[Dict-common-dev] {aspell, ispell}-autobuildhash checksum handling changes. 'update-openoffice-dicts' removal.

Tue Oct 4 11:01:35 UTC 2011

Hi all,

* The previous state of autobuildhash stuff

Regarding use of ispell-autobuildhash and aspell-autobuildhash, 
dictionaries-common previously suggested touching relevant /var/*
$(DICT).{compat,rws,hash} files to have them shipped along with the
ispell or aspell dictionary package and so removed on package removal by
package manager. These files were recreated with their real contents from
package postinst. 

This resulted in tools like debsums complaining about some shipped files
being changed afterwards. This should not mask any real security problem
because any real checker should be aware that anything under /var that was
initially void (its checksum corresponds to an empty file) cannot be 
anything but a placeholder, but this has been recurrently discussed with
different points of view involved.

http://lists.debian.org/debian-devel/2007/08/thrd2.html#00708
http://lists.debian.org/debian-devel/2010/03/threads.html#00038
http://bugs.debian.org/593487

Old system has the advantage that dpkg knows which package owns each
placeholder but besides checksums changes, has the disadvantage that a 
given dictionary is not available for some time between package unpack 
and postinst run, time that can be large in a big upgrade.

* The newly added feature to installdeb-{aspell,ispell} for autobuildhash

Starting with 1.11.2, dictionaries-common-dev, installdeb-ispell and
installdeb-wordlist debhelper-like scripts provide a new method that 
uses new debhelper snippets to handle this. This method is enabled by a
'Auto-Compat' entry in info-{aspell,ispell} file. Please see a recent
{aspell,ispell}-autobuildhash man page for details. You need to build-depend
on dictionaries-common-dev (>= 1.11.2) if you use this.

I am currently using this system in my packages, and is also used in some
other packages like i{american,british}. After some initial changes things
seem to work and be robust now, so is time to announce it widely.

* 'update-openoffice-dicts' will soon be removed.

Regarding myspell/hunspell dicts, note that 'update-openoffice-dicts' will
soon be removed, so myspell/hunspell dictionaries still calling it from
maintainer scripts will fail loudly. If debhelper-like 
dictionaries-common-dev scripts are used, building with a
dictionaries-common-dev version higher that 1.10.5 should be enough. Note
that squeeze ships an earlier version, so if dictionaries are build with
squeeze tools the problem will be re-introduced. For this reason is highly
desirably to make sure myspell/hunspell dict package build-depends on at 
least dictionaries-common-dev 1.10.5 if dictionaries-common-dev tools are
used. myspell/hunspell dict packages created this way can be used in
squeeze, where 'update-openoffice-dicts' was mostly a no-op.

Regards,

-- 
Agustin