Bug#776141: unblock: sssd/1.11.7-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#776141: unblock: sssd/1.11.7-3
From: Andreas Beckmann <anbe@debian.org>
Date: Sat, 24 Jan 2015 13:29:43 +0100
Message-id: <[🔎] 20150124122943.30233.36907.reportbug@zam581.zam.kfa-juelich.de>
Reply-to: Andreas Beckmann <anbe@debian.org>, 776141@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package sssd

sssd/1.11.7-3 fixes handling of /etc/nsswitch.conf (#749722)
(libnss-sss needs a sudoers: entry in /etc/nsswitch.conf)

* on some install/upgrade scenarios the check was inadvertantly skipped
  and therefore sss was not enabled by default

* on package removal remove the sudoers line from etc/nsswitch.conf
  if only the default values remain - restores /etc/nsswitch.conf to the
  state before installation of libnss-sss (by undoing the edits, not by
  restoring a backup)
  (piuparts triggers an error if /etc/nsswitch.conf has still
  modifications left after the package was purged)

Andreas

unblock sssd/1.11.7-3

diff -u sssd-1.11.7/debian/changelog sssd-1.11.7/debian/changelog
--- sssd-1.11.7/debian/changelog
+++ sssd-1.11.7/debian/changelog
@@ -1,3 +1,13 @@
+sssd (1.11.7-3) unstable; urgency=medium
+
+  * libsss-sudo.postrm: Delete sudoers line from nsswitch.conf, if only
+    files source left. (Closes: #749722)
+  * libsss-sudo.postinst: Fix comments.
+  * libsss-sudo.postinst: Check nsswitch sudoers entry unconditionally,
+    so that it is added on upgrade too if missing.
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Fri, 16 Jan 2015 13:53:22 +0200
+
 sssd (1.11.7-2) unstable; urgency=medium
 
   * default, upstart.in: Upstream ticket #2312 is fixed now, so drop the
diff -u sssd-1.11.7/debian/libsss-sudo.postinst sssd-1.11.7/debian/libsss-sudo.postinst
--- sssd-1.11.7/debian/libsss-sudo.postinst
+++ sssd-1.11.7/debian/libsss-sudo.postinst
@@ -24,10 +24,9 @@
     echo "$*"
 }
 
-# try to insert sss entries to the passwd, group, shadow and netgroup
-# lines in /etc/nsswitch.conf to automatically enable libnss-sss
-# support; do not change the configuration if the lines already
-# references some sss lookups
+# try to insert sss entries to the sudoers line in /etc/nsswitch.conf to
+# automatically enable libsss-sudo support; do not change the configuration
+# if the lines already references some sss lookups
 insert_nss_entry() {
     log "Checking NSS setup..."
     # abort if /etc/nsswitch.conf does not exist
@@ -49,19 +48,6 @@
 }
 
-action="$1"
+insert_nss_entry
 
-if [ configure = "$action" ]; then
-    if [ -z "$2" ]; then
-        log "First installation detected..."
-        # first install: setup the recommended configuration (unless
-        # nsswitch.conf already contains sss entries)
-        insert_nss_entry
-    else
-        # upgrade
-        version="$2"
-
-        # Nothing to do here yet
-    fi
-fi
 
 exit 0
diff -u sssd-1.11.7/debian/libsss-sudo.postrm sssd-1.11.7/debian/libsss-sudo.postrm
--- sssd-1.11.7/debian/libsss-sudo.postrm
+++ sssd-1.11.7/debian/libsss-sudo.postrm
@@ -22,6 +22,11 @@
         s/[[:space:]]+$//
       }
     ' /etc/nsswitch.conf
+
+    # delete sudoers line if only default entry left"
+    if ! [ -z "grep \"^sudoers:        files$\" /etc/nsswitch.conf" ]; then
+        sed -i /^sudoers:/d /etc/nsswitch.conf
+    fi
 }
 
 case "$1" in

Reply to:

Prev by Date: Bug#776132: unblock: rhn-client-tools/1.8.26-4
Next by Date: Bug#776142: unblock: libinfinity/0.6.5-1
Previous by thread: Bug#776132: marked as done (unblock: rhn-client-tools/1.8.26-4)
Next by thread: Bug#776142: unblock: libinfinity/0.6.5-1
Index(es):
- Date
- Thread