Freeze exception for libpam-afs-session 1.7-2
This package has been a bit neglected since I've been working on a new
upstream release and was hoping to fix everything in conjunction with
uploading that, but it's taking more time than I expected. This version
fixes just the things that should be fixed for squeeze.
I would particularly like to get the pam-auth-update change into squeeze,
since supporting that framework makes configuring PAM modules considerably
easier and avoids a lot of complexity otherwise in linking
libpam-afs-session with a Kerberos PAM module.
The annotated changelog is:
* Apply upstream deltas:
- [3e57d766] Don't return an initialized value when notokens is set
One-line change to initialize a variable, cherry-picked from upstream.
* Install a pam-auth-update profile for pam_afs_session that runs it
from the additional section during both auth and session. Thanks,
Nate Coraor. (Closes: #523796)
pam-auth-update support as mentioned above.
* Remove libpam-openafs-session transitional package. This package was
needed for upgrades from etch to lenny.
This also means debian/rules changes to empty the binary-indep target.
The transition package has been around for a full release and should no
longer be needed.
* Add ${misc:Depends} to dependencies.
* Change section to admin to match override.
* Update standards version to 3.9.1 (no changes required).
* Explicitly declare source format 1.0 for right now.
Minor changes to clean up Lintian tags. These are all very simple and
safe one-line changes.
Here is the diff from the previous version. Most of the changes are for
pam-auth-update support and to remove the old transitional package.
diff --git a/debian/README.Debian b/debian/README.Debian
index 6faec24..20352b5 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -1,9 +1,14 @@
libpam-afs-session for Debian
-----------------------------
-After installing this package, you must modify your PAM configuration
-for full AFS PAM support. If you only need AFS integration for regular
-logins, adding:
+When you initially install this package, you will have the option to
+choose to automatically configure your PAM configuration to include it.
+If you do so, a standard set of PAM options will be used that will work
+for most users. If those options do not work for you or if you can't use
+automatic PAM configuration for some reason (such as another PAM module
+that doesn't support it), see below.
+
+If you only need AFS integration for regular interactive logins, adding:
session required pam_afs_session.so
@@ -49,4 +54,4 @@ option).
For more information, see the pam_afs_session man page.
- -- Russ Allbery <rra@debian.org>, Sat, 8 Mar 2008 20:24:23 -0800
+ -- Russ Allbery <rra@debian.org>, Wed, 11 Aug 2010 16:15:10 -0700
diff --git a/debian/changelog b/debian/changelog
index fa11f65..b51ac54 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+libpam-afs-session (1.7-2) unstable; urgency=low
+
+ * Apply upstream deltas:
+ - [3e57d766] Don't return an initialized value when notokens is set
+ * Install a pam-auth-update profile for pam_afs_session that runs it
+ from the additional section during both auth and session. Thanks,
+ Nate Coraor. (Closes: #523796)
+ * Remove libpam-openafs-session transitional package. This package was
+ needed for upgrades from etch to lenny.
+ * Add ${misc:Depends} to dependencies.
+ * Change section to admin to match override.
+ * Update standards version to 3.9.1 (no changes required).
+ * Explicitly declare source format 1.0 for right now.
+
+ -- Russ Allbery <rra@debian.org> Wed, 11 Aug 2010 17:45:40 -0700
+
libpam-afs-session (1.7-1) unstable; urgency=low
* New upstream release.
diff --git a/debian/control b/debian/control
index 95b16bb..3c765da 100644
--- a/debian/control
+++ b/debian/control
@@ -1,9 +1,9 @@
Source: libpam-afs-session
-Section: net
+Section: admin
Priority: optional
Maintainer: Russ Allbery <rra@debian.org>
Uploaders: Sam Hartman <hartmans@debian.org>
-Standards-Version: 3.8.0
+Standards-Version: 3.9.1
Build-Depends: debhelper (>= 5), libpam0g-dev, libkrb5-dev, comerr-dev
Homepage: http://www.eyrie.org/~eagle/software/pam-afs-session/
Vcs-Git: git://git.debian.org/git/pkg-k5-afs/libpam-afs-session.git
@@ -11,7 +11,7 @@ Vcs-Browser: http://git.debian.org/?p=pkg-k5-afs/libpam-afs-session.git
Package: libpam-afs-session
Architecture: any
-Depends: ${shlibs:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6~)
Recommends: openafs-client, openafs-krb5 | heimdal-clients,
libpam-krb5 | libpam-heimdal
Description: PAM module to set up a PAG and obtain AFS tokens
@@ -23,15 +23,3 @@ Description: PAM module to set up a PAG and obtain AFS tokens
an external program (usually aklog) to obtain tokens from Kerberos
tickets. It is designed to work with a Kerberos PAM module that obtains
the initial Kerberos tickets.
-
-Package: libpam-openafs-session
-Section: oldlibs
-Priority: extra
-Architecture: all
-Depends: libpam-afs-session
-Description: PAM module to obtain PAGs and AFS tokens (transitional package)
- The libpam-openafs-session package has been replaced with
- libpam-afs-session. This transitional package depends on the new module
- and installs a symlink so that old PAM configurations will continue to
- work. Once the system PAM configuration has been updated to reference
- pam_afs_session.so instead, this package can be removed.
diff --git a/debian/copyright b/debian/copyright
index 277def5..1bf7f3f 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -10,7 +10,8 @@ Upstream Author:
Debian packaging copyright:
- Copyright 2007, 2008 Board of Trustees, Leland Stanford Jr. University
+ Copyright 2007, 2008, 2010
+ Board of Trustees, Leland Stanford Jr. University
All files and modifications related to Debian packaging are covered
under the same license terms as the rest of the package.
diff --git a/debian/dirs b/debian/dirs
new file mode 100644
index 0000000..d1f6515
--- /dev/null
+++ b/debian/dirs
@@ -0,0 +1 @@
+lib/security
diff --git a/debian/libpam-afs-session.dirs b/debian/libpam-afs-session.dirs
deleted file mode 100644
index d1f6515..0000000
--- a/debian/libpam-afs-session.dirs
+++ /dev/null
@@ -1 +0,0 @@
-lib/security
diff --git a/debian/libpam-openafs-session.NEWS b/debian/libpam-openafs-session.NEWS
deleted file mode 100644
index 1e9eca5..0000000
--- a/debian/libpam-openafs-session.NEWS
+++ /dev/null
@@ -1,15 +0,0 @@
-libpam-openafs-session (1.3-1) unstable; urgency=low
-
- The libpam-openafs-session package and pam_openafs_session.so module
- have been superseded by libpam-afs-session and pam_afs_session.so, which
- provides the same functionality plus many additional options and better
- PAM integration.
-
- The libpam-openafs-session package only installs a symlink from
- /lib/security/pam_openafs_session.so to /lib/security/pam_afs_session.so
- so that existing PAM configurations continue to work. You should
- replace all instances of pam_openafs_session.so with pam_afs_session.so
- in your PAM configuration. After you've done that, you can safely
- remove the libpam-openafs-session package.
-
- -- Russ Allbery <rra@debian.org> Wed, 11 Apr 2007 13:46:18 -0700
diff --git a/debian/libpam-openafs-session.links b/debian/libpam-openafs-session.links
deleted file mode 100644
index ce2bf93..0000000
--- a/debian/libpam-openafs-session.links
+++ /dev/null
@@ -1 +0,0 @@
-lib/security/pam_afs_session.so lib/security/pam_openafs_session.so
diff --git a/debian/pam-auth-update b/debian/pam-auth-update
new file mode 100644
index 0000000..d8ec497
--- /dev/null
+++ b/debian/pam-auth-update
@@ -0,0 +1,9 @@
+Name: AFS session management
+Default: yes
+Priority: 64
+Auth-Type: Additional
+Auth:
+ optional pam_afs_session.so
+Session-Type: Additional
+Session:
+ optional pam_afs_session.so
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000..3e5c17c
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+set -e
+pam-auth-update --package
+
+#DEBHELPER#
diff --git a/debian/prerm b/debian/prerm
new file mode 100755
index 0000000..62a44ff
--- /dev/null
+++ b/debian/prerm
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+# pam-auth-update --remove removes the named profile from the active config.
+# It arguably should be called during deconfigure as well, but deconfigure
+# can happen in some cases during a dist-upgrade and we don't want to
+# deconfigure all PAM modules in the middle of a dist-upgrade by accident.
+#
+# More importantly, with the current implementation, --remove also removes
+# all local preferences for the named config (such as whether it's enabled
+# or disabled), which we don't want to do on deconfigure.
+#
+# This may need to change later as pam-auth-update evolves.
+
+if [ "$1" = "remove" ] ; then
+ pam-auth-update --package --remove afs-session
+fi
+
+#DEBHELPER#
diff --git a/debian/rules b/debian/rules
index d499a36..7e535e4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -55,24 +55,13 @@ install-stamp: build-stamp
dh_installdirs
install -m 644 pam_afs_session.so \
$(CURDIR)/debian/libpam-afs-session/lib/security
+ install -d debian/libpam-afs-session/usr/share/pam-configs
+ install -m 644 debian/pam-auth-update \
+ debian/libpam-afs-session/usr/share/pam-configs/afs-session
touch $@
-binary: binary-arch binary-indep
-
-binary-indep: DH_OPTIONS=-i
+binary: binary-arch
binary-indep:
- dh_testdir
- dh_testroot
- dh_installchangelogs
- dh_installdocs
- dh_link
- dh_compress
- dh_fixperms
- dh_installdeb
- dh_gencontrol
- dh_md5sums
- dh_builddeb
-
binary-arch: DH_OPTIONS=-a
binary-arch: build install
dh_testdir
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..d3827e7
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+1.0
diff --git a/public.c b/public.c
index cc1666c..f8841c3 100644
--- a/public.c
+++ b/public.c
@@ -44,7 +44,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
const char *argv[])
{
struct pam_args *args;
- int pamret;
+ int pamret = PAM_SUCCESS;
const void *dummy;
args = pamafs_args_parse(flags, argc, argv);
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: