On 2015-02-22 02:05, Michael Gilbert wrote:
> On Fri, Feb 6, 2015 at 7:02 PM, Christian Kastner wrote:
>> I've looked into this now, and I believe that the --compare-versions
>> issue and the chown/chmod issue is all there is to this bug. I have
>> attached a new debdiff (v2) with fixes for both.
>
> I reviewed your proposed changes, but I don't think it's the right
> approach.
>
> The origin of the problem is that the md5sum of
> /etc/sudoers is the same for wheezy and later, so the logic intended
> to back it up only for wheezy ends up incorrectly backing it up in
> jessie and later too.
It's not backed up in jessie or later. The backup/md5sum stuff is
preceeded by a test for and old version less than "1.7.4p4-4", so in
wheezy and later, all the md5sum stuff is ignored during upgrades.
However, the backup code is accidentally triggered when switching
between sudo and sudo-ldap, because switching is not upgrading (in the
dpkg sense), and the version test above does not account for this scenario:
<preinst>
$ dpkg --compare-versions "" le "1.7.4p4-4" && echo oops
oops
> The solution I propose to modify /etc/sudoers so that it has a
> different checksum, which prevents the incorrect backup. Please see
> attached.
This has one nasty side effect: when upgrading from wheezy to jessie,
anyone with a changed /etc/sudoers will be asked a conffile question,
because both the local and the maintainer's version changed.
Modifying sudoers so that it has a checksum can't be right, because the
code where the checksum is relevant shouldn't have been reached in the
first place (in wheezy or later).
Fixing the --compare-versions above does precisely that -- the md5sum
stuff is never even reached.
Regards,
Christian
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
