Bug#987332: aprx automatically starts up with really bad default config
Package: aprx
Version: 2.9.0+dfsg-2
I just noticed that many of the aprs2.net APRS-IS servers have a whole lot of
aprx 2.9.0 clients connected using the N0CALL-1 dummy callsign, having sent
zero packets. There are probably hundreds of these clients, T2UKRAINE currently
and T2FINLAND has 67. I didn't even check other servers (there's a
hundred).
After some looking around I found out that the aprx package in Debian these
days has the following flaw:
If you just install it ("apt install aprx"), it will start up automatically and
by default, and it will actually connect to the APRS-IS network using the dummy
callsign (which one should never use) and stay connected.
I suspect this bug came up in aprx (2.9.0+dfsg-2), right here:
- Update aprx.default to remove environment STARTAPRX variable for
daemon enable/disable for Debian Policy § 9.3.3.1
- Update aprx.init script to remove /etc/default check for daemon
enable/disable
The old default was that it did not automatically start up before
STARTAPRX was manually adjusted in /etc/default/aprx.
Please release a high-priority update which shuts down these clients which have
been automatically started up by this change.
- Have it not start up by default after installation, before it is configured
- Remove N0CALL-1 from the default configuration (comment the line out) so that
it will refuse to start up before configured with the callsign of the user
- Ensure that the instances which have already been started up like this will
shut down again when upgraded to the next version
Assuming that these clients run with the default configuration file
supplied, one fix would be to intentionally break the default
configuration file so that the startup fails. If the user has not modified
the config file, an upgrade would replace it.
Thank you!
- Hessu, OH7LZB (aprs.fi, aprsc server author)
Reply to: