[pkg-ntp-maintainers] Bug#893542: ntpsec-ntpviz: shares /var/log/ntpstats with ntp, which gets zapped when ntp is purged

Richard Laager rlaager at wiktel.com
Tue Mar 20 00:06:21 UTC 2018 

On 03/19/2018 02:42 PM, Julian Gilbey wrote:
> Package: ntpsec-ntpviz
> Version: 1.0.0+dfsg1-5
> Severity: serious
> 
> I installed the ntpsec suite, then purged the ntp packages.
> Unfortunately, this zapped the /var/log/ntpstats directory, which is
> needed by ntpsec-ntpviz.  There needs to either been some agreement
> between ntp and ntpsec about the use of this directory, or ntpsec
> needs to use a different log directory.

We have the same situation in reverse too, it seems.

Keeping the same log directory between ntp and ntpsec is desirable, for
several reasons:

- The log format is the same.
- Logs are not lost on conversions from ntp to ntpsec or ntpsec to ntp.
- ntpsec-ntpviz is co-installable with ntp and works. This might be
desirable, if someone wants to continue using ntp but use ntpviz to
create useful graphs.
- IIRC, the default /etc/ntp.conf from ntp references this path, so
keeping the logging path the same means we don't need to change
/etc/ntp.conf on conversions from ntp<->ntpsec.

Likewise for /var/lib/ntp, where the drift file is stored. There again,
it is very desirable to keep the same drift file upon conversions from
ntp<->ntpsec. Otherwise, accuracy is lost until the new ntpd has a
chance to recalculate the drift value.

Related, there's the issue of the ntp user (and ntp group). Those should
not be removed until /var/log/ntpstats is gone. The ntpsec-ntpviz
package also needs the ntp user and group, so coordination is required
there too.

An alternative would be to _copy_ the log files and drift file on
initial installation of ntpsec. This has some downsides:
- Only ntp -> ntpsec conversions benefit. If someone goes the other way,
or goes to ntpsec and then back, logs are still lost, unless ntp also
adopts a copying approach (but then why copy instead of share?).
- ntpsec needs to sed /etc/ntp.conf to change the paths. This breaks
logging if someone moves back to ntp, unless ntp also seds the config
file (again then why not just share?).
- This breaks anything else that someone might be doing with the log
files (and drift file, but that seems unlikely).
- We still need to coordinate on the ntp user (and group), unless ntpsec
uses a different user (and group) too. If so, then I'm deviating from
upstream naming (and years of user history with ntp).

Another alternative would be for both packages to simply _not_ delete
any of these things.

I have wrapped the `rm -rf` with a check for ntp. Here is what I have in
ntpsec.postrm now:

if ! LANG=C dpkg -s ntp > /dev/null 2>&1
then
	rm -rf /var/lib/ntp/
	rm -rf /var/log/ntpstats/
fi
if ! LANG=C dpkg -s ntpsec-ntpviz 2> /dev/null | \
     grep -qE "^Status: (hold|install)"; then
	deluser --system --quiet ntp || true
fi


I suggest the same for ntp.postrm, but with "ntp" changed to "ntpsec":

if ! LANG=C dpkg -s ntpsec > /dev/null 2>&1
then
	rm -rf /var/lib/ntp/
	rm -rf /var/log/ntpstats/
fi
if ! LANG=C dpkg -s ntpsec-ntpviz 2> /dev/null | \
     grep -qE "^Status: (hold|install)"; then
	deluser --system --quiet ntp || true
fi


Is this acceptable on the ntp side? If not, can you propose a different
solution?

-- 
Richard

More information about the pkg-ntp-maintainers mailing list