Debian Bug report logs - #604215
libpam-rsa: installation fails. Ask questions, then asks to overwrite the file

version graph

Package: libpam-rsa; Maintainer for libpam-rsa is (unknown);

Reported by: Lucas Nussbaum <lucas@lucas-nussbaum.net>

Date: Sun, 21 Nov 2010 10:09:48 UTC

Severity: serious

Tags: confirmed, patch

Merged with 444770

Found in versions libpam-rsa/0.8-9-2, libpam-rsa/0.8-9-2.1

Fixed in version libpam-rsa/0.8-9-2.2

Done: Agustin Martin Domingo <agmartin@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Sun, 21 Nov 2010 10:09:52 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lucas Nussbaum <lucas@lucas-nussbaum.net>:
New Bug report received and forwarded. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Sun, 21 Nov 2010 10:09:52 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Lucas Nussbaum <lucas@lucas-nussbaum.net>
To: submit@bugs.debian.org
Subject: libpam-rsa: installation fails
Date: Sun, 21 Nov 2010 10:54:17 +0100
Package: libpam-rsa
Version: 0.8-9-2.1
Severity: serious
User: debian-qa@lists.debian.org
Usertags: instest-20101120 instest

Hi,

While testing the installation of all packages in unstable, I ran
into the following problem:

> Reading package lists...
> Building dependency tree...
> Reading state information...
> Starting
> Starting 2
> Done
> The following NEW packages will be installed:
> libpam-rsa
> 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
> Need to get 39.1 kB of archives.
> After this operation, 205 kB of additional disk space will be used.
> Get:1 http://localhost/debian/ squeeze/main libpam-rsa amd64 0.8-9-2.1 [39.1 kB]
> Preconfiguring packages ...
> Fetched 39.1 kB in 0s (217 kB/s)
> Selecting previously deselected package libpam-rsa.
> (Reading database ... 6241 files and directories currently installed.)
> Unpacking libpam-rsa (from .../libpam-rsa_0.8-9-2.1_amd64.deb) ...
> Setting up libpam-rsa (0.8-9-2.1) ...
> 
> Configuration file `/etc/security/pam_rsa.conf'
> ==> File on system created by you or by a script.
> ==> File also in package provided by package maintainer.
> What would you like to do about it ?  Your options are:
> Y or I  : install the package maintainer's version
> N or O  : keep your currently-installed version
> D     : show the differences between the versions
> Z     : start a shell to examine the situation
> The default action is to keep your current version.
> *** pam_rsa.conf (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing libpam-rsa (--configure):
> EOF on stdin at conffile prompt
> configured to not write apport reports
> Errors were encountered while processing:
> libpam-rsa
> E: Sub-process /usr/bin/dpkg returned an error code (1)

The full build log is available from:
 http://people.debian.org/~lucas/logs/2010/11/20/libpam-rsa.log

It is reproducible by installing your package in a clean chroot, using
the debconf Noninteractive frontend, and priority: critical.

This test was carried out using about 50 AMD64 nodes of the Grid'5000
platform.  Internet was not accessible from the nodes.

-- 
| Lucas Nussbaum
| lucas@lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
| jabber: lucas@nussbaum.fr             GPG: 1024D/023B3F4F |




Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Sun, 28 Nov 2010 13:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to gregor herrmann <gregoa@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Sun, 28 Nov 2010 13:12:03 GMT) Full text and rfc822 format available.

Message #10 received at 604215@bugs.debian.org (full text, mbox):

From: gregor herrmann <gregoa@debian.org>
To: 604215@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Sun, 28 Nov 2010 14:07:50 +0100
[Message part 1 (text/plain, inline)]
tag 604215 + confirmed
thanks

> > Setting up libpam-rsa (0.8-9-2.1) ...
> > 
> > Configuration file `/etc/security/pam_rsa.conf'
> > ==> File on system created by you or by a script.
> > ==> File also in package provided by package maintainer.

Right, /etc/security/pam_rsa.conf gets written by the .config script,
and it's also shipped in the package (installed manually in
debian/rules). That's a bit too much :)

Cheers,
gregor
 
-- 
 .''`.   http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4
 : :' :  Debian GNU/Linux user, admin, & developer - http://www.debian.org/
 `. `'   Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
   `-    BOFH excuse #332:  suboptimal routing experience 
[signature.asc (application/pgp-signature, inline)]

Added tag(s) confirmed. Request was from gregor herrmann <gregoa@debian.org> to control@bugs.debian.org. (Sun, 28 Nov 2010 13:12:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Mon, 06 Dec 2010 16:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Agustin Martin <agmartin@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Mon, 06 Dec 2010 16:30:03 GMT) Full text and rfc822 format available.

Message #17 received at 604215@bugs.debian.org (full text, mbox):

From: Agustin Martin <agmartin@debian.org>
To: gregor herrmann <gregoa@debian.org>, 604215@bugs.debian.org
Cc: control@bugs.debian.org, Rafal Czlonka <rafal.czlonka@gmail.com>
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Mon, 6 Dec 2010 17:26:36 +0100
[Message part 1 (text/plain, inline)]
package libpam-rsa
retitle 604215 libpam-rsa: installation fails. Ask questions, then
asks to overwrite the file.
forcemerge 604215 444770
tag 604215 +patch +pending
thanks

2010/11/28 gregor herrmann <gregoa@debian.org>:
> tag 604215 + confirmed
> thanks
>
>> > Setting up libpam-rsa (0.8-9-2.1) ...
>> >
>> > Configuration file `/etc/security/pam_rsa.conf'
>> > ==> File on system created by you or by a script.
>> > ==> File also in package provided by package maintainer.
>
> Right, /etc/security/pam_rsa.conf gets written by the .config script,
> and it's also shipped in the package (installed manually in
> debian/rules). That's a bit too much :)

This seems caused by the same problem already reported in #444770
(libpam-rsa: ask questions, then asks to overwrite the file, cc'ing
submitter). I am merging both bugs leaving  #604215 as master since it
is of higher severity.

Also noticed that /etc/security/pam_rsa.conf  is generated from
libpam.rsa.config instead of postinst. Not sure if /etc/security is
part of the base system, but if not this may even lead to a write
attempt before the directory exists.

I am attaching a first cut for a NMU candidate. Its versioning still
corresponds to my internal test versioning.  Relevant changelog entry
is

 * Fix installation problems with pam_rsa.conf (Closes: #444770, #604215).
    - Install pam_rsa.conf as pam_rsa.conf.sample
    - Move automatic mode pam_rsa.conf generation from config to postinst.
    - Add libpam-rsa.postrm to make sure /etc/security/pam_rsa.conf is
      removed on purge

Since #444770 received no attention at all for more than three years I
consider this bug as a 0-day NMU candidate. Maintainer, if you want to
add something, please do ASAP. I will leave a minimal grace period to
wait for comments from people involved in this bug report before
uploading final NMU if still needed.

-- 
Agustin
[libpam-rsa_0.8-9-2.1__TO__0.8-9-2.2~amd1.diff (text/x-diff, attachment)]

Changed Bug title to 'libpam-rsa: installation fails. Ask questions, then' from 'libpam-rsa: installation fails' Request was from Agustin Martin <agmartin@debian.org> to control@bugs.debian.org. (Mon, 06 Dec 2010 16:30:05 GMT) Full text and rfc822 format available.

Forcibly Merged 444770 604215. Request was from Agustin Martin <agmartin@debian.org> to control@bugs.debian.org. (Mon, 06 Dec 2010 16:30:06 GMT) Full text and rfc822 format available.

Added tag(s) patch. Request was from Agustin Martin <agmartin@debian.org> to control@bugs.debian.org. (Mon, 06 Dec 2010 16:30:06 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Agustin Martin <agmartin@debian.org> to control@bugs.debian.org. (Mon, 06 Dec 2010 16:30:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Mon, 06 Dec 2010 16:45:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Mon, 06 Dec 2010 16:45:08 GMT) Full text and rfc822 format available.

Message #30 received at 604215@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Agustin Martin <agmartin@debian.org>, 604215@bugs.debian.org
Cc: gregor herrmann <gregoa@debian.org>, control@bugs.debian.org, Rafal Czlonka <rafal.czlonka@gmail.com>
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Mon, 6 Dec 2010 17:41:55 +0100
[Message part 1 (text/plain, inline)]
On Mon, Dec  6, 2010 at 17:26:36 +0100, Agustin Martin wrote:

> diff -Nru --exclude po --exclude Makefile libpam-rsa-0.8-9/debian/libpam-rsa.postinst libpam-rsa-0.8-9/debian/libpam-rsa.postinst
> --- libpam-rsa-0.8-9/debian/libpam-rsa.postinst	2010-12-06 14:25:58.000000000 +0100
> +++ libpam-rsa-0.8-9/debian/libpam-rsa.postinst	2010-12-06 14:25:59.000000000 +0100
> @@ -21,7 +21,33 @@
>  
>  case "$1" in
>      configure)
> +	db_get libpam-rsa/no_configuration
> +	if [ "$RET" = "false" ]
> +	then
> +	    cat <<EOF > /etc/security/pam_rsa.conf
> +# Configuration file for libpam-rsa
> +#
> +# This file has been automatically generated by libpam-rsa.postinst
> +# If you want to manually handle this file, run
> +#
> +#   dpkg-reconfigure libpam-rsa 
> +#
> +# and select no automatic configuration option
> +#
> +# Please read pam_rsa (8) for further instructions
>  
> +EOF
> +	    db_get libpam-rsa/pubkey_dir
> +	    echo "pubkey_dir $RET" >> /etc/security/pam_rsa.conf
> +	    db_get libpam-rsa/privkey_dir
> +	    echo "privkey_dir $RET" >> /etc/security/pam_rsa.conf
> +	    db_get libpam-rsa/privkey_name_hash
> +	    echo "privkey_name_hash $RET" >> /etc/security/pam_rsa.conf
> +	    db_get libpam-rsa/pam_prompt
> +	    echo "pam_prompt $RET" >> /etc/security/pam_rsa.conf
> +	    db_get libpam-rsa/log_auth_result
> +	    echo "log_auth_result $RET" >> /etc/security/pam_rsa.conf
> +	fi
>      ;;

I think this part is broken if pam_rsa.conf already exists, you need to
either read the existing values from the config file, or just not touch
if it it exists.  The first solution usually means reading pam_rsa.conf
in the .config script, and seeding debconf with the values from the
file.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Tue, 07 Dec 2010 11:27:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to Agustin Martin <agustin.martin@hispalinux.es>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Tue, 07 Dec 2010 11:27:11 GMT) Full text and rfc822 format available.

Message #35 received at 604215@bugs.debian.org (full text, mbox):

From: Agustin Martin <agustin.martin@hispalinux.es>
To: Julien Cristau <jcristau@debian.org>
Cc: 604215@bugs.debian.org, gregor herrmann <gregoa@debian.org>, Rafal Czlonka <rafal.czlonka@gmail.com>
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Tue, 7 Dec 2010 12:12:29 +0100
[Message part 1 (text/plain, inline)]
2010/12/6 Julien Cristau <jcristau@debian.org>:
> On Mon, Dec  6, 2010 at 17:26:36 +0100, Agustin Martin wrote:
>> +         db_get libpam-rsa/pubkey_dir
>> +         echo "pubkey_dir $RET" >> /etc/security/pam_rsa.conf
>
> I think this part is broken if pam_rsa.conf already exists, you need to
> either read the existing values from the config file, or just not touch
> if it it exists.  The first solution usually means reading pam_rsa.conf
> in the .config script, and seeding debconf with the values from the
> file.

Hi Julien, thanks for the feedback.

In theory that should not be a problem, there is a way (debconf
question based) to state that config file is to be handled manually
and to avoid maintainer scripts to fiddle with it. I followed theory.

In practice, ..., things are different, you are right.

Because of its priority most sysadmins will not notice about that
debconf question and, what is worse, pam_rsa.conf does not state
anywhere that it is an automatically generated file. That means that
there is a high chance of sysadmins having modified manually that file
without even noticing that there is a canonical way to say maintainer
scripts to not modify it.

And that manually modified file will be overwritten, both by original
package (another RC bug) or by my first patch.

I am attaching a second cut, that keeps file if present unless
dpkg-reconfigure is being run. If the later, default values are shown
rather than modified ones, but at least sysadmin does not get fooled.

I have been playing about parsing config file and seed values in
config. It is a whitespace separated file with an unquoted string. I
want some validation, but my tests still do not deal with the unquoted
string, needs to refresh my awk here.

Cheers,

-- 
Agustin
[libpam-rsa_0.8-9-2.1__TO__0.8-9-2.2~amd2.diff (text/x-diff, attachment)]

Forcibly Merged 444770 604215. Request was from Agustin Martin <agmartin@debian.org> to control@bugs.debian.org. (Tue, 07 Dec 2010 11:27:13 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Tue, 07 Dec 2010 11:57:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Tue, 07 Dec 2010 11:57:07 GMT) Full text and rfc822 format available.

Message #42 received at 604215@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Agustin Martin <agustin.martin@hispalinux.es>
Cc: 604215@bugs.debian.org, gregor herrmann <gregoa@debian.org>, Rafal Czlonka <rafal.czlonka@gmail.com>
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Tue, 7 Dec 2010 12:52:07 +0100
[Message part 1 (text/plain, inline)]
On Tue, Dec  7, 2010 at 12:12:29 +0100, Agustin Martin wrote:

> 2010/12/6 Julien Cristau <jcristau@debian.org>:
> > On Mon, Dec  6, 2010 at 17:26:36 +0100, Agustin Martin wrote:
> >> +         db_get libpam-rsa/pubkey_dir
> >> +         echo "pubkey_dir $RET" >> /etc/security/pam_rsa.conf
> >
> > I think this part is broken if pam_rsa.conf already exists, you need to
> > either read the existing values from the config file, or just not touch
> > if it it exists.  The first solution usually means reading pam_rsa.conf
> > in the .config script, and seeding debconf with the values from the
> > file.
> 
> Hi Julien, thanks for the feedback.
> 
> In theory that should not be a problem, there is a way (debconf
> question based) to state that config file is to be handled manually
> and to avoid maintainer scripts to fiddle with it. I followed theory.
> 
I think that's a serious misuse of debconf.  Especially as the default
is false.

> In practice, ..., things are different, you are right.
> 
> Because of its priority most sysadmins will not notice about that
> debconf question and, what is worse, pam_rsa.conf does not state
> anywhere that it is an automatically generated file. That means that
> there is a high chance of sysadmins having modified manually that file
> without even noticing that there is a canonical way to say maintainer
> scripts to not modify it.
> 
> And that manually modified file will be overwritten, both by original
> package (another RC bug) or by my first patch.
> 
> I am attaching a second cut, that keeps file if present unless
> dpkg-reconfigure is being run. If the later, default values are shown
> rather than modified ones, but at least sysadmin does not get fooled.
> 
> I have been playing about parsing config file and seed values in
> config. It is a whitespace separated file with an unquoted string. I
> want some validation, but my tests still do not deal with the unquoted
> string, needs to refresh my awk here.
> 
How about something like the following (untested)?

diff -u libpam-rsa-0.8-9/debian/libpam-rsa.postinst libpam-rsa-0.8-9/debian/libpam-rsa.postinst
--- libpam-rsa-0.8-9/debian/libpam-rsa.postinst
+++ libpam-rsa-0.8-9/debian/libpam-rsa.postinst
@@ -19,8 +19,52 @@
 # the debian-policy package
 #
 
+pam_rsa_conf="/etc/security/pam_rsa.conf"
+
 case "$1" in
     configure)
+	    db_get libpam-rsa/no_configuration
+	    if [ "$RET" = "false" ]; then
+		    db_get libpam-rsa/pubkey_dir
+		    pubkey_dir="$RET"
+		    db_get libpam-rsa/privkey_dir
+		    privkey_dir="$RET"
+		    db_get libpam-rsa/privkey_name_hash
+		    privkey_name_hash="$RET"
+		    db_get libpam-rsa/pam_prompt
+		    pam_prompt="$RET"
+		    db_get libpam-rsa/log_auth_result
+		    log_auth_result="$RET"
+
+		    if ! [ -f "$pam_rsa_conf" ]; then
+			    cat > "$pam_rsa_conf" << EOF
+# Configuration file for libpam-rsa
+# Please read pam_rsa (8) for further instructions
+
+EOF
+		    LC_ALL=C sed -e '/^pubkey_dir[[:space:]]/d;\
+			    /^privkey_dir[[:space:]]/d;\
+			    /^privkey_name_hash[[:space:]]/d;\
+			    /^pam_prompt[[:space:]]/d;\
+			    /^log_auth_result[[:space:]]/d' \
+			    "$pam_rsa_conf" > "${pam_rsa_conf}.dpkg-tmp"
+		    if [ -n "$pubkey_dir" ]; then
+			    echo pubkey_dir $pubkey_dir >> "${pam_rsa_conf}.dpkg-tmp"
+		    fi
+		    if [ -n "$privkey_dir" ]; then
+			    echo privkey_dir $privkey_dir >> "${pam_rsa_conf}.dpkg-tmp"
+		    fi
+		    if [ -n "$privkey_name_hash" ]; then
+			    echo privkey_name_hash $privkey_name_hash >> "${pam_rsa_conf}.dpkg-tmp"
+		    fi
+		    if [ -n "$pam_prompt" ]; then
+			    echo pam_prompt $pam_prompt >> "${pam_rsa_conf}.dpkg-tmp"
+		    fi
+		    if [ -n "$log_auth_result" ]; then
+			    echo log_auth_result $log_auth_result >> "${pam_rsa_conf}.dpkg-tmp"
+		    fi
+		    mv "${pam_rsa_conf}.dpkg-tmp" "$pam_rsa_conf"
+	    fi
 
     ;;
 
diff -u libpam-rsa-0.8-9/debian/libpam-rsa.config libpam-rsa-0.8-9/debian/libpam-rsa.config
--- libpam-rsa-0.8-9/debian/libpam-rsa.config
+++ libpam-rsa-0.8-9/debian/libpam-rsa.config
@@ -2,6 +2,25 @@
 
 set -e
 
+pam_rsa_conf="/etc/security/pam_rsa.conf"
+
+read_config() {
+	if ! [ -f $pam_rsa_conf ]; then
+		return
+	fi
+
+	pubkey_dir=$(sed -ne '^pubkey_dir[[:space:]]\+\(.*\)/\1/p' $pam_rsa_conf)
+	db_set libpam_rsa/pubkey_dir "$pubkey_dir"
+	privkey_dir=$(sed -ne '^privkey_dir[[:space:]]\+\(.*\)/\1/p' $pam_rsa_conf)
+	db_set libpam_rsa/privkey_dir "$privkey_dir"
+	privkey_name_hash=$(sed -ne '^privkey_name_hash[[:space:]]\+\(.*\)/\1/p' $pam_rsa_conf)
+	db_set libpam_rsa/privkey_name_hash "$privkey_name_hash"
+	pam_prompt=$(sed -ne '^pam_prompt[[:space:]]\+\(.*\)/\1/p' $pam_rsa_conf)
+	db_set libpam_rsa/pam_prompt "$pam_prompt"
+	log_auth_result=$(sed -ne '^log_auth_result[[:space:]]\+\(.*\)/\1/p' $pam_rsa_conf)
+	db_set libpam_rsa/log_auth_result "$log_auth_result"
+}
+
 . /usr/share/debconf/confmodule
 
 db_input medium libpam-rsa/no_configuration || true
@@ -12,19 +31,10 @@
 then
+	read_config()
+
 	db_input medium libpam-rsa/pubkey_dir || true
 	db_input medium libpam-rsa/privkey_dir || true
 	db_input low libpam-rsa/privkey_name_hash || true
 	db_input low libpam-rsa/pam_prompt || true
 	db_input low libpam-rsa/log_auth_result || true
 	db_go || true
-
-	db_get libpam-rsa/pubkey_dir
-	echo "pubkey_dir $RET" > /etc/security/pam_rsa.conf
-	db_get libpam-rsa/privkey_dir
-	echo "privkey_dir $RET" >> /etc/security/pam_rsa.conf
-	db_get libpam-rsa/privkey_name_hash
-	echo "privkey_name_hash $RET" >> /etc/security/pam_rsa.conf
-	db_get libpam-rsa/pam_prompt
-	echo "pam_prompt $RET" >> /etc/security/pam_rsa.conf
-	db_get libpam-rsa/log_auth_result
-	echo "log_auth_result $RET" >> /etc/security/pam_rsa.conf
 fi

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Tue, 07 Dec 2010 22:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Agustin Martin <agmartin@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Tue, 07 Dec 2010 22:57:08 GMT) Full text and rfc822 format available.

Message #47 received at 604215@bugs.debian.org (full text, mbox):

From: Agustin Martin <agmartin@debian.org>
To: Julien Cristau <jcristau@debian.org>
Cc: 604215@bugs.debian.org, gregor herrmann <gregoa@debian.org>
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Tue, 7 Dec 2010 23:55:44 +0100
2010/12/7 Julien Cristau <jcristau@debian.org>:
> On Tue, Dec  7, 2010 at 12:12:29 +0100, Agustin Martin wrote:
>>
>> I have been playing about parsing config file and seed values in
>> config. It is a whitespace separated file with an unquoted string. I
>> want some validation, but my tests still do not deal with the unquoted
>> string, needs to refresh my awk here.
>>
> How about something like the following (untested)?

Hi, Julien,

Thanks again.  I was playing in parallel with something like

--- 8< -------------------------------------------------------
...
db_get libpam-rsa/no_configuration
if [ "$RET" = "false" ]
then
    # If present, parse config file and feed debconf database with its values
    pam_rsa_conf="/etc/security/pam_rsa.conf"
    pam_rsa_keys="pubkey_dir privkey_dir privkey_name_hash pam_prompt
log_auth_result"
    if [ -f $pam_rsa_conf ]; then
	for keyname in $pam_rsa_keys; do
	    keyvalue=$(grep -e "^$keyname " $pam_rsa_conf | sed 's/^'$keyname' *//')
	    if [ -n "$keyvalue" ]; then
		db_set "libpam-rsa/$keyname $keyvalue"
	    fi
	done	
    fi
...
--- 8< -------------------------------------------------------

for the config file.

Need to look more carefully at the postinst code, could not do that
yet. I like the idea of using an intermediate file, that may even
allow to preserve sysadmin comments

This is requiring more time than initially expected, but I hope to
have a new NMU candidate this week.

Cheers,

-- 
Agustin




Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Tue, 07 Dec 2010 23:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Tue, 07 Dec 2010 23:03:04 GMT) Full text and rfc822 format available.

Message #52 received at 604215@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Agustin Martin <agustin.martin@hispalinux.es>
Cc: 604215@bugs.debian.org, gregor herrmann <gregoa@debian.org>, Rafal Czlonka <rafal.czlonka@gmail.com>
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Wed, 8 Dec 2010 00:00:47 +0100
[Message part 1 (text/plain, inline)]
On Tue, Dec  7, 2010 at 12:52:07 +0100, Julien Cristau wrote:

> +		    if ! [ -f "$pam_rsa_conf" ]; then
> +			    cat > "$pam_rsa_conf" << EOF
> +# Configuration file for libpam-rsa
> +# Please read pam_rsa (8) for further instructions
> +
> +EOF

I guess there's an argument for only doing this on initial install or
reconfigure, to allow the admin to remove the file entirely and not have
it restored at each upgrade.  Probably not a big deal either way,
though.

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Thu, 09 Dec 2010 18:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Agustin Martin <agmartin@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Thu, 09 Dec 2010 18:39:05 GMT) Full text and rfc822 format available.

Message #57 received at 604215@bugs.debian.org (full text, mbox):

From: Agustin Martin <agmartin@debian.org>
To: Julien Cristau <jcristau@debian.org>, 604215@bugs.debian.org
Cc: gregor herrmann <gregoa@debian.org>, Rafal Czlonka <rafal.czlonka@gmail.com>
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Thu, 9 Dec 2010 19:37:07 +0100
[Message part 1 (text/plain, inline)]
On Wed, Dec 08, 2010 at 12:00:47AM +0100, Julien Cristau wrote:
> On Tue, Dec  7, 2010 at 12:52:07 +0100, Julien Cristau wrote:
> 
> > +		    if ! [ -f "$pam_rsa_conf" ]; then
> > +			    cat > "$pam_rsa_conf" << EOF
> > +# Configuration file for libpam-rsa
> > +# Please read pam_rsa (8) for further instructions
> > +
> > +EOF
> 
> I guess there's an argument for only doing this on initial install or
> reconfigure, to allow the admin to remove the file entirely and not have
> it restored at each upgrade.  Probably not a big deal either way,
> though.

Hi,

In this case that is not a problem, file must exist and be readable.

Finally had time to put into this NMU. I am attaching yet another diff with
my last version. pam_rsa.conf file is not touched if exists in normal
upgrades, and I have tried hard to deal with sysadmin comments when updated 
via dpkg-reconfigure.

Need to test this more. If no further problems appear will change version 
and prepare real NMU.

Cheers,

-- 
Agustin
[libpam-rsa_0.8-9-2.1__TO__0.8-9-2.2~amd3.diff (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Thu, 09 Dec 2010 20:18:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Thu, 09 Dec 2010 20:18:03 GMT) Full text and rfc822 format available.

Message #62 received at 604215@bugs.debian.org (full text, mbox):

From: Julien Cristau <jcristau@debian.org>
To: Agustin Martin <agmartin@debian.org>
Cc: 604215@bugs.debian.org, gregor herrmann <gregoa@debian.org>, Rafal Czlonka <rafal.czlonka@gmail.com>
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Thu, 9 Dec 2010 21:14:02 +0100
[Message part 1 (text/plain, inline)]
On Thu, Dec  9, 2010 at 19:37:07 +0100, Agustin Martin wrote:

> Finally had time to put into this NMU. I am attaching yet another diff with
> my last version. pam_rsa.conf file is not touched if exists in normal
> upgrades, and I have tried hard to deal with sysadmin comments when updated 
> via dpkg-reconfigure.
> 
> Need to test this more. If no further problems appear will change version 
> and prepare real NMU.
> 
Looks sane to me, thanks for this!

Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Jose Parrella <joseparrella@cantv.net>:
Bug#604215; Package libpam-rsa. (Fri, 10 Dec 2010 15:57:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Agustin Martin <agmartin@debian.org>:
Extra info received and forwarded to list. Copy sent to Jose Parrella <joseparrella@cantv.net>. (Fri, 10 Dec 2010 15:57:10 GMT) Full text and rfc822 format available.

Message #67 received at 604215@bugs.debian.org (full text, mbox):

From: Agustin Martin <agmartin@debian.org>
To: 604215@bugs.debian.org, 444770@bugs.debian.org
Subject: Re: Bug#604215: libpam-rsa: installation fails
Date: Fri, 10 Dec 2010 16:54:22 +0100
[Message part 1 (text/plain, inline)]
On Thu, Dec 09, 2010 at 09:14:02PM +0100, Julien Cristau wrote:
> On Thu, Dec  9, 2010 at 19:37:07 +0100, Agustin Martin wrote:
> 
> > Finally had time to put into this NMU. I am attaching yet another diff with
> > my last version. pam_rsa.conf file is not touched if exists in normal
> > upgrades, and I have tried hard to deal with sysadmin comments when updated 
> > via dpkg-reconfigure.
> > 
> > Need to test this more. If no further problems appear will change version 
> > and prepare real NMU.
> > 
> Looks sane to me, thanks for this!

NMU uploaded to DELAYED/2. diff is attached.

-- 
Agustin
[libpam-rsa_0.8-9-2.1__TO__2.2.diff (text/x-diff, attachment)]

Reply sent to Agustin Martin Domingo <agmartin@debian.org>:
You have taken responsibility. (Sun, 12 Dec 2010 16:21:17 GMT) Full text and rfc822 format available.

Notification sent to Lucas Nussbaum <lucas@lucas-nussbaum.net>:
Bug acknowledged by developer. (Sun, 12 Dec 2010 16:21:17 GMT) Full text and rfc822 format available.

Message #72 received at 604215-close@bugs.debian.org (full text, mbox):

From: Agustin Martin Domingo <agmartin@debian.org>
To: 604215-close@bugs.debian.org
Subject: Bug#604215: fixed in libpam-rsa 0.8-9-2.2
Date: Sun, 12 Dec 2010 16:17:14 +0000
Source: libpam-rsa
Source-Version: 0.8-9-2.2

We believe that the bug you reported is fixed in the latest version of
libpam-rsa, which is due to be installed in the Debian FTP archive:

libpam-rsa_0.8-9-2.2.diff.gz
  to main/libp/libpam-rsa/libpam-rsa_0.8-9-2.2.diff.gz
libpam-rsa_0.8-9-2.2.dsc
  to main/libp/libpam-rsa/libpam-rsa_0.8-9-2.2.dsc
libpam-rsa_0.8-9-2.2_i386.deb
  to main/libp/libpam-rsa/libpam-rsa_0.8-9-2.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 604215@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Agustin Martin Domingo <agmartin@debian.org> (supplier of updated libpam-rsa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 10 Dec 2010 15:40:07 +0100
Source: libpam-rsa
Binary: libpam-rsa
Architecture: source i386
Version: 0.8-9-2.2
Distribution: unstable
Urgency: low
Maintainer: Jose Parrella <joseparrella@cantv.net>
Changed-By: Agustin Martin Domingo <agmartin@debian.org>
Description: 
 libpam-rsa - PAM module for local authentication with RSA keypairs
Closes: 444770 604215
Changes: 
 libpam-rsa (0.8-9-2.2) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Fix installation problems with pam_rsa.conf. Thanks Julien Cristau
     for the good comments (Closes: #444770, #604215).
     - Move automatic mode pam_rsa.conf generation from config to postinst.
     - Add libpam-rsa.postrm to make sure /etc/security/pam_rsa.conf is
       removed on purge
Checksums-Sha1: 
 fc0e65417793403ff8a3b240ccfa9c0b6d803989 1027 libpam-rsa_0.8-9-2.2.dsc
 edc02022d362493dd8bec3cee62fd02fcd3101ad 59577 libpam-rsa_0.8-9-2.2.diff.gz
 2f9e78a28b1d94734dc15b2defb16ec02bb4e9c1 39158 libpam-rsa_0.8-9-2.2_i386.deb
Checksums-Sha256: 
 c0135a134378c919b7cf8423b1663d98770e45aa247878d807b6f9db219f1e8f 1027 libpam-rsa_0.8-9-2.2.dsc
 23c3f7943223da5970ee9503e3de5b564a4480687630128750bc6a98daebd4a1 59577 libpam-rsa_0.8-9-2.2.diff.gz
 763bcb408d70b62316b6574834e08efe82d772f2abaf666cbca74ab1b80e698b 39158 libpam-rsa_0.8-9-2.2_i386.deb
Files: 
 482060a9b4278a9efca24d82cfd2a424 1027 admin extra libpam-rsa_0.8-9-2.2.dsc
 39045c7d821b9ffb96759f4ea87b222f 59577 admin extra libpam-rsa_0.8-9-2.2.diff.gz
 d051a8ce2445a7a1c37e65d2efe94ada 39158 admin extra libpam-rsa_0.8-9-2.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNAkkeTShHqj72DpwRAt61AKCQX1qUHYKhDdzP4sirNJRrQnGj6gCfQe/8
wQ0ddt8FYEJPHBqOeS2yz1o=
=Y4Gp
-----END PGP SIGNATURE-----





Reply sent to Agustin Martin Domingo <agmartin@debian.org>:
You have taken responsibility. (Sun, 12 Dec 2010 16:21:18 GMT) Full text and rfc822 format available.

Notification sent to Rafal Czlonka <rafal.czlonka@gmail.com>:
Bug acknowledged by developer. (Sun, 12 Dec 2010 16:21:18 GMT) Full text and rfc822 format available.

Changed Bug title to 'libpam-rsa: installation fails. Ask questions, then asks to overwrite the file' from 'libpam-rsa: installation fails. Ask questions, then' Request was from Agustin Martin Domingo <agmartin@debian.org> to control@bugs.debian.org. (Wed, 22 Dec 2010 18:51:02 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Mar 2011 08:03:58 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:13:16 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.