On Thu, Dec 09, 2010 at 09:14:02PM +0100, Julien Cristau wrote: > On Thu, Dec 9, 2010 at 19:37:07 +0100, Agustin Martin wrote: > > > Finally had time to put into this NMU. I am attaching yet another diff with > > my last version. pam_rsa.conf file is not touched if exists in normal > > upgrades, and I have tried hard to deal with sysadmin comments when updated > > via dpkg-reconfigure. > > > > Need to test this more. If no further problems appear will change version > > and prepare real NMU. > > > Looks sane to me, thanks for this!
NMU uploaded to DELAYED/2. diff is attached. -- Agustin
diff --git a/debian/changelog b/debian/changelog index 5629331..b4394e2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +libpam-rsa (0.8-9-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Fix installation problems with pam_rsa.conf. Thanks Julien Cristau + for the good comments (Closes: #444770, #604215). + - Move automatic mode pam_rsa.conf generation from config to postinst. + - Add libpam-rsa.postrm to make sure /etc/security/pam_rsa.conf is + removed on purge + + -- Agustin Martin Domingo <agmar...@debian.org> Fri, 10 Dec 2010 15:40:07 +0100 + libpam-rsa (0.8-9-2.1) unstable; urgency=low * Non-maintainer upload. diff --git a/debian/libpam-rsa.config b/debian/libpam-rsa.config index 530975c..ed4114a 100644 --- a/debian/libpam-rsa.config +++ b/debian/libpam-rsa.config @@ -10,21 +10,24 @@ db_go || true db_get libpam-rsa/no_configuration if [ "$RET" = "false" ] then + # If present, parse config file and feed debconf database with its values + pam_rsa_conf="/etc/security/pam_rsa.conf" + pam_rsa_keys="pubkey_dir privkey_dir privkey_name_hash pam_prompt log_auth_result" + if [ -f $pam_rsa_conf ]; then + for keyname in $pam_rsa_keys; do + # Strip key prefix, trailing whitespace and comments + keyvalue=$(grep -e "^[[:blank:]]*$keyname[[:blank:]]" $pam_rsa_conf | sed \ + -e 's/^[[:blank:]]*'$keyname'[[:blank:]]*//' \ + -e 's/[[:blank:]]*$//' \ + -e 's/[[:blank:]]*\#.*$//') + db_set "libpam-rsa/$keyname" "$keyvalue" + done + fi + db_input medium libpam-rsa/pubkey_dir || true db_input medium libpam-rsa/privkey_dir || true db_input low libpam-rsa/privkey_name_hash || true db_input low libpam-rsa/pam_prompt || true db_input low libpam-rsa/log_auth_result || true db_go || true - - db_get libpam-rsa/pubkey_dir - echo "pubkey_dir $RET" > /etc/security/pam_rsa.conf - db_get libpam-rsa/privkey_dir - echo "privkey_dir $RET" >> /etc/security/pam_rsa.conf - db_get libpam-rsa/privkey_name_hash - echo "privkey_name_hash $RET" >> /etc/security/pam_rsa.conf - db_get libpam-rsa/pam_prompt - echo "pam_prompt $RET" >> /etc/security/pam_rsa.conf - db_get libpam-rsa/log_auth_result - echo "log_auth_result $RET" >> /etc/security/pam_rsa.conf fi diff --git a/debian/libpam-rsa.postinst b/debian/libpam-rsa.postinst index f06b70e..1808a2e 100644 --- a/debian/libpam-rsa.postinst +++ b/debian/libpam-rsa.postinst @@ -19,9 +19,61 @@ set -e # the debian-policy package # +pam_rsa_conf="/etc/security/pam_rsa.conf" + case "$1" in configure) + db_get libpam-rsa/no_configuration + if [ "$RET" = "false" ] + then + # If exists, may have been created by sysadmin. Honour it + # unless we are running debconf-reconfigure + if [ "$DEBCONF_RECONFIGURE" ] || [ ! -f $pam_rsa_conf ] + then + db_get libpam-rsa/pubkey_dir + pubkey_dir="$RET" + db_get libpam-rsa/privkey_dir + privkey_dir="$RET" + db_get libpam-rsa/privkey_name_hash + privkey_name_hash="$RET" + db_get libpam-rsa/pam_prompt + pam_prompt="$RET" + db_get libpam-rsa/log_auth_result + log_auth_result="$RET" + + if [ ! -f $pam_rsa_conf ]; then + echo "Writing auto-generated $pam_rsa_conf" >&2 + cat > $pam_rsa_conf <<EOF +# pam_rsa.conf Configuration file for libpam-rsa. +# +# This file must exist and be readable. +# Your manual changes will be preserved on upgrades. +# +# Please read pam_rsa (8) for further instructions. +# +# Note: dpkg-reconfigure will not update a key that is not +# defined in this file. +EOF + [ -z "$pubkey_dir" ] || echo "pubkey_dir $pubkey_dir" >> "$pam_rsa_conf" + [ -z "$privkey_dir" ] || echo "privkey_dir $privkey_dir" >> "$pam_rsa_conf" + [ -z "$privkey_name_hash" ] || echo "privkey_name_hash $privkey_name_hash" >> "$pam_rsa_conf" + [ -z "$pam_prompt" ] || echo "pam_prompt $pam_prompt" >> "$pam_rsa_conf" + [ -z "$log_auth_result" ] || echo "log_auth_result $log_auth_result" >> "$pam_rsa_conf" + else + echo "Modifying $pam_rsa_conf on reconfiguration" >&2 + LC_ALL=C sed \ + -e 's!^[[:blank:]]*pubkey_dir[[:blank:]][^\#$]*!pubkey_dir '"$pubkey_dir"'!' \ + -e 's!^[[:blank:]]*privkey_dir[[:blank:]][^\#$]*!privkey_dir '"$privkey_dir"'!' \ + -e 's!^[[:blank:]]*privkey_name_hash[[:blank:]][^\#$]*!privkey_name_hash '"$privkey_name_hash"'!' \ + -e 's!^[[:blank:]]*pam_prompt[[:blank:]][^\#$]*!pam_prompt '"$pam_prompt"'!' \ + -e 's!^[[:blank:]]*log_auth_result[[:blank:]][^\#$]*!log_auth_result '"$log_auth_result"'!' \ + "${pam_rsa_conf}" > "${pam_rsa_conf}.dpkg-tmp" + mv -f "$pam_rsa_conf" "${pam_rsa_conf}.old" + mv "${pam_rsa_conf}.dpkg-tmp" "$pam_rsa_conf" + fi + fi + fi ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/debian/libpam-rsa.postrm b/debian/libpam-rsa.postrm new file mode 100644 index 0000000..51808fc --- /dev/null +++ b/debian/libpam-rsa.postrm @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +# Make sure /etc/security/pam_rsa.conf is removed on purge + +if [ "$1" = "purge" ]; then + rm -f /etc/security/pam_rsa.conf /etc/security/pam_rsa.conf.old +fi + +#DEBHELPER# diff --git a/debian/rules b/debian/rules index 3d2d50d..adbdf6e 100755 --- a/debian/rules +++ b/debian/rules @@ -76,8 +76,6 @@ install: build dh_installdirs $(MAKE) DESTDIR=$(CURDIR)/debian/libpam-rsa install - install -o root -g root -m 644 debian/pam_rsa.conf $(CURDIR)/debian/libpam-rsa/etc/security/pam_rsa.conf - # Build architecture-independent files here. binary-indep: build install