[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PAM release status



On Sun, Apr 04, 2004 at 04:28:51PM -0400, Sam Hartman wrote:
> [Hi.  Copies on replies appreciated.]
[...]
> 1)  PAM upgrades from woody force users to answer a dpkg conffile
>     question.
[...]
> I believe it is unacceptable for an upgrade of a default install of
> woody to sarge to ask dpkg conffile questions.

I agree.

> My current proposal is to detect this situation in the preinst of
> libpam-runtime by noticing if we are upgrading from the woody version
> of PAM and if the md5sum of /etc/pam.d/other matches one with md5
> passwords.  If so, then I will modify the file back to the state woody
> ships with in the preinst.  I'll submit similar patches to shadow.
> 
> The down side of this proposal is that if  the user somehow aborts the
> upgrade between running the preinst and the  upgrade completing, they
> will have md5 passwords disabled.  I think that's acceptable, because
> when they do eventually upgrade to sarge, the md5 passwords will be
> enabled again.

I suggest using an approach similar to the one I used to de-conffile
/etc/X11/rstart/rstart.real.  Basically, you move the file aside in the
preinst under the conditions of interest, replacing it or changing it as
you need to.

In the postinst, you delete the moved-aside copy.

In the postrm, if $1 is "abort-upgrade" or "abort-install", you check
for the existence of the moved-aside file, and if it exists, you move it
back.

Example code:

preinst:

if [ "$1" = "install" -o "$1" = "upgrade" ]; then
  # rstard.real moved out of /etc in 4.3.0-1; we do not use
  # remove_conffile_prepare() because it was an ELF object and list of
  # canonical MD5 sums would be horrendously long.  Furthermore, if the FHS
  # priests are correct, no one will have taken this file's claims of
  # configurability seriously.
  if dpkg --compare-versions "$2" lt "4.3.0-1"; then
    if [ -e /etc/X11/rstart/rstartd.real ] ; then
      observe "preparing to remove obsolete conffile" \
              "/etc/X11/rstart/rstartd.real"
      mv /etc/X11/rstart/rstartd.real /etc/X11/rstart/rstartd.real.dpkg-tmp
    fi
  fi
fi

postinst:

# now safe to finish migrations started in preinst
if [ -e /etc/X11/rstart/rstartd.real.dpkg-tmp ]; then
  # we do not use remove_conffile_commit(); see xutils preinst script
  observe "committing removal of obsolete conffile" \
          "/etc/X11/rstart/rstartd.real"
  rm /etc/X11/rstart/rstartd.real.dpkg-tmp
fi

postrm:

if [ "$1" = "abort-install" -o "$1" = "abort-upgrade" ]; then
  if [ -e /etc/X11/rstart/rstartd.real.dpkg-tmp ]; then
    # we do not use remove_conffile_rollback(); see xutils preinst script
    observe "rolling back removal of obsolete conffile" \
            "/etc/X11/rstart/rstartd.real"
    mv /etc/X11/rstart/rstartd.real.dpkg-tmp /etc/X11/rstart/rstartd.real
  fi
fi

(Please ignore references to my observe() shell function.)

That should do the right thing if the user somehow aborts the upgrade.
dpkg *will* attempt to roll back the state of the system.  If the user
kills even that off, then it's not your package's fault.

-- 
G. Branden Robinson                |       Convictions are more dangerous
Debian GNU/Linux                   |       enemies of truth than lies.
branden@debian.org                 |       -- Friedrich Nietzsche
http://people.debian.org/~branden/ |

Attachment: signature.asc
Description: Digital signature


Reply to: