Bug#593878: [Pkg-openldap-devel] Bug#593878: slapd upgrade/start fails when authz-regex / access statements are used in local config
Hi,
Excerpts from Peter Marschall's message of Sat Aug 21 15:30:23 -0400 2010:
>
> The attached patch to debian/slapd.script-common fixes the problem:
> - it check for the existence a bit more flexibly
> - and adds the clauses with {-1} prepended
> so that they get evaluated first (making use of the fact that slapd's
> conversion logic starts with X=0 ;-))
>
> With this patch applied and slapd re-compiled locally the upgrade works
> without problems
>
> --- openldap-2.4.32/debian/slapd.scripts-common
> +++ openldap-2.4.32/debian/slapd.scripts-common
> @@ -137,16 +137,16 @@
> SLAPD_CONF=/etc/ldap/slapd.d
>
> # Add the localroot authz mapping
> -if ! grep -q -E '^olcAuthzRegexp:
> gidNumber=\[\[:digit:]]\+\\\+uidNumber=0,cn=peercred,cn=external,cn=auth
> cn=localroot,cn=config' "${SLAPD_CONF}/cn=config.ldif"; then
> -sed -i 's/^\(structuralObjectClass:
> olcGlobal\)/olcAuthzRegexp:
> gidNumber=[[:digit:]]+\\+uidNumber=0,cn=peercred,cn=external,cn=auth
> cn=localroot,cn=config\n\0/' "${SLAPD_CONF}/cn=config.ldif"
> +if ! grep -q -E '^olcAuthzRegexp:
> ({.*})?gidNumber=\[\[:digit:]]\+\\\+uidNumber=0,cn=peercred,cn=external,cn=auth
> cn=localroot,cn=config' "${SLAPD_CONF}/cn=config.ldif"; then
> +sed -i 's/^\(structuralObjectClass:
> olcGlobal\)/olcAuthzRegexp:
> {-1}gidNumber=[[:digit:]]+\\+uidNumber=0,cn=peercred,cn=external,cn=auth
> cn=localroot,cn=config\n\0/' "${SLAPD_CONF}/cn=config.ldif"
> fi
I'd suggest to bypass the use of AuthzRegexp mapping to
cn=localroot,cn=config and use
gidNumber=[[:digit:]]+\\+uidNumber=0,cn=peercred,cn=external,cn=auth
directly in the ACL.
Ubuntu used AuthzRegexp during the first upgrade to slapd.d but I've
simplified the upgrade by dropping the auth mapping and just adding
olcAccess lines:
# Grant manage access to connections made by the root user via
# SASL EXTERNAL
if previous_version_older 2.4.21-0ubuntu5 ; then
if [ -d "$SLAPD_CONF" ]; then
# Stick the new olcAccess at the begining of the
# olcAccess list (using an index of 0 *and*
# adding it as early as possible in the ldif file)
# to make sure that local root has access to the
# database no matter what other acls say.
sed -i 's/^\(olcDatabase: {-1}frontend\)/\0\nolcAccess:
{0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage by * break/' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
sed -i 's/^\(olcDatabase: {0}config\)/\0\nolcAccess:
{0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage by * break/' "${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif"
fi
fi
This makes the whole configuration easier to understand IMO.
I've also implemented an alternate solution to using an index of -1:
The olcAccess lines are inserted at the very beginning of the ldif
file with an index set to 0 so that ACL defined by them are
applied first. slapd seems to sort first on index (0 being lowest) and
then by order of appearance in the ldif file.
I don't know which of the two solutions upstream supports the best.
--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#593771: whois: Split mkpasswd in own binary package
Package: whois Severity: wishlist User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu maverick mkpasswd could shipped a different binary package given that its functionality is not related to the whois package [1] [1]: https://bugs.launchpad.net/ubuntu/+source/whois/+bug/284416 Doing so would require some work on i18n front as mentioned in Ubuntu bug 601803 [2]: [2]: https://bugs.launchpad.net/ubuntu/+source/whois/+bug/601803 -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-24-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages whois depends on: ii libc6 2.11.1-0ubuntu7.2 Embedded GNU C Library: Shared lib ii libidn11 1.15-2GNU Libidn library, implementation whois recommends no packages. whois suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#571129: puppet: Package templates and modules (updated patch)
Package: puppet Version: 0.25.4-2ubuntu6 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu maverick ubuntu-patch I've attached an updated version of the patch that includes both templates and modules directories in puppet-common. -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-22-generic (SMP w/4 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages puppet depends on: ii adduser 3.112ubuntu1add and remove users and groups ii facter 1.5.6-2ubuntu2 a library for retrieving facts fro ii libopenssl-ruby 4.2 OpenSSL interface for Ruby ii libruby [libxmlrpc-ruby] 4.2 Libraries necessary to run Ruby 1. ii libshadow-ruby1.81.4.1-8build1 Interface of shadow password for R ii libxmlrpc-ruby 4.2 transitional dummy package ii lsb-base 4.0-0ubuntu8Linux Standard Base 4.0 init scrip ii puppet-common0.25.4-2ubuntu6 common files for puppet and puppet ii ruby1.8 1.8.7.249-2 Interpreter of object-oriented scr Versions of packages puppet recommends: ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas bindings for the Ruby langu ii rdoc 4.2Generate documentation from ruby s Versions of packages puppet suggests: ii etckeeper0.41ubuntu3 store /etc in git, mercurial, bzr pn puppet-el (no description available) ii vim-puppet 0.25.4-2ubuntu6 Vim syntax highlighting for puppet -- no debconf information === modified file 'debian/puppet-common.dirs' --- debian/puppet-common.dirs 2010-04-03 04:36:57 + +++ debian/puppet-common.dirs 2010-06-03 19:49:14 + @@ -1,5 +1,7 @@ etc/puppet etc/puppet/manifests +etc/puppet/templates +etc/puppet/modules usr/lib/ruby/1.8 var/lib/puppet var/log/puppet === modified file 'debian/rules' --- debian/rules2010-04-16 04:20:43 + +++ debian/rules2010-06-03 19:56:13 + @@ -79,6 +79,9 @@ dh_installexamples examples/* + $(INSTALL) -d -m0775 $(pkgconfdir)/templates + $(INSTALL) -d -m0775 $(pkgconfdir)/modules + # Logcheck rules. Gee I wish you could specify a file to source # in dh_installlogcheck. ln ext/logcheck/puppet debian/puppet-common.logcheck.ignore.server
Bug#571127: puppet: Updated patch
Package: puppet
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu maverick ubuntu-patch
I've attached an updated version of the patch against the latest
revision in the git repository.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-22-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages puppet depends on:
ii adduser 3.112ubuntu1add and remove users and groups
ii facter 1.5.6-2ubuntu2 a library for retrieving facts fro
ii libopenssl-ruby 4.2 OpenSSL interface for Ruby
ii libruby [libxmlrpc-ruby] 4.2 Libraries necessary to run Ruby 1.
ii libshadow-ruby1.81.4.1-8build1 Interface of shadow password for R
ii libxmlrpc-ruby 4.2 transitional dummy package
ii lsb-base 4.0-0ubuntu8Linux Standard Base 4.0 init scrip
ii puppet-common0.25.4-2ubuntu6 common files for puppet and puppet
ii ruby1.8 1.8.7.249-2 Interpreter of object-oriented scr
Versions of packages puppet recommends:
ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas bindings for the Ruby langu
ii rdoc 4.2Generate documentation from ruby s
Versions of packages puppet suggests:
ii etckeeper0.41ubuntu3 store /etc in git, mercurial, bzr
pn puppet-el (no description available)
ii vim-puppet 0.25.4-2ubuntu6 Vim syntax highlighting for puppet
-- no debconf information
=== added file 'debian/README.Debian'
--- debian/README.Debian1970-01-01 00:00:00 +
+++ debian/README.Debian2010-06-03 19:37:03 +
@@ -0,0 +1,8 @@
+puppet for Debian
+--
+
+The default puppet configuration in Debian will automatically integrate with
+etckeeper if etckeeper is installed. puppet will automatically commit any
+changes made to files in /etc via etckeeper before and after its run.
+
+ -- Mathias Gug Thu, 25 Feb 2010 12:12:37 -0500
=== modified file 'debian/control'
--- debian/control 2010-04-25 22:16:41 +
+++ debian/control 2010-06-03 19:37:42 +
@@ -14,7 +14,7 @@
Architecture: all
Depends: ${misc:Depends}, ruby1.8, libxmlrpc-ruby, libopenssl-ruby,
libshadow-ruby1.8, adduser, facter, lsb-base, puppet-common (=
${source:Version})
Recommends: rdoc, libaugeas-ruby1.8
-Suggests: puppet-el, vim-puppet, libselinux-ruby1.8
+Suggests: puppet-el, vim-puppet, libselinux-ruby1.8, etckeeper
Description: centralised configuration management for networks
Puppet lets you centrally manage every important aspect of your system
using a cross-platform specification language that manages all the
=== added file 'debian/etckeeper-commit-post'
--- debian/etckeeper-commit-post1970-01-01 00:00:00 +
+++ debian/etckeeper-commit-post2010-06-03 19:37:03 +
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+which etckeeper > /dev/null 2>&1 || exit 0
+
+etckeeper commit "committing changes in /etc after puppet catalog run"
+
+# Failure of etckeeper should not be fatal.
+# For example if there aren't any changes to be commited etckeeper returns
+# a non-zero status for now.
+exit 0
=== added file 'debian/etckeeper-commit-pre'
--- debian/etckeeper-commit-pre 1970-01-01 00:00:00 +
+++ debian/etckeeper-commit-pre 2010-06-03 19:37:03 +
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+which etckeeper > /dev/null 2>&1 || exit 0
+
+etckeeper commit "saving uncommitted changes in /etc prior to puppet catalog
run"
+
+# Failure of etckeeper should not be fatal.
+# For example if there aren't any changes to be commited etckeeper returns
+# a non-zero status for now.
+exit 0
=== modified file 'debian/puppet.conf'
--- debian/puppet.conf 2010-03-15 22:05:43 +
+++ debian/puppet.conf 2010-06-03 19:37:03 +
@@ -5,3 +5,5 @@
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
+prerun_command=/etc/puppet/etckeeper-commit-pre
+postrun_command=/etc/puppet/etckeeper-commit-post
=== modified file 'debian/rules'
--- debian/rules2010-04-16 04:20:43 +
+++ debian/rules2010-06-03 19:37:03 +
@@ -77,6 +77,12 @@
$(INSTALL) -m0644 ext/rack/files/config.ru \
$(CURDIR)/debian/puppetmaster/usr/share/puppet/rack/puppetmasterd
+ # etckeeper integration
+ $(INSTALL) -m0755 debian/etckeeper-commit-pre \
+ $(CURDIR)/debian/puppet/etc/p
Bug#584481: puppet: Fix init service provider to support upstart jobs
Package: puppet
Version: 0.25.4-2ubuntu6
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu maverick ubuntu-patch
In Ubuntu we've applied to following patch:
* Fix init service provider to correctly check the status of services
using upstart jobs (LP: #551544).
This is a temporary workaround as long as initctl (upstart) doesn't
properly return exit code for the status command. The long term option
is to write a native upstart provider for puppet. For the time being
this fix helps in supporting the status option in puppet.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-22-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages puppet depends on:
ii adduser 3.112ubuntu1add and remove users and groups
ii facter 1.5.6-2ubuntu2 a library for retrieving facts fro
ii libopenssl-ruby 4.2 OpenSSL interface for Ruby
ii libruby [libxmlrpc-ruby] 4.2 Libraries necessary to run Ruby 1.
ii libshadow-ruby1.81.4.1-8build1 Interface of shadow password for R
ii libxmlrpc-ruby 4.2 transitional dummy package
ii lsb-base 4.0-0ubuntu8Linux Standard Base 4.0 init scrip
ii puppet-common0.25.4-2ubuntu6 common files for puppet and puppet
ii ruby1.8 1.8.7.249-2 Interpreter of object-oriented scr
Versions of packages puppet recommends:
ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas bindings for the Ruby langu
ii rdoc 4.2Generate documentation from ruby s
Versions of packages puppet suggests:
ii etckeeper0.41ubuntu3 store /etc in git, mercurial, bzr
pn puppet-el (no description available)
ii vim-puppet 0.25.4-2ubuntu6 Vim syntax highlighting for puppet
-- no debconf information
=== modified file 'lib/puppet/provider/service/init.rb'
--- lib/puppet/provider/service/init.rb 2010-01-09 06:10:39 +
+++ lib/puppet/provider/service/init.rb 2010-06-03 18:54:20 +
@@ -134,7 +134,15 @@
# we just return that; otherwise, we return false, which causes it to
# fallback to other mechanisms.
def statuscmd
-(@resource[:hasstatus] == :true) && [initscript, :status]
+if @resource[:hasstatus] == :true then
+# Workaround the fact that initctl status command doesn't return
+# proper exit codes. Can be removed once LP: #552786 is fixed.
+if File.symlink?(initscript) && File.readlink(initscript) ==
"/lib/init/upstart-job" then
+['sh', '-c', "LANG=C invoke-rc.d #{File::basename(initscript)}
status | grep -q '^#{File::basename(initscript)}.*running'" ]
+else
+[initscript, :status ]
+end
+end
end
end
Bug#584480: puppet: Package test suites
Package: puppet
Version: 0.25.4-2ubuntu6
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu maverick ubuntu-patch
Here is a patch to create a binary package (puppet-testsuite) that ships
all the tests available from the upstream source code. The test suites
can then be run by installing the package and running the tests directly
from /usr/share/puppet-testsuite/.
This was done at the request of the Ubuntu security team in order to
improve the QA process for the puppet package (in order to move it to
main). The best option would be to run it during the package build
process - however it would require more integration. Providing the tests
as part of a binary packages is the first step towards that goal.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-22-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages puppet depends on:
ii adduser 3.112ubuntu1add and remove users and groups
ii facter 1.5.6-2ubuntu2 a library for retrieving facts fro
ii libopenssl-ruby 4.2 OpenSSL interface for Ruby
ii libruby [libxmlrpc-ruby] 4.2 Libraries necessary to run Ruby 1.
ii libshadow-ruby1.81.4.1-8build1 Interface of shadow password for R
ii libxmlrpc-ruby 4.2 transitional dummy package
ii lsb-base 4.0-0ubuntu8Linux Standard Base 4.0 init scrip
ii puppet-common0.25.4-2ubuntu6 common files for puppet and puppet
ii ruby1.8 1.8.7.249-2 Interpreter of object-oriented scr
Versions of packages puppet recommends:
ii libaugeas-ruby1.8 0.2.0-2ubuntu3 Augeas bindings for the Ruby langu
ii rdoc 4.2Generate documentation from ruby s
Versions of packages puppet suggests:
ii etckeeper0.41ubuntu3 store /etc in git, mercurial, bzr
pn puppet-el (no description available)
ii vim-puppet 0.25.4-2ubuntu6 Vim syntax highlighting for puppet
-- no debconf information
=== modified file 'debian/control'
--- debian/control 2010-04-25 22:16:41 +
+++ debian/control 2010-06-03 19:04:24 +
@@ -81,3 +81,15 @@
Conflicts: puppet (<< ${source:Version})
Description: Emacs syntax highlighting for puppet manifests
The puppet-el package provides syntax highlighting for puppet manifests
+
+Package: puppet-testsuite
+Architecture: all
+Depends: ${misc:Depends}, ruby1.8, puppet (= ${source:Version}), facter,
lsb-base, rails (>= 1.2.3-2), rdoc, libldap-ruby1.8, mongrel, librspec-ruby,
puppetmaster, git-core
+Description: centralized configuration management control for networks
+ Puppet lets you centrally manage every important aspect of your system
+ using a cross-platform specification language that manages all the
+ seperate elements normally aggregated in different files, like users,
+ cron jobs, and hosts, along with obviously discrete elements like
+ packages, services, and files.
+ .
+ This package contains the testsuite for puppet.
=== added file 'debian/puppet-testsuite.install'
--- debian/puppet-testsuite.install 1970-01-01 00:00:00 +
+++ debian/puppet-testsuite.install 2010-06-03 19:04:24 +
@@ -0,0 +1,3 @@
+test/* /usr/share/puppet-testsuite/test
+spec/* /usr/share/puppet-testsuite/spec
+Rakefile /usr/share/puppet-testsuite/
=== modified file 'spec/spec_helper.rb'
--- spec/spec_helper.rb 2009-12-12 21:42:13 +
+++ spec/spec_helper.rb 2010-06-03 19:04:24 +
@@ -18,7 +18,7 @@
require 'puppettest'
require 'puppettest/runnable_test'
require 'mocha'
-gem 'rspec', '>=1.2.2'
+#gem 'rspec', '>=1.2.2'
require 'spec/autorun'
# So everyone else doesn't have to include this base constant.
Bug#574677: puppetmaster init stop fails if daemon is not running
Package: puppet
Version: 0.25.4-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch
*** /tmp/tmpijiw5c
In Ubuntu, we've applied the attached patch to achieve the following:
* debian/puppetmaster.init: Fix init stop action to not fail if the
puppetmaster is already stopped.
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
=== modified file 'debian/puppetmaster.init'
--- debian/puppetmaster.init2010-03-11 12:42:32 +
+++ debian/puppetmaster.init2010-03-20 02:22:10 +
@@ -62,13 +62,13 @@
NUMSTART=0
STOPPORT=$PORT
while [ $NUMSTART -lt $PUPPETMASTERS ]; do
- start-stop-daemon --stop --quiet --pidfile
/var/run/puppet/${NAME}-${STOPPORT}.pid
+ start-stop-daemon --stop --quiet --oknodo --pidfile
/var/run/puppet/${NAME}-${STOPPORT}.pid
rm -f /var/run/puppet/${NAME}-${STOPPORT}.pid
STOPPORT=$(($STOPPORT + 1))
NUMSTART=$(($NUMSTART + 1))
done
else
- start-stop-daemon --stop --quiet --pidfile /var/run/puppet/${NAME}.pid
+ start-stop-daemon --stop --quiet --oknodo --pidfile
/var/run/puppet/${NAME}.pid
fi
}
Bug#573430: [Pkg-puppet-devel] Bug#573430: provide $vardir/modules
On Fri, Mar 12, 2010 at 09:56:43AM +0100, martin f krafft wrote: > also sprach Mathias Gug [2010.03.11.1731 +0100]: > > Micah suggested something similar in bug 571129 [1]. In bug 571130 > > [2] I raised the question on whether modules/ (and templates/ and > > files/) should be located in /var/lib/puppet/ or /etc/puppet. It > > seems to me that all of these directories should be located in the > > same place. > > I disagree. Configuration files — and templates are such — should > live in /etc, and files dynamically created and modified by puppet > should be in /var/lib. > Agreed. > /var/lib/puppet/modules is simply a canonical location to give > modules space for dyanmically managed files. > IIRC modules/ are actually puppet classes, manifests, files and templates. They're *not* dynamically generated by puppet when compiling a manifest. They're put in place by the system administrator from various ressources (either repositories checkouts or by writing modules himself). According to the definition above modules/ should be in /etc/ then. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com signature.asc Description: Digital signature
Bug#573473: puppetmaster and puppet scripts always return 0
Package: puppet
Version: 0.25.4-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch
*** /tmp/tmpTCsRse
In Ubuntu, we've applied the attached patch to achieve the following:
[ Angel Abad ]
* Fix return codes puppetmaster.init and puppet.init (LP: #527860)
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
=== modified file 'debian/puppet.init'
--- debian/puppet.init 2010-02-01 12:31:58 +
+++ debian/puppet.init 2010-03-11 17:22:13 +
@@ -55,17 +55,17 @@
start)
log_begin_msg "Starting $DESC"
start_puppet
- log_end_msg 0
+ log_end_msg $?
;;
stop)
log_begin_msg "Stopping $DESC"
stop_puppet
- log_end_msg 0
+ log_end_msg $?
;;
reload)
log_begin_msg "Reloading $DESC"
reload_puppet
- log_end_msg 0
+ log_end_msg $?
;;
status)
status_puppet
@@ -75,12 +75,10 @@
stop_puppet
sleep 1
start_puppet
- log_end_msg 0
+ log_end_msg $?
;;
*)
echo "Usage: $0 {start|stop|status|restart|force-reload|reload}" >&2
exit 1
;;
esac
-
-exit 0
=== modified file 'debian/puppetmaster.init'
--- debian/puppetmaster.init2010-02-01 12:31:58 +
+++ debian/puppetmaster.init2010-03-11 17:22:13 +
@@ -116,12 +116,10 @@
stop_puppetmaster
sleep 1
start_puppetmaster
- log_end_msg 0
+ log_end_msg $?
;;
*)
echo "Usage: $0 {start|stop|status|restart|force-reload}" >&2
exit 1
;;
esac
-
-exit 0
Bug#573430: [Pkg-puppet-devel] Bug#573430: provide $vardir/modules
On Thu, Mar 11, 2010 at 02:05:50PM +0100, martin f krafft wrote: > The idea comes from David Schmitt's common module, which creates > /var/lib/puppet/modules/common to store stuff the module needs. > I think it would make sense to create /var/lib/puppet/modules by the > puppet package so that other modules can just drop their own > directories in there without each and every one of them having to > jump through hoops to ensure existence of the parent. > Micah suggested something similar in bug 571129 [1]. In bug 571130 [2] I raised the question on whether modules/ (and templates/ and files/) should be located in /var/lib/puppet/ or /etc/puppet. It seems to me that all of these directories should be located in the same place. In bug 484659 [3] you've suggested that templates should be in /etc/puppet/ instead of /var/lib/puppet/. [1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571129#10 [2]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571130#60 [3]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484659 -- Mathias Gug Ubuntu Developer http://www.ubuntu.com signature.asc Description: Digital signature
Bug#571130: [Pkg-puppet-devel] Bug#571130: puppet-common: Package purge should remove all puppet directories
On Wed, Feb 24, 2010 at 11:01:19PM +, Stephen Gran wrote: > > We've gone around this sort of argument several times since I've been > involved with Debian, and the outcome has always seemed to be: do not > throw away user data. As this has already been discussed many times I don't want reopen the debate and I'll keep in mind the expectations in designing the proper solution. > The Right Thing(TM) would be to only delete what > is shipped with puppet and use rmdir /etc/puppet at the end. I guess that would also apply to /var/lib/puppet/? -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#571127: [Pkg-puppet-devel] Bug#571127: etckeeper integration with puppet pre/post commit hooks
Hi, On Wed, Feb 24, 2010 at 06:15:22PM -0500, micah anderson wrote: > > On Tue, 23 Feb 2010 13:00:22 -0500, Mathias Gug wrote: > > this functionality exists in puppet already with the > clientbucket/filebucket (and I might even suggest is better because you > can ship things offsite)... but I guess some people might want to use > etckeeper for this purpose. I admit, it is an interesting idea. > Agreed. Another advantage of using etckeeper is the integration with apt (which is the model used to implement etckeeper support in puppet). > I cannot think of a scenario where someone might have etckeeper > installed, but not want this to happen after every puppet run, but do > you have any idea what happens if etckeeper is installed, but 'etckeeper > init' has not been run? > etckeeper init is run by etckeeper postinst script on fresh install. > What about a Suggests: etckeeper in debian/control? I didn't see that in > the patch, or any information in a README that indicates that someone > could use etckeeper with the package. The missing documentation makes me > feel like this is too much of a hidden feature, a simple one or two > lines in the README.Debian would suffice IMHO. > Agreed. Suggests would definitely be a good choice. I've even considered a Recommends as keeping etc/ under version control is a very good sysadmin practice. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com signature.asc Description: Digital signature
Bug#571130: [Pkg-puppet-devel] Bug#571130: puppet-common: Package purge should remove all puppet directories
On Wed, Feb 24, 2010 at 02:48:44PM -0800, Russ Allbery wrote: > Mathias Gug writes: > > > Considering that puppet templates are stored under > > /etc/puppet/templates/ purging the puppet-common package would *not* > > remove the local templates. Upon package re-installation the old > > templates files would still be around - defeating the intent of purging > > a package in order to start a new configuration from scratch. > > What templates specifically are we talking about here? If these are files > installed by the package, they should be deleted on purge via a list of > the specific files that might be installed. Nope - there are not files installed by the package. > If they're files that are > installed as part of running Puppet, aren't they in the wrong location? > That's correct. Debian bug 484659 covers the reason for moving templates/ to /etc/puppet/. It seems that manifests/, templates/ and files/ directories should all be located under the same directory. The question seems to be whether they should all be in /var/lib/puppet/ or /etc/puppet/. Files located in these directories are site specific and are part of "running" puppet. May be they should all be moved to /var/lib/puppet/? -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#571130: [Pkg-puppet-devel] Bug#571130: Bug#571130: puppet-common: Package purge should remove all puppet directories
On Thu, Feb 25, 2010 at 08:45:38AM +1000, Andrew Pollock wrote: > > Do the templates need to be in /etc/templates? I think that was a change in > behaviour between the Ubuntu package and the Debian package. > Correct. That was a difference implemented in Ubuntu as the result of the package review to move puppet into main [1]. It turns out that the review points back to Debian bug 484659 which was fixed later in Debian. [1]: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/408297 [2]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484659 -- Mathias Gug Ubuntu Developer http://www.ubuntu.com signature.asc Description: Digital signature
Bug#571130: [Pkg-puppet-devel] Bug#571130: puppet-common: Package purge should remove all puppet directories
On Wed, Feb 24, 2010 at 01:35:35PM -0800, Russ Allbery wrote: > Mathias Gug writes: > > > Agreed - that's the point of view of never ever delete a file created by > > the user. OTOH by purging a package one may want to start a new > > configuration from scratch in a well-known state (which means that there > > aren't any files left over from a previous package installation). > > Right, which is why you remove all files owned by the package. But rm -rf > of the entire directory goes beyond that. I think purge should rm -f each > file in /etc/puppet that is installed by the package, and then remove the > /etc/puppet directory if it's empty. > Considering that puppet templates are stored under /etc/puppet/templates/ purging the puppet-common package would *not* remove the local templates. Upon package re-installation the old templates files would still be around - defeating the intent of purging a package in order to start a new configuration from scratch. I guess the correct solution depends on what are the expectations about the state of a purged package and how the package should behave upon reinstallation after purge. Another solution could be to move the content of /etc/puppet/ to /var/backups/puppet-version_something/ *before* rm -rf /etc/puppet/. That way local files are not lost on package purge and could be rescued by the local user while still providing a clean start configuration if the package gets reinstalled. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#571130: [Pkg-puppet-devel] Bug#571130: puppet-common: Package purge should remove all puppet directories
On Wed, Feb 24, 2010 at 12:43:31PM -0800, Russ Allbery wrote: > Mathias Gug writes: > > On Tue, Feb 23, 2010 at 04:16:29PM -0800, Russ Allbery wrote: > > >> This is arguably a Debian policy violation because it would delete any > >> other local administrator configuration files in /etc/puppet. > > > Section 10.7.3 mentions: > > * configuration files must be preserved when the package is removed, > > and only deleted when the package is purged. > > That's the arguable part. I don't know of anything in Policy that > specifically says that you can't do this, but deleting files in /etc that > aren't owned by the package seems obviously contrary to the spirit of the > Policy rules around handling configuration files to me. > Agreed - that's the point of view of never ever delete a file created by the user. OTOH by purging a package one may want to start a new configuration from scratch in a well-known state (which means that there aren't any files left over from a previous package installation). -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#571130: [Pkg-puppet-devel] Bug#571130: puppet-common: Package purge should remove all puppet directories
On Tue, Feb 23, 2010 at 04:16:29PM -0800, Russ Allbery wrote: > Mathias Gug writes: > > > + # Remove puppet directories > > + rm -rf /etc/puppet/ > > This is arguably a Debian policy violation because it would delete any > other local administrator configuration files in /etc/puppet. Could you specify which portion of the Debian policy deals with configuration files created by the local administrator? Section 10.7.3 mentions: * configuration files must be preserved when the package is removed, and only deleted when the package is purged. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#571130: puppet-common: Package purge should remove all puppet directories
Package: puppet-common Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu lucid ubuntu-patch In Ubuntu we've applied the following patch: * debian/puppet-common.postrm: - On purge delete all puppet directories: /etc/puppet, /var/log/puppet and /var/lib/puppet. IIUC /var/lib/puppet isn't deleted when the puppet package was purged because it would break puppetmaster. Now that common files are shared with the puppet-common package, purging the puppet package shouldn't break puppetmaster anymore. Moreover log files should be removed when the package is purged. -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash === modified file 'debian/puppet-common.postrm' --- debian/puppet-common.postrm 2010-02-16 06:30:55 + +++ debian/puppet-common.postrm 2010-02-16 14:39:11 + @@ -2,11 +2,10 @@ case "$1" in purge) - # Remove puppetd.conf (used in > 0.24) - rm -f /etc/puppet/puppetd.conf - - # Remove explicitly created state directory - rm -rf /var/lib/puppet/state + # Remove puppet directories + rm -rf /etc/puppet/ + rm -rf /var/lib/puppet/ + rm -rf /var/log/puppet/ ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
Bug#571129: Ship templates directory as part of puppet-common
Package: puppet-common Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu lucid ubuntu-patch In Ubuntu we've applied to following patch: * debian/rules, debian/puppet-common.dirs: - Create templates directory in puppet config directory and include it in puppet-common directory. You may be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash === modified file 'debian/puppet-common.dirs' --- debian/puppet-common.dirs 2010-02-01 12:31:58 + +++ debian/puppet-common.dirs 2010-02-16 14:39:11 + @@ -1,4 +1,5 @@ etc/puppet/manifests +etc/puppet/templates usr/lib/ruby/1.8 var/lib/puppet var/log/puppet === modified file 'debian/rules' --- debian/rules2010-02-01 12:31:58 + +++ debian/rules2010-02-16 14:39:11 + @@ -69,6 +69,8 @@ dh_installexamples examples/* + $(INSTALL) -d -m0775 $(pkgconfdir)/templates + # Logcheck rules. Gee I wish you could specify a file to source # in dh_installlogcheck. ln ext/logcheck/puppet debian/puppet-common.logcheck.ignore.server
Bug#571127: etckeeper integration with puppet pre/post commit hooks
Package: puppet Version: 0.25.4-2 Severity: wishlist Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu lucid ubuntu-patch *** /tmp/tmpc9TUKP In Ubuntu, we've applied the attached patch to achieve the following: * etckeeper integration (server-lucid-puppet-etckeeper-integration): - debian/etckeeper-commit-post, debian/etckeeper-commit-pre: + Call "etckeeper commit" before and after catalog runs. Silently bail out if etckeeper is not available. - debian/puppet.conf: + Call out to the etckeeper hooks using the new prerun_command, and postrun_command hooks. - debian/rules: + Install the etckeeper hook scripts in /etc/puppet. We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash === modified file 'debian/changelog' === added file 'debian/etckeeper-commit-post' --- debian/etckeeper-commit-post1970-01-01 00:00:00 + +++ debian/etckeeper-commit-post2010-02-23 17:53:37 + @@ -0,0 +1,10 @@ +#!/bin/sh + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +which etckeeper > /dev/null 2>&1 || exit 0 + +etckeeper commit "committing changes in /etc after puppet catalog run" + +# Failure of etckeeper should not be fatal. +exit 0 === added file 'debian/etckeeper-commit-pre' --- debian/etckeeper-commit-pre 1970-01-01 00:00:00 + +++ debian/etckeeper-commit-pre 2010-02-23 17:53:37 + @@ -0,0 +1,10 @@ +#!/bin/sh + +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +which etckeeper > /dev/null 2>&1 || exit 0 + +etckeeper commit "saving uncommitted changes in /etc prior to puppet catalog run" + +# Failure of etckeeper should not be fatal. +exit 0 === modified file 'debian/puppet.conf' --- debian/puppet.conf 2010-02-16 06:30:55 + +++ debian/puppet.conf 2010-02-23 17:53:37 + @@ -6,3 +6,5 @@ factpath=$vardir/lib/facter pluginsync=true templatedir=$confdir/templates +prerun_command=/etc/puppet/etckeeper-commit-pre +postrun_command=/etc/puppet/etckeeper-commit-post === modified file 'debian/rules' --- debian/rules2010-02-16 14:39:11 + +++ debian/rules2010-02-23 17:53:37 + @@ -67,6 +67,12 @@ $(INSTALL) -m0644 ext/emacs/puppet-mode.el \ $(CURDIR)/debian/puppet-el/usr/share/emacs/site-lisp/puppet-mode.el + # etckeeper integration + $(INSTALL) -m0755 debian/etckeeper-commit-pre \ + $(CURDIR)/debian/puppet/etc/puppet/etckeeper-commit-pre + $(INSTALL) -m0755 debian/etckeeper-commit-post \ + $(CURDIR)/debian/puppet/etc/puppet/etckeeper-commit-post + dh_installexamples examples/* $(INSTALL) -d -m0775 $(pkgconfdir)/templates
Bug#570012: puppetmaster fails to start: puppet user missing
Package: puppetmaster Severity: normal While trying to install puppetmaster *without* the puppet package the puppetmaster daemon failed to start: Setting up puppetmaster (0.25.4-1ubuntu1) ... chown: invalid user: `puppet:puppet' * Starting puppet configuration management tool master server * Could not prepare for execution: Got 6 failure(s) while initializing: * change from absent to directory failed: Could not find group puppet; * change from absent to directory failed: Could not find group puppet; * change from absent to directory failed: Could not find group puppet; * change from absent to directory failed: Could not find group puppet; * change from absent to directory failed: Could not find group puppet; * Failed to retrieve current state of resource: Could not find group * puppet [fail] The puppet user and group are created as part of the puppet postinst script. This should probably be moved to the puppet-common package instead. -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100215203741.20720.62026.report...@mathiaz-srv.lan
Bug#567418: dict-jargon: Use w3m instead of elinks to build jargon.txt
Package: dict-jargon
Version: 4.4.7-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu lucid ubuntu-patch
*** /tmp/tmpehp15g
In Ubuntu, we've applied the attached patch to achieve the following:
* Replace elinks with w3m.
We thought you might be interested in doing the same.
We're trying to replace elinks with w3m wherever possible.
-- System Information:
Debian Release: squeeze/sid
APT prefers lucid-updates
APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
=== modified file 'debian/control'
--- debian/control 2009-06-20 19:03:13 +
+++ debian/control 2010-01-28 23:15:59 +
@@ -1,9 +1,10 @@
Section: text
Priority: optional
Build-Depends: quilt, debhelper (>= 7)
-Build-Depends-Indep: xmlto, elinks-lite, dictfmt, dictzip
+Build-Depends-Indep: xmlto, w3m, dictfmt, dictzip
Standards-Version: 3.8.2
Homepage: http://catb.org/jargon/
=== modified file 'debian/jargon2dict.sh'
--- debian/jargon2dict.sh 2009-01-29 21:47:29 +
+++ debian/jargon2dict.sh 2010-01-28 23:00:33 +
@@ -42,8 +42,8 @@
sed -i "s/\o264/'/" jargon-web.html
echo " [+] dumping plain-text version"
- ELINKSOPTS="-dump -dump-width 79 -no-numbering 1 -no-references 1"
- elinks $ELINKSOPTS jargon-web.html > jargon.txt
+ W3MOPTS="-dump"
+ w3m $W3MOPTS jargon-web.html > jargon.txt
extract() { # usage: extract 'first string' 'second string'
Bug#566078: dictionaries-common: Use w3m instead of elinks to build the txt version of the policy
Package: dictionaries-common Version: 1.4.0 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu lucid ubuntu-patch *** /tmp/tmpIuKu_L In Ubuntu, we've applied the attached patch to achieve the following: * Makefile.in, debian/control: use w3m instead of elinks to build the documentation. We thought you might be interested in doing the same. We're trying to move elinks out of the main repository and use w3m as the default html text browser. Both version of the txt manual can be found at: * http://people.canonical.com/~mathiaz/dictionaries-common-policy/dsdt-policy.elinks.txt * http://people.canonical.com/~mathiaz/dictionaries-common-policy/dsdt-policy.w3m.txt -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash === modified file 'Makefile.in' --- Makefile.in 2009-05-14 08:30:40 + +++ Makefile.in 2010-01-20 23:50:12 + @@ -116,7 +116,7 @@ /usr/share/sgml/declaration/xml.decl $< > $@ %.txt: %.html - elinks -dump -dump-charset iso-8859-1 $< | perl -pi -e 's/\015 *//g' > $@ + w3m -dump $< | perl -pi -e 's/\015 *//g' > $@ # === modified file 'debian/changelog' === modified file 'debian/control' --- debian/control 2009-11-16 20:35:00 + +++ debian/control 2010-01-20 23:50:12 + @@ -4,7 +4,7 @@ Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Agustin Martin Domingo Uploaders: Rene Engelhard -Build-Depends-Indep: docbook-xml, docbook-dsssl, jade, elinks, slice, +Build-Depends-Indep: docbook-xml, docbook-dsssl, jade, w3m, slice, autoconf, recode Build-Depends: debhelper (>= 7), dpatch (>= 2.0.9) Homepage: http://dict-common.alioth.debian.org
Bug#566076: mutt: Use w3m to build the manual instead of elinks
Package: mutt Version: 1.5.20-5 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu lucid ubuntu-patch *** /tmp/tmpt0BBDj In Ubuntu, we've applied the attached patch to achieve the following: * debian/control, debian/patches/debian-specific/build_doc_adjustments.diff: use w3m instead of elinks for generating documentation. We thought you might be interested in doing the same. We're trying to move elinks out of the main repository and would like to use w3m instead. You can a find both manual pages for comparison at: * http://people.canonical.com/~mathiaz/mutt-manual/manual.elinks.html * http://people.canonical.com/~mathiaz/mutt-manual/manual.w3m.html They look the same altough the html diff is quite huge. I haven't investigate the actual differences. Another advantage is to drop one part of the debian specific patch, since upstream already supports building with w3m. Thanks, -- System Information: Debian Release: squeeze/sid APT prefers lucid-updates APT policy: (500, 'lucid-updates'), (500, 'lucid-security'), (500, 'lucid') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-25-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash === modified file 'debian/changelog' === modified file 'debian/control' --- debian/control 2009-12-02 22:38:00 + +++ debian/control 2010-01-20 23:18:09 + @@ -1,10 +1,11 @@ Source: mutt Section: mail Priority: standard -Maintainer: Christoph Berg +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Christoph Berg Uploaders: Antonio Radici Build-Depends: automake, debhelper (>> 7), docbook-xml, docbook-xsl, - elinks-lite | elinks, gawk, gettext, libgdbm-dev, libgnutls-dev, + w3m, gawk, gettext, libgdbm-dev, libgnutls-dev, libgpgme11-dev, libidn11-dev, libkrb5-dev, libncurses5-dev, libncursesw5-dev, libsasl2-dev, pkg-config, quilt, xsltproc, zlib1g-dev Standards-Version: 3.8.3 === modified file 'debian/patches/debian-specific/build_doc_adjustments.diff' --- debian/patches/debian-specific/build_doc_adjustments.diff 2009-06-27 23:52:24 + +++ debian/patches/debian-specific/build_doc_adjustments.diff 2010-01-20 23:18:09 + @@ -2,17 +2,6 @@ --- a/doc/Makefile.am +++ b/doc/Makefile.am -@@ -100,9 +100,7 @@ uninstall-local: - - check: - manual.txt: manual.html -- -LC_ALL=C lynx -dump -nolist -with_backspaces manual.html > $@ || \ -- LC_ALL=C w3m -dump manual.html > $@ || \ -- LC_ALL=C elinks -dump -no-numbering -no-references manual.html | sed -e 's,\\001, ,g' > $@ -+ LC_ALL=C elinks -dump -dump-charset utf8 -no-numbering -no-references $< > $@ - - Muttrc: stamp-doc-rc - @@ -114,10 +112,10 @@ stamp-doc-rc: $(top_srcdir)/init.h maked touch stamp-doc-rc
Bug#548419: mysql-server-5.0: Split package (embedded vs. stand-alone server)
Hi, Note that Ubuntu has already done the split for the same reasons (akonadi starts its own mysqld process). This is why there are two packages: mysql-server-core-5.1 and mysql-server-5.1. mysql-server-core-5.1 ships mysqld and the necessary files to get it up and running: /usr/sbin/mysqld /usr/share/doc/mysql-server-core-5.1/changelog.Debian.gz /usr/share/doc/mysql-server-core-5.1/changelog.gz /usr/share/doc/mysql-server-core-5.1/copyright /usr/share/man/man8/mysqld.8.gz /usr/share/mysql/charsets/Index.xml /usr/share/mysql/charsets/README /usr/share/mysql/charsets/armscii8.xml /usr/share/mysql/charsets/ascii.xml /usr/share/mysql/charsets/cp1250.xml /usr/share/mysql/charsets/cp1251.xml /usr/share/mysql/charsets/cp1256.xml /usr/share/mysql/charsets/cp1257.xml /usr/share/mysql/charsets/cp850.xml /usr/share/mysql/charsets/cp852.xml /usr/share/mysql/charsets/cp866.xml /usr/share/mysql/charsets/dec8.xml /usr/share/mysql/charsets/geostd8.xml /usr/share/mysql/charsets/greek.xml /usr/share/mysql/charsets/hebrew.xml /usr/share/mysql/charsets/hp8.xml /usr/share/mysql/charsets/keybcs2.xml /usr/share/mysql/charsets/koi8r.xml /usr/share/mysql/charsets/koi8u.xml /usr/share/mysql/charsets/latin1.xml /usr/share/mysql/charsets/latin2.xml /usr/share/mysql/charsets/latin5.xml /usr/share/mysql/charsets/latin7.xml /usr/share/mysql/charsets/macce.xml /usr/share/mysql/charsets/macroman.xml /usr/share/mysql/charsets/swe7.xml /usr/share/mysql/czech/errmsg.sys /usr/share/mysql/danish/errmsg.sys /usr/share/mysql/dutch/errmsg.sys /usr/share/mysql/english/errmsg.sys /usr/share/mysql/estonian/errmsg.sys /usr/share/mysql/french/errmsg.sys /usr/share/mysql/german/errmsg.sys /usr/share/mysql/greek/errmsg.sys /usr/share/mysql/hungarian/errmsg.sys /usr/share/mysql/italian/errmsg.sys /usr/share/mysql/japanese/errmsg.sys /usr/share/mysql/korean/errmsg.sys /usr/share/mysql/norwegian-ny/errmsg.sys /usr/share/mysql/norwegian/errmsg.sys /usr/share/mysql/polish/errmsg.sys /usr/share/mysql/portuguese/errmsg.sys /usr/share/mysql/romanian/errmsg.sys /usr/share/mysql/russian/errmsg.sys /usr/share/mysql/serbian/errmsg.sys /usr/share/mysql/slovak/errmsg.sys /usr/share/mysql/spanish/errmsg.sys /usr/share/mysql/swedish/errmsg.sys /usr/share/mysql/ukrainian/errmsg.sys The mysql-server-5.1 package ships the rest of the files, notably mysqld init script. Moreover akonadi depends on mysql-server-core rather than mysql-server. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com signature.asc Description: Digital signature
Bug#545760: mysql-dfsg-5.1: Don't upgrade if there is an ndb management node configured
Package: mysql-dfsg-5.1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic In Ubuntu, we've applied the attached patch to achieve the following: * Don't upgrade if there is an ndb management node configured. (LP: #413792). See https://bugs.launchpad.net/bugs/413792 for more information. -- System Information: Debian Release: squeeze/sid APT prefers karmic-updates APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic-proposed'), (500, 'karmic') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-9-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash === modified file 'debian/mysql-server-5.1.preinst' --- debian/mysql-server-5.1.preinst 2009-07-22 17:45:37 + +++ debian/mysql-server-5.1.preinst 2009-09-08 21:22:59 + @@ -49,7 +49,7 @@ this_version=5.1 # Abort if an NDB cluster is in use. -if egrep -q -r '^[^#]*ndb.connectstring' /etc/mysql/; then +if egrep -qi -r '^[^#]*ndb.connectstring|^[:space:]*\[[:space:]*ndb_mgmd' /etc/mysql/; then db_fset mysql-server/no_upgrade_when_using_ndb seen false || true db_input high mysql-server/no_upgrade_when_using_ndb || true db_go
Bug#545761: mysql-dfsg-5.1: Fix commented logging options to use general_log and general_log_file.
Package: mysql-dfsg-5.1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic In Ubuntu, we've applied the attached patch to achieve the following: The commented options in my.cnf about log_file have their named changed. -- System Information: Debian Release: squeeze/sid APT prefers karmic-updates APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic-proposed'), (500, 'karmic') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-9-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash === modified file 'debian/additions/my.cnf' --- debian/additions/my.cnf 2009-08-21 05:53:29 + +++ debian/additions/my.cnf 2009-08-10 14:52:35 + @@ -69,8 +75,8 @@ # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. # As of 5.1 you can enable the log at runtime! -#log_type = FILE -#general_log = /var/log/mysql/mysql.log +#general_log_file= /var/log/mysql/mysql.log +#general_log = 1 # # Error logging goes to syslog due to /etc/mysql/conf.d/mysqld_safe_syslog.cnf. #
Bug#538462: apr-util: Update libaprutil1-dev dependency to libmysqlclient-dev
Package: apr-util
Version: 1.3.9+dfsg-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
* Remove obsolete libmysqlclient15off dependency. Update libaprutil1-dev
dependency to libmysqlclient-dev.
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers karmic-updates
APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
diff -u apr-util-1.3.9+dfsg/debian/control apr-util-1.3.9+dfsg/debian/control
--- apr-util-1.3.9+dfsg/debian/control
+++ apr-util-1.3.9+dfsg/debian/control
@@ -104,7 +105,7 @@
Package: libaprutil1-dev
Architecture: any
Section: libdevel
-Depends: libaprutil1 (= ${binary:Version}), libldap2-dev, libexpat1-dev, libdb4.7-dev, libpcre3-dev, libapr1-dev (>= 1.2.2-1), libsqlite3-dev, libpq-dev, libmysqlclient15-dev
+Depends: libaprutil1 (= ${binary:Version}), libldap2-dev, libexpat1-dev, libdb4.7-dev, libpcre3-dev, libapr1-dev (>= 1.2.2-1), libsqlite3-dev, libpq-dev, libmysqlclient-dev
Conflicts: libaprutil1.0-dev
Description: The Apache Portable Runtime Utility Library - Development Headers
APR is Apache's Portable Runtime Library, designed to be a support library
Bug#540366: mysql-dfsg-5.1: Default mysql configuration file uses old_passwords
Package: mysql-dfsg-5.1 Version: 5.1.37-1 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch *** /tmp/tmptKCCYb In Ubuntu, we've applied the attached patch to achieve the following: * debian/additions/my.cnf: drop old_password option. We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers karmic-updates APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash diff -u mysql-dfsg-5.1-5.1.37/debian/additions/my.cnf mysql-dfsg-5.1-5.1.37/debian/additions/my.cnf --- mysql-dfsg-5.1-5.1.37/debian/additions/my.cnf +++ mysql-dfsg-5.1-5.1.37/debian/additions/my.cnf @@ -39,13 +46,8 @@ basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp -language = /usr/share/mysql/english skip-external-locking # -# For compatibility to other Debian packages that still use -# libmysqlclient10 and libmysqlclient12. -old_passwords = 1 -# # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 127.0.0.1
Bug#535493: mysql-dfsg-5.1: Clearly indicate that running multiple instances of mysqld
Hi, I'd add that mysql-server-5.0 mysql init script has this patch while mysql-server-5.1 mysql init script doesn't. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#534606: mysql-dfsg-5.1: Modifies debian-start.inc.sh to support ANSI mode
Hi, I've realized that the patch I sent previously contains the full difference between Ubuntu and Debian and is not useful. Sorry about that. However debian/additions/debian-start.inc.sh from the mysql-server-5.0 package contains a correct fix. I'd suggest to copy the version from 5.0 into 5.1. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#535499: mysql-dfsg-5.1: Clear out the second password when setting up mysql
Hi, I'd add that mysql-server-5.0 postinst correctly erases the second password while mysql-server-5.1 postinst doesn't. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com signature.asc Description: Digital signature
Bug#539421: openldap: Enable UDP support (-DLDAP_CONNECTIONLESS)
Package: openldap Version: 2.4.17-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch In Ubuntu, we've applied the attached patch to achieve the following: [ Thierry Carrez ] * debian/rules: Enable -DLDAP_CONNECTIONLESS to build CLDAP (UDP) support in the openldap library, as required by Likewise-Open (LP: #390579) We thought you might be interested in doing the same. See https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/390579 -- System Information: Debian Release: lenny/sid APT prefers hardy-updates APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u openldap-2.4.17/debian/rules openldap-2.4.17/debian/rules --- openldap-2.4.17/debian/rules +++ openldap-2.4.17/debian/rules @@ -7,7 +7,7 @@ # want the checks for DFSG-freeness. #DFSG_NONFREE = 1 -CFLAGS = -Wall -g -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE +CFLAGS = -Wall -g -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -DLDAP_CONNECTIONLESS INSTALL = install INSTALL_FILE= $(INSTALL) -p-o root -g root -m 644 INSTALL_PROGRAM = $(INSTALL) -p-o root -g root -m 755
Bug#538278: [Pkg-openldap-devel] Bug#538278: ldaps doesn't work with tls
Hi Nicolas, On Fri, Jul 24, 2009 at 11:16 AM, Nicolas Jungers wrote: > Package: slapd > Version: 2.4.11-1 > > > # bits from slapd.conf > > # TLS configuration > # CA > TLSCACertificateFile /etc/ssl/certs/cacert.org.pem > # Cert > TLSCertificateFile /etc/ssl/certs/main.jungers.net.pem > TLSCertificateKeyFile /etc/ssl/private/main.jungers.net-key.pem > #TLSCipherSuite HIGH <-- not with gnutls (openssl keyword) Could you try to add the CA Certificate (/etc/ssl/certs/cacert.org.pem) to the TLSCertificateFile? > > > > # if I try gnutls-cli I get > > gnutls-cli --x509cafile /etc/ssl/certs/cacert.org.pem -p 389 > main.jungers.netProcessed 2 CA certificate(s). > Resolving 'main.jungers.net'... > Connecting to '91.121.14.130:389'... > *** Fatal error: A TLS packet with unexpected length was received. > *** Handshake has failed > GNUTLS ERROR: A TLS packet with unexpected length was received. You should use the --starttls option to test against port 389 as this port expects to start a plain connection (which is then upgraded to an encrypted connection with startTLS). -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#525849: Fwd: Re: [Build-common-hackers] Bug#525849: cdbs: call libtoolize with -i to install missing files
Hi Martin,
On Sun, Jul 19, 2009 at 01:40:56PM +0200, Martin Pitt wrote:
> Can you please provide an answer to this? If this isn't relevant any
> more, I'd drop that delta from our cdbs packages as well.
>
> Thanks,
>
> Martin
> - Forwarded message from Peter Eisentraut -
>
> Date: Sun, 14 Jun 2009 14:13:17 +0300
> From: Peter Eisentraut
> To: Martin Pitt , 525...@bugs.debian.org
> Cc: Mathias Gug
> Subject: Re: [Build-common-hackers] Bug#525849: cdbs: call libtoolize with -i
> to install missing files
> X-Spam-Status: No, score=0.0 required=4.0 tests=AWL,BAYES_50 autolearn=no
> version=3.2.5
>
> On Monday 27 April 2009 17:12:12 Martin Pitt wrote:
> > Mathias recently fixed autotools-files.mk.in in Ubuntu's cdbs to call
> > libtoolize with -i to install missing files. I believe this is a good
> > idea to do in Debian as well.
>
> libtoolize -i affects the following files, as far as I can tell:
> config.guess,
> config.sub, install-sh. cdbs already handles the first two, and the last
> should be unnecessary to update. So what is the use case?
>
This was introduced in the intrepid release cycle with libtool(2.2.4-0ubuntu1):
* New upstream release:
- Fixes a number of small bugs and improves the reliability and
usability of libtoolize.
I ran into this issue when trying to build openldap and discuss it on
ubuntu-devel on August 01 [1]:
[00:26] is it normal that libtoolize --copy --force deletes
config.{sub,guess} but doesn't restore them ?
[00:26] not traditionally, but who knows with the new
libtool :)
[00:26] slangasek: I'm running into this problem when trying
to build openldap on intrepid
[00:26] slangasek: config.{sub,guess} are copied before
autogen.sh is run, and then the build fails
[00:27] that really sounds like a libtool bug to me, then
[00:41] mathiaz: try adding --install
[00:51] cjwatson: thanks - works well now :)
[02:58] <__keybuk> mathiaz: probably a bug? try --install
[02:59] <__keybuk> ah yes
[02:59] <__keybuk> don't use --force without --install ;)
[02:59] <__keybuk> it won't do what you think
[1]: http://irclogs.ubuntu.com/2008/07/31/%23ubuntu-devel.html
Even though openldap doesn't use cdbs I was trying to build another
package that used cdbs and run into the same issue, thus the cdbs
upload.
--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#536548: mysql-dfsg-5.0: Updated 45_warn-CLI-passwords.dpatch for 5.0.83
Package: mysql-dfsg-5.0
Version: 5.0.83-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
I've attached an updated version of 45_warn-CLI-passwords.dpatch so that
it applies cleanly to 5.0.83.
-- System Information:
Debian Release: squeeze/sid
APT prefers karmic-updates
APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
--- debian/patches/45_warn-CLI-passwords.dpatch 2009-02-15 16:44:02 +
+++ debian/patches/45_warn-CLI-passwords.dpatch 2009-07-10 21:27:07 +
@@ -5,10 +5,22 @@
## DP: warn-CLI-passwords
@DPATCH@
-
old/client/mysqladmin.cc.orig 2005-11-15 01:12:30.0 +0100
-+++ new/client/mysqladmin.cc 2005-11-22 00:17:41.327082273 +0100
-@@ -154,7 +154,7 @@
+diff -urNad mysql-dfsg-5.0-5.1.30really5.0.83~/client/mysql.cc
mysql-dfsg-5.0-5.1.30really5.0.83/client/mysql.cc
+--- mysql-dfsg-5.0-5.1.30really5.0.83~/client/mysql.cc 2009-05-29
14:15:31.0 -0400
mysql-dfsg-5.0-5.1.30really5.0.83/client/mysql.cc 2009-07-10
17:24:45.0 -0400
+@@ -1395,7 +1395,7 @@
+0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
+ #endif
+ {"password", 'p',
+- "Password to use when connecting to server. If password is not given it's
asked from the tty.",
++ "Password to use when connecting to server. If password is not given it's
asked from the tty. WARNING: This is insecure as the password is visible for
anyone through /proc for a short time.",
+0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
+ #ifdef __WIN__
+ {"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
+diff -urNad mysql-dfsg-5.0-5.1.30really5.0.83~/client/mysqladmin.cc
mysql-dfsg-5.0-5.1.30really5.0.83/client/mysqladmin.cc
+--- mysql-dfsg-5.0-5.1.30really5.0.83~/client/mysqladmin.cc2009-05-29
14:15:31.0 -0400
mysql-dfsg-5.0-5.1.30really5.0.83/client/mysqladmin.cc 2009-07-10
17:24:45.0 -0400
+@@ -153,7 +153,7 @@
{"host", 'h', "Connect to host.", (gptr*) &host, (gptr*) &host, 0, GET_STR,
REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"password", 'p',
@@ -17,20 +29,10 @@
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
#ifdef __WIN__
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
old/client/mysql.cc.orig 2005-11-15 01:12:45.0 +0100
-+++ new/client/mysql.cc2005-11-22 00:17:41.329082230 +0100
-@@ -621,7 +621,7 @@
-0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
- #endif
- {"password", 'p',
-- "Password to use when connecting to server. If password is not given it's
asked from the tty.",
-+ "Password to use when connecting to server. If password is not given it's
asked from the tty. WARNING: This is insecure as the password is visible for
anyone through /proc for a short time.",
-0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
- #ifdef __WIN__
- {"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
old/client/mysqldump.c.orig2005-11-15 01:12:38.0 +0100
-+++ new/client/mysqldump.c 2005-11-22 00:17:41.332082165 +0100
-@@ -323,7 +323,7 @@
+diff -urNad mysql-dfsg-5.0-5.1.30really5.0.83~/client/mysqldump.c
mysql-dfsg-5.0-5.1.30really5.0.83/client/mysqldump.c
+--- mysql-dfsg-5.0-5.1.30really5.0.83~/client/mysqldump.c 2009-05-29
14:15:32.0 -0400
mysql-dfsg-5.0-5.1.30really5.0.83/client/mysqldump.c 2009-07-10
17:24:45.0 -0400
+@@ -357,7 +357,7 @@
"Sorts each table's rows by primary key, or first unique key, if such a
key exists. Useful when dumping a MyISAM table to be loaded into an InnoDB
table, but will make the dump itself take considerably longer.",
(gptr*) &opt_order_by_primary, (gptr*) &opt_order_by_primary, 0, GET_BOOL,
NO_ARG, 0, 0, 0, 0, 0, 0},
{"password", 'p',
@@ -39,19 +41,103 @@
0, 0, 0, GET_STR, OPT_ARG, 0, 0, 0, 0, 0, 0},
#ifdef __WIN__
{"pipe", 'W', "Use named pipes to connect to server.", 0, 0, 0, GET_NO_ARG,
old/client/mysqlshow.c.orig2005-11-15 01:12:47.0 +0100
-+++ new/client/mysqlshow.c 2005-11-22 00:17:41.333082144 +0100
-@@ -185,7 +185,7 @@
+diff -urNad mysql-dfsg-5.0-5.1.30really5.0.83~/client/mysqlshow.c
mysql-dfsg-5.0-5.1.30really5.0.83/client/mysqlshow.c
+--- mysql-dfsg-5.0-5.1.30really5.0.83~/client/mysqlshow.c 2009-05-29
14:15:32.0 -0400
mysql-dfsg-5.0-5.1.30really5.0.83/client/mysqlshow.c 2009-07-10
17:24:45.0 -0400
+@@ -186,7 +186,7 @@
{"keys", 'k', "Show keys for table.", (gptr*) &opt_show_keys,
(gptr*) &opt_show_keys, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
{"password", 'p',
- "Password to use when connecting to server. If password is not given it's
asked from the tty.",
+ "Password to use when connecting to se
Bug#460066: mysql-dfsg-5.0: Support both log_slow_queries and log-slow-queries in mysqldumpslow
Package: mysql-dfsg-5.0
Severity: normal
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic
The attached patch adds support for both log_slow_queries and
log-slow-queries to mysqlslowdump. It also updates my.cnf to use
log-slow-queries as this is the recommended option by upstream.
log_slow_queries also works and used to be commented out in the default
debian mysql configuration file, which would lead to a broken
mysqlslowdump command.
-- System Information:
Debian Release: squeeze/sid
APT prefers karmic-updates
APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
=== modified file 'debian/additions/my.cnf'
--- debian/additions/my.cnf 2009-02-15 16:44:02 +
+++ debian/additions/my.cnf 2009-07-10 23:50:24 +
@@ -73,7 +79,7 @@
# Error logging goes to syslog. This is a Debian improvement :)
#
# Here you can see queries with especially long duration
-#log_slow_queries = /var/log/mysql/mysql-slow.log
+#log-slow-queries = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
=== added file 'debian/patches/57-fix-mysqlslowdump-config.dpatch'
--- debian/patches/57-fix-mysqlslowdump-config.dpatch 1970-01-01 00:00:00
+
+++ debian/patches/57-fix-mysqlslowdump-config.dpatch 2009-07-10 23:47:22
+
@@ -0,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+# https://bugs.edge.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/183762
+# support both log-slow-queries and log_slow_queries options set in my.cnf
+# the latter used to be commented out in the default Debian my.cnf file.
+
+...@dpatch@
+diff -urNad mysql-dfsg-5.0-5.1.30really5.0.83~/scripts/mysqldumpslow.sh
mysql-dfsg-5.0-5.1.30really5.0.83/scripts/mysqldumpslow.sh
+--- mysql-dfsg-5.0-5.1.30really5.0.83~/scripts/mysqldumpslow.sh
2009-05-29 14:19:19.0 -0400
mysql-dfsg-5.0-5.1.30really5.0.83/scripts/mysqldumpslow.sh 2009-07-10
19:43:57.0 -0400
+@@ -40,7 +40,7 @@
+ warn "basedir=$basedir\n" if $opt{v};
+
+ my $datadir = ($defaults =~ m/--datadir=(.*)/)[0];
+-my $slowlog = ($defaults =~ m/--log-slow-queries=(.*)/)[0];
++my $slowlog = ($defaults =~ m/--log[-_]slow[-_]queries=(.*)/)[0];
+ if (!$datadir or $opt{i}) {
+ # determine the datadir from the instances section of /etc/my.cnf, if
any
+ my $instances = `my_print_defaults instances`;
Bug#535505: nss-ldapd: Split nss library and ldapd server into two binary packages
Package: nss-ldapd Severity: wishlist User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic The nssov overlay from openldap uses the same nss library as nss-ldapd. Having the nss library provided in a different binary packages than the ldapd daemon would be useful when setting up a system to use nss-ldapd nss library with another ldap daemon (eg slapd back-ldap + pcache + nssov). -- System Information: Debian Release: 5.0 APT prefers jaunty-updates APT policy: (500, 'jaunty-updates'), (500, 'jaunty-security'), (500, 'jaunty-proposed'), (500, 'jaunty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.28-13-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#535500: mysql-dfsg-5.1: Don't ask for root password when upgrading from 5.0 to 5.1 - ask root password at priority high instead of medium
Package: mysql-dfsg-5.1 Version: 5.1.34-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch *** /tmp/tmpnjdn_U In Ubuntu, we've applied the attached patch to achieve the following: * Merge from debian experimental (and 5.0 from main), remaining changes: - debian/mysql-server-5.1.config: + ask for MySQL root password at priority high instead of medium so that the password prompt is seen on a default install. (LP: #319843) + don't ask for root password when upgrading from a 5.0 install. We thought you might be interested in doing the same. -- System Information: Debian Release: squeeze/sid APT prefers karmic-updates APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash diff -u mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.config mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.config --- mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.config +++ mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.config @@ -13,13 +13,14 @@ db_go fi -# only ask this question on fresh installs and during "reconfiguration". +# only ask this question on fresh installs, during "reconfiguration" and when +# not upgrading from an existing 5.0 installation. # there is also an additional check for empty root passwords in the # postinst script when the tools are available for us to use. -if [ "$1" = "configure" ] && [ -z "$2" ] || [ "$1" = "reconfigure" ]; then +if [ "$1" = "configure" ] && ([ -z "$2" ] && [ ! -e "/var/lib/mysql/debian-5.0.flag" ] ) || [ "$1" = "reconfigure" ]; then while :; do RET="" -db_input medium mysql-server/root_password || true +db_input high mysql-server/root_password || true db_go db_get mysql-server/root_password # if password isn't empty we ask for password verification @@ -29,7 +30,7 @@ break fi ROOT_PW="$RET" -db_input medium mysql-server/root_password_again || true +db_input high mysql-server/root_password_again || true db_go db_get mysql-server/root_password_again if [ "$RET" == "$ROOT_PW" ]; then
Bug#535499: mysql-dfsg-5.1: Clear out the second password when setting up mysql
Package: mysql-dfsg-5.1
Version: 5.1.34-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
*** /tmp/tmpYxvT_j
In Ubuntu, we've applied the attached patch to achieve the following:
- debian/mysql-server-5.0.postinst: Clear out the second password
when setting up mysql. (LP: #344816)
We thought you might be interested in doing the same.
-- System Information:
Debian Release: squeeze/sid
APT prefers karmic-updates
APT policy: (500, 'karmic-updates'), (500, 'karmic-security'), (500, 'karmic')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
diff -u mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.postinst mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.postinst
--- mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.postinst
+++ mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.postinst
@@ -28,6 +28,7 @@
set_mysql_rootpw() {
# forget we ever saw the password. don't use reset to keep the seen status
db_set mysql-server/root_password ""
+ db_set mysql-server/root_password_again ""
tfile=`mktemp`
if [ ! -f "$tfile" ]; then
Bug#535496: mysql-dfsg-5.1: Suggests mailx instead of recommending it
Package: mysql-dfsg-5.1 Version: 5.1.34-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch *** /tmp/tmp0hqWmk In Ubuntu, we've applied the attached patch to achieve the following: + Lower mailx from a Recommends to a Suggests to avoid pulling in a full MTA on all installs of mysql-server. (LP: #259477) We thought you might be interested in doing the same. -- System Information: Debian Release: lenny/sid APT prefers hardy-updates APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u mysql-dfsg-5.1-5.1.34/debian/control mysql-dfsg-5.1-5.1.34/debian/control --- mysql-dfsg-5.1-5.1.34/debian/control +++ mysql-dfsg-5.1-5.1.34/debian/control -Suggests: tinyca -Recommends: mailx, libhtml-template-perl +Suggests: tinyca, mailx +Recommends: libhtml-template-perl MySQL is a fast, stable and true multi-user, multi-threaded SQL database
Bug#535493: mysql-dfsg-5.1: Clearly indicate that running multiple instances of mysqld is not supported
Package: mysql-dfsg-5.1
Version: 5.1.34-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
- debian/mysql-server-5.1.mysql.init:
+ Clearly indicate that we do not support running multiple instances
of mysqld by duplicating the init script.
(closes: #314785, #324834, #435165, #444216)
+ Properly parameterize all existing references to the mysql config
file (/etc/mysql/my.cnf).
This is a patch that is actually coming from the 5.0 mysql init script
and hasn't been included in the 5.1 init script. We thought you might be
interested in doing the same.
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.mysql.init
mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.mysql.init
--- mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.mysql.init
+++ mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.mysql.init
@@ -21,8 +21,11 @@
. /lib/lsb/init-functions
-SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
+# NOTE: Copying this script and changing the CONF variable here isn't
+# enough to run multiple instances of mysqld. Debian/Ubuntu doesn't
+# currently support such a configuration out of the box.
CONF=/etc/mysql/my.cnf
+SELF=$(cd $(dirname $0); pwd -P)/$(basename $0)
MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
# priority can be overriden and "-s" adds output to stderr
@@ -51,9 +54,9 @@
## Do some sanity checks before even trying to start mysqld.
sanity_checks() {
# check for config file
- if [ ! -r /etc/mysql/my.cnf ]; then
-log_warning_msg "$0: WARNING: /etc/mysql/my.cnf cannot be read. See
README.Debian.gz"
-echo"WARNING: /etc/mysql/my.cnf cannot be read. See
README.Debian.gz" | $ERR_LOGGER
+ if [ ! -r "$CONF" ]; then
+log_warning_msg "$0: WARNING: $CONF cannot be read. See README.Debian.gz"
+echo"WARNING: $CONF cannot be read. See README.Debian.gz"
| $ERR_LOGGER
fi
# check for diskspace shortage
Bug#535492: mysql-dfsg-5.1: Fix debian-sys-maint user creation
Package: mysql-dfsg-5.1 Version: 5.1.34-1 Severity: important Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu hardy ubuntu-patch In Ubuntu, we've applied the attached patch to achieve the following: * debian/mysql-server-5.1.postinst: fix debian-sys-maint user creation. We thought you might be interested in doing the same. -- System Information: Debian Release: lenny/sid APT prefers hardy-updates APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash diff -u mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.postinst mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.postinst --- mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.postinst +++ mysql-dfsg-5.1-5.1.34/debian/mysql-server-5.1.postinst @@ -200,7 +201,7 @@ " Index_priv='Y', Alter_priv='Y', Super_priv='Y', Show_db_priv='Y', "\ " Create_tmp_table_priv='Y', Lock_tables_priv='Y', Execute_priv='Y', "\ " Repl_slave_priv='Y', Repl_client_priv='Y', Create_view_priv='Y', "\ -" Show_view_priv='Y', Create_routine_priv='Y', Alter_routine_priv='Y' "\ +" Show_view_priv='Y', Create_routine_priv='Y', Alter_routine_priv='Y', "\ " Create_user_priv='Y', Event_priv='Y', Trigger_priv='Y' "`; fix_privs=`/bin/echo -e \ "USE mysql;\n" \
Bug#534606: mysql-dfsg-5.1: Modifies debian-start.inc.sh to support ANSI mode
Package: mysql-dfsg-5.1
Version: 5.1.34-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
- debian/additions/debian-start.inc.sh: support ANSI mode (LP: #310211)
More information can be found in the Ubuntu bug:
https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/310211
We thought you might be interested in doing the same.
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-24-server (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u mysql-dfsg-5.1-5.1.34/debian/control
mysql-dfsg-5.1-5.1.34/debian/control
--- mysql-dfsg-5.1-5.1.34/debian/control
+++ mysql-dfsg-5.1-5.1.34/debian/control
@@ -1,7 +1,8 @@
Source: mysql-dfsg-5.1
Section: misc
Priority: optional
-Maintainer: Debian MySQL Maintainers
+Maintainer: Ubuntu Developers
+XSBC-Original-Maintainer: Debian MySQL Maintainers
Uploaders: Norbert Tretkowski
Build-Depends: libtool (>= 1.4.2-7), procps | hurd, debhelper (>= 4.1.16),
file (>= 3.28-1), libncurses5-dev (>= 5.0-6), perl (>= 5.6.0), libwrap0-dev (>=
7.6-8.3), zlib1g-dev (>= 1:1.1.3-5), libreadline5-dev | libreadline-dev,
psmisc, po-debconf, chrpath, automake1.9, doxygen, texlive-latex-base, gs,
dpatch, gawk, bison, lsb-release
Standards-Version: 3.8.0
@@ -12,7 +13,7 @@
Package: libmysqlclient16
Section: libs
Architecture: any
-Depends: mysql-common (>= ${source:Version}), ${shlibs:Depends}
+Depends: mysql-common (>= 5.1.30really5.0.75-0ubuntu5), ${shlibs:Depends}
Description: MySQL database client library
MySQL is a fast, stable and true multi-user, multi-threaded SQL database
server. SQL (Structured Query Language) is the most popular database query
@@ -21,19 +22,20 @@
.
This package includes the client library.
-Package: libmysqlclient15-dev
+Package: libmysqlclient16-dev
Architecture: all
Section: libdevel
Depends: libmysqlclient-dev (>= ${source:Version})
Description: MySQL database development files - empty transitional package
This is an empty package that depends on libmysqlclient-dev to ease the
- transition for packages with versioned build-deps on libmysqlclient15-dev.
+ transition for packages with versioned build-deps on libmysqlclient16-dev.
Package: libmysqlclient-dev
Architecture: any
Section: libdevel
Depends: libmysqlclient16 (>= ${source:Version}), zlib1g-dev, ,
${shlibs:Depends}
-Conflicts: libmysqlclient14-dev, libmysqlclient12-dev, libmysqlclient10-dev
+Replaces: libmysqlclient16-dev (<< ${source:Version})
+Conflicts: libmysqlclient16-dev (<< ${source:Version}), libmysqlclient15-dev,
libmysqlclient14-dev, libmysqlclient12-dev, libmysqlclient10-dev
Description: MySQL database development files
MySQL is a fast, stable and true multi-user, multi-threaded SQL database
server. SQL (Structured Query Language) is the most popular database query
@@ -42,26 +44,9 @@
.
This package includes development libraries and header files.
-Package: mysql-common
-Section: database
-Architecture: all
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Conflicts: mysql-common-4.1
-Provides: mysql-common-4.1
-Replaces: mysql-common-4.1
-Description: MySQL database common files (e.g. /etc/mysql/my.cnf)
- MySQL is a fast, stable and true multi-user, multi-threaded SQL database
- server. SQL (Structured Query Language) is the most popular database query
- language in the world. The main goals of MySQL are speed, robustness and
- ease of use.
- .
- This package includes files needed by all versions of the client library
- (e.g. /etc/mysql/my.cnf).
-
Package: mysql-client-5.1
Architecture: any
-Depends: debianutils (>=1.6), libdbi-perl, libdbd-mysql-perl (>= 1.2202),
mysql-common (>= ${source:Version}), libmysqlclient16 (>= ${source:Version}),
${perl:Depends}, ${shlibs:Depends}, ${misc:Depends}
-Provides: virtual-mysql-client, mysql-client, mysql-client-4.1
+Depends: debianutils (>=1.6), libdbi-perl, libdbd-mysql-perl (>= 1.2202),
mysql-common (>= 5.1.30really5.0.75-0ubuntu5), libmysqlclient16 (>=
${source:Version}), ${perl:Depends}, ${shlibs:Depends}, ${misc:Depends}
Conflicts: mysql-client (<< ${source:Version}), mysql-client-5.0
Replaces: mysql-client (<< ${source:Version}), mysql-client-5.0
Description: MySQL database client binaries
@@ -73,14 +58,25 @@
This package includes the client binaries and the additional tools
innotop and mysqlreport.
+Package: mysql-server-core-5.1
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libmysqlclient16 (>=
${binary:Version})
+Replaces: mysql-server-5.1 (<< ${source:Version})
+Description: MySQL database core server files
+ MySQL is a fast, stable and true multi-user, multi-threaded SQL database
+ server. SQL (
Bug#532357: libldb-samba4-dev: ldb_module.h and associated files not included in package
Hi Martin, On Tue, Jun 23, 2009 at 01:05:13PM +0200, Martin Michlmayr wrote: > * Mathias Gug [2009-06-08 15:44]: > > Package: libldb-samba4-dev > > Version: 4.0.0~alpha7~20090225-1 > > There's no such package in Debian. Are you sure this bug applies to > Debian too? > Hm - it seems that package has been removed with the latest samba4 package upload. > > Package libldb-samba4-dev does not include ldb_module.h header and its > > associated files. > > When compiling against it errors appear due to the lack of this files. ldb_module.h is now available from the libldb-dev package available from version 1:0.9.6~git20090617-1. This bug can thus be considered closed. Thanks, -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#532357: libldb-samba4-dev: ldb_module.h and associated files not included in package
Package: libldb-samba4-dev Version: 4.0.0~alpha7~20090225-1 Severity: normal User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic Package libldb-samba4-dev does not include ldb_module.h header and its associated files. When compiling against it errors appear due to the lack of this files. Original bug report: https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/372405 -- System Information: Debian Release: 5.0 APT prefers jaunty-updates APT policy: (500, 'jaunty-updates'), (500, 'jaunty-security'), (500, 'jaunty-proposed'), (500, 'jaunty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.28-12-generic (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#527623: mysql-server-5.0: 38_scripts__mysqld_safe.sh__signals.dpatch is inherently
Here is a patch applied in Ubuntu that adresses the issue. The problem comes from the fact that mysqld_safe starts mysqld and then waits for its crash. However installing a trap for SIGHUP makes the wait command return immediately when a SIGHUP is received by mysqld_safe. This leads mysqld_safe to proceed and kill the remaining mysqld process (which hasn't crashed). The proposed fix is to add a wait command to the trap. More information can be found in the Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/326768 -- Mathias Gug Ubuntu Developer http://www.ubuntu.com diff -u mysql-dfsg-5.0-5.1.30really5.0.75/debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch mysql-dfsg-5.0-5.1.30really5.0.75/debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch --- mysql-dfsg-5.0-5.1.30really5.0.75/debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch +++ mysql-dfsg-5.0-5.1.30really5.0.75/debian/patches/38_scripts__mysqld_safe.sh__signals.dpatch @@ -24,7 +24,7 @@ +# From now on, we catch signals to do a proper shutdown of mysqld +# when signalled to do so. +# -+trap '/usr/bin/mysqladmin --defaults-extra-file=/etc/mysql/debian.cnf refresh' 1 # HUP ++trap '/usr/bin/mysqladmin --defaults-extra-file=/etc/mysql/debian.cnf refresh & wait' 1 # HUP +trap '/usr/bin/mysqladmin --defaults-extra-file=/etc/mysql/debian.cnf shutdown' 2 3 15 # INT QUIT and TERM + +# signature.asc Description: Digital signature
Bug#512040: [debian-mysql] Bug#512040: conditional (re-)start of mysqld in postinst script
Hi, On Fri, Jan 16, 2009 at 06:09:59PM +0100, Raoul Bhatia [IPAX] wrote: > unfortunatly, in a more complex environment where one does not rely on > /etc/mysql/* for configuration (e.g. in an linux-ha/pacemaker > environment), the start is likely to fail thus leaving the package - and > thus the whole package system - in the "Failed-cfg"-state: [...] > Is it possible to make the mysqld start optional - e.g. preinst checks > if mysqld is/was running and "tell" postinst what to (not) start? > > Or maybe it is possilbe to continue even if the mysqld start fails? On a related note there was a request [1] from a Kubuntu developer about splitting the mysql-server package into two packages: one that would provide the mysqld binary (ex: mysql-server-common-5.0) and one that would provide the init script (ex: mysql-server-5.0). Samba and apache2 are two packages that provide such an infrastructure. Having a mysql-server-common-5.0 package would solve the problem stated above. [1]: https://lists.ubuntu.com/archives/ubuntu-server/2009-January/002569.html -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#510875: [debian-mysql] Bug#510875: mysql-server-5.0: does not ask for a password for `root' by default
On Mon, Jan 05, 2009 at 05:23:34PM +0100, Nico Golde wrote: > * Ansgar Burchardt [2009-01-05 16:42]: > > The question asking for the administrative password has a priority of > > `medium'. Debconf's default is to ask only questions of at least > > priority `high' since 1.4.61 (and d-i apparently sets this value by > > default even longer). > > > > This results in an empty root password by default. Every user which > > can connect from `localhost' has then full administrative privileges. > > The only thing he has to do is run `mysql -u root'. FYI the MySQL package in Ubuntu changes the debconf priority to high. -- Mathias Gug Ubuntu Developer http://www.ubuntu.com signature.asc Description: Digital signature
Bug#507496: open-iscsi: Wrong upstream version in 2.0.870~rc3-0.1
Package: open-iscsi Version: 2.0.870~rc3-0.1 Severity: important User: [EMAIL PROTECTED] Usertags: origin-ubuntu jaunty It seems that the source code version of open-iscsi => 2.0.870~rc3-0.1 is in fact mostly 869. Indeed a diffstat of open-iscsi_2.0.870~rc3-0.3.diff.gz lists a lot of changes *outside* the debian directory: 57 files changed, 4012 insertions(+), 5749 deletions(-) See Ubuntu bug 289470 [1] for more information. [1]: https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/289470/comments/5 -- System Information: Debian Release: lenny/sid APT prefers jaunty-updates APT policy: (500, 'jaunty-updates'), (500, 'jaunty-security'), (500, 'jaunty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-21-server (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#507003: initiatorname.iscsi should maybe not be in /etc
Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu jaunty ubuntu-patch Hi, I've attached a patch that moves the initiation name generation from the init script to the postinst script. That way /etc/iscsi/initiatorname.iscsi is not marked as a conffile but stays in /etc/ (where it should be IMO). -- Mathias Gug Ubuntu Developer http://www.ubuntu.com --- open-iscsi-2.0.870~rc3/debian/open-iscsi.postinst +++ open-iscsi-2.0.870.1/debian/open-iscsi.postinst @@ -20,6 +20,30 @@ chmod 600 /etc/iscsi/initiatorname.iscsi fi fi + + # generate a unique iSCSI InitiatorName + NAMEFILE=/etc/iscsi/initiatorname.iscsi + if [ ! -e $NAMEFILE ] && [ -z "$2" ] ; then +if [ ! -x /sbin/iscsi-iname ] ; then +echo "Error: /sbin/iscsi-iname does not exist, driver was not successfully installed" +exit 1; +fi +# Generate a unique InitiatorName and save it +INAME=`/sbin/iscsi-iname -p iqn.1993-08.org.debian:01` +if [ "$INAME" != "" ] ; then +echo "## DO NOT EDIT OR REMOVE THIS FILE!" > $NAMEFILE +echo "## If you remove this file, the iSCSI daemon will not start." >> $NAMEFILE +echo "## If you change the InitiatorName, existing access control lists" >> $NAMEFILE +echo "## may reject this initiator. The InitiatorName must be unique">> $NAMEFILE +echo "## for each iSCSI initiator. Do NOT duplicate iSCSI InitiatorNames." >> $NAMEFILE +printf "InitiatorName=$INAME\n" >> $NAMEFILE +chmod 600 $NAMEFILE +else +echo "Error: failed to generate an iSCSI InitiatorName, driver cannot start." +echo +exit 1; +fi +fi if [ -d /var/lib/open-iscsi ]; then chmod 700 /var/lib/open-iscsi --- open-iscsi-2.0.870~rc3/debian/initiatorname.iscsi +++ open-iscsi-2.0.870.1/debian/initiatorname.iscsi @@ -1 +0,0 @@ -GenerateName=yes --- open-iscsi-2.0.870~rc3/debian/open-iscsi.init 2008-12-01 12:04:26.0 -0500 +++ open-iscsi-2.0.870.1/debian/open-iscsi.init 2008-12-01 12:04:49.0 -0500 @@ -50,30 +50,6 @@ exit 1 fi -# see if we need to generate a unique iSCSI InitiatorName -# this should only happen if the -if grep -q "^GenerateName=yes" $NAMEFILE ; then -if [ ! -x /usr/sbin/iscsi-iname ] ; then -echo "Error: /usr/sbin/iscsi-iname does not exist, driver was not successfully installed" -exit 1; -fi -# Generate a unique InitiatorName and save it -INAME=`/usr/sbin/iscsi-iname -p iqn.1993-08.org.debian:01` -if [ "$INAME" != "" ] ; then -echo "## DO NOT EDIT OR REMOVE THIS FILE!" > $NAMEFILE -echo "## If you remove this file, the iSCSI daemon will not start." >> $NAMEFILE -echo "## If you change the InitiatorName, existing access control lists" >> $NAMEFILE -echo "## may reject this initiator. The InitiatorName must be unique">> $NAMEFILE -echo "## for each iSCSI initiator. Do NOT duplicate iSCSI InitiatorNames." >> $NAMEFILE -printf "InitiatorName=$INAME\n" >> $NAMEFILE -chmod 600 $NAMEFILE -else -echo "Error: failed to generate an iSCSI InitiatorName, driver cannot start." -echo -exit 1; -fi -fi - # make sure there is a valid InitiatorName for the driver if ! grep -q "^InitiatorName=[^ \t\n]" $NAMEFILE ; then echo --- open-iscsi-2.0.870~rc3/debian/rules 2008-12-01 12:05:32.0 -0500 +++ open-iscsi-2.0.870.1/debian/rules 2008-12-01 12:05:42.0 -0500 @@ -114,7 +114,6 @@ install -m 755 usr/iscsistart $(CURDIR)/debian/open-iscsi/usr/sbin install -m 755 utils/iscsi_discovery $(CURDIR)/debian/open-iscsi/usr/sbin install -m 755 utils/iscsi-iname $(CURDIR)/debian/open-iscsi/usr/sbin - install -m 644 debian/initiatorname.iscsi $(CURDIR)/debian/open-iscsi/etc/iscsi/initiatorname.iscsi install -m 644 etc/iscsid.conf $(CURDIR)/debian/open-iscsi/etc/iscsi # initramfs stuff signature.asc Description: Digital signature
Bug#486919: ipsec-tools: Enable to build with -D_FORTIFY_SOURCE=2
Package: ipsec-tools
Version: 1:0.7-2.1
Severity: normal
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu intrepid ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
* Enable build with hardened options:
- src/libipsec/policy_token.c: don't check return code of fwrite.
- src/setkey/setkey.c: stop scanning stdin if fgets fails.
Starting from intrepid, hardening options have been enabled by default
in the toolchain [1]. That lead to a build failure for ipsec-tool due to
-D_FORTIFY_SOURCE=2. Attached is a patch that fixes this.
[1]: https://wiki.ubuntu.com/CompilerFlags
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-19-server (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
only in patch2:
unchanged:
--- ipsec-tools-0.7.orig/src/setkey/setkey.c
+++ ipsec-tools-0.7/src/setkey/setkey.c
@@ -314,7 +314,8 @@
#else
char rbuf[1024];
rbuf[0] = '\0';
- fgets (rbuf, sizeof(rbuf), stdin);
+ if (!fgets (rbuf, sizeof(rbuf), stdin))
+ break;
if (!rbuf[0])
break;
if (rbuf[strlen(rbuf)-1] == '\n')
only in patch2:
unchanged:
--- ipsec-tools-0.7.orig/src/libipsec/policy_token.c
+++ ipsec-tools-0.7/src/libipsec/policy_token.c
@@ -625,7 +625,7 @@
/* This used to be an fputs(), but since the string might contain NUL's,
* we now use fwrite().
*/
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#define ECHO if (fwrite( yytext, yyleng, 1, yyout )) {}
#endif
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
Bug#459972: [Pkg-samba-maint] Bug#459972: winbind: want to limit libnss_wins checks to WINS (no broadcasting)
On Wed, Jan 09, 2008 at 03:42:12PM -0800, Steve Langasek wrote: > On Wed, Jan 09, 2008 at 02:44:00PM -0800, Steve Langasek wrote: > > Just to confirm, are you saying that setting "name resolve order = wins" in > > /etc/samba/smb.conf does not fix this timeout problem for you? > > > I don't think it makes sense to have nss_wins exposing different behavior to > > the system than is used by Samba itself; but if it's not respecting the > > smb.conf values, that's certainly a bug to be fixed IMHO. > > Oh, but of course using the exact some logic as samba would mean causing a > recursion in the case of "name resolve order = hosts". So what's needed > here is to honor the config file, treating only wins, bcast, and > (optionally) lmhosts, and do something appropriately default-y if none of > these are specified. > > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > Ubuntu Developerhttp://www.debian.org/ > [EMAIL PROTECTED] [EMAIL PROTECTED] > > > > ___ > Pkg-samba-maint mailing list > [EMAIL PROTECTED] > http://lists.alioth.debian.org/mailman/listinfo/pkg-samba-maint -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#453029: racoon.init: Create /var/run/racoon if it doesn't exist.
Package: ipsec-tools
Version: 1:0.6.7-1.1
Severity: normal
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu hardy ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
- debian/racoon.init:
- Create /var/run/racoon.
The reason is that /var/run is a tmpfs mount. We thought you might be
interested in doing the same.
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500,
'hardy-backports'), (500, 'hardy')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-14-server (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u ipsec-tools-0.6.7/debian/racoon.init
ipsec-tools-0.6.7/debian/racoon.init
--- ipsec-tools-0.6.7/debian/racoon.init
+++ ipsec-tools-0.6.7/debian/racoon.init
@@ -28,6 +28,10 @@
[ -f "$DEF_CFG" ] && . $DEF_CFG
+if [ ! -d /var/run/racoon ]; then
+ mkdir -p /var/run/racoon
+fi
+
check_kernel () {
local MOD_DIR=/lib/modules/`uname -r`
local FOUT
Bug#453031: ipsec-tools: racoon init script works for bash completion
Package: ipsec-tools
Version: 1:0.6.7-1.1
Severity: minor
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu hardy ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
- debian/racoon.init:
- Use {} instead of () in usage (bash_completion).
We thought you might be interested in doing the same.
See https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/88153 for
more information.
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500,
'hardy-backports'), (500, 'hardy')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-14-server (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u ipsec-tools-0.6.7/debian/racoon.init
ipsec-tools-0.6.7/debian/racoon.init
--- ipsec-tools-0.6.7/debian/racoon.init
+++ ipsec-tools-0.6.7/debian/racoon.init
@@ -80,7 +84,7 @@
;;
*)
-echo "Usage: $0 (start|stop|reload|force-reload|restart)" >&2
+echo "Usage: $0 {start|stop|reload|force-reload|restart}" >&2
exit 1
esac
;;
Bug#452559: syslog.conf.5: clarify language and examples.
Package: sysklogd Version: 1.5-1 Severity: minor User: [EMAIL PROTECTED] Usertags: origin-ubuntu hardy ubuntu-patch In Ubuntu, we've applied the attached patch to achieve the following: - syslog.conf.5: clarify language and examples, thanks to Chris Moore. We thought you might be interested in doing the same. See bug https://bugs.launchpad.net/ubuntu/+source/sysklogd/+bug/22309 for more information. -- System Information: Debian Release: lenny/sid APT prefers hardy-updates APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy-backports'), (500, 'hardy') Architecture: i386 (i686) Kernel: Linux 2.6.22-14-server (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash only in patch2: unchanged: --- sysklogd-1.5.orig/syslog.conf.5 +++ sysklogd-1.5/syslog.conf.5 @@ -23,7 +23,7 @@ .SH DESCRIPTION The .I syslog.conf -file is the main configuration file for the +file is the main configuration file for .BR syslogd (8) which logs system messages on *nix systems. This file specifies rules for logging. For special features see the @@ -46,19 +46,21 @@ into several lines if the leading line is terminated with an backslash (``\\''). .SH SELECTORS -The selector field itself again consists of two parts, a +The selector field consists of two parts, a .I facility and a .IR priority , separated by a period (``.''). Both parts are case insensitive and can also be specified as decimal -numbers, but don't do that, you have been warned. Both facilities and -priorities are described in +numbers corresponding to the definitions in +.IR . +It is obviously safer to use the names +than the numbers. Both facilities and priorities are described in .BR syslog (3). The names mentioned below correspond to the similar .BR LOG_ -values in -.IR /usr/include/syslog.h . +.IR . The .I facility @@ -68,13 +70,12 @@ .BR syslog ", " user ", " uucp " and " local0 " through " local7 . The keyword .B security -should not be used anymore and +is deprecated and .B mark is only for internal use and therefore should not be used in -applications. Anyway, you may want to specify and redirect these -messages here. The +applications. The .I facility -specifies the subsystem that produced the message, i.e. all mail +specifies the subsystem that produced the message, e.g. all mail programs log with the mail facility .BR "" ( LOG_MAIL ) if they log using syslog. @@ -112,18 +113,20 @@ .B none stands for no priority of the given facility. -You can specify multiple facilities with the same priority pattern in -one statement using the comma (``,'') operator. You may specify as -many facilities as you want. Please note that only the facility part from +Multiple facilities may be specified for a single priority pattern in +one statement using the comma (``,'') operator to separate the +facilities. You may specify as many facilities as you want. +Remember that only the facility part from such a statement is taken, a priority part would be skipped. +For example, it means that instead of writing "kern.info,auth.info" +you just write "kern,auth.info", skipping the 1st ".info". Multiple selectors may be specified for a single .I action -using the semicolon (``;'') separator. Please note that each selector in -the -.I selector -field is capable of overwriting the preceding ones. Using this -behavior you can exclude some priorities from the pattern. +using the semicolon (``;'') separator. In this case the selectors are +processed from left to right, with each selector being able to +overwrite the preceding ones. Using this behavior you can exclude +some priorities from the pattern. This .BR syslogd (8) @@ -151,12 +154,12 @@ provides the following actions. .SS Regular File -Typically messages are logged to real files. The file has to be -specified with full pathname, beginning with a slash ``/''. +Typically messages are logged to real files. The file must be +specified as an absolute pathname. -You may prefix each entry with the minus ``-'' sign to omit syncing -the file after every logging. Note that you might lose information if -the system crashes right behind a write attempt. Nevertheless this +You may prefix each entry with a minus sign (``-'') to avoid syncing +the file after each log message. Note that you might lose information if +the system crashes right after a write attempt. Nevertheless this might give you back some performance, especially if you run programs that use logging in a very verbose manner. @@ -189,14 +192,14 @@ locally. To forward messages to another host, prepend the hostname with the at sign (``@''). -Using this feature you're able to control all syslog messages on one -host, if all other machines will log remotely to that. This tears down -administration needs. +Using this feature you're able to collect all syslog messages on a +single host, if all other machines will
Bug#452558: mysql-dfsg-5.0: mysql-test 'mysql_client_test' fails due to gcc 4.x optimizations
Package: mysql-dfsg-5.0
Version: 5.0.45-3
Severity: normal
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu hardy ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
- debian/patches/91_bug29389.dpatch:
fix for mysql bug 27383 which causes mysql-test 'mysql_client_test'
to fail due to gcc 4.x optimizations.
We thought you might be interested in doing the same.
See http://bugs.mysql.com/bug.php?id=27383 for more information.
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500,
'hardy-backports'), (500, 'hardy')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-14-server (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u mysql-dfsg-5.0-5.0.45/debian/patches/00list
mysql-dfsg-5.0-5.0.45/debian/patches/00list
--- mysql-dfsg-5.0-5.0.45/debian/patches/00list
+++ mysql-dfsg-5.0-5.0.45/debian/patches/00list
@@ -15,0 +16 @@
+91_bug29389.dpatch
only in patch2:
unchanged:
--- mysql-dfsg-5.0-5.0.45.orig/debian/patches/91_bug29389.dpatch
+++ mysql-dfsg-5.0-5.0.45/debian/patches/91_bug29389.dpatch
@@ -0,0 +1,61 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 91_bug29389.dpatch by Jamie Strandboge <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix for bug29389
+
[EMAIL PROTECTED]@
+
+diff -Nru mysql-dfsg-5.0-5.0.45.orig/libmysql/libmysql.c
mysql-dfsg-5.0-5.0.45/libmysql/libmysql.c
+--- mysql-dfsg-5.0-5.0.45.orig/libmysql/libmysql.c 2007-07-04
13:05:53.0 +
mysql-dfsg-5.0-5.0.45/libmysql/libmysql.c 2007-10-02 19:28:49.0
+
+@@ -3678,33 +3678,38 @@
+ case MYSQL_TYPE_FLOAT:
+ {
+ /*
+- We need to store data in the buffer before the truncation check to
++ We need to mark the local variable volatile to
+ workaround Intel FPU executive precision feature.
+ (See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=323 for details)
+- AFAIU it does not guarantee to work.
+ */
+-float data;
++volatile float data;
+ if (is_unsigned)
++{
+ data= (float) ulonglong2double(value);
++ *param->error= ((ulonglong) value) != ((ulonglong) data);
++}
+ else
+- data= (float) value;
++{
++ data= (float)value;
++ *param->error= value != ((longlong) data);
++}
+ floatstore(buffer, data);
+-*param->error= is_unsigned ?
+- ((ulonglong) value) != ((ulonglong) (*(float*) buffer)) :
+- ((longlong) value) != ((longlong) (*(float*) buffer));
+ break;
+ }
+ case MYSQL_TYPE_DOUBLE:
+ {
+-double data;
++volatile double data;
+ if (is_unsigned)
++{
+ data= ulonglong2double(value);
++ *param->error= ((ulonglong) value) != ((ulonglong) data);
++}
+ else
++{
+ data= (double)value;
++ *param->error= value != ((longlong) data);
++}
+ doublestore(buffer, data);
+-*param->error= is_unsigned ?
+- ((ulonglong) value) != ((ulonglong) (*(double*) buffer)) :
+- ((longlong) value) != ((longlong) (*(double*) buffer));
+ break;
+ }
+ case MYSQL_TYPE_TIME:
Bug#438527: Updated patch for quagga md5 support
VE_TCP_MD5 */
-+
- /* "neighbor activate" commands. */
- install_element (BGP_NODE, &neighbor_activate_cmd);
- install_element (BGP_IPV4_NODE, &neighbor_activate_cmd);
reverted:
--- quagga-0.99.9/debian/patches/15_ht-bgp-md5__configure.dpatch
+++ quagga-0.99.9.orig/debian/patches/15_ht-bgp-md5__configure.dpatch
@@ -1,39 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 15_ht-20050110-0.98.0-bgp-md5__configure.dpatch by <[EMAIL PROTECTED]>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: ht-20050110-0.98.0-bgp-md5__configure
-
[EMAIL PROTECTED]@
-
-#
-# Addition to the patch that makes autoreconf unneccessary.
-#
-# FIXME: This is very ugly.
-#
old/configure.orig 2007-08-17 00:09:26.0 +0200
-+++ new/configure 2007-08-17 00:09:59.0 +0200
-@@ -20078,6 +20078,11 @@
-
- fi
-
-+cat >>confdefs.h <<\_ACEOF
-+#define HAVE_TCP_MD5
-+_ACEOF
-+
-+
- { echo "$as_me:$LINENO: checking if zebra should be configurable to send
Route Advertisements" >&5
- echo $ECHO_N "checking if zebra should be configurable to send Route
Advertisements... $ECHO_C" >&6; }
- if test "${enable_rtadv}" != "no"; then
old/config.h.in2005-01-07 15:10:53.0 +0100
-+++ new/config.h.in2005-01-13 03:03:44.0 +0100
-@@ -213,6 +213,9 @@
- /* OSPF TE */
- #undef HAVE_OSPF_TE
-
-+/* Linux TCP MD5 Signature Option */
-+#define HAVE_TCP_MD5 1
-+
- /* Have pam_misc.h */
- #undef HAVE_PAM_MISC_H
-
only in patch2:
unchanged:
--- quagga-0.99.9.orig/debian/patches/20_bgp-md5.dpatch
+++ quagga-0.99.9/debian/patches/20_bgp-md5.dpatch
@@ -0,0 +1,635 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 20_bgp-md5.dpatch by Mathias Gug <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: This is the patch posted on quagga-devel by Sargun Dhillon,
+## DP: based on previous patches by others.
+## DP: http://marc.info/?l=quagga-dev&m=119356096204723&w=2
+
[EMAIL PROTECTED]@
+diff -urNad quagga-0.99.9~/bgpd/bgp_network.c quagga-0.99.9/bgpd/bgp_network.c
+--- quagga-0.99.9~/bgpd/bgp_network.c 2007-05-09 16:59:33.0 -0400
quagga-0.99.9/bgpd/bgp_network.c 2007-11-16 09:08:56.0 -0500
+@@ -22,6 +22,7 @@
+
+ #include "thread.h"
+ #include "sockunion.h"
++#include "sockopt.h"
+ #include "memory.h"
+ #include "log.h"
+ #include "if.h"
+@@ -38,6 +39,34 @@
+ extern struct zebra_privs_t bgpd_privs;
+
+
++#if defined(HAVE_TCP_MD5SIG)
++/*
++ * Set MD5 key for the socket, for the given IPv4 peer address.
++ * If the password is NULL or zero-length, the option will be disabled.
++ */
++int
++bgp_md5_set (int sock, struct sockaddr_in *sin, const char *password)
++{
++ int ret, en;
++
++ if ( bgpd_privs.change (ZPRIVS_RAISE) )
++zlog_err ("bgp_md5_set: could not raise privs");
++
++ ret = sockopt_tcp_signature (sock, sin, password);
++ en = errno;
++
++ if (bgpd_privs.change (ZPRIVS_LOWER) )
++zlog_err ("bgp_md5_set: could not lower privs");
++
++ if (ret < 0)
++zlog (NULL, LOG_WARNING, "can't set TCP_MD5SIG option on socket %d: %s",
++sock, safe_strerror (en));
++
++ return ret;
++}
++
++#endif /* HAVE_TCP_MD5SIG */
++
+ /* Accept bgp connection. */
+ static int
+ bgp_accept (struct thread *thread)
+@@ -238,6 +267,12 @@
+ sockopt_reuseaddr (peer->fd);
+ sockopt_reuseport (peer->fd);
+
++#ifdef HAVE_TCP_MD5SIG
++ if (CHECK_FLAG (peer->flags, PEER_FLAG_PASSWORD))
++if (sockunion_family (&peer->su) == AF_INET)
++ bgp_md5_set (peer->fd, &peer->su.sin, peer->password);
++#endif /* HAVE_TCP_MD5SIG */
++
+ /* Bind socket. */
+ bgp_bind (peer);
+
+@@ -288,6 +323,10 @@
+ struct addrinfo req;
+ struct addrinfo *ainfo;
+ struct addrinfo *ainfo_save;
++#if defined(HAVE_TCP_MD5SIG) && defined(IPV6_V6ONLY)
++ struct sockaddr_in sin;
++ int socklen, on = 1;
++#endif
+ int sock = 0;
+ char port_str[BUFSIZ];
+
+@@ -323,6 +362,21 @@
+ sockopt_reuseaddr (sock);
+ sockopt_reuseport (sock);
+
++#if defined(HAVE_TCP_MD5SIG) && defined(IPV6_V6ONLY)
++/*We can not apply MD5SIG to an IPv6 socket. If this is an AF_INET6
++ socket, we'll have to create another socket for IPv4*/
++
++ if (ainfo->ai_family == AF_INET6) {
++/*Mark this one for IPv6 only */
++ ret = setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY,
++ (void *) &on, sizeof (on));
++ if( ret < 0 ) {
++ en = errno;
++zlog_err ("setsockopt V6ONLY: %s", safe_strerror (en));
++ }
++ }
++#endif
++
+ if (bgpd_privs.change (ZPRIVS_RAISE) )
+ zlog_err ("bgp_socket: could not raise privs");
+
+@@ -346,7 +400,65 @@
+
Bug#451271: [Pkg-samba-maint] Bug#451271: Set default debconf group to MSHOME
On Mon, Nov 19, 2007 at 12:06:58PM -0800, Steve Langasek wrote: > On Wed, Nov 14, 2007 at 12:44:50PM -0500, Mathias Gug wrote: > > I've attached a patch that sets a default value of MSHOME to the debconf > > question asking for the workgroup. MSHOME is the default workgroup name > > used in > > Windows. > > In the Debian package, the default workgroup is set in the debian/smb.conf > file. Is there a reason it should be set in the template instead? (Open > question - there have been some issues with the current debconf code which > I've meant to go back and fix, and maybe this takes care of it, but then we > seem to have duplication of data between the two locations.) > If a question is asked, it may be better if a default value is already provided (which is not the case now IIRC). OTOH if a default is set, the current config script will drop the debconf priority to medium, which is not seen by default during ubuntu install. > Also, the change in svn revision 1246 claims that "WORKGROUP" is the default > workgroup for Windows workstations, rather than MSHOME. I suppose both > WORKGROUP and MSHOME have been default for various MS releases at various > times; so what are the reasons for picking one of these values over the > other? After more research, it seems that only Windows XP Home Edition uses MSHOME as the default workgroup name. Other editions (XP Pro, Vista) use WORKGROUP as the default workgroup name. Considering that upstream also uses WORKGROUP as the default, it makes more sense to use WORKGROUP for the default value. It seems that this change was introduce at the very beginning of Ubuntu's life, when most of ubuntu users were running Windows XP Home. -- Mathias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#451423: Update reference to squid.conf.default in the man page
Package: squid Version: 2.6.16-1 Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu ubuntu-patch hardy In the squid man page, there is a reference to squid.conf.default in /etc/squid/. This file is actually located in /usr/share/doc/squid/examples/. The attached patch fixes this. diff -u squid-2.6.16/debian/patches/00list squid-2.6.16/debian/patches/00list --- squid-2.6.16/debian/patches/00list +++ squid-2.6.16/debian/patches/00list @@ -5,0 +6,1 @@ +98_manpage --- squid-2.6.16.orig/debian/patches/98_manpage.dpatch +++ squid-2.6.16/debian/patches/98_manpage.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 98_manpage.dpatch by <[EMAIL PROTECTED]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + [EMAIL PROTECTED]@ +diff -urNad squid-2.6.13-2ubuntu1~/doc/squid.8.in squid-2.6.13-2ubuntu1/doc/squid.8.in +--- squid-2.6.13-2ubuntu1~/doc/squid.8.in 2007-07-04 16:52:43.0 +0200 squid-2.6.13-2ubuntu1/doc/squid.8.in 2007-07-11 17:44:39.716537470 +0200 +@@ -120,7 +120,7 @@ + allow access from any browser. + .RE + +-.I @[EMAIL PROTECTED] ++.I /usr/share/doc/squid/examples/squid.conf + .RS + Reference copy of the configuration file. Always kept up to date with + the version of Squid you are using. Use this to look up configuration
Bug#451273: Change the (commented-out) "printer admin" example to use "@lpadmin"
On Wed, Nov 14, 2007 at 04:13:54PM -0800, Steve Langasek wrote: > On Wed, Nov 14, 2007 at 12:44:50PM -0500, Mathias Gug wrote: > Please see my previous comment on this diff in > <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/2006-December/000999.html>, > as well as Christian's follow-up in > <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/2006-December/001011.html> Thanks for pointing me to this thread. I'll also search the pkg-samba-maint mailing list next time I'll submit patches. > indicating that the "printer admin" default should be removed altogether > rather than changed. Agreed on this as the option is deprecated (I think that a warning is logged at startup). -- Mathias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#451269: [Pkg-samba-maint] Bug#451269: samba's package postinst script shouldn't return an error if samba daemon can't be started
On Wed, Nov 14, 2007 at 04:43:11PM -0800, Steve Langasek wrote: > > Yes that's probably true. Again my aim was to make the package more > > robust to mis-configuration. OTOH if the configuration is broken we need > > a way to tell the user that there is a problem. > > Right - unless you have a better way, I think the package state is the way > to notify the user of this problem. > I agree with you. May be we could improve the error message if the samba daemons cannot be started or use testparm to check the configuration before starting the daemons. -- Mathias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#451269: [Pkg-samba-maint] Bug#451269: samba's package postinst script shouldn't return an error if samba daemon can't be started
Hi Steve, On Wed, Nov 14, 2007 at 02:59:58PM -0800, Steve Langasek wrote: > > If the samba configuration is broken, the postinst script fails. I've > > attached > > a patch that add true as the error-handler when restarting samba. > > > First reported in Ubuntu: > > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/85194 > > > - DH_OPTIONS= dh_installinit -psamba -- "defaults 20 19" > > + DH_OPTIONS= dh_installinit -psamba --error-handler=true -- "defaults 20 > > 19" > > DH_OPTIONS= dh_installinit -pwinbind > > dh_installcron > > for pkg in samba smbfs winbind; do \ > > This doesn't look like correct behavior to me. Conceptually, I don't > believe that packages should declare themselves to be "configured" when > their config is left in a detectably broken state; I think this should be > handled through the packaging system itself rather than having the packaging > system declare the package "ok" and leave the admin to detect the problem > out of band. > > Yes, it can be a problem for apt when packages fail to configure; but why is > the samba package's configuration broken in the first place? I think the use case would be that the user broke the configuration file. For example, there is a recurring bug on Kubuntu where the kde network administration tool inserts a broken entry in smb.conf (it adds a "dfs proxy = no" line for each share it defines). It's true that the problem is not the samba package itself, but the idea is to make the post installation script more robust to mis-configuration (in the same vein as don't restart apache if the configuration is broken). > > The argument given in the Ubuntu bug report, that "we are not following the > packaging policy when the postinst assumes that we should have a correct > config file from another package", is false; samba and samba-common are > cooperating packages, and one of the main purposes of the samba-common > package is to manage the smb.conf file on behalf of samba. But of course > samba-common doesn't contain enough information to ascertain for itself that > the config on disk is usable by smbd, so it's up to the samba package to > complain when this is not the case. > > Do you disagree with this position? > No. > I would in any case be interested to know for sure why the original bug > submitter had an smbd that wouldn't start; the follow-up from Mantas is > fairly speculative about the cause of the failure, it's entirely possible > that this change has only papered over whatever the original submitter's > problem was. Yes that's probably true. Again my aim was to make the package more robust to mis-configuration. OTOH if the configuration is broken we need a way to tell the user that there is a problem. -- Mathias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#451273: Change the (commented-out) "printer admin" example to use "@lpadmin"
Package: samba Version: 3.0.26a-1 Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu ubuntu-patch hardy The ntadmin group doesn't exist. The lpadmin group is used for spool admin. diff -pruN 3.0.26a-1/debian/smb.conf 3.0.26a-1ubuntu2/debian/smb.conf --- 3.0.26a-1/debian/smb.conf 2007-10-04 09:08:53.0 +0100 +++ 3.0.26a-1ubuntu2/debian/smb.conf2007-10-04 09:08:11.0 +0100 @@ -172,7 +172,7 @@ # When using [print$], root is implicitly a 'printer admin', but you can # also give this right to other users to add drivers and set printer # properties -; printer admin = @ntadmin +; printer admin = @lpadmin Misc
Bug#451269: samba's package postinst script shouldn't return an error if samba daemon can't be started
Package: samba Version: 3.0.26a-1 Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu ubuntu-patch hardy If the samba configuration is broken, the postinst script fails. I've attached a patch that add true as the error-handler when restarting samba. First reported in Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/85194 diff -pruN 3.0.26a-1/debian/rules 3.0.26a-1ubuntu2/debian/rules --- 3.0.26a-1/debian/rules 2007-10-04 09:08:53.0 +0100 +++ 3.0.26a-1ubuntu2/debian/rules 2007-10-04 09:08:11.0 +0100 @@ -205,7 +206,7 @@ binary-arch: build install dh_installexamples dh_installlogrotate dh_installlogcheck - DH_OPTIONS= dh_installinit -psamba -- "defaults 20 19" + DH_OPTIONS= dh_installinit -psamba --error-handler=true -- "defaults 20 19" DH_OPTIONS= dh_installinit -pwinbind dh_installcron for pkg in samba smbfs winbind; do \
Bug#451271: Set default debconf group to MSHOME
Package: samba Version: 3.0.26a-1 Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu ubuntu-patch hardy I've attached a patch that sets a default value of MSHOME to the debconf question asking for the workgroup. MSHOME is the default workgroup name used in Windows. diff -pruN 3.0.26a-1/debian/samba-common.templates 3.0.26a-1ubuntu2/debian/samba-common.templates --- 3.0.26a-1/debian/samba-common.templates 2007-10-04 09:08:53.0 +0100 +++ 3.0.26a-1ubuntu2/debian/samba-common.templates 2007-10-04 09:08:11.0 +0100 @@ -28,7 +28,8 @@ _Description: Configure smb.conf automat Template: samba-common/workgroup Type: string -_Description: Workgroup/Domain Name: +Default: MSHOME +_Description: Workgroup/Domain Name? Please specify the workgroup you want this server to appear to be in when queried by clients. Note that this parameter also controls the domain name used with the security=domain setting.
Bug#451270: Make sure $PIDDIR exists (when /var/run is a tmpfs)
Package: samba Version: 3.0.26a-1 Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu ubuntu-patch hardy I've attached a patch to the init script that makes sure that the piddir exists. diff -pruN 3.0.26a-1/debian/samba.init 3.0.26a-1ubuntu2/debian/samba.init --- 3.0.26a-1/debian/samba.init 2007-10-04 09:08:53.0 +0100 +++ 3.0.26a-1ubuntu2/debian/samba.init 2007-10-04 09:08:11.0 +0100 @@ -31,6 +31,9 @@ test -x /usr/sbin/nmbd -a -x /usr/sbin/s case "$1" in start) log_daemon_msg "Starting Samba daemons" + # Make sure we have our PIDDIR, even if it's on a tmpfs +install -o root -g root -m 755 -d $PIDDIR + NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null` if [ "$NMBD_DISABLED" != 'Yes' ]; then log_progress_msg "nmbd"
Bug#451272: localized pam == no samba password changing
Package: samba
Version: 3.0.26a-1
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu ubuntu-patch hardy
To apply password change requests from Samba clients to system passwords and
not just to Samba passwords, Samba invokes PAM either directly or by way of
/usr/bin/passwd and is configured to know how to communicate with PAM modules
using expect-style rules (smb.conf setting "passwd chat"). Version 0.99.7.1 of
pam includes l10n support, which means that the prompts generated by PAM
modules are now different for each locale. To account for this, Samba should
explicitly use the C locale when attempting a password sync and restore the
user's locale setting afterwards.
First reported in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/139265
=== added file 'trunk/samba/debian/patches/chgpasswd.patch'
--- trunk/samba/debian/patches/chgpasswd.patch 1970-01-01 00:00:00 +
+++ trunk/samba/debian/patches/chgpasswd.patch 2007-11-13 17:43:17 +
@@ -0,0 +1,41 @@
+Index: samba-3.0.26a/source/smbd/chgpasswd.c
+===
+--- samba-3.0.26a.orig/source/smbd/chgpasswd.c
samba-3.0.26a/source/smbd/chgpasswd.c
+@@ -126,6 +126,7 @@
+ struct termios stermios;
+ gid_t gid;
+ uid_t uid;
++ char *eptrs[1] = { NULL };
+
+ if (pass == NULL)
+ {
+@@ -222,7 +223,7 @@
+ passwordprogram));
+
+ /* execl() password-change application */
+- if (execl("/bin/sh", "sh", "-c", passwordprogram, NULL) < 0)
++ if (execle("/bin/sh", "sh", "-c", passwordprogram, NULL, eptrs) < 0)
+ {
+ DEBUG(3, ("Bad status returned from %s\n", passwordprogram));
+ return (False);
+@@ -498,6 +499,9 @@
+ #ifdef WITH_PAM
+ if (lp_pam_password_change()) {
+ BOOL ret;
++#ifdef HAVE_SETLOCALE
++ char *prevlocale = setlocale(LC_MESSAGES, "C");
++#endif
+
+ if (as_root)
+ become_root();
+@@ -511,6 +515,9 @@
+ if (as_root)
+ unbecome_root();
+
++#ifdef HAVE_SETLOCALE
++ setlocale(LC_MESSAGES, prevlocale);
++#endif
+ return ret;
+ }
+ #endif
=== modified file 'trunk/samba/debian/patches/series'
--- trunk/samba/debian/patches/series 2007-11-12 21:58:04 +
+++ trunk/samba/debian/patches/series 2007-11-13 17:44:03 +
@@ -24,3 +24,4 @@
smbpasswd-syslog.patch
get_global_sam_sid-non-root.patch
usershare.patch
+chgpasswd.patch
Bug#443230: [Pkg-samba-maint] Bug#443230: Enable net usershare
Hi Steve, On Mon, Nov 12, 2007 at 07:05:08PM -0800, Steve Langasek wrote: > Mathias, I think the last remaining issue here is that we talked about > auto-migrating members from one of the existing groups, such as adm, to > the sambashare group. Does everyone agree this is an appropriate default > behavior on upgrades from previous versions and on new installs of samba? > We talked about that and this is what we agreed on. Another issue that was brought up is automatic synchronisation of unix and samba password. This could be done via pam_smbpass. FYI, the notes taken during the session can be found here: https://wiki.ubuntu.com/EasyFileSharing (in the BoF section at the bottom of the page). -- Mathias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#449422: DNS support not enabled at compile time
Package: samba Version: 3.0.26a-1 User: [EMAIL PROTECTED] Usertags: origin-ubuntu hardy Samba is not compiled with the dns option. Because of the way in which Active Directory updates DNS records this is a necessary feature for most Microsoft AD domains. # net ads dns Usage: DNS update support not enabled at compile time! Reported on Ubuntu (patch available there): https://bugs.launchpad.net/ubuntu/+source/samba/+bug/156686 -- Mathias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#448401: dovecot-common: Postinst fails if conffile don't exist
Package: dovecot-common Version: 1:1.0.5-1 Severity: normal Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu ubuntu-patch hardy If dovecot-ldap.conf or dovecot-sql.conf are removed, the post installation script fails on upgrade. Reported on launchpad: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/153161 The patch attached fixes the problem in the postinst script. diff -u dovecot-1.0.5/debian/dovecot-common.postinst dovecot-1.0.5/debian/dovecot-common.postinst --- dovecot-1.0.5/debian/dovecot-common.postinst +++ dovecot-1.0.5/debian/dovecot-common.postinst @@ -9,7 +9,7 @@ # configuration file in /etc/dovecot. ucf --three-way /usr/share/dovecot/$conffile /etc/dovecot/$conffile ucfr dovecot-common /etc/dovecot/$conffile -if [ "$conffile" != "dovecot.conf" ]; then +if [ "$conffile" != "dovecot.conf" ] && [ -f "$conffile" ]; then chmod 0600 /etc/dovecot/$conffile fi done
Bug#443230: Enable net usershare
Hi, I've attached a diff that implements the usershare option with suggestions discussed previously. I've reworked the postinst script to create the sambashare group and the directory. I've also updated man pages (smb.conf and net) to not include the steps to setup usershares. I've replaced it with a mention of the sambashare group. I haven't address the issue of adding an new option in the configuration file. -- Mathias Index: debian/samba-common.postinst === --- debian/samba-common.postinst (revision 1541) +++ debian/samba-common.postinst (working copy) @@ -102,3 +102,18 @@ db_stop #DEBHELPER# + +case "$1" in + configure) + # add the sambashare group + if ! getent group sambashare > /dev/null 2>&1 + then + addgroup --system sambashare + fi + + if [ ! -e /var/lib/samba/usershares ] + then + install -d -m 1775 -g sambashare /var/lib/samba/usershares + fi + ;; +esac Index: debian/patches/usershare_man.patch === --- debian/patches/usershare_man.patch (revision 0) +++ debian/patches/usershare_man.patch (revision 0) @@ -0,0 +1,61 @@ +Index: samba-3.0.26a/docs/manpages/smb.conf.5 +=== +--- samba-3.0.26a.orig/docs/manpages/smb.conf.5 2007-10-22 12:46:16.0 -0400 samba-3.0.26a/docs/manpages/smb.conf.5 2007-10-22 12:46:40.0 -0400 +@@ -254,6 +254,9 @@ + usershare path + .RS 3n + Points to the directory containing the user defined share definitions. The filesystem permissions on this directory control who can create user defined shares. ++.sp ++Default: ++\fB\fIusershare path\fR = /var/lib/samba/usershares \fR + .RE + .PP + usershare prefix allow list +@@ -271,32 +274,7 @@ + Names a pre-existing share used as a template for creating new usershares. All other share parameters not specified in the user defined share definition are copied from this named share. + .RE + .PP +-To allow members of the UNIX group +-foo +-to create user defined shares, create the directory to contain the share definitions as follows: +-.PP +-Become root: +- +-.nf +- +-mkdir /usr/local/samba/lib/usershares +-chgrp foo /usr/local/samba/lib/usershares +-chmod 1770 /usr/local/samba/lib/usershares +- +-.fi +-.PP +-Then add the parameters +- +-.sp +- +-.nf +- +- usershare path = /usr/local/samba/lib/usershares +- usershare max shares = 10 # (or the desired number of shares) +- +-.fi +-to the global section of your +-\fIsmb.conf\fR. Members of the group foo may then manipulate the user defined shares using the following commands. ++Members of the \fBsambashare\fR group can manipulate the user defined shares using the following commands: + .PP + net usershare add sharename path [comment] [acl] [guest_ok=[y|n]] + .RS 3n +Index: samba-3.0.26a/docs/manpages/net.8 +=== +--- samba-3.0.26a.orig/docs/manpages/net.8 2007-10-22 12:47:59.0 -0400 samba-3.0.26a/docs/manpages/net.8 2007-10-22 12:47:12.0 -0400 +@@ -677,7 +677,7 @@ + .PP + Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user define shares to be exported using the "net usershare" commands. + .PP +-To set this up, first set up your smb.conf by adding to the [global] section : usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops". Set the permissions on /usr/local/samba/lib/usershares to 01770. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file). Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb.conf a line such as : usershare max shares = 100. To allow 100 usershare definitions. Now, members of the UNIX group "serverops" can create user defined shares on demand using the commands below. ++Members of the UNIX group \fBsambashare\fR can create user defined shares on demand using the commands below. + .PP + The usershare commands are: + .IP "" 3n Index: debian/patches/series === --- debian/patches/series (revision 1541) +++ debian/patches/series (working copy) @@ -1,3 +1,4 @@ +usershare_man.patch cups.patch documentation.patch fhs-newpaths.patch Index: debian/smb.conf === --- debian/smb.conf (revision 1541) +++ debian/smb.conf (working copy) @@ -214,6 +214,13 @@ ; winbind enum groups = yes ; winbind enum users = yes + +# Setup usershare options to enable non-root user to share folders +# with the net usershare command. + +# Maximum number o
Bug#443230: Enable net usershare
On Sun, Sep 23, 2007 at 08:16:58PM +0200, Christian Perrier wrote: > Quoting Steve: > > > usershare = yes > > > usershare max shares = > > > > I'm not sure that we would want the share count to be unlimited by default > > either, though? > > Well, picking a number would be tricky. One that's suitable for Joe > might be completely incorrect for Barbara. > If 'usershare max shares' would be set to a value by default, it would come back to almost the same situation as the proposed one. The only difference would be the possibility for the user to set the number of shares to unlimited (which would not be the default value). The number 100 in the original patch is just a random number. -- Mathias signature.asc Description: Digital signature
Bug#447201: Update protocoles option in configuration when installing/removing -imapd/-pop3d packages
Package: dovecot
Version: 1:1.0.5-1
Tag: patch
Hi,
I've attached a patch that modifies the maintainer scripts to update the
protocoles option in dovecot.conf when -imap/-pop3d packages are
installed or removed.
It also fixes the maintainer scripts to start dovecot when restart the
daemon when -imap/-pop3d is removed.
The patch is based on ubuntu package 1:1.0.5-1ubuntu2. Here is an
extract from the changelog:
dovecot (1:1.0.5-1ubuntu2) gutsy; urgency=low
* Fix dovecot restart when removing -pop3d/-imapd packages (LP: #151650):
- debian/dovecot-{pop3d,imapd}.postrm: start dovecot.
* Restart dovecot when -pop3d/-imapd package are installed:
- debian/dovecot-{pop3d,imapd}.postinst: restart dovecot.
-- Mathias Gug <[EMAIL PROTECTED]> Thu, 11 Oct 2007 15:24:23 -0400
dovecot (1:1.0.5-1ubuntu1) gutsy; urgency=low
[Soren Hansen]
* Based on work by Mathias Gug: Enable imap/pop3 protocols when installing
dovecot-imap/dovecot-pop3 package (LP: #146648):
- debian/dovecot-pop3d.postinst, debian/dovecot-imapd.postinst: add
imap,imaps/pop3,pop3s to protocols line in dovecot.conf (removing "none"
if it's there).
- debian/dovecot-pop3d.postrm, debian/dovecot-imapd.postrm: remove
imap,imaps/pop3,pop3s from protocols line in dovecot.conf (putting
"none" if last protocol is removed).
* debian/patches/exec_check_for_none.dpatch:
- Disable access(..., X_OK) check for protocols that are not going to be
started anyway.
* debian/patches/protocols_none_by_default.dpatch:
- Set "protocols = none" by default.
-- Soren Hansen <[EMAIL PROTECTED]> Mon, 08 Oct 2007 15:05:46 +0200
The relevant LP links are:
* https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/146648
* https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/151650
--
Mathias
diff -uNr dovecot-1.0.5/debian/dovecot-imapd.postinst dovecot-1.0.5.update_default/debian/dovecot-imapd.postinst
--- dovecot-1.0.5/debian/dovecot-imapd.postinst 2007-10-18 17:12:11.0 -0400
+++ dovecot-1.0.5.update_default/debian/dovecot-imapd.postinst 2007-10-18 17:11:31.0 -0400
@@ -2,15 +2,17 @@
set -e
-#perl -pi.bak -e 'if (/^\s*protocols =/i) { s/$/ imap imaps/ unless /imap/; };'\
-# /etc/dovecot/dovecot.conf
-
+if [ "$1" = "configure" -a -z "$2" ]; then
+ # Add the imap and imaps options to the protocols line on first install
+ perl -pi.bak -e 'if (/^\s*protocols =/i) { s/none//; s/$/ imap imaps/ unless /imap/; s/[ \t]+/ /g; };'\
+ /etc/dovecot/dovecot.conf
+fi
if [ -x "/etc/init.d/dovecot" ]; then
if [ -x /usr/sbin/invoke-rc.d ]; then
- invoke-rc.d dovecot start
+ invoke-rc.d dovecot restart
else
- /etc/init.d/dovecot start
+ /etc/init.d/dovecot restart
fi
fi
diff -uNr dovecot-1.0.5/debian/dovecot-imapd.postrm dovecot-1.0.5.update_default/debian/dovecot-imapd.postrm
--- dovecot-1.0.5/debian/dovecot-imapd.postrm 1969-12-31 19:00:00.0 -0500
+++ dovecot-1.0.5.update_default/debian/dovecot-imapd.postrm 2007-10-18 17:11:31.0 -0400
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+
+if [ "$1" = "remove" ]; then
+ # Remove the imaps and imap option from the protocols line
+ perl -pi.bak -e 'if (/^\s*protocols =/i) { s/imaps//; s/imap//; s/$/ none/ unless (/pop3/ or /none/); s/[ \t]+/ /g; };'\
+ /etc/dovecot/dovecot.conf
+fi
+
+# Restart dovecot because we've updated the configuration file.
+if [ -x "/etc/init.d/dovecot" ]; then
+ if [ -x /usr/sbin/invoke-rc.d ] ; then
+ invoke-rc.d dovecot start
+ else
+ /etc/init.d/dovecot start
+ fi
+fi
+
+#DEBHELPER#
diff -uNr dovecot-1.0.5/debian/dovecot-pop3d.postinst dovecot-1.0.5.update_default/debian/dovecot-pop3d.postinst
--- dovecot-1.0.5/debian/dovecot-pop3d.postinst 2007-10-18 17:12:11.0 -0400
+++ dovecot-1.0.5.update_default/debian/dovecot-pop3d.postinst 2007-10-18 17:11:31.0 -0400
@@ -2,13 +2,17 @@
set -e
-#perl -pi.bak -e 'if (/^\s*protocols =/i) { s/$/ pop3 pop3s/ unless /pop3/; };'\
-# /etc/dovecot/dovecot.conf
+if [ "$1" = "configure" -a -z "$2" ]; then
+ # Add the pop3 and pop3s options to the protocols line.
+ perl -pi.bak -e 'if (/^\s*protocols =/i) { s/none//; s/$/ pop3 pop3s/ unless /pop3/; s/[ \t]+/ /g; };'\
+ /etc/dovecot/dovecot.conf
+fi
+
if [ -x "/etc/init.d/dovecot" ]; then
if [ -x /usr/sbin/invoke-rc.d ]; then
- invoke-rc.d dovecot start
+ invoke-rc.d dovecot restart
else
- /etc/init.d/dovecot start
+ /etc/init.d/dovecot restart
fi
fi
diff -uNr dovecot-1.0.5/debian/dovecot-pop3d.postrm dovecot-1.0.5.update_default/debian/dovecot-pop3d.postrm
--- dovecot-1.0.5/debian/dovecot-pop3d.postrm 1969-12-31 19:00:00.0 -0500
+++ dovecot-1.0.5.update_default/debian/dovecot-pop3d.postrm 2007-10-18 17:11:31.0 -0400
@@ -0,0 +1,20 @@
+#!/bin/sh
+s
Bug#376146: dovecot: Use the SSL snakeoil certificate - patch for 1.0.5.
Hi,
I've attached an updated patch (for 1.0.5) for the SSL snakeoil certificate.
It's been adapted from 1:1.0.5-1ubuntu2.
--
Mathias
diff -uNr dovecot-1.0.5/debian/control dovecot-1.0.5.ssl/debian/control
--- dovecot-1.0.5/debian/control 2007-10-18 16:52:15.0 -0400
+++ dovecot-1.0.5.ssl/debian/control 2007-10-18 16:53:23.0 -0400
@@ -9,7 +9,7 @@
Package: dovecot-common
Architecture: any
-Depends: ${shlibs:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser, ucf (>= 2.0020)
+Depends: ${shlibs:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser, ucf (>= 2.0020), ssl-cert (>= 1.0-11)
Replaces: dovecot
Description: secure mail server that supports mbox and maildir mailboxes
Dovecot is a mail server whose major goals are security and extreme
diff -uNr dovecot-1.0.5/debian/dovecot-common.postinst dovecot-1.0.5.ssl/debian/dovecot-common.postinst
--- dovecot-1.0.5/debian/dovecot-common.postinst 2007-10-18 16:52:15.0 -0400
+++ dovecot-1.0.5.ssl/debian/dovecot-common.postinst 2007-10-18 16:51:45.0 -0400
@@ -30,9 +30,8 @@
## SSL Certs
# Certs and key file
- SSL_CERT="/etc/ssl/certs/dovecot.pem"
- SSL_KEY=/etc/ssl/private/dovecot.pem
-
+ SSL_CERT=$( (grep "ssl_cert_file" /etc/dovecot/dovecot.conf || echo '/etc/ssl/certs/dovecot.pem') | cut -d'=' -f2)
+ SSL_KEY=$( (grep "ssl_key_file" /etc/dovecot/dovecot.conf || echo '/etc/ssl/private/dovecot.pem') | cut -d'=' -f2)
# Generate new certs if needed
if [ -e $SSL_CERT ] && [ -e $SSL_KEY ]; then
diff -uNr dovecot-1.0.5/debian/patches/00list dovecot-1.0.5.ssl/debian/patches/00list
--- dovecot-1.0.5/debian/patches/00list 2007-10-18 16:52:15.0 -0400
+++ dovecot-1.0.5.ssl/debian/patches/00list 2007-10-18 16:50:49.0 -0400
@@ -2,5 +2,6 @@
dovecot-sql
dovecot-drac
postgres_configure
+ssl-cert-snakeoil
quota_mountpoint
quota_v2
diff -uNr dovecot-1.0.5/debian/patches/ssl-cert-snakeoil.dpatch dovecot-1.0.5.ssl/debian/patches/ssl-cert-snakeoil.dpatch
--- dovecot-1.0.5/debian/patches/ssl-cert-snakeoil.dpatch 1969-12-31 19:00:00.0 -0500
+++ dovecot-1.0.5.ssl/debian/patches/ssl-cert-snakeoil.dpatch 2007-10-18 16:50:38.0 -0400
@@ -0,0 +1,35 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## ssl-cert-snakeoil.dpatch by <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad dovecot-1.0.rc1~/dovecot-example.conf dovecot-1.0.rc1/dovecot-example.conf
+--- dovecot-1.0.rc1~/dovecot-example.conf 2006-06-30 15:33:41.0 +0200
dovecot-1.0.rc1/dovecot-example.conf 2006-06-30 15:33:41.0 +0200
+@@ -86,8 +86,8 @@
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+ # root.
+-#ssl_cert_file = /etc/ssl/certs/dovecot.pem
+-#ssl_key_file = /etc/ssl/private/dovecot.pem
++#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
++#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # If key file is password protected, give the password here. Alternatively
+ # give it when starting dovecot with -p parameter.
+diff -urNad dovecot-1.0.rc1~/src/master/master-settings.c dovecot-1.0.rc1/src/master/master-settings.c
+--- dovecot-1.0.rc1~/src/master/master-settings.c 2006-06-17 18:49:04.0 +0200
dovecot-1.0.rc1/src/master/master-settings.c 2006-06-30 15:34:50.0 +0200
+@@ -273,8 +273,8 @@
+
+ MEMBER(ssl_disable) FALSE,
+ MEMBER(ssl_ca_file) "",
+- MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
+- MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
++ MEMBER(ssl_cert_file) SSLDIR"/certs/ssl-cert-snakeoil.pem",
++ MEMBER(ssl_key_file) SSLDIR"/private/ssl-cert-snakeoil.key",
+ MEMBER(ssl_key_password) "",
+ MEMBER(ssl_parameters_regenerate) 168,
+ MEMBER(ssl_cipher_list) "",
Bug#443230: [Pkg-samba-maint] Bug#443230: Enable net usershare
On Wed, Sep 19, 2007 at 10:50:01PM +0200, Christian Perrier wrote: > A first concern comes with the dedicated group name. Should we use > "smbshare" and then still advertise that obsolete acronym (SMB) which > is however known by nearly everybody? > Another proposal is to use a group named fileshare, that could be used to define a list of users that are allowed to define shared directories on the network (via samba, nfs, ftp or any other protocol). -- Mathias signature.asc Description: Digital signature
Bug#443230: Enable net usershare
Package: samba Version: 3.0.26a Tags: patch I've attached a debdiff that adds net usershare support to samba. It enables users part of the smbshare group to create shares using the net usershare command. More information about net usershare can me found in the man page of the net command: Starting with version 3.0.23, a Samba server now supports the ability for non-root users to add user define shares to be exported using the "net usershare" commands. This was discussed for Ubuntu here: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/128548 -- Mathias diff -u samba-3.0.25b/debian/rules samba-3.0.25b/debian/rules --- samba-3.0.25b/debian/rules +++ samba-3.0.25b/debian/rules @@ -147,6 +147,8 @@ install -m 0644 debian/mksmbpasswd.8 $(DESTDIR)/usr/share/man/man8/mksmbpasswd.8 install -m 0644 source/nsswitch/libnss_winbind.so $(DESTDIR)/lib/libnss_winbind.so.2 install -m 0644 source/nsswitch/libnss_wins.so $(DESTDIR)/lib/libnss_wins.so.2 + # Create usershare directory + install -m 01770 -d $(DESTDIR)/var/lib/samba/usershares ifeq ($(smbfs),yes) # Create the symlinks that will allow us to do "mount -t smbfs ..." diff -u samba-3.0.25b/debian/samba-common.postinst samba-3.0.25b/debian/samba-common.postinst --- samba-3.0.25b/debian/samba-common.postinst +++ samba-3.0.25b/debian/samba-common.postinst @@ -113,0 +114,15 @@ + +case "$1" in + configure) + # add the smbshare group + if ! getent group smbshare > /dev/null 2>&1 + then + addgroup --system smbshare + fi + + # update the ownership of /var/lib/samba/usershares + chgrp smbshare /var/lib/samba/usershares + # update the permissions + chmod 01770 /var/lib/samba/usershares + ;; +esac diff -u samba-3.0.25b/debian/smb.conf samba-3.0.25b/debian/smb.conf --- samba-3.0.25b/debian/smb.conf +++ samba-3.0.25b/debian/smb.conf @@ -214,6 +214,15 @@ ; winbind enum groups = yes ; winbind enum users = yes +# Setup usershare options to enable non-root user to share folders +# with the net usershare command. + +# The path were the share definition will be stored. Only members of the group +# owning the path will be able to use the net usershare command. + usershare path = /var/lib/samba/usershares +# Maximum number of usershare. 0 (default) means that usershare is disabled. + usershare max shares = 100 + #=== Share Definitions === # Un-comment the following (and tweak the other settings below to suit) diff -u samba-3.0.25b/debian/samba-common.dirs samba-3.0.25b/debian/samba-common.dirs --- samba-3.0.25b/debian/samba-common.dirs +++ samba-3.0.25b/debian/samba-common.dirs @@ -5,0 +6 @@ +var/lib/samba/usershares
Bug#436341: Apache's default site not enabled on new install
Package: apache2 Version: 2.2.4-2 Reported on Launchpad: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/130625 When a new install is performed, the default site configuration (/etc/apache2/sites-enabled/000-default) is not linked from /etc/apache2/sites-available/default. This is probably due to the addition of /etc/apache2/ports.conf as a conffile managed by dpkg. The postinst script from apache2-common checks whether /etc/apache2/ports.conf exists or not. If it exists, it will consider upgrade from_2_0. Thus it never gets to install the default site as this is only done on new_install. Step to reproduce: 1. Install apache2. 2. Point a browser to the website Result: 404 Not Found Expected result: The default site. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#430018: Man pages are non-free
Package: mysql-dfsg-5.0 Version: 5.0.41-2 All man pages which ship with mysql-dfsg-5.0 says: COPYRIGHT Copyright 1997-2007 MySQL AB This documentation is NOT distributed under a GPL license. Use of this documentation is subject to the following terms: You may create a printed copy of this documentation solely for your own personal use. Conversion to other formats is allowed as long as the actual content is not altered or edited in any way. You shall not publish or distribute this documentation in any form or on any media, except if you distribute the documentation in a manner similar to how MySQL disseminates it (that is, electronically for download on a Web site with the software) or on a CD\-ROM or similar medium, provided however that the documentation is disseminated together with the software on the same medium. Any other use, such as any dissemination of printed copies or use of this documentation, in whole or in part, in another publication, requires the prior written consent from an authorized representative of MySQL AB. MySQL AB reserves any and all rights to this documentation not expressly granted above. This seems to be non-free. Reported on ubuntu: https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/121441 -- Mathias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
