Bug 36711 - Package lists allow to remove essential packages
Package lists allow to remove essential packages
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Policies
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-1-errata
Assigned To: Florian Best
Alexander Kramer
:
Depends on:
Blocks: 36508 38009
  Show dependency treegraph
 
Reported: 2014-11-14 16:03 CET by Philipp Hahn
Modified: 2015-03-11 15:09 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
bug36711.sh (1.22 KB, text/plain)
2015-02-25 14:25 CET, Florian Best
Details
script output (9.38 KB, text/plain)
2015-02-25 14:26 CET, Florian Best
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-11-14 16:03:25 CET
The package list contains "Tools: file". If that is added to the list of packages to be removed, this also force-removes cacklib, python-cracklib, python-univention,  univention-config, and so on. After that the system is unuable.

The package list removal mechanism should not be allowed to remove essential UCS packages.
Comment 1 Stefan Gohmann univentionstaff 2014-12-05 08:43:47 CET
In a first step we should remove the package file from the list.
Comment 2 Florian Best univentionstaff 2015-02-24 15:01:02 CET
wget, lsof, nmap → also break the system
Comment 3 Florian Best univentionstaff 2015-02-25 14:25:45 CET
Created attachment 6719 [details]
bug36711.sh

Here is a script which checks every package if it would uninstall necessary packages (starting with univention- or ucs-).
Comment 4 Florian Best univentionstaff 2015-02-25 14:26:39 CET
Created attachment 6720 [details]
script output

Here is the output of that script.
Comment 5 Florian Best univentionstaff 2015-02-25 14:31:58 CET
So I am filtering out the following packages in the Syntax-class of "Package removal list" in policies/masterpackages, policies/memberpackages and policies/slavepackages:
wget screen openssh-client nmap lsof file
Comment 6 Florian Best univentionstaff 2015-02-26 12:14:57 CET
The packages mentioned in comment 5 are now prevented to be saved.
It is not possible to prevent that they are shown in the list.
Fixed also the error format of the shown error message.

Fix: svn r58458
YAML: 2015-02-24-univention-directory-manager-modules.yaml
YAML: 2015-02-26-univention-management-console-module-udm.yaml
No cross dependencies.

QA: please check also if we should add some more packages.
Comment 7 Alexander Kramer univentionstaff 2015-03-04 16:34:33 CET
OK - debian/changelog
OK - prevent 
OK - yaml files

didn't: QA: please check also if we should add some more packages.
Comment 8 Moritz Muehlenhoff univentionstaff 2015-03-11 15:08:16 CET
http://errata.univention.de/ucs/4.0/102.html
Comment 9 Moritz Muehlenhoff univentionstaff 2015-03-11 15:09:40 CET
http://errata.univention.de/ucs/4.0/98.html