On Fri, Jul 18, 2014 at 03:23:05PM -0300, Breno Leitao wrote:
> I played a little bit with this bug, and I find one possible solution is to
> have
> those common config files in a -common package that becomes arch=all. Thus,
> they
> would not be replaced or removed in the scenario reported by Andreas.
Thanks for your effort. Let me review the patch:
> In this case, package src:libpam-ldap would generate two binary packages
> libpam-ldap and libpam-ldap-common, with the following files:
>
> # dpkg -c libpam-ldap_184-8.6_ppc64el.deb | awk '{print $6}'
> ./
> ./etc/
> ./usr/
> ./usr/share/
> ./usr/share/doc/
> ./usr/share/doc/libpam-ldap/
> ./usr/share/doc/libpam-ldap/AUTHORS
> ./usr/share/doc/libpam-ldap/changelog.gz
> ./usr/share/doc/libpam-ldap/copyright
> ./usr/share/doc/libpam-ldap/buildinfo_ppc64el.gz
> ./usr/share/doc/libpam-ldap/README.gz
> ./usr/share/doc/libpam-ldap/README.Debian
> ./usr/share/doc/libpam-ldap/changelog.Debian.gz
> ./usr/share/libpam-ldap/
> ./lib/
> ./lib/powerpc64le-linux-gnu/
> ./lib/powerpc64le-linux-gnu/security/
> ./lib/powerpc64le-linux-gnu/security/pam_ldap.so
>
> and
>
> # dpkg -c libpam-ldap-common_184-8.6_all.deb | awk '{print $6}'
> ./
> ./usr/
> ./usr/share/
> ./usr/share/man/
> ./usr/share/man/man5/
> ./usr/share/man/man5/pam_ldap.conf.5.gz
> ./usr/share/pam-configs/
> ./usr/share/pam-configs/ldap
> ./usr/share/doc/
> ./usr/share/doc/libpam-ldap-common/
> ./usr/share/doc/libpam-ldap-common/AUTHORS
> ./usr/share/doc/libpam-ldap-common/changelog.gz
> ./usr/share/doc/libpam-ldap-common/copyright
> ./usr/share/doc/libpam-ldap-common/buildinfo_all.gz
> ./usr/share/doc/libpam-ldap-common/README.gz
> ./usr/share/doc/libpam-ldap-common/changelog.Debian.gz
> ./usr/share/doc/libpam-ldap/
> ./usr/share/doc/libpam-ldap/ldapns.schema
> ./usr/share/doc/libpam-ldap/LDAP-Permissions.txt
> ./usr/share/doc/libpam-ldap/examples/
> ./usr/share/doc/libpam-ldap/examples/pam.conf
> ./usr/share/doc/libpam-ldap/examples/pam.d/
> ./usr/share/doc/libpam-ldap/examples/pam.d/ssh
> ./usr/share/doc/libpam-ldap/examples/pam.d/shutdown
> ./usr/share/doc/libpam-ldap/examples/pam.d/samba
> ./usr/share/doc/libpam-ldap/examples/pam.d/gdm
> ./usr/share/doc/libpam-ldap/examples/pam.d/su
> ./usr/share/doc/libpam-ldap/examples/pam.d/reboot
> ./usr/share/doc/libpam-ldap/examples/pam.d/xserver
> ./usr/share/doc/libpam-ldap/examples/pam.d/halt
> ./usr/share/doc/libpam-ldap/examples/pam.d/rsh
> ./usr/share/doc/libpam-ldap/examples/pam.d/rexec
> ./usr/share/doc/libpam-ldap/examples/pam.d/passwd
> ./usr/share/doc/libpam-ldap/examples/pam.d/mcserv
> ./usr/share/doc/libpam-ldap/examples/pam.d/xscreensaver
> ./usr/share/doc/libpam-ldap/examples/pam.d/xdm
> ./usr/share/doc/libpam-ldap/examples/pam.d/imap
> ./usr/share/doc/libpam-ldap/examples/pam.d/login
> ./usr/share/doc/libpam-ldap/examples/pam.d/other
> ./usr/share/doc/libpam-ldap/examples/pam.d/linuxconf
> ./usr/share/doc/libpam-ldap/examples/pam.d/chfn
> ./usr/share/doc/libpam-ldap/examples/pam.d/xlock
> ./usr/share/doc/libpam-ldap/examples/pam.d/pop
> ./usr/share/doc/libpam-ldap/examples/pam.d/rlogin
> ./usr/share/doc/libpam-ldap/examples/pam.d/chsh
> ./usr/share/doc/libpam-ldap/examples/pam.d/vlock
> ./usr/share/doc/libpam-ldap/examples/pam.d/poweroff
> ./usr/share/doc/libpam-ldap/examples/pam.d/ftp
> ./usr/share/doc/libpam-ldap/examples/pam.d/kde
> ./usr/share/doc/libpam-ldap/examples/pam.d/linuxconf-pair
> ./usr/share/doc/libpam-ldap/examples/pam.d/ppp
> ./usr/share/doc/libpam-ldap/examples/chfn
> ./usr/share/doc/libpam-ldap/examples/chsh
> ./usr/share/libpam-ldap/
> ./usr/share/libpam-ldap/ldap.conf
While your patch moves a lot of files, it does not address the
underlying problem. The libpam-ldap package still creates the very same
configuration files using its postinst script and it still removes them
in postrm.
> Index: libpam-ldap-184/debian/control
> ===
> --- libpam-ldap-184.orig/debian/control
> +++ libpam-ldap-184/debian/control
> @@ -8,10 +8,20 @@ Build-Depends: cdbs (>= 0.4.93~), quilt,
> Package: libpam-ldap
> Architecture: any
> Multi-Arch: same
> -Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6),
> libpam0g (>= 1.1.3-2)
> +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6),
> libpam0g (>= 1.1.3-2), libpam-ldap-common (= ${binary:Version})
This change makes the package binNMU-unsafe. Do you see why?
> Suggests: libnss-ldapd | libnss-ldap
> Description: Pluggable Authentication