retitle 742862 slapd: /var/lib/ldap as a symlink breaks upgrade
severity 742862 important
tags 742862 + patch
thanks

On Mon, Mar 31, 2014 at 11:27 PM, Ryan Tandy <[email protected]> wrote:
> On 31/03/14 11:18 PM, Erwan David wrote:
>> Note also that /etc/ldap and /var/lib/ldap both are symbolic links to
>> respectively /secure/etc/ldap and /secure/var/lib/ldap,/secure being
>> an encrypted disk used to store confidential infos.
>
> This is certainly interesting. The scripts take into account the
> possibility of /var/lib/ldap being a mountpoint, but maybe not a
> symlink.

That's exactly it. I'm lowering the severity of the bug because I
think this is an unusual configuration, even if the scripts should be
robust against it. When /var/lib/ldap is a symlink the scripts' find,
chown, and chgrp invocations operate on the symlink itself and not the
linked directory; easily fixed. I was able to reproduce exactly your
results under that configuration, and the attached patch fixes it.

As a workaround, you should be able to complete your upgrade with the
current package if you temporarily replace your symlink with a bind
mount. That worked for me when I tested it.
diff -u openldap-2.4.39/debian/slapd.scripts-common openldap-2.4.39/debian/slapd.scripts-common
--- openldap-2.4.39/debian/slapd.scripts-common
+++ openldap-2.4.39/debian/slapd.scripts-common
@@ -94,8 +94,8 @@
 update_permissions() {	# {{{
 	dir="$1"
 	if [ -d "$dir" ]; then
-		[ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" "$dir"
-		[ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" "$dir"
+		[ -z "$SLAPD_USER" ] || chown -R -H "$SLAPD_USER" "$dir"
+		[ -z "$SLAPD_GROUP" ] || chgrp -R -H "$SLAPD_GROUP" "$dir"
 	fi
 }
 # }}}
@@ -240,9 +240,9 @@
 		if [ -n "$SLAPD_USER" ] || [ -n "$SLAPD_GROUP" ]; then
 			echo -n "  - chowning database directory ($SLAPD_USER:$SLAPD_GROUP)... "
 			[ -z "$SLAPD_USER" ] || \
-				chown -R "$SLAPD_USER" "$dbdir"
+				chown -R -H "$SLAPD_USER" "$dbdir"
 			[ -z "$SLAPD_GROUP" ] || \
-				chgrp -R "$SLAPD_GROUP" "$dbdir"
+				chgrp -R -H "$SLAPD_GROUP" "$dbdir"
 			echo "done";
 		fi
 	done
@@ -385,7 +385,7 @@
 		backupdir=`compute_backup_path "$databasedir" "$suffix"`
 		echo -n "  - directory $suffix... " >&2
 		mkdir -p "$backupdir"
-		find "$databasedir" -mindepth 1 -maxdepth 1	\
+		find -H "$databasedir" -mindepth 1 -maxdepth 1	\
 			-exec mv {} "$backupdir" \;
 		echo done. >&2
 	else
@@ -725,7 +725,7 @@
 # (i.e., contains no files except for an optional DB_CONFIG).
 # Usage: if is_empty_dir "$dir"; then ... fi
 
-	output=`find "$1" -mindepth 1 -maxdepth 1 \! -name DB_CONFIG 2>/dev/null`
+	output=`find -H "$1" -mindepth 1 -maxdepth 1 \! -name DB_CONFIG 2>/dev/null`
 	if [ -n "$output" ]; then
     		return 1
 	else

Reply via email to