Bug 31390 - The file /etc/lighttpd/conf/auth.conf is embedded in two different RPM
Summary: The file /etc/lighttpd/conf/auth.conf is embedded in two different RPM
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Stig-Ørjan Smelror
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-11 00:04 CET by rexy
Modified: 2023-02-24 06:41 CET (History)
1 user (show)

See Also:
Source RPM: lighttpd-1.4.59-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description rexy 2023-01-11 00:04:58 CET 
Description of problem:
The file "/etc/lighttpd/conf/auth.conf" is embedded in two different RPM :
"lighttpd" and "lighttpd-mod_auth"

Version-Release number of selected component (if applicable):
1.4.59

How reproducible:
conflict detected when updating the system

Steps to Reproduce:
1. 
2.
3.
Comment 1 Dave Hodgins 2023-01-11 01:37:01 CET 
Having the same file, /etc/lighttpd/conf/auth.conf, in two different packages,
isn't a problem as long as both files have the same permissions,
ownership, and contents.

Looking at https://bugs.mageia.org/show_bug.cgi?id=30912#c2 (the latest update
to be tested), the testing procedure is correct.

I just repeated the test, installing lighttpd-mod_authn_file, lighttpd-mod_auth,
and lighttpd from the core release repository, and then installing the
latest update from the core updates repository with no conflicts found.

What steps did you take that showed a conflict?

CC: (none) => davidwhodgins

Comment 2 rexy 2023-01-11 13:16:12 CET 
The bug comes to me from several owners of ALCASAR project during the updating process (Mga7.1 --> Mga8).

----------
The installation failed: the /etc/lighttpd/conf.d/auth.conf file of the lighttpd-1.4.59-1.2.mga8.x86_64" installation conflicts with the file of the package "lighttpd-mod_auth-1.4.53-1.mga7.x86_64"
----------

Other updates worked well (bizarre). Why not create a .rpmnew in this case ?
Comment 3 Lewis Smith 2023-01-11 20:36:29 CET 
Thank you rexy for the report.
And Dave for his research & comments.
Looking at this on Cauldron:

 $ urpmf /etc/lighttpd/conf.d/auth.conf
 lighttpd:/etc/lighttpd/conf.d/auth.conf
 lighttpd-mod_auth:/etc/lighttpd/conf.d/auth.conf

 $ urpmq --requires lighttpd
does NOT include lighttpd-mod_auth;
conversely:
 $ urpmq --requires lighttpd-mod_auth
 lighttpd

 $ urpmq --whatrequires lighttpd
 lighttpd-mod_auth
 $ urpmq --whatrequires lighttpd-mod_auth
nothing.

However innocent this duplication might be, we should note Comment 2 "installation failed", which does indeed matter. And it is not tidy to have the same file provided by two pkgs from the same SRPM.
This is going back in time: Mageia 7->8 upgrade! We shall soon be 8-9, and might see the same problem again.

Stig currently maintains lighttpd, so assigning to him. Naively, if the file is provided by just lighttpd, it would be found by lighttpd-mod_auth.

Assignee: bugsquad => smelror

Comment 4 Stig-Ørjan Smelror 2023-01-11 20:47:15 CET 
Thanks. Just pushed an update with auth.conf included only in the mod_auth package.
Comment 5 Dave Hodgins 2023-01-11 23:49:23 CET 
It should also have conflicts with prior versions in order to work with upgrades from Mageia 7 as the order of package installation is not guaranteed.

lighttpd-mod_auth should conflict with lighttpd <= 1.4.59-1.2
lighttpd should conflict with lighttpd-mod_auth <= 1.4.59-1.2

The handling is the same as it would be if the file were being moved between
packages rather then just removed from one.
Comment 6 Stig-Ørjan Smelror 2023-02-24 06:41:41 CET 
Done.

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.