Bug#604215: libpam-rsa: installation fails

Agustin Martin Thu, 09 Dec 2010 10:39:19 -0800

On Wed, Dec 08, 2010 at 12:00:47AM +0100, Julien Cristau wrote:
> On Tue, Dec  7, 2010 at 12:52:07 +0100, Julien Cristau wrote:
> 
> > +               if ! [ -f "$pam_rsa_conf" ]; then
> > +                       cat > "$pam_rsa_conf" << EOF
> > +# Configuration file for libpam-rsa
> > +# Please read pam_rsa (8) for further instructions
> > +
> > +EOF
> 
> I guess there's an argument for only doing this on initial install or
> reconfigure, to allow the admin to remove the file entirely and not have
> it restored at each upgrade.  Probably not a big deal either way,
> though.


Hi,

In this case that is not a problem, file must exist and be readable.

Finally had time to put into this NMU. I am attaching yet another diff with
my last version. pam_rsa.conf file is not touched if exists in normal
upgrades, and I have tried hard to deal with sysadmin comments when updated 
via dpkg-reconfigure.

Need to test this more. If no further problems appear will change version 
and prepare real NMU.

Cheers,

-- 
Agustin

diff --git a/debian/changelog b/debian/changelog
index 5629331..aa2d951 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+libpam-rsa (0.8-9-2.2~amd3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix installation problems with pam_rsa.conf. Thanks Julien Cristau
+    for the good comments (Closes: #444770, #604215).
+    - Install pam_rsa.conf as pam_rsa.conf.sample
+    - Move automatic mode pam_rsa.conf generation from config to postinst.
+    - Add libpam-rsa.postrm to make sure /etc/security/pam_rsa.conf is
+      removed on purge
+
+ -- Agustin Martin Domingo <agmar...@debian.org>  Thu, 09 Dec 2010 18:58:47 +0100
+
 libpam-rsa (0.8-9-2.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff --git a/debian/libpam-rsa.config b/debian/libpam-rsa.config
index 530975c..ed4114a 100644
--- a/debian/libpam-rsa.config
+++ b/debian/libpam-rsa.config
@@ -10,21 +10,24 @@ db_go || true
 db_get libpam-rsa/no_configuration
 if [ "$RET" = "false" ]
 then
-	db_input medium libpam-rsa/pubkey_dir || true
-	db_input medium libpam-rsa/privkey_dir || true
-	db_input low libpam-rsa/privkey_name_hash || true
-	db_input low libpam-rsa/pam_prompt || true
-	db_input low libpam-rsa/log_auth_result || true
-	db_go || true
+    # If present, parse config file and feed debconf database with its values
+    pam_rsa_conf="/etc/security/pam_rsa.conf"
+    pam_rsa_keys="pubkey_dir privkey_dir privkey_name_hash pam_prompt log_auth_result"
+    if [ -f $pam_rsa_conf ]; then
+	for keyname in $pam_rsa_keys; do
+	    # Strip key prefix, trailing whitespace and comments
+	    keyvalue=$(grep -e "^[[:blank:]]*$keyname[[:blank:]]" $pam_rsa_conf | sed \
+		-e 's/^[[:blank:]]*'$keyname'[[:blank:]]*//'  \
+		-e 's/[[:blank:]]*$//' \
+		-e 's/[[:blank:]]*\#.*$//')
+	    db_set "libpam-rsa/$keyname" "$keyvalue"
+	done
+    fi
 
-	db_get libpam-rsa/pubkey_dir
-	echo "pubkey_dir $RET" > /etc/security/pam_rsa.conf
-	db_get libpam-rsa/privkey_dir
-	echo "privkey_dir $RET" >> /etc/security/pam_rsa.conf
-	db_get libpam-rsa/privkey_name_hash
-	echo "privkey_name_hash $RET" >> /etc/security/pam_rsa.conf
-	db_get libpam-rsa/pam_prompt
-	echo "pam_prompt $RET" >> /etc/security/pam_rsa.conf
-	db_get libpam-rsa/log_auth_result
-	echo "log_auth_result $RET" >> /etc/security/pam_rsa.conf
+    db_input medium libpam-rsa/pubkey_dir || true
+    db_input medium libpam-rsa/privkey_dir || true
+    db_input low libpam-rsa/privkey_name_hash || true
+    db_input low libpam-rsa/pam_prompt || true
+    db_input low libpam-rsa/log_auth_result || true
+    db_go || true
 fi
diff --git a/debian/libpam-rsa.postinst b/debian/libpam-rsa.postinst
index f06b70e..52d8221 100644
--- a/debian/libpam-rsa.postinst
+++ b/debian/libpam-rsa.postinst
@@ -19,10 +19,58 @@ set -e
 # the debian-policy package
 #
 
+pam_rsa_conf="/etc/security/pam_rsa.conf"
+
 case "$1" in
     configure)
+	db_get libpam-rsa/no_configuration
+	if [ "$RET" = "false" ]
+	then
+	    # If exists, may have been created by sysadmin. Honour it
+	    # unless we are running debconf-reconfigure
+	    if [ "$DEBCONF_RECONFIGURE" ] || [ ! -f $pam_rsa_conf ]
+	    then
+		db_get libpam-rsa/pubkey_dir
+                pubkey_dir="$RET"
+                db_get libpam-rsa/privkey_dir
+                privkey_dir="$RET"
+                db_get libpam-rsa/privkey_name_hash
+                privkey_name_hash="$RET"
+                db_get libpam-rsa/pam_prompt
+                pam_prompt="$RET"
+                db_get libpam-rsa/log_auth_result
+                log_auth_result="$RET"
 
-    ;;
+		if [ ! -f $pam_rsa_conf ]; then
+		    echo "Writing auto-generated $pam_rsa_conf" >&2
+		    cat > $pam_rsa_conf <<EOF
+# pam_rsa.conf Configuration file for libpam-rsa.
+#
+# This file must exist and be readable.
+#
+# Please read pam_rsa (8) for further instructions.
+
+EOF
+		    [ -z "$pubkey_dir" ]        || echo "pubkey_dir $pubkey_dir" >> "$pam_rsa_conf"
+		    [ -z "$privkey_dir" ]       || echo "privkey_dir $privkey_dir" >> "$pam_rsa_conf"
+		    [ -z "$privkey_name_hash" ] || echo "privkey_name_hash $privkey_name_hash" >> "$pam_rsa_conf"
+		    [ -z "$pam_prompt" ]        || echo "pam_prompt $pam_prompt" >> "$pam_rsa_conf"
+		    [ -z "$log_auth_result" ]   || echo "log_auth_result $log_auth_result" >> "$pam_rsa_conf"
+		else
+		    echo "Modifying $pam_rsa_conf on reconfiguration" >&2
+		    LC_ALL=C sed \
+			-e 's!^[[:blank:]]*pubkey_dir[[:blank:]][^\#$]*!pubkey_dir '"$pubkey_dir"'!' \
+			-e 's!^[[:blank:]]*privkey_dir[[:blank:]][^\#$]*!privkey_dir '"$privkey_dir"'!' \
+			-e 's!^[[:blank:]]*privkey_name_hash[[:blank:]][^\#$]*!privkey_name_hash '"$privkey_name_hash"'!' \
+			-e 's!^[[:blank:]]*pam_prompt[[:blank:]][^\#$]*!pam_prompt '"$pam_prompt"'!' \
+			-e 's!^[[:blank:]]*log_auth_result[[:blank:]][^\#$]*!log_auth_result '"$log_auth_result"'!' \
+			"${pam_rsa_conf}" > "${pam_rsa_conf}.dpkg-tmp"
+		    mv -f "$pam_rsa_conf" "${pam_rsa_conf}.old"
+		    mv "${pam_rsa_conf}.dpkg-tmp" "$pam_rsa_conf"
+		fi
+	    fi
+	fi
+	;;
 
     abort-upgrade|abort-remove|abort-deconfigure)
 
diff --git a/debian/libpam-rsa.postrm b/debian/libpam-rsa.postrm
new file mode 100644
index 0000000..51808fc
--- /dev/null
+++ b/debian/libpam-rsa.postrm
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+#  Make sure /etc/security/pam_rsa.conf is removed on purge
+
+if [ "$1" = "purge" ]; then
+    rm -f /etc/security/pam_rsa.conf /etc/security/pam_rsa.conf.old
+fi
+
+#DEBHELPER#
diff --git a/debian/rules b/debian/rules
index 3d2d50d..df50352 100755
--- a/debian/rules
+++ b/debian/rules
@@ -76,7 +76,7 @@ install: build
 	dh_installdirs
 
 	$(MAKE) DESTDIR=$(CURDIR)/debian/libpam-rsa install
-	install -o root -g root -m 644 debian/pam_rsa.conf $(CURDIR)/debian/libpam-rsa/etc/security/pam_rsa.conf
+	install -o root -g root -m 644 debian/pam_rsa.conf $(CURDIR)/debian/libpam-rsa/etc/security/pam_rsa.conf.sample
 
 
 # Build architecture-independent files here.

Bug#604215: libpam-rsa: installation fails

Reply via email to