Bug#604042: Purging opendnssec-common causes dpkg (or at least aptitude) to break

Fri, 19 Nov 2010 10:06:17 -0800 

Package: opendnssec
Version: 1.1.3-1
Severity: critical
Tags: patch
Justification: breaks unrelated software

The opendnssec-common postrm script use same order as postinst script,
causing the opendnssec acount to be removed before undoing statoverride.

Additionally undoing of homedir statoverride is missing.

On top of this, dpkg-statoverride is silences so the fatal warnings are
not seen.


Here's the fix:

--- opendnssec-common.postrm.orig
+++ opendnssec-common.postrm
@@ -4,19 +4,18 @@
 set -e
 
 unset_perms() {
-    dpkg-statoverride --remove "$1" >/dev/null 2>/dev/null || true
+    dpkg-statoverride --remove "$1" || true
 }
 
 case "$1" in
     purge)
 
-       deluser --quiet opendnssec > /dev/null || true
-
        unset_perms /etc/opendnssec
 
        for dir in tmp signconf unsigned signed db; do
            unset_perms /var/lib/opendnssec/$dir
        done
+       unset_perms /var/lib/opendnssec
 
        for conf in conf.xml kasp.xml zonefetch.xml zonelist.xml; do
            # unset dpkg-statoverride permissions
@@ -37,6 +36,8 @@
            fi
        done
 
+       deluser --quiet opendnssec > /dev/null || true
+
     ;;
 
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)



Regards,

 - Jonas

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.36-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages opendnssec depends on:
ii  libhsm-bin                    1.1.3-1    library for interfacing PKCS#11 Ha
ii  opendnssec-enforcer           1.1.3-1    tool to prepares DNSSEC keys (comm
ii  opendnssec-enforcer-sqlite3   1.1.3-1    tool to prepares DNSSEC keys (sqli
ii  opendnssec-signer             1.1.3-1    daemon to sign DNS zone files peri

Versions of packages opendnssec recommends:
ii  opendnssec-auditor            1.1.3-1    tool to audit DNS signed zones acc

Versions of packages opendnssec suggests:
ii  softhsm                       1.1.4-5    a cryptographic store accessible t

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to