retitle 742862 slapd: /var/lib/ldap as a symlink breaks upgrade
severity 742862 important
tags 742862 + patch
thanks
On Mon, Mar 31, 2014 at 11:27 PM, Ryan Tandy <[email protected]> wrote:
> On 31/03/14 11:18 PM, Erwan David wrote:
>> Note also that /etc/ldap and /var/lib/ldap both are symbolic links to
>> respectively /secure/etc/ldap and /secure/var/lib/ldap,/secure being
>> an encrypted disk used to store confidential infos.
>
> This is certainly interesting. The scripts take into account the
> possibility of /var/lib/ldap being a mountpoint, but maybe not a
> symlink.
That's exactly it. I'm lowering the severity of the bug because I
think this is an unusual configuration, even if the scripts should be
robust against it. When /var/lib/ldap is a symlink the scripts' find,
chown, and chgrp invocations operate on the symlink itself and not the
linked directory; easily fixed. I was able to reproduce exactly your
results under that configuration, and the attached patch fixes it.
As a workaround, you should be able to complete your upgrade with the
current package if you temporarily replace your symlink with a bind
mount. That worked for me when I tested it.
diff -u openldap-2.4.39/debian/slapd.scripts-common openldap-2.4.39/debian/slapd.scripts-common
--- openldap-2.4.39/debian/slapd.scripts-common
+++ openldap-2.4.39/debian/slapd.scripts-common
@@ -94,8 +94,8 @@
update_permissions() { # {{{
dir="$1"
if [ -d "$dir" ]; then
- [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" "$dir"
- [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" "$dir"
+ [ -z "$SLAPD_USER" ] || chown -R -H "$SLAPD_USER" "$dir"
+ [ -z "$SLAPD_GROUP" ] || chgrp -R -H "$SLAPD_GROUP" "$dir"
fi
}
# }}}
@@ -240,9 +240,9 @@
if [ -n "$SLAPD_USER" ] || [ -n "$SLAPD_GROUP" ]; then
echo -n " - chowning database directory ($SLAPD_USER:$SLAPD_GROUP)... "
[ -z "$SLAPD_USER" ] || \
- chown -R "$SLAPD_USER" "$dbdir"
+ chown -R -H "$SLAPD_USER" "$dbdir"
[ -z "$SLAPD_GROUP" ] || \
- chgrp -R "$SLAPD_GROUP" "$dbdir"
+ chgrp -R -H "$SLAPD_GROUP" "$dbdir"
echo "done";
fi
done
@@ -385,7 +385,7 @@
backupdir=`compute_backup_path "$databasedir" "$suffix"`
echo -n " - directory $suffix... " >&2
mkdir -p "$backupdir"
- find "$databasedir" -mindepth 1 -maxdepth 1 \
+ find -H "$databasedir" -mindepth 1 -maxdepth 1 \
-exec mv {} "$backupdir" \;
echo done. >&2
else
@@ -725,7 +725,7 @@
# (i.e., contains no files except for an optional DB_CONFIG).
# Usage: if is_empty_dir "$dir"; then ... fi
- output=`find "$1" -mindepth 1 -maxdepth 1 \! -name DB_CONFIG 2>/dev/null`
+ output=`find -H "$1" -mindepth 1 -maxdepth 1 \! -name DB_CONFIG 2>/dev/null`
if [ -n "$output" ]; then
return 1
else