[Bug 520532] New: Mark files in webapps/ROOT as %config(noreplace)
http://bugzilla.novell.com/show_bug.cgi?id=520532 User mvyskocil@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=520532#c520038 Summary: Mark files in webapps/ROOT as %config(noreplace) Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: ASSIGNED Severity: Critical Priority: P5 - None Component: Java AssignedTo: mvyskocil@novell.com ReportedBy: mvyskocil@novell.com QAContact: qa@suse.de Found By: Community User Moved from bug#520038 2. A more serious error also took place in my webapps/ROOT directory. My own index.html file that was located there, was replaced by the default index.html file that comes with the base tomcat6 installation. In other words, the index.html that the Jakarta-Apache folks supply showing documentation on the tomcat server itself. THIS HAD TO HAVE RESULTED SOMEHOW FROM THIS SECURITY UPDATE!!! I have NOT changed anything else in these directories for some time now. (Good thing I have everything in the webapps directory backed up so I was able to restore it easily enough) tomcat6-webapps installs following files to webapps/ROOT: /srv/tomcat6/webapps/ROOT/RELEASE-NOTES.txt /srv/tomcat6/webapps/ROOT/WEB-INF /srv/tomcat6/webapps/ROOT/WEB-INF/web.xml /srv/tomcat6/webapps/ROOT/asf-logo-wide.gif /srv/tomcat6/webapps/ROOT/build.xml /srv/tomcat6/webapps/ROOT/favicon.ico /srv/tomcat6/webapps/ROOT/index.html /srv/tomcat6/webapps/ROOT/index.jsp /srv/tomcat6/webapps/ROOT/tomcat-power.gif /srv/tomcat6/webapps/ROOT/tomcat.gif /srv/tomcat6/webapps/ROOT/tomcat.svg At least following files needs to be marked as %config(noreplace): /srv/tomcat6/webapps/ROOT/WEB-INF/web.xml /srv/tomcat6/webapps/ROOT/build.xml /srv/tomcat6/webapps/ROOT/favicon.ico /srv/tomcat6/webapps/ROOT/index.html /srv/tomcat6/webapps/ROOT/index.jsp Affects all tomcat6 packages (11.0, 11.1, sle11, Factory) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=520532 User mvyskocil@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=520532#c1 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low Status|ASSIGNED |NEEDINFO CC| |marc@marcchamberlin.com Info Provider| |marc@marcchamberlin.com --- Comment #1 from Michal Vyskocil <mvyskocil@novell.com> 2009-07-09 02:45:09 MDT --- Marc: do you think that it's enough? I suppose that files like RELEASE-NOTES.txt, or tomcat.gif should not be marked as %config(noreplace), but it's not a big problem to mark all files. BTW: %config(noreplace) means, that rpm will not replace those files, if are different, in update. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=520532 User marc@marcchamberlin.com added comment http://bugzilla.novell.com/show_bug.cgi?id=520532#c2 Marc Chamberlin <marc@marcchamberlin.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|marc@marcchamberlin.com | --- Comment #2 from Marc Chamberlin <marc@marcchamberlin.com> 2009-07-09 14:56:03 MDT --- Michal - Yes I think this would be sufficient and would prevent a tomcat reinstall from clobbering files that are in the webapps/ROOT and webapps/ROOT/WEB-INF directories. (good catch on the WEB-INF/web.xml file BTW, that too should never be clobbered.) I don't know what degree of control you have in determining what files to replace or add in, or not. If it is possible, then if either index.html or index.jsp exists, then neither should be replaced nor added into this directory. There is a preference order that the tomcat server will choose, in determining which one to serve, if both types exist, and it is a user configurable preference of the server... I certainly would not worry about image files or the RELEASE-NOTES.txt file, no one should be reusing those files for other purposes.... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=520532 User mvyskocil@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=520532#c3 --- Comment #3 from Michal Vyskocil <mvyskocil@novell.com> 2009-07-10 04:58:19 MDT --- (In reply to comment #2)
I don't know what degree of control you have in determining what files to replace or add in, or not. If it is possible, then if either index.html or index.jsp exists, then neither should be replaced nor added into this directory.
I can do anything what rpm can :). With %config(noreplace) the file will never be replaced during update. And if there's a different file in updated package, the file with .rpmnew suffix will be inserted to webapps/ROOT. As tomcat webapps usually remains same and changes should be expected only in version upgrade (that means upgrade of openSUSE), this is a minor problem. I'll add the removal of all webapps/ROOT/*.rpmnew files into %post.
There is a preference order that the tomcat server will choose, in determining which one to serve, if both types exist, and it is a user configurable preference of the server...
I'm afraid that rpm does not have enough power to express it. I can instruct it to replace a file in upgrade, or not (if differs), but nothing like user configurable preferences of it. It could be written in %post script, but I don't want to write it, because those scripts tends to be buggy and fragile. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=520532 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flag| |SHIP_STOPPER+ -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=520532 User mvyskocil@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=520532#c4 Michal Vyskocil <mvyskocil@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #4 from Michal Vyskocil <mvyskocil@novell.com> 2009-08-26 07:05:13 MDT --- Created submit request 18842 spec files: ----------- --- tomcat6.spec --- tomcat6.spec @@ -476,7 +476,8 @@ %files webapps %defattr(0644,root,root,0755) -%{appdir}/ROOT +#bnc#520532 +%config(noreplace) %{appdir}/ROOT %{appdir}/examples %changelog -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=520532 http://bugzilla.novell.com/show_bug.cgi?id=520532#c5 --- Comment #5 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (520532) was mentioned in https://build.opensuse.org/request/show/18842 Factory / tomcat6 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com