On Sat, Jun 04, 2016 at 02:33:05PM +0000, Holger Levsen wrote: > On Mon, Dec 07, 2015 at 12:17:18AM +0100, Petter Reinholdtsen wrote: > > [Wolfgang Schweer] > > > While testing to upgrade a combined server (profiles: Main-Server, > > > Workstation, Thin-Client-Server) from wheezy to jessie I noticed that > > > upgrading failed (when pam-auth-update was run) cause the postinst did > > > not remove a diversion. > > I ran into this too when I upgraded an old Wheezy machine just now. > > Thank you very much for the bug report. It was very useful! > [...] > > I believe it happen because the file > > /usr/share/debian-edu-config/pam-config-krb5 no longer included in the > > deb is removed when the new version is unpacked, while the postinst > > might run a long time after it is removed. I suspect code need to be in > > a preinst script instead, to avoid the problem. > > > > I suspect what went wrong was this: > > > > (1) The divert /usr/share/pam-configs/edu-krb5 is operatinonal and > > pointing to an existing file > > /usr/share/debian-edu-config/pam-config-krb5. > > > > (2) debian-edu-config is unpacked, the divert is still in place, but > > the file /usr/share/debian-edu-config/pam-config-krb5 is removed by > > dpkg. > > > > (3) Some other package try to run pam-auth-update, which fail because > > /usr/share/pam-configs/ contain a bogus file (the dangling symlink) > > > > (4) Perhaps the new debian-edu-config postinst script is executed, > > perhaps not. It depend on the set of packages being upgraded. > > > > (5) apt give up and report upgrade failure. > > > > If we make sure the divert is removed before the package is unpacked, > > there will be no dangling symlink and pam-auth-update will work the > > whole time. > > I've checked prerm and the code to remove this divert is already there, > so I suppose this needs to be done in preinst instead? I guess yes, as it is run earlier. Wolfgang
Attachment:
signature.asc
Description: Digital signature