Hi Luke, On Wed, Sep 09, 2009 at 09:58:34PM -0400, Luke Faraone wrote:
I'm currently working on packaging Rainbow<http://wiki.laptop.org/go/Rainbow>, an implementation of the Bitfrost <http://wiki.laptop.org/go/OLPC_Bitfrost> security spesification. Rainbow runs user-level desktop applications with the same level of resource isolation already used with a variety of system daemons, giving each application instance its own UID, GID, and persistent storage directory.In order to function, Rainbow requires a NSS module, libnss-rainbow, to be installed and enabled in /etc/nsswitch.conf.From what I can tell (as seen on bug 388864<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388864> ), libnss-mdns modifies /etc/nsswitch.conf directly as part of its postinst. I thought this wasn't allowed by Debian policy, but if I'm misunderstanding I'm more than happy to adopt their solution.
libnss-mdns 0.10-3.1 currently in Sid contains the following: ---- README.Debian ---- Previously the base-files package shipped /etc/nsswitch.conf and specified: hosts: files dns mdns However, due to bug#351990, this is no longer the case. /etc/nsswitch.conf is now generated post-installation. Upon installation of nss-mdns, if the strings 'mdns', 'mdns_minimal', 'mdns4', 'mdns4_minimal', 'mdns6' or 'mdns6_minimal' appear on the hosts line, your /etc/nsswitch.conf file will not be updated, otherwise it will updated to match the upstream recommended configuration which usually looks like: hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 ---- README.Debian ----Perhaps you could do similar arrangements until a unified solution is found.
On Ubuntu AuthClientConfig <https://wiki.ubuntu.com/AuthClientConfig> seems to serve a similar purpose. Assuming the above workaround was not acceptable, would porting ACC to Debian and using that hook in my package be so?
I don't know that tool (and have no time to investigate it currently) so can't comment on that at the moment.
Please CC me, as I'm not subscribed to this list.
You _are_ subscribed to the OLPC list at Alioth, so I've just made sure to include that one :-)
Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Description: Digital signature