On Sat, Feb 21, 2015 at 9:52 PM, Christian Kastner wrote: > It's not backed up in jessie or later. The backup/md5sum stuff is > preceeded by a test for and old version less than "1.7.4p4-4", so in > wheezy and later, all the md5sum stuff is ignored during upgrades.
It is most certainly backed up in jessie or later. That happens during "install" rather than "upgrade", which you describe below anyway. > However, the backup code is accidentally triggered when switching > between sudo and sudo-ldap, because switching is not upgrading (in the > dpkg sense), and the version test above does not account for this scenario: > > <preinst> > $ dpkg --compare-versions "" le "1.7.4p4-4" && echo oops > oops > >> The solution I propose to modify /etc/sudoers so that it has a >> different checksum, which prevents the incorrect backup. Please see >> attached > > This has one nasty side effect: when upgrading from wheezy to jessie, > anyone with a changed /etc/sudoers will be asked a conffile question, > because both the local and the maintainer's version changed. That is true for conffiles in general, but will not be the case for sudo because its *.preinst moves /etc/sudoers for lenny/squeeze/wheezy out of the way to /etc/sudoers.pre-conffile. > Modifying sudoers so that it has a checksum can't be right, because the > code where the checksum is relevant shouldn't have been reached in the > first place (in wheezy or later). It is possible that the user removed the package, then installed it later. That is why the "install" path also has handling for old /etc/sudoers, to perform backup in that case also. > Fixing the --compare-versions above does precisely that -- the md5sum > stuff is never even reached. With that approach the check is now not reached in cases where it should. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
