Bug#749722: [Pkg-sssd-devel] Bug#749722: libsss-sudo: modified /etc/nsswitch.conf after purge
On 08.11.2014 21:35, Andreas Beckmann wrote: BTW, isn't doing that in the postrm too late anyway? Shouldn't that be removed already by prerm remove? With the postrm approach there is a small timespan where sudo could fail: the libsss library is already removed, but still referenced in /etc/nsswitch.conf. (And in the worst case the machine crashes at that moment - rebooting with a broken sudoers configuration in /etc/nsswitch.conf) It doesn't matter, sudo works just fine if there are leftovers on the sudoers entry. It might complain though, but not break. You could append this to your postrm sed script to remove sudoer: files after disabling sss /^sudoers:files$/d Or is there any other source that could add a sudoers line to /etc/nsswitch.conf? I've added a snippet to remove sudoers: if the line ends with 'files'. Also note that your postinst script has misleading comments talking about passwd, group, etc. lines being modified. fixed Also the following sequence does not enable sss for sudoers: apt-get install libsss-sudo # sss gets enabled apt-get remove libsss-sudo # sss gets disabled, don't purge apt-get install libsss-sudo # goes the upgrade, nothing to do branch fixed by running insert_nss_entry unconditionally, since it has sanity checks in place anyway. -- t -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749722: [Pkg-sssd-devel] Bug#749722: libsss-sudo: modified /etc/nsswitch.conf after purge
On 21.11.2014 13:47, Andreas Beckmann wrote: On 2014-11-21 07:09, Timo Aaltonen wrote: So I guess it would make sense for base-files to add sudoers: files to the default nsswitch.conf? Yes. Could you file a bug, please? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770825 PS: I didn't check in detail, but may sudo-ldap need this entry, too? yeah, it removes the entry completely on pkg remove, so essentially conflicts with libsss-sudo. -- t -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749722: [Pkg-sssd-devel] Bug#749722: libsss-sudo: modified /etc/nsswitch.conf after purge
On 08.11.2014 21:35, Andreas Beckmann wrote: Strange, purge works for me.. This probably depends on how /etc/nsswitch.conf looked before the test, i.e. whether it already contained a sudoers line. :: root@sid:/etc md5sum nsswitch.conf d204d419661fba0df52f9be8e2a29fdd nsswitch.conf I couldn't reproduce your md5sums in a current sid chroot Your postinst script adds the sudoers: files sss line to /etc/nsswitch.conf, but the postrm only removes the sss part from that line, leaving the rest. BTW, isn't doing that in the postrm too late anyway? Shouldn't that be removed already by prerm remove? With the postrm approach there is a small timespan where sudo could fail: the libsss library is already removed, but still referenced in /etc/nsswitch.conf. (And in the worst case the machine crashes at that moment - rebooting with a broken sudoers configuration in /etc/nsswitch.conf) You could append this to your postrm sed script to remove sudoer: files after disabling sss /^sudoers:files$/d Oh right, that's it.. Or is there any other source that could add a sudoers line to /etc/nsswitch.conf? Not that I know of, wish it was there by default and that we had a helper tool for these. Ubuntu kind of has one (auth-client-config) but it's mostly made obsolete by pam-auth-update. So I guess it would make sense for base-files to add sudoers: files to the default nsswitch.conf? Also note that your postinst script has misleading comments talking about passwd, group, etc. lines being modified. Also the following sequence does not enable sss for sudoers: apt-get install libsss-sudo # sss gets enabled apt-get remove libsss-sudo # sss gets disabled, don't purge apt-get install libsss-sudo # goes the upgrade, nothing to do branch Yeah I'll fix these at least. -- t -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#749722: [Pkg-sssd-devel] Bug#749722: libsss-sudo: modified /etc/nsswitch.conf after purge
On 29.05.2014 15:59, Holger Levsen wrote: Package: libsss-sudo Version: 1.11.3-1 User: debian...@lists.debian.org Usertags: piuparts piuparts.d.o Hi, during a test with piuparts I noticed your package leaves a modified /etc/nsswitch.conf after purge. From the attached log (scroll to the bottom...): 0m31.7s ERROR: FAIL: After purging files have been modified: /etc/nsswitch.conf not owned I've seen #748671 but this has nothing to do with multiarch, so I decided to open a new bug report. And then I executed this sed command from postinst/postrm manually on my machine and this didnt leave /etc/nsswitch.conf modified. So I manually debootstrapped, kept a copy of nsswitch.conf, installed and purged libsss-sudo and voila: # diff /etc/nsswitch.conf /etc/nsswitch.conf.bak 21d20 sudoers:files (And indeed my machine has no sudoers line in nsswitch.conf, so thats why.) postinst adds the sudoers line and postrm doesnt remove it. Strange, purge works for me.. :: root@sid:/etc cp nsswitch.conf nsswitch.conf-b :: root@sid:/etc apt-get install libsss-sudo Luetaan pakettiluetteloita... Valmis Muodostetaan riippuvuussuhteiden puu Luetaan tilatiedot... Valmis Seuraavat UUDET paketit asennetaan: libsss-sudo 0 päivitetty, 1 uutta asennusta, 0 poistettavaa ja 3 päivittämätöntä. Noudettavaa arkistoa 0 t/20,1 kt. Toiminnon jälkeen käytetään 39,9 k t lisää levytilaa. Selecting previously unselected package libsss-sudo. (Reading database ... 182251 files and directories currently installed.) Preparing to unpack .../libsss-sudo_1.11.5.1-1_amd64.deb ... Unpacking libsss-sudo (1.11.5.1-1) ... Setting up libsss-sudo (1.11.5.1-1) ... First installation detected... Checking NSS setup... Processing triggers for libc-bin (2.18-7) ... :: root@sid:/etc md5sum nsswitch.conf 203e340d8ea6205a796beb78c9e8ec73 nsswitch.conf :: root@sid:/etc md5sum nsswitch.conf-b d204d419661fba0df52f9be8e2a29fdd nsswitch.conf-b :: root@sid:/etc dpkg --purge libsss-sudo (Reading database ... 182256 files and directories currently installed.) Removing libsss-sudo (1.11.5.1-1) ... Checking NSS setup... Purging configuration files for libsss-sudo (1.11.5.1-1) ... Checking NSS setup... Processing triggers for libc-bin (2.18-7) ... :: root@sid:/etc md5sum nsswitch.conf d204d419661fba0df52f9be8e2a29fdd nsswitch.conf -- t signature.asc Description: OpenPGP digital signature