On Thu, Dec 09, 2010 at 09:14:02PM +0100, Julien Cristau wrote:
> On Thu, Dec 9, 2010 at 19:37:07 +0100, Agustin Martin wrote:
>
> > Finally had time to put into this NMU. I am attaching yet another diff with
> > my last version. pam_rsa.conf file is not touched if exists in normal
> > upgrades, and I have tried hard to deal with sysadmin comments when updated
> > via dpkg-reconfigure.
> >
> > Need to test this more. If no further problems appear will change version
> > and prepare real NMU.
> >
> Looks sane to me, thanks for this!
NMU uploaded to DELAYED/2. diff is attached.
--
Agustin
diff --git a/debian/changelog b/debian/changelog
index 5629331..b4394e2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+libpam-rsa (0.8-9-2.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix installation problems with pam_rsa.conf. Thanks Julien Cristau
+ for the good comments (Closes: #444770, #604215).
+ - Move automatic mode pam_rsa.conf generation from config to postinst.
+ - Add libpam-rsa.postrm to make sure /etc/security/pam_rsa.conf is
+ removed on purge
+
+ -- Agustin Martin Domingo <agmar...@debian.org> Fri, 10 Dec 2010 15:40:07 +0100
+
libpam-rsa (0.8-9-2.1) unstable; urgency=low
* Non-maintainer upload.
diff --git a/debian/libpam-rsa.config b/debian/libpam-rsa.config
index 530975c..ed4114a 100644
--- a/debian/libpam-rsa.config
+++ b/debian/libpam-rsa.config
@@ -10,21 +10,24 @@ db_go || true
db_get libpam-rsa/no_configuration
if [ "$RET" = "false" ]
then
+ # If present, parse config file and feed debconf database with its values
+ pam_rsa_conf="/etc/security/pam_rsa.conf"
+ pam_rsa_keys="pubkey_dir privkey_dir privkey_name_hash pam_prompt log_auth_result"
+ if [ -f $pam_rsa_conf ]; then
+ for keyname in $pam_rsa_keys; do
+ # Strip key prefix, trailing whitespace and comments
+ keyvalue=$(grep -e "^[[:blank:]]*$keyname[[:blank:]]" $pam_rsa_conf | sed \
+ -e 's/^[[:blank:]]*'$keyname'[[:blank:]]*//' \
+ -e 's/[[:blank:]]*$//' \
+ -e 's/[[:blank:]]*\#.*$//')
+ db_set "libpam-rsa/$keyname" "$keyvalue"
+ done
+ fi
+
db_input medium libpam-rsa/pubkey_dir || true
db_input medium libpam-rsa/privkey_dir || true
db_input low libpam-rsa/privkey_name_hash || true
db_input low libpam-rsa/pam_prompt || true
db_input low libpam-rsa/log_auth_result || true
db_go || true
-
- db_get libpam-rsa/pubkey_dir
- echo "pubkey_dir $RET" > /etc/security/pam_rsa.conf
- db_get libpam-rsa/privkey_dir
- echo "privkey_dir $RET" >> /etc/security/pam_rsa.conf
- db_get libpam-rsa/privkey_name_hash
- echo "privkey_name_hash $RET" >> /etc/security/pam_rsa.conf
- db_get libpam-rsa/pam_prompt
- echo "pam_prompt $RET" >> /etc/security/pam_rsa.conf
- db_get libpam-rsa/log_auth_result
- echo "log_auth_result $RET" >> /etc/security/pam_rsa.conf
fi
diff --git a/debian/libpam-rsa.postinst b/debian/libpam-rsa.postinst
index f06b70e..1808a2e 100644
--- a/debian/libpam-rsa.postinst
+++ b/debian/libpam-rsa.postinst
@@ -19,9 +19,61 @@ set -e
# the debian-policy package
#
+pam_rsa_conf="/etc/security/pam_rsa.conf"
+
case "$1" in
configure)
+ db_get libpam-rsa/no_configuration
+ if [ "$RET" = "false" ]
+ then
+ # If exists, may have been created by sysadmin. Honour it
+ # unless we are running debconf-reconfigure
+ if [ "$DEBCONF_RECONFIGURE" ] || [ ! -f $pam_rsa_conf ]
+ then
+ db_get libpam-rsa/pubkey_dir
+ pubkey_dir="$RET"
+ db_get libpam-rsa/privkey_dir
+ privkey_dir="$RET"
+ db_get libpam-rsa/privkey_name_hash
+ privkey_name_hash="$RET"
+ db_get libpam-rsa/pam_prompt
+ pam_prompt="$RET"
+ db_get libpam-rsa/log_auth_result
+ log_auth_result="$RET"
+
+ if [ ! -f $pam_rsa_conf ]; then
+ echo "Writing auto-generated $pam_rsa_conf" >&2
+ cat > $pam_rsa_conf <<EOF
+# pam_rsa.conf Configuration file for libpam-rsa.
+#
+# This file must exist and be readable.
+# Your manual changes will be preserved on upgrades.
+#
+# Please read pam_rsa (8) for further instructions.
+#
+# Note: dpkg-reconfigure will not update a key that is not
+# defined in this file.
+EOF
+ [ -z "$pubkey_dir" ] || echo "pubkey_dir $pubkey_dir" >> "$pam_rsa_conf"
+ [ -z "$privkey_dir" ] || echo "privkey_dir $privkey_dir" >> "$pam_rsa_conf"
+ [ -z "$privkey_name_hash" ] || echo "privkey_name_hash $privkey_name_hash" >> "$pam_rsa_conf"
+ [ -z "$pam_prompt" ] || echo "pam_prompt $pam_prompt" >> "$pam_rsa_conf"
+ [ -z "$log_auth_result" ] || echo "log_auth_result $log_auth_result" >> "$pam_rsa_conf"
+ else
+ echo "Modifying $pam_rsa_conf on reconfiguration" >&2
+ LC_ALL=C sed \
+ -e 's!^[[:blank:]]*pubkey_dir[[:blank:]][^\#$]*!pubkey_dir '"$pubkey_dir"'!' \
+ -e 's!^[[:blank:]]*privkey_dir[[:blank:]][^\#$]*!privkey_dir '"$privkey_dir"'!' \
+ -e 's!^[[:blank:]]*privkey_name_hash[[:blank:]][^\#$]*!privkey_name_hash '"$privkey_name_hash"'!' \
+ -e 's!^[[:blank:]]*pam_prompt[[:blank:]][^\#$]*!pam_prompt '"$pam_prompt"'!' \
+ -e 's!^[[:blank:]]*log_auth_result[[:blank:]][^\#$]*!log_auth_result '"$log_auth_result"'!' \
+ "${pam_rsa_conf}" > "${pam_rsa_conf}.dpkg-tmp"
+ mv -f "$pam_rsa_conf" "${pam_rsa_conf}.old"
+ mv "${pam_rsa_conf}.dpkg-tmp" "$pam_rsa_conf"
+ fi
+ fi
+ fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/libpam-rsa.postrm b/debian/libpam-rsa.postrm
new file mode 100644
index 0000000..51808fc
--- /dev/null
+++ b/debian/libpam-rsa.postrm
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+# Make sure /etc/security/pam_rsa.conf is removed on purge
+
+if [ "$1" = "purge" ]; then
+ rm -f /etc/security/pam_rsa.conf /etc/security/pam_rsa.conf.old
+fi
+
+#DEBHELPER#
diff --git a/debian/rules b/debian/rules
index 3d2d50d..adbdf6e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -76,8 +76,6 @@ install: build
dh_installdirs
$(MAKE) DESTDIR=$(CURDIR)/debian/libpam-rsa install
- install -o root -g root -m 644 debian/pam_rsa.conf $(CURDIR)/debian/libpam-rsa/etc/security/pam_rsa.conf
-
# Build architecture-independent files here.
binary-indep: build install
