Merge lp://staging/~lynxman/squid-deb-proxy/debhooks into lp://staging/squid-deb-proxy
Proposed by
Marc Cluet
Status: | Merged |
---|---|
Merged at revision: | 46 |
Proposed branch: | lp://staging/~lynxman/squid-deb-proxy/debhooks |
Merge into: | lp://staging/squid-deb-proxy |
Diff against target: |
122 lines (+108/-0) 3 files modified
debian/squid-deb-proxy.config (+7/-0) debian/squid-deb-proxy.postinst (+89/-0) debian/squid-deb-proxy.templates (+12/-0) |
To merge this branch: | bzr merge lp://staging/~lynxman/squid-deb-proxy/debhooks |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Michael Vogt (community) | Needs Fixing | ||
Review via email:
|
Description of the change
We added a couple of debconf hooks in order to be able to configure the config file directly from orchestra
To post a comment you must log in.
Thanks for this branch! I like the idea of adding debconf questions to make it easy to enable certain features. I think thats a great idea. I have some comments about the current implementation though.
[..] proxy/ppa- enable
> +case "$1" in
> + configure)
> + # Enable or disable PPAs
> + db_get squid-deb-
> + if [ "${RET}z" != "z" ]
Is this check for empty result really needed? db_get with a boolean
template should always return either "true" or "false"
> + then
> + case "$RET" in
> + n*|N*)
Did you test that this actually works? $RET should be either string
"true" or "false". The buttons in the question whiptail dialog are a
bit misleading as they can be translated, but the db_get value is
always either true or false.
> + if [ -f "/etc/squid- deb-proxy/ mirror- dstdomain. acl" ] deb-proxy/ mirror- dstdomain. acl /etc/squid- deb-proxy/ .mirror- dstdomain. acl deb-proxy/ .mirror- dstdomain. acl | sed 's/ppa. launchpad. net/#ppa. launchpad. net/' > /etc/squid- deb-proxy/ mirror- dstdomain. acl deb-proxy/ .mirror- dstdomain. acl
> + then
> + mv /etc/squid-
> + cat /etc/squid-
> + rm -f /etc/squid-
Is there a advantage to use this over sed -i ? sed will also
create a temp file first so it should be efffectively the same only
shorter (unless I overlook something here?).
There is one more issue with the approach taken. When running deb-proxy/ mirror- dstdomain. acl c430d3bc4818751 ee177515a414567 08
$ dpkg -s squid-deb-proxy
[..]
Conffiles:
/etc/squid-
[..]
This shows that the two files manipulated are "conffiles". The debian mirrors_ user dstdomain "/etc/squid- deb-proxy/ mirror- dstdomain- user.acl" dstdomain- user.acl the same, either a
policy (in appendix E.1) discourages the manipulation of conffiles
from a maintainer script. I think adding a new line to squid.conf
like
acl to_ubuntu_
that is then either created empty or with the content like 0.0.0.0
should do the trick (for mirror-
empty file or a file containing ppa). If that is carefully done all
users benefit as they can add their own content there without the
risks of having conffile prompts in the future. Alternatively it could
use include in the acl files. But I'm not sure that this will actually
work in a acl file.
[..] proxy/acl- enable
> +Template: squid-deb-
> +Type: boolean
> +Description: Enable network ACL
> + squid-deb-proxy restricts access to the cache by address range
> + selecting Y in this option will enable a basic private network range
> + selecting N in this option will allow all IPs to access the cache
Maybe something like "all IPs *in the world* to access the cache" or
something like this to ensure the user understands that this opens his
cache for all others. Not that big of a risk because all they can get
is packages but it may costs bandwith etc and the user/admin should
understand the difference.