[Pkg-pdns-maintainers] Bug#798773: postinst script handles comments in config file incorrectly

Stephen Frost sfrost at snowman.net
Tue Oct 6 13:03:22 UTC 2015 

Christian,

* Christian Hofstaedtler (zeha at debian.org) wrote:
> * Stephen Frost <sfrost at snowman.net> [151006 04:12]:
> > That said, I do think it's worthwhile to see about fixing these
> > particular install failures, and the proposed change looks like it would
> > at least do that.
> 
> I agree that it would make the situation better for some users.
> 
> I was going to write which users are affected by this bug, but now
> that I think more about it, I'm not sure which users are affected.
> As you have some interest, I assume you have run into the bug? How
> did your configuration look like?

Yes, I did run into this bug while upgrading the hidden PowerDNS master
for postgresql.org.  The configuration we have is relatively simple.  My
recollection of how it happened is:

Installed an older version (3.4.1?), modified /etc/powerdns/pdns.conf
with a few simple changes- allow-axfr-ips, master=yes, slave=yes, etc.

Then at some point down the road, attempted to upgrade to 3.4.6 (in
jessie backports), and it blew up on that error.  To fix it, I recall
modifying pdns.conf *and* pdns.conf.ucf-dist.  It's possible I didn't
have to change both, but I think I tried changing pdns.conf first and it
didn't help, so I changed pdns.conf.ucf-dist also and that got me past
the issue.  Apologies for not having more detailed notes, I was a bit
anxious to get it fixed. :)

I'll see about building a test jessie VM, installing the version in
jessie, modifying the config, and then doing an upgrade, and see if I
can reproduce the error.

> > > > Is there anything I can do to help?
> > > 
> > > I'm thinking of deleting most of the code in the postinst for
> > > stretch.
> > 
> > Are you thinking about simply assuming that /etc/powerdns/pdns.d is the
> > PDNSDIR ...
> 
> Yes, because the files the postinst touches are meant to be the
> files that the previous version of the pdns-server package has
> shipped.

Right.

> > and anything else is up to the user to address?
> 
> If the user has moved or renamed the pdns.d dir, or changed the
> include= dir to point to something else entirely, then we have no
> business of touching (and moving!) the users config files at all.

Agreed.  We just need to be able to sanely detect that and act
accordingly.

> As the postinst doesn't have a version check right now, it
> 1) is wrong for versions after jessie,
> 2) we have to look at all previously released binary packages to see
> the original intent and which conffiles have previously been installed.
> I haven't done that check yet.

Yeah, that doesn't sound like much fun. :)

> > > Not sure what to do about jessie. Given that this bug has existed
> > > since 2006, maybe it's not terribly important to fix in jessie.
> > 
> > I disagree.  Perhaps I'm being naive, but having the relatively simple
> > case, where /etc/powerdns/pdns.d is the directory and the configuration
> > has been only mildly tweaked, failure during upgrades is not a good
> > position for us to be in.
> > 
> > I have to admit that I'm not up to speed on current policy, but I'm
> > happy to try and implement whatever the correct solution is.  I'm sure
> > there are other packages which have include directories, is there a
> > clear "right way" to handle this?
> 
> I don't think there's much policy here except for the normal "don't
> touch stuff that isn't yours" - i.e. preserve user changes,
> especially if they are to/in files that aren't installed by the
> package.

Right.

> There's some other complication - include= is the old name of the
> include directory setting; jessie's pdns does include-dir= instead. [1]
> 
> > Thanks!
> 
> Thank you for caring about this,

Absolutely, I like PDNS in general and given that we're using it to run
postgresql.org, we really want it to work well. :)

I'm also a DD, btw, though I haven't done much Debian-related work
recently.  I'd be happy to help out with maintaining PowerDNS though, as
we're using it.

Thanks!

Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-pdns-maintainers/attachments/20151006/c1074d36/attachment.sig>

More information about the Pkg-pdns-maintainers mailing list