Package: dh-nss Version: 1.5 Severity: medium Hello,
sssd has recently moved to dh-nss and now its dep8 tests are failing. The reason is because the migration to dh-nss was done for libsss-nss, but libsss-sudo also performs modifications to /etc/nsswitch.conf. dh-nss generates the following snippet inside d/libsss-nss.postinst: --8<---------------cut here---------------start------------->8--- # Automatically added by dh_installnss/1.5 if [ "$1" = "configure" ] && [ -e "${DPKG_ROOT}/etc/nsswitch.conf" ] ; then if ! grep -q -E '^[^#:]+:[^#]*\s(sss)(\s|#|$)' "${DPKG_ROOT}/etc/nsswitch.conf" ; then # Installing passwd/sss from libnss-sss in position last sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e '/^passwd:\s[^#]*$/ s/$/ sss/' -e '/^passwd:\s.*#/ s/#/ sss #/' # Installing group/sss from libnss-sss in position last sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e '/^group:\s[^#]*$/ s/$/ sss/' -e '/^group:\s.*#/ s/#/ sss #/' # Installing shadow/sss from libnss-sss in position last sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e '/^shadow:\s[^#]*$/ s/$/ sss/' -e '/^shadow:\s.*#/ s/#/ sss #/' # Installing netgroup/sss from libnss-sss in position last sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e '/^netgroup:\s[^#]*$/ s/$/ sss/' -e '/^netgroup:\s.*#/ s/#/ sss #/' # Installing services/sss from libnss-sss in position last sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e '/^services:\s[^#]*$/ s/$/ sss/' -e '/^services:\s.*#/ s/#/ sss #/' # Installing automount/sss from libnss-sss in position last sed -E -i "${DPKG_ROOT}/etc/nsswitch.conf" -e '/^automount:\s[^#]*$/ s/$/ sss/' -e '/^automount:\s.*#/ s/#/ sss #/' fi fi # End automatically added section --8<---------------cut here---------------end--------------->8--- The problem is that, when libsss-sudo is installed before libsss-nss, there will already be an entry containing "sss" in /etc/nsswitch.conf. Because of that, the snippet above doesn't get executed and the nsswitch.conf file isn't updated. I read dh_installnss' manpage and source code but I couldn't find an easy way to workaround this problem. Ideally, the first grep should be trying to match the db's specified at the debian/*.nss file, instead of using a generic match. Thanks, -- Sergio GPG key ID: 237A 54B1 0287 28BF 00EF 31F4 D0EB 7628 65FC 5E36 Please send encrypted e-mail if possible https://sergiodj.net/
signature.asc
Description: PGP signature