[DRE-maint] Bug#858521: diaspora-common: does 'rm -rf /' on purge

Andreas Henriksson andreas at fatal.se
Thu Mar 23 07:52:29 UTC 2017


Hello!

On Thu, Mar 23, 2017 at 02:17:28AM +0100, Andreas Beckmann wrote:
> Package: diaspora-common
> Version: 0.6.3.0+debian3
> Severity: critical
> Justification: breaks the whole system
> User: debian-qa at lists.debian.org
> Usertags: piuparts
> 
> Hi,
> 
> during a test with piuparts I noticed your package makes havoc in the
> chroot.
[...]
> This very much looks like an 'rm -rf /' in the chroot ... rm is gone, sh is gone, ...

Looks like it does 'rm -rf /bin' to me.

Here's a completely untested patch which should hopefully prevent
disaster. Testing help welcome.

The package is still very likely RC buggy though. This patch just tries
to avoid the disaster of hosing the system.

(Consider for example the case where you already have a user named
"diaspora", making the install fail and then disaster again strikes
when you try to remove/purge your way out of the failed install removing
the user and all its data. Just one example out of many. Nowhere does it
seem to account for conffiles having been removed by the admin as another
example. These maintainer scripts are just waaaaaay to buggy/unreliable.)

HTH

Regards,
Andreas Henriksson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diaspora-common-disaster.patch
Type: text/x-diff
Size: 2057 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20170323/6b2a517d/attachment.patch>


More information about the Pkg-ruby-extras-maintainers mailing list