[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Modifying /etc/nsswitch.conf in Debian Packages

Hi Luke,

On Wed, Sep 09, 2009 at 09:58:34PM -0400, Luke Faraone wrote:
I'm currently working on packaging Rainbow<http://wiki.laptop.org/go/Rainbow>, an implementation of the Bitfrost <http://wiki.laptop.org/go/OLPC_Bitfrost> security spesification. Rainbow runs user-level desktop applications with the same level of resource isolation already used with a variety of system daemons, giving each application instance its own UID, GID, and persistent storage directory.

In order to function, Rainbow requires a NSS module, libnss-rainbow, to be installed and enabled in /etc/nsswitch.conf.

From what I can tell (as seen on bug 388864<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388864> ), libnss-mdns modifies /etc/nsswitch.conf directly as part of its postinst. I thought this wasn't allowed by Debian policy, but if I'm misunderstanding I'm more than happy to adopt their solution.

libnss-mdns 0.10-3.1 currently in Sid contains the following:

---- README.Debian ----
Previously the base-files package shipped /etc/nsswitch.conf and specified:

    hosts:          files dns mdns

However, due to bug#351990, this is no longer the case. /etc/nsswitch.conf
is now generated post-installation. Upon installation of nss-mdns, if the
strings 'mdns', 'mdns_minimal', 'mdns4', 'mdns4_minimal', 'mdns6' or
'mdns6_minimal' appear on the hosts line, your /etc/nsswitch.conf file
will not be updated, otherwise it will updated to match the upstream
recommended configuration which usually looks like:

    hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
---- README.Debian ----

Perhaps you could do similar arrangements until a unified solution is found.

On Ubuntu AuthClientConfig <https://wiki.ubuntu.com/AuthClientConfig> seems to serve a similar purpose. Assuming the above workaround was not acceptable, would porting ACC to Debian and using that hook in my package be so?

I don't know that tool (and have no time to investigate it currently) so can't comment on that at the moment.

Please CC me, as I'm not subscribed to this list.

You _are_ subscribed to the OLPC list at Alioth, so I've just made sure to include that one :-)


- Jonas

* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: Digital signature

Reply to: