Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
This is a pre-approval request since I have a few more changes queued
than just the RC bug fix. I will be happy to revert any changes that you
consider inappropriate for stretch.
The attached diff was filtered to exclude po files:
filterdiff -x '*/debian/po/*'
Changelog since 2.4.44+dfsg-3 in testing:
* Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
Justin B Rye for the review.
Updated some debconf templates related to the 2.4.44 upgrade and their
translations.
* Update Build-Depends on debhelper to ensure shlibs files are installed at
the expected time during build. (Closes: #854158)
Trivial fix to ease backporting by others. The debhelper version
actually needed is available in jessie-backports, but not in jessie.
* Dump the configuration and databases to LDIF before removing slapd, so
that they are available if a newer version requiring migration is
installed later. (Closes: #665199)
RC bug fix. Please see the bug for details and review of the first
version of the patch. Differences from the patch posted for review are:
1) set +e in slapd.prerm so that the package can still be removed even if
slapcat fails. Full rationale: https://bugs.debian.org/665199#215
2) Reduced the prerm changes to the 'remove' path only; kept upgrade
handling in preinst as in past versions, as preinst knows better what
actions the upgrade will need to take.
As discussed in the bug, there will be a jessie-pu request to backport
the prerm part (actually dumping the databases before removing slapd).
* When creating a new configuration with dpkg-reconfigure, back up the old
configuration before overwriting it.
When you run 'dpkg-reconfigure slapd', it throws away the old
configuration and generates a new one from scratch. It saves the old
database files but I noticed it was not keeping the old configuration!
There is no bug reported about this but I think it's a good idea to save
the old configuration in case the user wants it back for any reason.
Thanks,
Ryan
diff -Nru openldap-2.4.44+dfsg/debian/changelog openldap-2.4.44+dfsg/debian/changelog
--- openldap-2.4.44+dfsg/debian/changelog 2017-01-01 19:47:36.000000000 -0800
+++ openldap-2.4.44+dfsg/debian/changelog 2017-04-16 20:12:14.000000000 -0700
@@ -1,3 +1,49 @@
+openldap (2.4.44+dfsg-4) unstable; urgency=medium
+
+ * Improve the slapd/ppolicy_schema_needs_update debconf template. Thanks to
+ Justin B Rye for the review.
+ * Update Catalan debconf translation. (Closes: #851905)
+ Thanks to Innocent De Marchi.
+ * Update Czech debconf translation. (Closes: #852190)
+ Thanks to Miroslav Kure.
+ * Update Danish debconf translation. (Closes: #850859)
+ Thanks to Joe Dalton.
+ * Update German debconf translation. (Closes: #851480)
+ Thanks to Helge Kreutzmann.
+ * Update Basque debconf translation. (Closes: #850812)
+ Thanks to Iñaki Larrañaga Murgoitio.
+ * Update French debconf translation. (Closes: #852459)
+ Thanks to Jean-Pierre Giraud.
+ * Update Italian debconf translation. (Closes: #852074)
+ Thanks to Luca Monducci.
+ * Update Japanese debconf translation. (Closes: #851457)
+ Thanks to Kenshi Muto.
+ * Update Dutch debconf translation. (Closes: #852405)
+ Thanks to Frans Spiesschaert.
+ * Update Brazilian Portuguese debconf translation. (Closes: #852443)
+ Thanks to Adriano Rafael Gomes.
+ * Update Russian debconf translation. (Closes: #850833)
+ Thanks to Yuri Kozlov.
+ * Update Slovak debconf translation. (Closes: #850796)
+ Thanks to Ivan Masár.
+ * Update Swedish debconf translation. (Closes: #851168)
+ Thanks to Martin Bagge.
+ * Update Turkish debconf translation. (Closes: #851470)
+ Thanks to Atila KOÇ.
+ * Update Vietnamese debconf translation.
+ Thanks to Trần Ngọc Quân.
+ * Update Build-Depends on debhelper to ensure shlibs files are installed at
+ the expected time during build. (Closes: #854158)
+ * Update Portuguese debconf translation. (Closes: #859943)
+ Thanks to Rui Branco and DebianPT.
+ * Dump the configuration and databases to LDIF before removing slapd, so
+ that they are available if a newer version requiring migration is
+ installed later. (Closes: #665199)
+ * When creating a new configuration with dpkg-reconfigure, back up the old
+ configuration before overwriting it.
+
+ -- Ryan Tandy <r...@nardis.ca> Sun, 16 Apr 2017 20:10:43 -0700
+
openldap (2.4.44+dfsg-3) unstable; urgency=medium
* Apply upstream patch to fix FTBFS on kFreeBSD. (Closes: #845394)
diff -Nru openldap-2.4.44+dfsg/debian/control openldap-2.4.44+dfsg/debian/control
--- openldap-2.4.44+dfsg/debian/control 2017-01-01 19:46:51.000000000 -0800
+++ openldap-2.4.44+dfsg/debian/control 2017-04-16 20:12:14.000000000 -0700
@@ -8,7 +8,7 @@
Matthijs Möhlmann <matth...@cacholong.nl>,
Timo Aaltonen <tjaal...@ubuntu.com>,
Ryan Tandy <r...@nardis.ca>
-Build-Depends: debhelper (>= 9.20141010),
+Build-Depends: debhelper (>= 9.20150501),
dh-autoreconf,
dpkg-dev (>= 1.17.14),
groff-base,
diff -Nru openldap-2.4.44+dfsg/debian/po/ca.po openldap-2.4.44+dfsg/debian/po/ca.po
diff -Nru openldap-2.4.44+dfsg/debian/po/cs.po openldap-2.4.44+dfsg/debian/po/cs.po
diff -Nru openldap-2.4.44+dfsg/debian/po/da.po openldap-2.4.44+dfsg/debian/po/da.po
diff -Nru openldap-2.4.44+dfsg/debian/po/de.po openldap-2.4.44+dfsg/debian/po/de.po
diff -Nru openldap-2.4.44+dfsg/debian/po/es.po openldap-2.4.44+dfsg/debian/po/es.po
diff -Nru openldap-2.4.44+dfsg/debian/po/eu.po openldap-2.4.44+dfsg/debian/po/eu.po
diff -Nru openldap-2.4.44+dfsg/debian/po/fi.po openldap-2.4.44+dfsg/debian/po/fi.po
diff -Nru openldap-2.4.44+dfsg/debian/po/fr.po openldap-2.4.44+dfsg/debian/po/fr.po
diff -Nru openldap-2.4.44+dfsg/debian/po/gl.po openldap-2.4.44+dfsg/debian/po/gl.po
diff -Nru openldap-2.4.44+dfsg/debian/po/it.po openldap-2.4.44+dfsg/debian/po/it.po
diff -Nru openldap-2.4.44+dfsg/debian/po/ja.po openldap-2.4.44+dfsg/debian/po/ja.po
diff -Nru openldap-2.4.44+dfsg/debian/po/nl.po openldap-2.4.44+dfsg/debian/po/nl.po
diff -Nru openldap-2.4.44+dfsg/debian/po/pt_BR.po openldap-2.4.44+dfsg/debian/po/pt_BR.po
diff -Nru openldap-2.4.44+dfsg/debian/po/pt.po openldap-2.4.44+dfsg/debian/po/pt.po
diff -Nru openldap-2.4.44+dfsg/debian/po/ru.po openldap-2.4.44+dfsg/debian/po/ru.po
diff -Nru openldap-2.4.44+dfsg/debian/po/sk.po openldap-2.4.44+dfsg/debian/po/sk.po
diff -Nru openldap-2.4.44+dfsg/debian/po/sv.po openldap-2.4.44+dfsg/debian/po/sv.po
diff -Nru openldap-2.4.44+dfsg/debian/po/templates.pot openldap-2.4.44+dfsg/debian/po/templates.pot
diff -Nru openldap-2.4.44+dfsg/debian/po/tr.po openldap-2.4.44+dfsg/debian/po/tr.po
diff -Nru openldap-2.4.44+dfsg/debian/po/vi.po openldap-2.4.44+dfsg/debian/po/vi.po
diff -Nru openldap-2.4.44+dfsg/debian/slapd.postinst openldap-2.4.44+dfsg/debian/slapd.postinst
--- openldap-2.4.44+dfsg/debian/slapd.postinst 2017-01-01 19:46:51.000000000 -0800
+++ openldap-2.4.44+dfsg/debian/slapd.postinst 2017-04-16 20:12:14.000000000 -0700
@@ -32,9 +32,7 @@
# Usage: postinst_upgrade_configuration
# Better back up the config file in any case
- echo -n " Backing up $SLAPD_CONF in `database_dumping_destdir`... " >&2
backup_config_once
- echo done. >&2
# Complete any config updates before trying to use slapadd
if [ -d "$SLAPD_CONF" ]; then
diff -Nru openldap-2.4.44+dfsg/debian/slapd.preinst openldap-2.4.44+dfsg/debian/slapd.preinst
--- openldap-2.4.44+dfsg/debian/slapd.preinst 2017-01-01 19:46:51.000000000 -0800
+++ openldap-2.4.44+dfsg/debian/slapd.preinst 2017-04-16 20:12:14.000000000 -0700
@@ -94,13 +94,23 @@
# }}}
# If we are upgrading from an old version then stop slapd and attempt to
-# slapcat out the data so we can use it in postinst to do the upgrade
+# slapcat out the data so we can use it in postinst to do the upgrade.
+# If slapd was removed and is being reinstalled, slapcat is not
+# available at this time, so the data should have been dumped before the
+# old slapd was removed.
if [ "$MODE" = upgrade ]; then
dump_config
+fi
+
+if [ "$MODE" = upgrade ] || [ "$MODE" = install -a -n "$OLD_VERSION" ]; then
+ # Do not assume slapcat is available in this phase
if [ -d "$SLAPD_CONF" ]; then
preinst_check_config
fi
+fi
+
+if [ "$MODE" = upgrade ]; then
dump_databases
fi
diff -Nru openldap-2.4.44+dfsg/debian/slapd.prerm openldap-2.4.44+dfsg/debian/slapd.prerm
--- openldap-2.4.44+dfsg/debian/slapd.prerm 2016-10-24 20:00:24.000000000 -0700
+++ openldap-2.4.44+dfsg/debian/slapd.prerm 2017-04-16 20:12:14.000000000 -0700
@@ -4,8 +4,31 @@
. /usr/share/debconf/confmodule
+# This will be replaced with debian/slapd.scripts-common which includes
+# various helper functions and $OLD_VERSION and $SLAPD_CONF
+#SCRIPTSCOMMON#
+
#DEBHELPER#
+# Dump config and data to LDIF before removing slapd.
+# If a later version is reinstalled without being purged first, the LDIF
+# files may be required for the upgrade, and the old slapcat won't be
+# available any more.
+# During an upgrade, the new preinst will be in a better position to
+# control whether dumping is needed.
+
+# If the config is badly broken, slapcat may fail, but this should not
+# prevent the package from being removed or purged.
+set +e
+
+if [ "$MODE" = remove ]; then
+ # scripts-common sets OLD_VERSION incorrectly for remove
+ OLD_VERSION="$(dpkg-query -W -f '${Version}' slapd)"
+
+ dump_config
+ dump_databases
+fi
+
exit 0
# vim: set foldmethod=marker:
diff -Nru openldap-2.4.44+dfsg/debian/slapd.scripts-common openldap-2.4.44+dfsg/debian/slapd.scripts-common
--- openldap-2.4.44+dfsg/debian/slapd.scripts-common 2017-01-01 19:46:51.000000000 -0800
+++ openldap-2.4.44+dfsg/debian/slapd.scripts-common 2017-04-16 20:12:14.000000000 -0700
@@ -22,6 +22,10 @@
# Return success if yes.
# Usage: if database_dumping_enabled; then ... fi
+ # If the package is being removed, dump unconditionally as we
+ # don't know whether the next version will require reload.
+ [ "$MODE" = remove ] && return 0
+
db_get slapd/dump_database
case "$RET" in
always)
@@ -448,6 +452,7 @@
db_get slapd/backend
backend="`echo $RET|tr A-Z a-z`"
+ backup_config_once
if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
echo >&2 " Moving old database directory to /var/backups:"
move_old_database_away /var/lib/ldap
@@ -581,9 +586,11 @@
local backupdir
if [ -z "$FLAG_CONFIG_BACKED_UP" ]; then
- backupdir=`database_dumping_destdir`
if [ -e "$SLAPD_CONF" ]; then
+ backupdir=`database_dumping_destdir`
+ echo -n " Backing up $SLAPD_CONF in ${backupdir}... " >&2
cp -a "$SLAPD_CONF" "$backupdir"
+ echo done. >&2
fi
FLAG_CONFIG_BACKED_UP=yes
fi
diff -Nru openldap-2.4.44+dfsg/debian/slapd.templates openldap-2.4.44+dfsg/debian/slapd.templates
--- openldap-2.4.44+dfsg/debian/slapd.templates 2017-01-01 19:46:51.000000000 -0800
+++ openldap-2.4.44+dfsg/debian/slapd.templates 2017-04-16 20:12:14.000000000 -0700
@@ -156,29 +156,30 @@
DefaultChoice: abort installation
#flag:comment:2
# "ppolicy", "pwdMaxRecordedFailure", and "cn=config" are not translatable.
-#flag:translate!:5,7
+#flag:comment:3
+# This paragraph is followed by the path to the generated file (not
+# translatable). The sentence continues in the following paragraph.
+#flag:comment:5
+# This paragraph continues the sentence started in the previous
+# paragraph. It is followed by a command line.
+#flag:translate!:4,6
_Description: Manual ppolicy schema update recommended
- In the version of slapd about to be installed, the ppolicy overlay
- requires the new pwdMaxRecordedFailure attribute to be defined in the
- ppolicy schema. The schema contained in the cn=config database does not
- currently include this attribute.
+ The new version of the Password Policy (ppolicy) overlay requires the
+ schema to define the pwdMaxRecordedFailure attribute type, which is not
+ present in the schema currently in use. It is recommended to abort the
+ upgrade now, and to update the ppolicy schema before upgrading slapd.
+ If replication is in use, the schema update should be applied on every
+ server before continuing with the upgrade.
.
- You may choose to continue the installation. In this case, the
- maintainer scripts will add the new attribute automatically during the
- upgrade. However, the change will not be acted on by slapd overlays,
- and replication with other servers may be affected.
- .
- The ppolicy schema can be updated by applying the changes found in the
- following LDIF file:
+ An LDIF file has been generated with the changes required for the upgrade:
.
${ldif}
.
- If slapd is using the default access control rules, after starting
- slapd, the changes can be applied using the following command:
+ so if slapd is using the default access control rules, these changes can be
+ applied (after starting slapd) by using the command:
.
ldapmodify -H ldapi:/// -Y EXTERNAL -f ${ldif}
.
- It is recommended to abort the upgrade now and to update the ppolicy
- schema before upgrading slapd. If replication is in use, the schema
- update should be applied on every server before continuing with the
- upgrade.
+ If instead you choose to continue the installation, the new attribute
+ type will be added automatically, but the change will not be acted on
+ by slapd overlays, and replication with other servers may be affected.
