Bug#789773: fusionforge-shell: modifies conffiles (policy 10.7.3): /etc/pam.d/sshd

Fri, 10 Jul 2015 09:09:36 -0700 

Version: 6.0.2+20150708-1
Followup-For: Bug #789773

Hi Sylvain,

attached is a piuparts logfile that demonstrates what will happen if
fusionforge-shell is installed and the user upgrades openssh-server to a
version that comes with an updated version of /etc/pam.d/sshd:

1m9.3s ERROR: Command failed (status=100): ['chroot', 
'/tmp/piupartss/tmpJ9G9Hg', 'apt-get', '-yf', 'dist-upgrade']
  Reading package lists...
  Building dependency tree...
  Reading state information...
  The following packages will be upgraded:
    openssh-client openssh-server openssh-sftp-server
  debconf: delaying package configuration, since apt-utils is not installed
  3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  Need to get 0 B/1057 kB of archives.
  After this operation, 136 kB disk space will be freed.
(Reading database ... 10209 files and directories currently installed.)
  Preparing to unpack .../openssh-sftp-server_6.7p1-6+foobar_amd64.deb ...
  Unpacking openssh-sftp-server (1:6.7p1-6+foobar) over (1:6.7p1-6) ...
  Preparing to unpack .../openssh-server_6.7p1-6+foobar_amd64.deb ...
  Unpacking openssh-server (1:6.7p1-6+foobar) over (1:6.7p1-6) ...
  Preparing to unpack .../openssh-client_6.7p1-6+foobar_amd64.deb ...
  Unpacking openssh-client (1:6.7p1-6+foobar) over (1:6.7p1-6) ...
  Processing triggers for systemd (222-1) ...
  Setting up openssh-client (1:6.7p1-6+foobar) ...
  Setting up openssh-sftp-server (1:6.7p1-6+foobar) ...
  Setting up openssh-server (1:6.7p1-6+foobar) ...
  
  Configuration file '/etc/pam.d/sshd'
   ==> Modified (by you or by a script) since installation.
   ==> Package distributor has shipped an updated version.
     What would you like to do about it ?  Your options are:
      Y or I  : install the package maintainer's version
      N or O  : keep your currently-installed version
        D     : show the differences between the versions
        Z     : start a shell to examine the situation
   The default action is to keep your current version.
  *** sshd (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing package 
openssh-server (--configure):
   end of file on stdin at conffile prompt
  Errors were encountered while processing:
   openssh-server
  E: Sub-process /usr/bin/dpkg returned an error code (1)
  

That is exactly the prompting that must not happen if the conffile
was not modified by the user.

BTW, there is pam-auth-update. Could this be used to achieve
the desired result?


Andreas

Attachment: fusionforge-shell.log.gz
Description: application/gzip

Reply via email to