On Fri, Jul 18, 2014 at 03:23:05PM -0300, Breno Leitao wrote:
> I played a little bit with this bug, and I find one possible solution is to
> have
> those common config files in a -common package that becomes arch=all. Thus,
> they
> would not be replaced or removed in the scenario reported by Andreas.
Thanks for your effort. Let me review the patch:
> In this case, package src:libpam-ldap would generate two binary packages
> libpam-ldap and libpam-ldap-common, with the following files:
>
> # dpkg -c libpam-ldap_184-8.6_ppc64el.deb | awk '{print $6}'
> ./
> ./etc/
> ./usr/
> ./usr/share/
> ./usr/share/doc/
> ./usr/share/doc/libpam-ldap/
> ./usr/share/doc/libpam-ldap/AUTHORS
> ./usr/share/doc/libpam-ldap/changelog.gz
> ./usr/share/doc/libpam-ldap/copyright
> ./usr/share/doc/libpam-ldap/buildinfo_ppc64el.gz
> ./usr/share/doc/libpam-ldap/README.gz
> ./usr/share/doc/libpam-ldap/README.Debian
> ./usr/share/doc/libpam-ldap/changelog.Debian.gz
> ./usr/share/libpam-ldap/
> ./lib/
> ./lib/powerpc64le-linux-gnu/
> ./lib/powerpc64le-linux-gnu/security/
> ./lib/powerpc64le-linux-gnu/security/pam_ldap.so
>
> and
>
> # dpkg -c libpam-ldap-common_184-8.6_all.deb | awk '{print $6}'
> ./
> ./usr/
> ./usr/share/
> ./usr/share/man/
> ./usr/share/man/man5/
> ./usr/share/man/man5/pam_ldap.conf.5.gz
> ./usr/share/pam-configs/
> ./usr/share/pam-configs/ldap
> ./usr/share/doc/
> ./usr/share/doc/libpam-ldap-common/
> ./usr/share/doc/libpam-ldap-common/AUTHORS
> ./usr/share/doc/libpam-ldap-common/changelog.gz
> ./usr/share/doc/libpam-ldap-common/copyright
> ./usr/share/doc/libpam-ldap-common/buildinfo_all.gz
> ./usr/share/doc/libpam-ldap-common/README.gz
> ./usr/share/doc/libpam-ldap-common/changelog.Debian.gz
> ./usr/share/doc/libpam-ldap/
> ./usr/share/doc/libpam-ldap/ldapns.schema
> ./usr/share/doc/libpam-ldap/LDAP-Permissions.txt
> ./usr/share/doc/libpam-ldap/examples/
> ./usr/share/doc/libpam-ldap/examples/pam.conf
> ./usr/share/doc/libpam-ldap/examples/pam.d/
> ./usr/share/doc/libpam-ldap/examples/pam.d/ssh
> ./usr/share/doc/libpam-ldap/examples/pam.d/shutdown
> ./usr/share/doc/libpam-ldap/examples/pam.d/samba
> ./usr/share/doc/libpam-ldap/examples/pam.d/gdm
> ./usr/share/doc/libpam-ldap/examples/pam.d/su
> ./usr/share/doc/libpam-ldap/examples/pam.d/reboot
> ./usr/share/doc/libpam-ldap/examples/pam.d/xserver
> ./usr/share/doc/libpam-ldap/examples/pam.d/halt
> ./usr/share/doc/libpam-ldap/examples/pam.d/rsh
> ./usr/share/doc/libpam-ldap/examples/pam.d/rexec
> ./usr/share/doc/libpam-ldap/examples/pam.d/passwd
> ./usr/share/doc/libpam-ldap/examples/pam.d/mcserv
> ./usr/share/doc/libpam-ldap/examples/pam.d/xscreensaver
> ./usr/share/doc/libpam-ldap/examples/pam.d/xdm
> ./usr/share/doc/libpam-ldap/examples/pam.d/imap
> ./usr/share/doc/libpam-ldap/examples/pam.d/login
> ./usr/share/doc/libpam-ldap/examples/pam.d/other
> ./usr/share/doc/libpam-ldap/examples/pam.d/linuxconf
> ./usr/share/doc/libpam-ldap/examples/pam.d/chfn
> ./usr/share/doc/libpam-ldap/examples/pam.d/xlock
> ./usr/share/doc/libpam-ldap/examples/pam.d/pop
> ./usr/share/doc/libpam-ldap/examples/pam.d/rlogin
> ./usr/share/doc/libpam-ldap/examples/pam.d/chsh
> ./usr/share/doc/libpam-ldap/examples/pam.d/vlock
> ./usr/share/doc/libpam-ldap/examples/pam.d/poweroff
> ./usr/share/doc/libpam-ldap/examples/pam.d/ftp
> ./usr/share/doc/libpam-ldap/examples/pam.d/kde
> ./usr/share/doc/libpam-ldap/examples/pam.d/linuxconf-pair
> ./usr/share/doc/libpam-ldap/examples/pam.d/ppp
> ./usr/share/doc/libpam-ldap/examples/chfn
> ./usr/share/doc/libpam-ldap/examples/chsh
> ./usr/share/libpam-ldap/
> ./usr/share/libpam-ldap/ldap.conf
While your patch moves a lot of files, it does not address the
underlying problem. The libpam-ldap package still creates the very same
configuration files using its postinst script and it still removes them
in postrm.
> Index: libpam-ldap-184/debian/control
> ===================================================================
> --- libpam-ldap-184.orig/debian/control
> +++ libpam-ldap-184/debian/control
> @@ -8,10 +8,20 @@ Build-Depends: cdbs (>= 0.4.93~), quilt,
> Package: libpam-ldap
> Architecture: any
> Multi-Arch: same
> -Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6),
> libpam0g (>= 1.1.3-2)
> +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6),
> libpam0g (>= 1.1.3-2), libpam-ldap-common (= ${binary:Version})
This change makes the package binNMU-unsafe. Do you see why?
> Suggests: libnss-ldapd | libnss-ldap
> Description: Pluggable Authentication Module for LDAP
> This package provides an interface between an LDAP server and the PAM
> user authentication system. Using it along with libnss-ldapd or libnss-ldap
> allows LDAP to entirely replace other lookup methods (such as NIS or
> + flat-file) for system account tables.
> +
> +Package: libpam-ldap-common
> +Architecture: all
> +Depends:
> +Suggests:
> +Description: Pluggable Authentication Module for LDAP configuration
> + This package provides an interface between an LDAP server and the PAM
> + user authentication system. Using it along with libnss-ldapd or libnss-ldap
> + allows LDAP to entirely replace other lookup methods (such as NIS or
> flat-file) for system account tables.
If libpam-ldap-common is unpacked, before libpam-ldap is upgraded, dpkg
will fail unpacking because it would need to overwrite files.
You can check for this later error using piuparts.
Helmut
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]