2010/12/6 Julien Cristau <jcris...@debian.org>:
> On Mon, Dec 6, 2010 at 17:26:36 +0100, Agustin Martin wrote:
>> + db_get libpam-rsa/pubkey_dir
>> + echo "pubkey_dir $RET" >> /etc/security/pam_rsa.conf
>
> I think this part is broken if pam_rsa.conf already exists, you need to
> either read the existing values from the config file, or just not touch
> if it it exists. The first solution usually means reading pam_rsa.conf
> in the .config script, and seeding debconf with the values from the
> file.
Hi Julien, thanks for the feedback.
In theory that should not be a problem, there is a way (debconf
question based) to state that config file is to be handled manually
and to avoid maintainer scripts to fiddle with it. I followed theory.
In practice, ..., things are different, you are right.
Because of its priority most sysadmins will not notice about that
debconf question and, what is worse, pam_rsa.conf does not state
anywhere that it is an automatically generated file. That means that
there is a high chance of sysadmins having modified manually that file
without even noticing that there is a canonical way to say maintainer
scripts to not modify it.
And that manually modified file will be overwritten, both by original
package (another RC bug) or by my first patch.
I am attaching a second cut, that keeps file if present unless
dpkg-reconfigure is being run. If the later, default values are shown
rather than modified ones, but at least sysadmin does not get fooled.
I have been playing about parsing config file and seed values in
config. It is a whitespace separated file with an unquoted string. I
want some validation, but my tests still do not deal with the unquoted
string, needs to refresh my awk here.
Cheers,
--
Agustin
diff --git a/debian/changelog b/debian/changelog
index 5629331..7c65c24 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+libpam-rsa (0.8-9-2.2~amd2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix installation problems with pam_rsa.conf (Closes: #444770, #604215).
+ - Install pam_rsa.conf as pam_rsa.conf.sample
+ - Move automatic mode pam_rsa.conf generation from config to postinst.
+ - Add libpam-rsa.postrm to make sure /etc/security/pam_rsa.conf is
+ removed on purge
+
+ -- Agustin Martin Domingo <agmar...@debian.org> Mon, 06 Dec 2010 13:54:34 +0100
+
libpam-rsa (0.8-9-2.1) unstable; urgency=low
* Non-maintainer upload.
diff --git a/debian/libpam-rsa.config b/debian/libpam-rsa.config
index 530975c..2ec98ab 100644
--- a/debian/libpam-rsa.config
+++ b/debian/libpam-rsa.config
@@ -16,15 +16,4 @@ then
db_input low libpam-rsa/pam_prompt || true
db_input low libpam-rsa/log_auth_result || true
db_go || true
-
- db_get libpam-rsa/pubkey_dir
- echo "pubkey_dir $RET" > /etc/security/pam_rsa.conf
- db_get libpam-rsa/privkey_dir
- echo "privkey_dir $RET" >> /etc/security/pam_rsa.conf
- db_get libpam-rsa/privkey_name_hash
- echo "privkey_name_hash $RET" >> /etc/security/pam_rsa.conf
- db_get libpam-rsa/pam_prompt
- echo "pam_prompt $RET" >> /etc/security/pam_rsa.conf
- db_get libpam-rsa/log_auth_result
- echo "log_auth_result $RET" >> /etc/security/pam_rsa.conf
fi
diff --git a/debian/libpam-rsa.postinst b/debian/libpam-rsa.postinst
index f06b70e..7a5962e 100644
--- a/debian/libpam-rsa.postinst
+++ b/debian/libpam-rsa.postinst
@@ -19,10 +19,44 @@ set -e
# the debian-policy package
#
+pam_rsa_conf="/etc/security/pam_rsa.conf"
+
case "$1" in
configure)
+ db_get libpam-rsa/no_configuration
+ if [ "$RET" = "false" ]
+ then
+ # If exists, may have been created by sysadmin. Honour it
+ # unless we are running debconf-reconfigure
+ if [ "$DEBCONF_RECONFIGURE" ] || [ ! -e $pam_rsa_conf ]
+ then
+ echo "Writing auto-generated $pam_rsa_conf" >&2
+ cat <<EOF > $pam_rsa_conf
+# Configuration file for libpam-rsa
+#
+# This file has been automatically generated by libpam-rsa.postinst
+# If you want to manually handle this file, run
+#
+# dpkg-reconfigure libpam-rsa
+#
+# and select no automatic configuration option
+#
+# Please read pam_rsa (8) for further instructions
- ;;
+EOF
+ db_get libpam-rsa/pubkey_dir
+ echo "pubkey_dir $RET" >> $pam_rsa_conf
+ db_get libpam-rsa/privkey_dir
+ echo "privkey_dir $RET" >> $pam_rsa_conf
+ db_get libpam-rsa/privkey_name_hash
+ echo "privkey_name_hash $RET" >> $pam_rsa_conf
+ db_get libpam-rsa/pam_prompt
+ echo "pam_prompt $RET" >> $pam_rsa_conf
+ db_get libpam-rsa/log_auth_result
+ echo "log_auth_result $RET" >> $pam_rsa_conf
+ fi
+ fi
+ ;;
abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/libpam-rsa.postrm b/debian/libpam-rsa.postrm
new file mode 100644
index 0000000..5d600a0
--- /dev/null
+++ b/debian/libpam-rsa.postrm
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+# Make sure /etc/security/pam_rsa.conf is removed on purge
+
+if [ "$1" = "purge" ]; then
+ rm -f /etc/security/pam_rsa.conf
+fi
+
+#DEBHELPER#
diff --git a/debian/rules b/debian/rules
index 3d2d50d..df50352 100755
--- a/debian/rules
+++ b/debian/rules
@@ -76,7 +76,7 @@ install: build
dh_installdirs
$(MAKE) DESTDIR=$(CURDIR)/debian/libpam-rsa install
- install -o root -g root -m 644 debian/pam_rsa.conf $(CURDIR)/debian/libpam-rsa/etc/security/pam_rsa.conf
+ install -o root -g root -m 644 debian/pam_rsa.conf $(CURDIR)/debian/libpam-rsa/etc/security/pam_rsa.conf.sample
# Build architecture-independent files here.
