New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dpkg_lowpkg: Do not access dpkg internals directly #58735
Open
bdrung
wants to merge
5
commits into
saltstack:master
Choose a base branch
from
bdrung:fix-dpkg
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
requested a review
from krionbsd
October 15, 2020 17:22
bdrung
force-pushed
the
fix-dpkg
branch
2 times, most recently
from
October 16, 2020 09:16
43c63cb
to
d2b619e
Compare
bdrung
changed the title
Do not access /var/lib/dpkg/info/<package>.list directly
Do not access dpkg internals directly
Oct 16, 2020
bdrung
changed the title
Do not access dpkg internals directly
dpkg_lowpkg: Do not access dpkg internals directly
Oct 16, 2020
bdrung
force-pushed
the
fix-dpkg
branch
2 times, most recently
from
October 19, 2020 20:28
f1450b2
to
5385163
Compare
cmcmarrow
previously approved these changes
Oct 21, 2020
@bdrung thanks for the fix! |
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Oct 22, 2020
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. So use something like: ``` dpkg-query --showformat '${db-fsys:Last-Modified}\n' --show $pkg ``` to get the mtime from /var/lib/dpkg/info/<package>.list files. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Oct 22, 2020
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. `/var/lib/dpkg/available` should not be read directly. Instead `dpkg-query --print-avail` should be used. The `/var/lib/dpkg/available` file is only kept up-to-date when using dselect, but nowadays `apt` is used, and therefore this file does not provide much more information than `dpkg-query -W`. Users of APT-based frontends should use `apt show` or in our case the `pkg.show` salt module. `dpkg-query --print-avail` provides following keys (on Ubuntu 20.04): ``` $ dpkg-query --print-avail | sed 's/:.*$//' | sort | uniq Architecture Breaks Bugs Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Conflicts Depends Description Description-md5 Enhances Essential Filename Homepage Important Installed-Size Maintainer MD5sum Multi-Arch Origin Original-Maintainer Package Pre-Depends Priority Provides Recommends Replaces Section SHA1 SHA256 Size Source Suggests Supported Task Version ``` Following keys cannot be retrieved by `dpkg-query -W`: ``` Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Important Multi-Arch Original-Maintainer SHA1 SHA256 Supported ``` Please use `pkg.show` for those keys. Following additional keys could be retrieved if needed: ``` Breaks Enhances Essential Filename Pre-Depends Priority Suggests ``` Without calling `_get_pkg_ds_avail`, `info` just calls `_get_pkg_info` and converts it into a dict and add a license field. Since `_get_pkg_ds_avail` is used nowhere else, move it into `info`. Do not query Installed-Size, because it was stripped as "technical" key previously. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Oct 26, 2020
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. So use something like: ``` dpkg-query --showformat '${db-fsys:Last-Modified}\n' --show $pkg ``` to get the mtime from /var/lib/dpkg/info/<package>.list files. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Oct 26, 2020
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. `/var/lib/dpkg/available` should not be read directly. Instead `dpkg-query --print-avail` should be used. The `/var/lib/dpkg/available` file is only kept up-to-date when using dselect, but nowadays `apt` is used, and therefore this file does not provide much more information than `dpkg-query -W`. Users of APT-based frontends should use `apt show` or in our case the `pkg.show` salt module. `dpkg-query --print-avail` provides following keys (on Ubuntu 20.04): ``` $ dpkg-query --print-avail | sed 's/:.*$//' | sort | uniq Architecture Breaks Bugs Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Conflicts Depends Description Description-md5 Enhances Essential Filename Homepage Important Installed-Size Maintainer MD5sum Multi-Arch Origin Original-Maintainer Package Pre-Depends Priority Provides Recommends Replaces Section SHA1 SHA256 Size Source Suggests Supported Task Version ``` Following keys cannot be retrieved by `dpkg-query -W`: ``` Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Important Multi-Arch Original-Maintainer SHA1 SHA256 Supported ``` Please use `pkg.show` for those keys. Following additional keys could be retrieved if needed: ``` Breaks Enhances Essential Filename Pre-Depends Priority Suggests ``` Without calling `_get_pkg_ds_avail`, `info` just calls `_get_pkg_info` and converts it into a dict and add a license field. Since `_get_pkg_ds_avail` is used nowhere else, move it into `info`. Do not query Installed-Size, because it was stripped as "technical" key previously. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
krionbsd
previously approved these changes
Nov 9, 2020
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Apr 27, 2021
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. So use something like: ``` dpkg-query --showformat '${db-fsys:Last-Modified}\n' --show $pkg ``` to get the mtime from /var/lib/dpkg/info/<package>.list files. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Apr 27, 2021
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. `/var/lib/dpkg/available` should not be read directly. Instead `dpkg-query --print-avail` should be used. The `/var/lib/dpkg/available` file is only kept up-to-date when using dselect, but nowadays `apt` is used, and therefore this file does not provide much more information than `dpkg-query -W`. Users of APT-based frontends should use `apt show` or in our case the `pkg.show` salt module. `dpkg-query --print-avail` provides following keys (on Ubuntu 20.04): ``` $ dpkg-query --print-avail | sed 's/:.*$//' | sort | uniq Architecture Breaks Bugs Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Conflicts Depends Description Description-md5 Enhances Essential Filename Homepage Important Installed-Size Maintainer MD5sum Multi-Arch Origin Original-Maintainer Package Pre-Depends Priority Provides Recommends Replaces Section SHA1 SHA256 Size Source Suggests Supported Task Version ``` Following keys cannot be retrieved by `dpkg-query -W`: ``` Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Important Multi-Arch Original-Maintainer SHA1 SHA256 Supported ``` Please use `pkg.show` for those keys. Following additional keys could be retrieved if needed: ``` Breaks Enhances Essential Filename Pre-Depends Priority Suggests ``` Without calling `_get_pkg_ds_avail`, `info` just calls `_get_pkg_info` and converts it into a dict and add a license field. Since `_get_pkg_ds_avail` is used nowhere else, move it into `info`. Do not query Installed-Size, because it was stripped as "technical" key previously. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Apr 16, 2022
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. So use something like: ``` dpkg-query --showformat '${db-fsys:Last-Modified}\n' --show $pkg ``` to get the mtime from /var/lib/dpkg/info/<package>.list files. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com> Gbp-Pq: Name dpkg_lowpkg-Do-not-access-var-lib-dpkg-info-package-.patch
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Apr 16, 2022
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. `/var/lib/dpkg/available` should not be read directly. Instead `dpkg-query --print-avail` should be used. The `/var/lib/dpkg/available` file is only kept up-to-date when using dselect, but nowadays `apt` is used, and therefore this file does not provide much more information than `dpkg-query -W`. Users of APT-based frontends should use `apt show` or in our case the `pkg.show` salt module. `dpkg-query --print-avail` provides following keys (on Ubuntu 20.04): ``` $ dpkg-query --print-avail | sed 's/:.*$//' | sort | uniq Architecture Breaks Bugs Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Conflicts Depends Description Description-md5 Enhances Essential Filename Homepage Important Installed-Size Maintainer MD5sum Multi-Arch Origin Original-Maintainer Package Pre-Depends Priority Provides Recommends Replaces Section SHA1 SHA256 Size Source Suggests Supported Task Version ``` Following keys cannot be retrieved by `dpkg-query -W`: ``` Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Important Multi-Arch Original-Maintainer SHA1 SHA256 Supported ``` Please use `pkg.show` for those keys. Following additional keys could be retrieved if needed: ``` Breaks Enhances Essential Filename Pre-Depends Priority Suggests ``` Without calling `_get_pkg_ds_avail`, `info` just calls `_get_pkg_info` and converts it into a dict and add a license field. Since `_get_pkg_ds_avail` is used nowhere else, move it into `info`. Do not query Installed-Size, because it was stripped as "technical" key previously. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com> Gbp-Pq: Name dpkg_lowpkg-Drop-reading-var-lib-dpkg-available-dire.patch
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Nov 30, 2022
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. So use something like: ``` dpkg-query --showformat '${db-fsys:Last-Modified}\n' --show $pkg ``` to get the mtime from /var/lib/dpkg/info/<package>.list files. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
bdrung
added a commit
to bdrung/salt
that referenced
this pull request
Nov 30, 2022
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. `/var/lib/dpkg/available` should not be read directly. Instead `dpkg-query --print-avail` should be used. The `/var/lib/dpkg/available` file is only kept up-to-date when using dselect, but nowadays `apt` is used, and therefore this file does not provide much more information than `dpkg-query -W`. Users of APT-based frontends should use `apt show` or in our case the `pkg.show` salt module. `dpkg-query --print-avail` provides following keys (on Ubuntu 20.04): ``` $ dpkg-query --print-avail | sed 's/:.*$//' | sort | uniq Architecture Breaks Bugs Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Conflicts Depends Description Description-md5 Enhances Essential Filename Homepage Important Installed-Size Maintainer MD5sum Multi-Arch Origin Original-Maintainer Package Pre-Depends Priority Provides Recommends Replaces Section SHA1 SHA256 Size Source Suggests Supported Task Version ``` Following keys cannot be retrieved by `dpkg-query -W`: ``` Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Important Multi-Arch Original-Maintainer SHA1 SHA256 Supported ``` Please use `pkg.show` for those keys. Following additional keys could be retrieved if needed: ``` Breaks Enhances Essential Filename Pre-Depends Priority Suggests ``` Without calling `_get_pkg_ds_avail`, `info` just calls `_get_pkg_info` and converts it into a dict and add a license field. Since `_get_pkg_ds_avail` is used nowhere else, move it into `info`. Do not query Installed-Size, because it was stripped as "technical" key previously. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Forwarded: saltstack#58735 Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
Looks like some of the test failures are related. I can give a review once they are cleaned up. Thanks |
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. So use something like: ``` dpkg-query --showformat '${db-fsys:Last-Modified}\n' --show $pkg ``` to get the mtime from /var/lib/dpkg/info/<package>.list files. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future. `/var/lib/dpkg/available` should not be read directly. Instead `dpkg-query --print-avail` should be used. The `/var/lib/dpkg/available` file is only kept up-to-date when using dselect, but nowadays `apt` is used, and therefore this file does not provide much more information than `dpkg-query -W`. Users of APT-based frontends should use `apt show` or in our case the `pkg.show` salt module. `dpkg-query --print-avail` provides following keys (on Ubuntu 20.04): ``` $ dpkg-query --print-avail | sed 's/:.*$//' | sort | uniq Architecture Breaks Bugs Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Conflicts Depends Description Description-md5 Enhances Essential Filename Homepage Important Installed-Size Maintainer MD5sum Multi-Arch Origin Original-Maintainer Package Pre-Depends Priority Provides Recommends Replaces Section SHA1 SHA256 Size Source Suggests Supported Task Version ``` Following keys cannot be retrieved by `dpkg-query -W`: ``` Build-Essential Built-Using Cnf-Extra-Commands Cnf-Priority-Bonus Important Multi-Arch Original-Maintainer SHA1 SHA256 Supported ``` Please use `pkg.show` for those keys. Following additional keys could be retrieved if needed: ``` Breaks Enhances Essential Filename Pre-Depends Priority Suggests ``` Without calling `_get_pkg_ds_avail`, `info` just calls `_get_pkg_info` and converts it into a dict and add a license field. Since `_get_pkg_ds_avail` is used nowhere else, move it into `info`. Do not query Installed-Size, because it was stripped as "technical" key previously. Bug: saltstack#52605 Bug-Debian: https://bugs.debian.org/944970 Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
`dpkg_lowpkg.info` only returns information about installed packages. To query packges available in the configured APT archive(s), use the higher level aptpkg module. Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
Avoid joining and splitting command parameters to `cmd.run_all` by passing directly a list as `cmd` parameter. Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
`dpkg-query` does not know following keys: * binary:Revision (Revision exists, but is deprecated) * SHA1 * SHA256 * Summary Remove those keys since they will be always be empty and then stripped. Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
salt contains modules, which directly access the dpkg internal database, instead of using one of the public interfaces provided by dpkg. This is a problem for several reasons, because even though the layout and format of the dpkg database is administrator friendly, and it is expected that those might need to mess with it, in case of emergency, this “interface” does not extend to other programs besides the dpkg suite of tools. The admindir can also be configured differently at dpkg build or run-time. And finally, the contents and its format, will be changing in the near future.
So use something like:
to get the mtime from /var/lib/dpkg/info/.list files.
/var/lib/dpkg/available
should not be read directly. Insteaddpkg-query --print-avail
should be used. The/var/lib/dpkg/available
file is only kept up-to-date when using dselect, but nowadays
apt
is used, and therefore this file does not provide much more information thandpkg-query -W
. Users of APT-based frontends should useapt show
or in our case thepkg.show
salt module.This merge request addresses the issues in
dpkg_lowpkg
. A separate merge request foralternatives
will follow. Please have a look at the individual commits for more details of the changes.Bug: #52605 and drive by fix for #58735
Bug-Debian: https://bugs.debian.org/944970