Bug#1034899: unblock: sssd/2.8.2-4

Wed, 26 Apr 2023 23:18:16 -0700 

Package: release.debian.org
Control: affects -1 + src:sssd
X-Debbugs-Cc: s...@packages.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock
Severity: normal

Please unblock package sssd.

[ Reason ]
This drops a change that added a line for subid to /etc/nsswitch.conf, but subuid only supports a single database, so this addition needs to be dropped so that /etc/sub[ug]id still works. 

[ Impact ]
Prevents sssd from getting dropped from bookworm.

[ Risks ]
Minimal, subuid support was a fairly recent addition, so people upgrading from earlier Debian don't see sssd changing behaviour (due to this). 

[ Checklist ]
    [x] all changes are documented in the d/changelog
    [x] I reviewed all changes and I approve them
    [x] attach debdiff against the package in testing

unblock sssd/2.8.2-4

--
t
diff -Nru sssd-2.8.2/debian/changelog sssd-2.8.2/debian/changelog
--- sssd-2.8.2/debian/changelog 2023-02-26 16:35:48.000000000 +0200
+++ sssd-2.8.2/debian/changelog 2023-04-11 15:19:36.000000000 +0300
@@ -1,3 +1,10 @@
+sssd (2.8.2-4) unstable; urgency=medium
+
+  [ Sam Morris ]
+  * Don't add subid to /etc/nsswitch.conf (Closes: #1032990)
+
+ -- Timo Aaltonen <tjaal...@debian.org>  Tue, 11 Apr 2023 15:19:36 +0300
+
 sssd (2.8.2-3) unstable; urgency=medium
 
   [ Gioele Barabucci ]
diff -Nru sssd-2.8.2/debian/sssd-common.nss sssd-2.8.2/debian/sssd-common.nss
--- sssd-2.8.2/debian/sssd-common.nss   2023-02-26 16:33:13.000000000 +0200
+++ sssd-2.8.2/debian/sssd-common.nss   1970-01-01 02:00:00.000000000 +0200
@@ -1,5 +0,0 @@
-# The 'subid' database supports only a sigle data source:
-# <https://github.com/shadow-maint/shadow/issues/351>
-subid  database-add
-
-subid  last    sss
diff -Nru sssd-2.8.2/debian/sssd-common.preinst 
sssd-2.8.2/debian/sssd-common.preinst
--- sssd-2.8.2/debian/sssd-common.preinst       2023-01-10 16:39:57.000000000 
+0200
+++ sssd-2.8.2/debian/sssd-common.preinst       2023-04-11 15:14:22.000000000 
+0300
@@ -17,6 +17,14 @@
     # Force the AppArmor profile to complain mode on install
     inst_complain_profile
     ;;
+upgrade)
+    if dpkg --compare-versions "$2" le 2.8.2-3; then
+       # 2.8.2-2 added a line for subid which was premature given that
+       # libsubid supports only a single database. Let's remove it to avoid
+       # breaking systems where the user expects /etc/sub[ug]id to continue to
+       # work.
+       sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e '/^subid:\s*sss\s*$/d'
+    fi
 esac
 
 #DEBHELPER#

Reply via email to