Bug#1035483: debsums: false positives on removed conffiles retaining a remove-on-upgrade entry in Conffiles

Thu May 4 08:46:04 BST 2023

Control: tag -1 + patch
Control: forcemerge -1 993714

Hi Andreas,

Andreas Beckmann wrote:
> # debsums -ac --ignore-obsolete pkg-config ; echo $?
> debsums: missing file /etc/dpkg/dpkg.cfg.d/pkg-config-hook-config (from pkg-config:amd64 package)
> 2
> 
> while after a fresh install in bookworm the Conffiles entry is
> different:
> 
> Conffiles:
>  /etc/dpkg/dpkg.cfg.d/pkg-config-hook-config newconffile remove-on-upgrade
> 
> and debsums does not complain:
> 
> # debsums -ac --ignore-obsolete pkg-config ; echo $?
> 0

Thanks for the bug report. Actually this is not new, but I seem to
unfortunately have forgotton about it: https://bugs.debian.org/993714
— hence merging.

> I assume that dpkg is correct and debsums is at fault here ...

Probably, yes.

> A quick fix that works for me (and piuparts) is in line 268
> 
> -                grep { not ($ignore_obsolete and / obsolete$/) }
> +                grep { not ($ignore_obsolete and / (obsolete|remove-on-upgrade)$/) }

Thanks for the patch.

Regarding the impact of both, the issue as well as the patch, I
checked how widespread it already is:

https://codesearch.debian.net/search?q=remove-on-upgrade+path%3Adebian%2F&literal=1
shows only these packages:

chromium
crowdsec
crowdsec-custom-bouncer
crowdsec-firewall-bouncer
debhelper
dpkg-repack
freedombox
lintian
phog
pkgconf
qcontrol
resolvconf
sxmo-utils
wyrd

If I drop the "path:debian/", it also shows dpkg. But e.g. lintian
listed above only mentions it in debian/changelog. Same counts for
dpkg-repack and debhelper. So about a dozen of potentially affected
packages.

So currently the overall impact seems not that big, neither for the
bug nor for the proposed fix.

But since piuparts might report failures because of that, I do see the
reasoning for the RC severity despite the previous bug report was just
"normal" — probably the reason why I forgot about it. :-/

Admittedly I'm not keen on modifying debsums behaviour at this stage
of the freeze. Then again, your patch is small and clear.

I'll see that I make some testing and then an upload with that patch
and request a freeze exception latest at the upcoming weekend.

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE