permissions of /etc/fuse.conf are reset on upgrade

Checked the package, and I can confirm that the file's permissions will be reset. Being a conffile, this should be done in the package build, not in the postinst.

Marking Confirmed.

It's easy to set the mode in debian/rules, and in fact it looks like that's already done. The problem is setting the group ownership because group 'fuse' either doesn't exist on the build machine, or probably does not match the target machine. So that has to be done in fuse-utils.postinst.

The group is added if it does not exist, so I propose that if the group gets added in fuse-utils.postint, the ownership of /etc/fuse.conf should also be changed. I think it's highly unlikely that the fuse group would not exist but /etc/fuse.conf would exist.

Hmm, from my test build:

...
install -D -m0640 /build/barry-fuse_2.8.4-1.1ubuntu3-amd64-sLU9hK/fuse-2.8.4/debian/fuse.conf \
     /build/barry-fuse_2.8.4-1.1ubuntu3-amd64-sLU9hK/fuse-2.8.4/debian/fuse-utils/etc/fuse.conf
...
drwxr-xr-x root/root 0 2011-01-21 10:06 ./etc/
-rw-r--r-- root/root 216 2011-01-21 10:06 ./etc/fuse.conf

I would have expected the mod to be 0640.

Okay, I have a fix that works, using the approach I describe above. I'll push it and submit an mp as soon as codehosting comes back up. If approved and landed, I'll do a backport candidate for Lucid (and probably Maverick).

In the meantime, here's a debdiff for review.

Ah dang, forgot to add LP bug tag to changelog. Here's an updated debdiff.

This bug was fixed in the package fuse - 2.8.4-1.1ubuntu3

---------------
fuse (2.8.4-1.1ubuntu3) natty; urgency=low

  * debian/fuse-utils.postinst:
    Respect local modifications to /etc/fuse.conf by not changing the
    ownership or mode of /etc/fuse.conf in the postinst file unless we're
    also adding the fuse group for the first time. (LP: #697792)
 -- Barry Warsaw <email address hidden> Fri, 21 Jan 2011 11:13:06 -0500

SRU information:

Impact: The bug affects many existing user; they make local modifications to the ownership or permissions of /etc/fuse.conf and installing an update squashes those changes.

As stated above, the patch fixes this by only setting the permission and ownership of /etc/fuse.conf when it is also adding the fuse group in the postinst, rather than unconditionally. It's considered unlikely that there would be local modifications to fuse.conf when the fuse group does not exist.

See linked branch for proposed fix for Lucid.

Reproduce by: change perm/own of /etc/fuse.conf; apt-get rm fuse-utils; apt-get install fuse-utils; see the perm/own change. Installing the fixed package however will preserve this change. You should also test a fresh install by apt-get purge fuse-utils; delgroup fuse; then install the fixed package and see both the group and own/perm on /etc/fuse.conf be installed correctly

Regression potential: None foreseeable, unless someone depends on the unconditionally squashing of perm/own of /etc/fuse.conf on upgrade.

I've nominated this for maverick too, but can't approve that bug task apparently.

fix uploaded to maverick-proposed (someone from the SRU team please accept)

FWIW, I tested the fuse-utils package in Barry's PPA (https://launchpad.net/~barry/+archive/python), and custom ownership/permissions on /etc/fuse.conf where preserved as expected on package upgrade.

Thanks, Barry - I've uploaded your lucid-proposed branch, although it will have to wait for acceptance until the 10.04.2 freeze is lifted.

Accepted fuse into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Verified works from maverick-proposed.

Accepted fuse into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Releasing maverick update, keeping v-needed for lucid update.

This bug was fixed in the package fuse - 2.8.4-1ubuntu1.2

---------------
fuse (2.8.4-1ubuntu1.2) maverick-proposed; urgency=low

  * debian/fuse-utils.postinst:
    Respect local modifications to /etc/fuse.conf by not changing the
    ownership or mode of /etc/fuse.conf in the postinst file unless we're
    also adding the fuse group for the first time. (LP: #697792)
 -- Barry Warsaw <email address hidden> Tue, 25 Jan 2011 20:08:08 -0500

Verified works for lucid-proposed.

This bug was fixed in the package fuse - 2.8.1-1.1ubuntu3

---------------
fuse (2.8.1-1.1ubuntu3) lucid-proposed; urgency=low

  * debian/fuse-utils.postinst:
    Respect local modifications to /etc/fuse.conf by not changing the
    ownership or mode of /etc/fuse.conf in the postinst file unless we're
    also adding the fuse group for the first time. (LP: #697792)
 -- Barry Warsaw <email address hidden> Mon, 24 Jan 2011 11:25:19 -0500

FYI the fix is wrong. It destroys the idempotency of postinst. If the postinst is interrupted after the addgroup call then a repeated invokation of the postinst script will not change the mode or ownership of /etc/fuse.conf.

This also applies when fuse-utils was installed in the past, then was purged and is now installed again. In that case the group already exists but the conffile does not.

Instead of testing for the existance of the fuse group the postint script should check wether it is a first install ($2 is empty) or an upgrade ($2 is old v ersion).

Thanks, Goswin. I'll make such a change in the merge I'm preparing at the moment.