I finally came up with something completely different. The main problem of fhs-filespaths.patch is indeed that we replace lp_private_dir() by get_dyn_STATEDIR(), so by the location of "state directory" *that is defined at compile-time*.
Indeed, it's quite logical to have secrets.tdb and passdb.tdb located in /var/lib/samba, namely the "state directory" and I think that upstream is indeed wrong in putting them in "private dir" as they mean that the files there are configuration file that can be directly managed by the local admin (which secrets.tdb and passdb.tdb are NOT). So, the right location for the two files is "state directory" but for this to work as expected AND be configurable, lp_private_dir() should be replaced by lp_statedir() calls. lp_statedir() does obey the "state directory" configuration option, therefore the files' location will be configurable. So, I finally changed the patch and added a small modification to smb.conf(5) to explain what we're doing in the Debian package. Another action is probably to convince upstream to reconsider what should go to "private dir" and what should go to "state directory" (yes the two options names are NOT consistent).But changing this *is* where we'll need to handle transitions. Unless I'm mistaken somewhere, the attached patch does NOT change the file locations in the Debian package BUT makes them configurable. I'll commit this change : it can of course be easily reverted in case I'm wrong somewhere.
Index: debian/changelog
===================================================================
--- debian/changelog (révision 4070)
+++ debian/changelog (copie de travail)
@@ -13,6 +13,16 @@
documentation summary file. Do not compress that file.
* Fix link to WHATSNEW.txt in HTML documentation summary file. This
is the second part of the fix for #604768
+ * Use lp_state_dir() instead of get_dyn_STATEDIR() in
+ fhs-filespaths.patch as the latter does indeed hardcode the
+ location for passdb.tdb and secrets.tdb to /var/lib/samba
+ (the compile-time option for state directory and NOT the configurable
+ value). This is left to "state directory" instead of "private dir"
+ at least as of now, because if doesn't change anything to the
+ current behaviour, but allows the files' location to be configurable
+ through "state directory" (and not "private dir").
+ Closes: #249873
+
-- Christian Perrier <bubu...@debian.org> Mon, 07 May 2012 22:16:32 +0200
Index: debian/patches/fhs-filespaths.patch
===================================================================
--- debian/patches/fhs-filespaths.patch (révision 4049)
+++ debian/patches/fhs-filespaths.patch (copie de travail)
@@ -13,29 +13,53 @@
Forwarded: not-needed
-Index: experimental/source3/passdb/pdb_tdb.c
+Index: samba/source3/passdb/pdb_tdb.c
===================================================================
---- experimental.orig/source3/passdb/pdb_tdb.c
-+++ experimental/source3/passdb/pdb_tdb.c
-@@ -1255,7 +1255,7 @@
+--- samba.orig/source3/passdb/pdb_tdb.c
++++ samba/source3/passdb/pdb_tdb.c
+@@ -1260,7 +1260,7 @@
/* save the path for later */
if (!location) {
- if (asprintf(&tdbfile, "%s/%s", lp_private_dir(),
-+ if (asprintf(&tdbfile, "%s/%s", get_dyn_STATEDIR(),
++ if (asprintf(&tdbfile, "%s/%s", lp_statedir(),
PASSDB_FILE_NAME) < 0) {
return NT_STATUS_NO_MEMORY;
}
-Index: experimental/source3/passdb/secrets.c
+Index: samba/source3/passdb/secrets.c
===================================================================
---- experimental.orig/source3/passdb/secrets.c
-+++ experimental/source3/passdb/secrets.c
-@@ -61,7 +61,7 @@
+--- samba.orig/source3/passdb/secrets.c
++++ samba/source3/passdb/secrets.c
+@@ -64,7 +64,7 @@
return True;
fname = talloc_asprintf(talloc_tos(), "%s/secrets.tdb",
- lp_private_dir());
-+ get_dyn_STATEDIR());
++ lp_statedir());
if (fname == NULL) {
return false;
}
+Index: samba/docs/manpages/smb.conf.5
+===================================================================
+--- samba.orig/docs/manpages/smb.conf.5
++++ samba/docs/manpages/smb.conf.5
+@@ -7167,7 +7167,7 @@
+ .\}
+ tdbsam
+ \- The TDB based password storage backend\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the
+-\m[blue]\fBprivate dir\fR\m[]
++\m[blue]\fBstate directory\fR\m[]
+ directory\&.
+ .RE
+ .sp
+@@ -8038,9 +8038,7 @@
+ .PP
+ .RS 4
+ This parameters defines the directory smbd will use for storing such files as
+-smbpasswd
+-and
+-secrets\&.tdb\&.
++smbpasswd\&. secrets\&.tdb is stored in state directory on Debian systems\&.
+ .sp
+ Default:
+ \fI\fIprivate dir\fR\fR\fI = \fR\fI${prefix}/private\fR\fI \fR
signature.asc
Description: Digital signature
