On Mon, Dec 07, 2015 at 12:17:18AM +0100, Petter Reinholdtsen wrote: > [Wolfgang Schweer] > > While testing to upgrade a combined server (profiles: Main-Server, > > Workstation, Thin-Client-Server) from wheezy to jessie I noticed that > > upgrading failed (when pam-auth-update was run) cause the postinst did > > not remove a diversion. > I ran into this too when I upgraded an old Wheezy machine just now. > Thank you very much for the bug report. It was very useful! [...] > I believe it happen because the file > /usr/share/debian-edu-config/pam-config-krb5 no longer included in the > deb is removed when the new version is unpacked, while the postinst > might run a long time after it is removed. I suspect code need to be in > a preinst script instead, to avoid the problem. > > I suspect what went wrong was this: > > (1) The divert /usr/share/pam-configs/edu-krb5 is operatinonal and > pointing to an existing file > /usr/share/debian-edu-config/pam-config-krb5. > > (2) debian-edu-config is unpacked, the divert is still in place, but > the file /usr/share/debian-edu-config/pam-config-krb5 is removed by > dpkg. > > (3) Some other package try to run pam-auth-update, which fail because > /usr/share/pam-configs/ contain a bogus file (the dangling symlink) > > (4) Perhaps the new debian-edu-config postinst script is executed, > perhaps not. It depend on the set of packages being upgraded. > > (5) apt give up and report upgrade failure. > > If we make sure the divert is removed before the package is unpacked, > there will be no dangling symlink and pam-auth-update will work the > whole time. I've checked prerm and the code to remove this divert is already there, so I suppose this needs to be done in preinst instead? -- cheers, Holger
Attachment:
signature.asc
Description: Digital signature