TL;DR It's fixed in Noble and forward, but we cannot backport the
changes because they rely on dh-nss, which has only been available since
Noble.
I can confirm @lucaskanashiro comment (#8), and the thing is that in the
noble version Debian removed entirely de sss additions from the
postinst:
diff -Nru sssd-2.6.3/debian/libnss-sss.postinst
sssd-2.9.4/debian/libnss-sss.postinst
--- sssd-2.6.3/debian/libnss-sss.postinst 2022-10-05 01:04:33.000000000
+0200
+++ sssd-2.9.4/debian/libnss-sss.postinst 2024-04-05 15:23:52.000000000
+0200
@@ -1,53 +1,27 @@
#!/bin/sh
set -e
-#DEBHELPER#
+case "$1" in
+ configure)
+ if [ -n "$2" ]; then
+ # upgrade
+ version="$2"
+
+ # fix automount typo
+ if dpkg --compare-versions $version lt "2.2.3-3"; then
+ sed -i 's/automounter/automount/'
"${DPKG_ROOT}/etc/nsswitch.conf"
+ fi
+ fi
+ ;;
-# This code was taken from libnss-myhostname, which got it from nss-mdns:
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
-log() {
- echo "$*"
-}
-
-# try to insert sss entries to the passwd, group, shadow and netgroup
-# lines in /etc/nsswitch.conf to automatically enable libnss-sss
-# support; do not change the configuration if the lines already
-# references some sss lookups
-insert_nss_entry() {
- log "Checking NSS setup..."
- # abort if /etc/nsswitch.conf does not exist
- if ! [ -e /etc/nsswitch.conf ]; then
- log "Could not find /etc/nsswitch.conf."
- return
- fi
- # append 'sss' to the end of the line if it's not found already
- sed -i --regexp-extended '
- /^(passwd|group|shadow|netgroup|services|automounter):/ {
- /\bsss\b/! s/$/ sss/
- }
- ' /etc/nsswitch.conf
- # and add a new entry for automount if it's not there
- if ! grep -q automount /etc/nsswitch.conf; then
- log "Adding an entry for automount."
- echo "automount: sss" >> /etc/nsswitch.conf
- fi
-}
-
-action="$1"
-
-if [ configure = "$action" ]; then
- if [ -z "$2" ]; then
- log "First installation detected..."
- # first install: setup the recommended configuration (unless
- # nsswitch.conf already contains sss entries)
- insert_nss_entry
- else
- # upgrade
- version="$2"
-
- # fix automount typo
- if dpkg --compare-versions $version lt "2.2.3-3"; then
- sed -i 's/automounter/automount/' /etc/nsswitch.conf
- fi
- fi
-fi
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+
+#DEBHELPER#
and creating these lines outside it in a new Debian/libnss-sss.nss file:
diff -Nru sssd-2.6.3/debian/libnss-sss.nss sssd-2.9.4/debian/libnss-sss.nss
--- sssd-2.6.3/debian/libnss-sss.nss 1970-01-01 01:00:00.000000000 +0100
+++ sssd-2.9.4/debian/libnss-sss.nss 2024-04-05 15:23:52.000000000 +0200
@@ -0,0 +1,8 @@
+automount database-add
+
+passwd last sss
+group last sss
+shadow last sss
+netgroup last sss
+services last sss
+automount last sss
The postrm was modified as well:
diff -Nru sssd-2.6.3/debian/libnss-sss.postrm
sssd-2.9.4/debian/libnss-sss.postrm
--- sssd-2.6.3/debian/libnss-sss.postrm 2022-10-05 01:04:33.000000000 +0200
+++ sssd-2.9.4/debian/libnss-sss.postrm 2024-04-05 15:23:52.000000000 +0200
@@ -3,32 +3,26 @@
#DEBHELPER#
-# This code was taken from libnss-myhostname, which got it from nss-mdns:
-
log() {
echo "$*"
}
-remove_nss_entry() {
+remove_nss_automount_db () {
log "Checking NSS setup..."
# abort if /etc/nsswitch.conf does not exist
- if ! [ -e /etc/nsswitch.conf ]; then
- log "Could not find /etc/nsswitch.conf."
+ if ! [ -e "${DPKG_ROOT}/etc/nsswitch.conf" ]; then
+ log "Could not find ${DPKG_ROOT}/etc/nsswitch.conf."
return
fi
- sed -i --regexp-extended '
- /^(passwd|group|shadow|netgroup|services):/ {
- s/\bsss\b//g
- s/[[:space:]]+$//
- }
- ' /etc/nsswitch.conf
- sed -i '/^automount/d' /etc/nsswitch.conf
+
+ # Remove NSS databases: `automount` and `automounter` (legacy).
+ sed -i '/^automount/d' "${DPKG_ROOT}/etc/nsswitch.conf"
}
case "$1" in
remove|purge)
if [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then
- remove_nss_entry
+ remove_nss_automount_db
fi
;;
upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
In version 2.7.3-2, the sss service started to be installed via dh_installnss:
sssd (2.7.3-2) unstable; urgency=medium
[...]
[ Gioele Barabucci ]
[...] * d/libnss-sss.nss: Install NSS service `sss` via dh_installnss
All of this seems to be added in version 2.8.2-3 for a similar issue:
sssd (2.8.2-3) unstable; urgency=medium
[ Gioele Barabucci ]
* d/libnss-sss.nss: Update to `database-add`
* d/libsss-sudo.nss: Install `sss` service for sudoers via dh-nss (Closes:
#783889)
* d/libsss-sudo.post{inst,rm}: Remove now that the services are installed via
dh-nss
* d/sssd-common.nss: Use new directive name `database-add`
and extended for libnss-sss in version 2.9.1.1:
sssd (2.9.1-1) unstable; urgency=medium
* New upstream release.
* libnss-sss.postinst: Migrate to use 'case' like the other postinsts.
but dh-nss is not present in Jammy and previous series.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1916562
Title:
libnss-sss removes config when not being purged
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dh-nss/+bug/1916562/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
