[Bug 48154] [Patch] Prevent crash on duplicate module loading

Andreas Metzler ametzler at downhill.at.eu.org
Sun Apr 15 09:19:28 PDT 2012

[Moving to list, full quote]
On 2012-04-03 bugzilla-daemon at freedesktop.org wrote:
> --- Comment #3 from Stef Walter <stefw at gnome.org> 2012-04-03 11:44:11 PDT ---
> (In reply to comment #2)
>> What are your thought about the second patch? Could this have a
>> place upstream, or will it need to stay in Ubuntu (and Debian)?

> I think it may be worthwhile to limit the module config file names.
> This however is not a backwards compatible change. Since this is
> early on in p11-kit usage, we may be able to swing such a change.

> Could you to post such a patch to the p11-glue mailing list and see
> if anyone balks. 

> We don't want to have *.dpkg checks upstream. Two reasons:

>  * More and more daemons are moving to files-in-a-directory
>    configuration. If dpkg writes such duplicate files regularly, this
>    is a systemic problem, and not specific to p11-kit.

>  * p11-kit should probably move towards having three directories
>    that it loads config files:

>     1. /etc/pkcs11/modules       (root/admin configured module configs)
>     2. /usr/lib/p11-kit/modules  (module configs installed by packages)
>     3. ~/.pkcs11/modules         (user configured module configs)

>    Stuff in (2) would be expected not to be edited by admins. They could
>    override such things in (1). (2) would be installed to used by packages.


let give a two-sentence-summary, just in case you are not familiar
this part of Debian's configuration file handling: If you have
manually edited the configuration file foo dpkg *and* the package
default has also changed the package manager (dpkg) will prompt and
offer to either install the new file (moving the old one to
foo.dpkg-old) or keep the old one (installing the new version as

This is not really a Debian specific problem. rpm does something
similar, the only major difference is that it does not prompt, the
behavior is instead pre-defined in the SPEC file.[2]

I thought about other software which uses files-in-a-directory
* cron: Debian cron ignores .dpkg-{old,dist}, Fedora's ignores
  .rpm{save,orig,new} ;-)
* Debian specific stuff, e.g. /etc/sysctl.d: Processing is typically
  done with default run-parts pattern, only accepting ASCII upper- and
  lower-case letters, ASCII digits, ASCII underscores, and ASCII
* udev: The filename needs to end in .rules. xorg: filename needs to end
  in .conf. dbus also does something like this.

I guess the latter ones are typical examples of growing popularity for
the files-in-a-directory configuration and p11-kit should also require
a specific filename pattern. How about '*-module$'? It would keep the
gnome-keyring working.

cu andreas

[1] http://raphaelhertzog.com/2010/09/21/debian-conffile-configuration-file-managed-by-dpkg/
[2] http://www-uxsup.csx.cam.ac.uk/~jw35/docs/rpm_config.html
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the p11-glue mailing list