subject:"Bug#706185\: your mail"

Bug#706185: your mail

2014-07-21 Thread Breno Leitao

Hi Helmut,

On 07/18/2014 03:52 PM, Helmut Grohne wrote:
 While your patch moves a lot of files, it does not address the
 underlying problem. The libpam-ldap package still creates the very same
 configuration files using its postinst script and it still removes them
 in postrm.
Right. As I explained to you, I was planning to create a config-only package, 
and
a different package for the binaries, which doesn't seem to be the best 
solution,
as you already explained.

So, since these /etc/pam_ldap.conf is not a conffile, I am creating a patch that
just removes the file if there is no further package (libpam_ldap) installed in
the system (as from a different arch), thus, olving the problem here specified, 
as
it doesn't remove the /etc/pam_ldap.conf files if there are further packages
installed in the system.

I didn't touch the postinst packages because it is already configured to not
override an already installed configuration file.

The scripts becomes very short, and I am attaching as a RFC.

Thank you,
Breno

Index: libpam-ldap/libpam-ldap-184/debian/libpam-ldap.postrm
===
--- libpam-ldap.orig/libpam-ldap-184/debian/libpam-ldap.postrm
+++ libpam-ldap/libpam-ldap-184/debian/libpam-ldap.postrm
@@ -7,7 +7,8 @@ PASSWDFILE=/etc/pam_ldap.secret
 
 action=$1
 
-if [ $action = purge ]; then
+if [ $action = purge ]  \
+[ $(dpkg-query --show libpam-ldap 2 /dev/null | wc -l) = 1 ]; then
rm -f $CONFFILE $PASSWDFILE
 fi
 
Index: libpam-ldap/libpam-ldap-184/debian/libpam-ldap.prerm
===
--- libpam-ldap.orig/libpam-ldap-184/debian/libpam-ldap.prerm
+++ libpam-ldap/libpam-ldap-184/debian/libpam-ldap.prerm
@@ -2,7 +2,8 @@
 
 set -e
 
-if [ $1 = remove ]; then
+if [ $1 = remove ]  \
+[ $(dpkg-query --show libpam-ldap 2 /dev/null | wc -l) = 1 ]; then
pam-auth-update --package --remove ldap
 fi

Bug#706185: your mail

2014-07-18 Thread Helmut Grohne

On Fri, Jul 18, 2014 at 03:23:05PM -0300, Breno Leitao wrote:
 I played a little bit with this bug, and I find one possible solution is to 
 have
 those common config files in a -common package that becomes arch=all. Thus, 
 they
 would not be replaced or removed in the scenario reported by Andreas.

Thanks for your effort. Let me review the patch:

 In this case, package src:libpam-ldap would generate two binary packages
 libpam-ldap and libpam-ldap-common, with the following files:
 
   # dpkg -c libpam-ldap_184-8.6_ppc64el.deb   | awk '{print $6}'
   ./
   ./etc/
   ./usr/
   ./usr/share/
   ./usr/share/doc/
   ./usr/share/doc/libpam-ldap/
   ./usr/share/doc/libpam-ldap/AUTHORS
   ./usr/share/doc/libpam-ldap/changelog.gz
   ./usr/share/doc/libpam-ldap/copyright
   ./usr/share/doc/libpam-ldap/buildinfo_ppc64el.gz
   ./usr/share/doc/libpam-ldap/README.gz
   ./usr/share/doc/libpam-ldap/README.Debian
   ./usr/share/doc/libpam-ldap/changelog.Debian.gz
   ./usr/share/libpam-ldap/
   ./lib/
   ./lib/powerpc64le-linux-gnu/
   ./lib/powerpc64le-linux-gnu/security/
   ./lib/powerpc64le-linux-gnu/security/pam_ldap.so
 
 and
 
   # dpkg -c libpam-ldap-common_184-8.6_all.deb  | awk '{print $6}'
   ./
   ./usr/
   ./usr/share/
   ./usr/share/man/
   ./usr/share/man/man5/
   ./usr/share/man/man5/pam_ldap.conf.5.gz
   ./usr/share/pam-configs/
   ./usr/share/pam-configs/ldap
   ./usr/share/doc/
   ./usr/share/doc/libpam-ldap-common/
   ./usr/share/doc/libpam-ldap-common/AUTHORS
   ./usr/share/doc/libpam-ldap-common/changelog.gz
   ./usr/share/doc/libpam-ldap-common/copyright
   ./usr/share/doc/libpam-ldap-common/buildinfo_all.gz
   ./usr/share/doc/libpam-ldap-common/README.gz
   ./usr/share/doc/libpam-ldap-common/changelog.Debian.gz
   ./usr/share/doc/libpam-ldap/
   ./usr/share/doc/libpam-ldap/ldapns.schema
   ./usr/share/doc/libpam-ldap/LDAP-Permissions.txt
   ./usr/share/doc/libpam-ldap/examples/
   ./usr/share/doc/libpam-ldap/examples/pam.conf
   ./usr/share/doc/libpam-ldap/examples/pam.d/
   ./usr/share/doc/libpam-ldap/examples/pam.d/ssh
   ./usr/share/doc/libpam-ldap/examples/pam.d/shutdown
   ./usr/share/doc/libpam-ldap/examples/pam.d/samba
   ./usr/share/doc/libpam-ldap/examples/pam.d/gdm
   ./usr/share/doc/libpam-ldap/examples/pam.d/su
   ./usr/share/doc/libpam-ldap/examples/pam.d/reboot
   ./usr/share/doc/libpam-ldap/examples/pam.d/xserver
   ./usr/share/doc/libpam-ldap/examples/pam.d/halt
   ./usr/share/doc/libpam-ldap/examples/pam.d/rsh
   ./usr/share/doc/libpam-ldap/examples/pam.d/rexec
   ./usr/share/doc/libpam-ldap/examples/pam.d/passwd
   ./usr/share/doc/libpam-ldap/examples/pam.d/mcserv
   ./usr/share/doc/libpam-ldap/examples/pam.d/xscreensaver
   ./usr/share/doc/libpam-ldap/examples/pam.d/xdm
   ./usr/share/doc/libpam-ldap/examples/pam.d/imap
   ./usr/share/doc/libpam-ldap/examples/pam.d/login
   ./usr/share/doc/libpam-ldap/examples/pam.d/other
   ./usr/share/doc/libpam-ldap/examples/pam.d/linuxconf
   ./usr/share/doc/libpam-ldap/examples/pam.d/chfn
   ./usr/share/doc/libpam-ldap/examples/pam.d/xlock
   ./usr/share/doc/libpam-ldap/examples/pam.d/pop
   ./usr/share/doc/libpam-ldap/examples/pam.d/rlogin
   ./usr/share/doc/libpam-ldap/examples/pam.d/chsh
   ./usr/share/doc/libpam-ldap/examples/pam.d/vlock
   ./usr/share/doc/libpam-ldap/examples/pam.d/poweroff
   ./usr/share/doc/libpam-ldap/examples/pam.d/ftp
   ./usr/share/doc/libpam-ldap/examples/pam.d/kde
   ./usr/share/doc/libpam-ldap/examples/pam.d/linuxconf-pair
   ./usr/share/doc/libpam-ldap/examples/pam.d/ppp
   ./usr/share/doc/libpam-ldap/examples/chfn
   ./usr/share/doc/libpam-ldap/examples/chsh
   ./usr/share/libpam-ldap/
   ./usr/share/libpam-ldap/ldap.conf

While your patch moves a lot of files, it does not address the
underlying problem. The libpam-ldap package still creates the very same
configuration files using its postinst script and it still removes them
in postrm.

 Index: libpam-ldap-184/debian/control
 ===
 --- libpam-ldap-184.orig/debian/control
 +++ libpam-ldap-184/debian/control
 @@ -8,10 +8,20 @@ Build-Depends: cdbs (= 0.4.93~), quilt,
  Package: libpam-ldap
  Architecture: any
  Multi-Arch: same
 -Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (= 1.0.1-6), 
 libpam0g (= 1.1.3-2)
 +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (= 1.0.1-6), 
 libpam0g (= 1.1.3-2), libpam-ldap-common (= ${binary:Version})

This change makes the package binNMU-unsafe. Do you see why?

  Suggests: libnss-ldapd | libnss-ldap 
  Description: Pluggable Authentication Module for LDAP
   This package provides an interface between an LDAP server and the PAM
   user

Bug#706185: your mail

Bug#706185: your mail

2 matches

Site Navigation

Mail list logo

Footer information