that also uses auth_key. After that one
   wants to purge open-isns-server - auth_key is now in use
   by other software in the mean time.

(Also, one can use -server and e.g. -discoveryd on the same
computer, and in that case upstream uses the same key by
default.)

We should _not_ remove auth_key when purging open-isns-server,
because we simply don't know whether other software might need
it or not.

For this reason, the postrm scripts of all related packages
contain logic to purge files once the _last_ package that
might make use of these files is removed:

http://sources.debian.net/src/open-isns/0.96-1/debian/open-isns-server.postrm/
http://sources.debian.net/src/open-isns/0.96-1/debian/open-isns-discoveryd.postrm/
http://sources.debian.net/src/open-isns/0.96-1/debian/open-isns-utils.postrm/
http://sources.debian.net/src/open-isns/0.96-1/debian/libisns0.postrm/

So instead of simply purging open-isns-server, if one then
afterwards does apt-get autoremove --purge - and one has only
installed open-isns-server manually - that will indeed get
rid of the auth_key file.

Of course, if you have any better way of handling this, I'm
all ears. But otherwise I don't really see a way how to deal
with this properly.

Regards,
Christian