[Bug 1950986] [NEW] purging swtpm-tools leaves /var/lib/swtpm-localca dir behind

Christian Ehrhardt  1950986 at bugs.launchpad.net
Mon Nov 15 14:21:48 UTC 2021 

Public bug reported:

$ sudo apt remove --purge swtpm-tools
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
  swtpm-tools*
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 271 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 144994 files and directories currently installed.)
Removing swtpm-tools (0.6.1-0ubuntu4) ...
Processing triggers for man-db (2.9.4-2build1) ...
(Reading database ... 144975 files and directories currently installed.)
Purging configuration files for swtpm-tools (0.6.1-0ubuntu4) ...

$ sudo ls -laF /var/lib/swtpm-localca
total 56
drwxr-x---  2 tss  root 4096 Nov 15 13:43 ./
drwxr-xr-x 49 root root 4096 Nov 15 13:52 ../
-rwxr-xr-x  1 tss  tss     0 Nov 15 13:43 .lock.swtpm-localca*
-rw-r--r--  1 tss  tss  5531 Nov 15 13:43 01.pem
-rw-r--r--  1 tss  tss     1 Nov 15 13:43 certserial
-rw-r--r--  1 tss  tss    48 Nov 15 13:43 index.txt
-rw-r--r--  1 tss  tss    21 Nov 15 13:43 index.txt.attr
-rw-r--r--  1 tss  tss     0 Nov 15 13:43 index.txt.old
-rw-r--r--  1 tss  tss  5531 Nov 15 13:43 issuercert.pem
-rw-r--r--  1 tss  tss     3 Nov 15 13:43 serial
-rw-r--r--  1 tss  tss     3 Nov 15 13:43 serial.old
-rw-r-----  1 tss  tss  2459 Nov 15 13:43 signkey.pem
-rw-r--r--  1 tss  tss  1468 Nov 15 13:43 swtpm-localca-rootca-cert.pem
-rw-r-----  1 tss  tss  2455 Nov 15 13:43 swtpm-localca-rootca-privkey.pem

That combined with the -d /var/lib/swtpm-localca in postinst will make it never
reach the new form (owned by swtpm) unless an admin manually fixes it.

                if ! [ -d $SWTPM_LOCALCA_DIR ]; then
                        mkdir -p $SWTPM_LOCALCA_DIR
                        chown swtpm:root $SWTPM_LOCALCA_DIR
                        chmod 0750 $SWTPM_LOCALCA_DIR
                fi

I'm not entirely sure, but since purge is meant to remove all data as well I'd
suggest here it would make sense to remove the directory on purge - opinions?

** Affects: swtpm (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/1950986

Title:
  purging swtpm-tools leaves /var/lib/swtpm-localca dir behind

Status in swtpm package in Ubuntu:
  New

Bug description:
  $ sudo apt remove --purge swtpm-tools
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  The following packages will be REMOVED:
    swtpm-tools*
  0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
  After this operation, 271 kB disk space will be freed.
  Do you want to continue? [Y/n] Y
  (Reading database ... 144994 files and directories currently installed.)
  Removing swtpm-tools (0.6.1-0ubuntu4) ...
  Processing triggers for man-db (2.9.4-2build1) ...
  (Reading database ... 144975 files and directories currently installed.)
  Purging configuration files for swtpm-tools (0.6.1-0ubuntu4) ...

  $ sudo ls -laF /var/lib/swtpm-localca
  total 56
  drwxr-x---  2 tss  root 4096 Nov 15 13:43 ./
  drwxr-xr-x 49 root root 4096 Nov 15 13:52 ../
  -rwxr-xr-x  1 tss  tss     0 Nov 15 13:43 .lock.swtpm-localca*
  -rw-r--r--  1 tss  tss  5531 Nov 15 13:43 01.pem
  -rw-r--r--  1 tss  tss     1 Nov 15 13:43 certserial
  -rw-r--r--  1 tss  tss    48 Nov 15 13:43 index.txt
  -rw-r--r--  1 tss  tss    21 Nov 15 13:43 index.txt.attr
  -rw-r--r--  1 tss  tss     0 Nov 15 13:43 index.txt.old
  -rw-r--r--  1 tss  tss  5531 Nov 15 13:43 issuercert.pem
  -rw-r--r--  1 tss  tss     3 Nov 15 13:43 serial
  -rw-r--r--  1 tss  tss     3 Nov 15 13:43 serial.old
  -rw-r-----  1 tss  tss  2459 Nov 15 13:43 signkey.pem
  -rw-r--r--  1 tss  tss  1468 Nov 15 13:43 swtpm-localca-rootca-cert.pem
  -rw-r-----  1 tss  tss  2455 Nov 15 13:43 swtpm-localca-rootca-privkey.pem

  That combined with the -d /var/lib/swtpm-localca in postinst will make it never
  reach the new form (owned by swtpm) unless an admin manually fixes it.

                  if ! [ -d $SWTPM_LOCALCA_DIR ]; then
                          mkdir -p $SWTPM_LOCALCA_DIR
                          chown swtpm:root $SWTPM_LOCALCA_DIR
                          chmod 0750 $SWTPM_LOCALCA_DIR
                  fi

  I'm not entirely sure, but since purge is meant to remove all data as well I'd
  suggest here it would make sense to remove the directory on purge - opinions?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/1950986/+subscriptions

More information about the foundations-bugs mailing list