subject:"\"Bug#706185\\\: your mail\""

Bug#706185: your mail

2014-07-21 Thread Breno Leitao

Hi Helmut,

On 07/18/2014 03:52 PM, Helmut Grohne wrote:
> While your patch moves a lot of files, it does not address the
> underlying problem. The libpam-ldap package still creates the very same
> configuration files using its postinst script and it still removes them
> in postrm.
Right. As I explained to you, I was planning to create a config-only package, 
and
a different package for the binaries, which doesn't seem to be the best 
solution,
as you already explained.

So, since these /etc/pam_ldap.conf is not a conffile, I am creating a patch that
just removes the file if there is no further package (libpam_ldap) installed in
the system (as from a different arch), thus, olving the problem here specified, 
as
it doesn't remove the /etc/pam_ldap.conf files if there are further packages
installed in the system.

I didn't touch the postinst packages because it is already configured to not
override an already installed configuration file.

The scripts becomes very short, and I am attaching as a RFC.

Thank you,
Breno

Index: libpam-ldap/libpam-ldap-184/debian/libpam-ldap.postrm
===
--- libpam-ldap.orig/libpam-ldap-184/debian/libpam-ldap.postrm
+++ libpam-ldap/libpam-ldap-184/debian/libpam-ldap.postrm
@@ -7,7 +7,8 @@ PASSWDFILE="/etc/pam_ldap.secret"
 
 action=$1
 
-if [ "$action" = "purge" ]; then
+if [ "$action" = "purge" ] && \
+[ "$(dpkg-query --show libpam-ldap 2> /dev/null | wc -l)" = 1 ]; then
rm -f $CONFFILE $PASSWDFILE
 fi
 
Index: libpam-ldap/libpam-ldap-184/debian/libpam-ldap.prerm
===
--- libpam-ldap.orig/libpam-ldap-184/debian/libpam-ldap.prerm
+++ libpam-ldap/libpam-ldap-184/debian/libpam-ldap.prerm
@@ -2,7 +2,8 @@
 
 set -e
 
-if [ "$1" = remove ]; then
+if [ "$1" = remove ] && \
+[ "$(dpkg-query --show libpam-ldap 2> /dev/null | wc -l)" = 1 ]; then
pam-auth-update --package --remove ldap
 fi

Bug#706185: your mail

2014-07-18 Thread Helmut Grohne

On Fri, Jul 18, 2014 at 03:23:05PM -0300, Breno Leitao wrote:
> I played a little bit with this bug, and I find one possible solution is to 
> have
> those common config files in a -common package that becomes arch=all. Thus, 
> they
> would not be replaced or removed in the scenario reported by Andreas.

Thanks for your effort. Let me review the patch:

> In this case, package src:libpam-ldap would generate two binary packages
> libpam-ldap and libpam-ldap-common, with the following files:
> 
>   # dpkg -c libpam-ldap_184-8.6_ppc64el.deb   | awk '{print $6}'
>   ./
>   ./etc/
>   ./usr/
>   ./usr/share/
>   ./usr/share/doc/
>   ./usr/share/doc/libpam-ldap/
>   ./usr/share/doc/libpam-ldap/AUTHORS
>   ./usr/share/doc/libpam-ldap/changelog.gz
>   ./usr/share/doc/libpam-ldap/copyright
>   ./usr/share/doc/libpam-ldap/buildinfo_ppc64el.gz
>   ./usr/share/doc/libpam-ldap/README.gz
>   ./usr/share/doc/libpam-ldap/README.Debian
>   ./usr/share/doc/libpam-ldap/changelog.Debian.gz
>   ./usr/share/libpam-ldap/
>   ./lib/
>   ./lib/powerpc64le-linux-gnu/
>   ./lib/powerpc64le-linux-gnu/security/
>   ./lib/powerpc64le-linux-gnu/security/pam_ldap.so
> 
> and
> 
>   # dpkg -c libpam-ldap-common_184-8.6_all.deb  | awk '{print $6}'
>   ./
>   ./usr/
>   ./usr/share/
>   ./usr/share/man/
>   ./usr/share/man/man5/
>   ./usr/share/man/man5/pam_ldap.conf.5.gz
>   ./usr/share/pam-configs/
>   ./usr/share/pam-configs/ldap
>   ./usr/share/doc/
>   ./usr/share/doc/libpam-ldap-common/
>   ./usr/share/doc/libpam-ldap-common/AUTHORS
>   ./usr/share/doc/libpam-ldap-common/changelog.gz
>   ./usr/share/doc/libpam-ldap-common/copyright
>   ./usr/share/doc/libpam-ldap-common/buildinfo_all.gz
>   ./usr/share/doc/libpam-ldap-common/README.gz
>   ./usr/share/doc/libpam-ldap-common/changelog.Debian.gz
>   ./usr/share/doc/libpam-ldap/
>   ./usr/share/doc/libpam-ldap/ldapns.schema
>   ./usr/share/doc/libpam-ldap/LDAP-Permissions.txt
>   ./usr/share/doc/libpam-ldap/examples/
>   ./usr/share/doc/libpam-ldap/examples/pam.conf
>   ./usr/share/doc/libpam-ldap/examples/pam.d/
>   ./usr/share/doc/libpam-ldap/examples/pam.d/ssh
>   ./usr/share/doc/libpam-ldap/examples/pam.d/shutdown
>   ./usr/share/doc/libpam-ldap/examples/pam.d/samba
>   ./usr/share/doc/libpam-ldap/examples/pam.d/gdm
>   ./usr/share/doc/libpam-ldap/examples/pam.d/su
>   ./usr/share/doc/libpam-ldap/examples/pam.d/reboot
>   ./usr/share/doc/libpam-ldap/examples/pam.d/xserver
>   ./usr/share/doc/libpam-ldap/examples/pam.d/halt
>   ./usr/share/doc/libpam-ldap/examples/pam.d/rsh
>   ./usr/share/doc/libpam-ldap/examples/pam.d/rexec
>   ./usr/share/doc/libpam-ldap/examples/pam.d/passwd
>   ./usr/share/doc/libpam-ldap/examples/pam.d/mcserv
>   ./usr/share/doc/libpam-ldap/examples/pam.d/xscreensaver
>   ./usr/share/doc/libpam-ldap/examples/pam.d/xdm
>   ./usr/share/doc/libpam-ldap/examples/pam.d/imap
>   ./usr/share/doc/libpam-ldap/examples/pam.d/login
>   ./usr/share/doc/libpam-ldap/examples/pam.d/other
>   ./usr/share/doc/libpam-ldap/examples/pam.d/linuxconf
>   ./usr/share/doc/libpam-ldap/examples/pam.d/chfn
>   ./usr/share/doc/libpam-ldap/examples/pam.d/xlock
>   ./usr/share/doc/libpam-ldap/examples/pam.d/pop
>   ./usr/share/doc/libpam-ldap/examples/pam.d/rlogin
>   ./usr/share/doc/libpam-ldap/examples/pam.d/chsh
>   ./usr/share/doc/libpam-ldap/examples/pam.d/vlock
>   ./usr/share/doc/libpam-ldap/examples/pam.d/poweroff
>   ./usr/share/doc/libpam-ldap/examples/pam.d/ftp
>   ./usr/share/doc/libpam-ldap/examples/pam.d/kde
>   ./usr/share/doc/libpam-ldap/examples/pam.d/linuxconf-pair
>   ./usr/share/doc/libpam-ldap/examples/pam.d/ppp
>   ./usr/share/doc/libpam-ldap/examples/chfn
>   ./usr/share/doc/libpam-ldap/examples/chsh
>   ./usr/share/libpam-ldap/
>   ./usr/share/libpam-ldap/ldap.conf

While your patch moves a lot of files, it does not address the
underlying problem. The libpam-ldap package still creates the very same
configuration files using its postinst script and it still removes them
in postrm.

> Index: libpam-ldap-184/debian/control
> ===
> --- libpam-ldap-184.orig/debian/control
> +++ libpam-ldap-184/debian/control
> @@ -8,10 +8,20 @@ Build-Depends: cdbs (>= 0.4.93~), quilt,
>  Package: libpam-ldap
>  Architecture: any
>  Multi-Arch: same
> -Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6), 
> libpam0g (>= 1.1.3-2)
> +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6), 
> libpam0g (>= 1.1.3-2), libpam-ldap-common (= ${binary:Version})

This change makes the package binNMU-unsafe. Do you see why?

>  Suggests: libnss-ldapd | libnss-ldap 
>  Description: Pluggable Authentication

Bug#706185: your mail

Bug#706185: your mail

2 matches

Site Navigation

Mail list logo

Footer information