diff options
| author | vorlon <Unknown> | 2007-08-28 13:13:41 +0000 |
|---|---|---|
| committer | vorlon <Unknown> | 2007-08-28 13:13:41 +0000 |
| commit | 814bc4d16184e830575047e879d8b894ce31d8f8 (patch) | |
| tree | a44c1851961bd2ce3a77b7036db2b35c58ed2afd | |
| parent | 984d9bfb471130edb40be8f2a7419ddd4d75d66a (diff) | |
On upgrades from versions prior to 0.99.7.1-3, restart known PAM-using
services so that they get the new libpam symbols, since otherwise the newer
PAM modules will fail to load. Postinst taken from libssl0.9.8; thanks to
Christoph Martin for the fine example! Closes: #439835.
Build-depend on po-debconf to support l10n of the debconf questions from the
above.
| -rw-r--r-- | changelog | 11 | ||||
| -rw-r--r-- | control | 2 | ||||
| -rwxr-xr-x | libpam0g.postinst | 171 | ||||
| -rw-r--r-- | libpam0g.templates | 33 | ||||
| -rw-r--r-- | po/POTFILES.in | 1 | ||||
| -rw-r--r-- | po/templates.pot | 90 | ||||
| -rwxr-xr-x | rules | 1 |
7 files changed, 306 insertions, 3 deletions
@@ -19,8 +19,15 @@ pam (0.99.7.1-3) UNRELEASED; urgency=low * Fix a memory leak in the pam_limits capabilities patch: always cap_free() the cap_t before returning from pam_sm_open_session(). Closes: #153157. - - -- Steve Langasek <vorlon@debian.org> Mon, 27 Aug 2007 21:17:27 -0700 + * libpam0g.postinst, libpam0g.templates: on upgrades from versions + prior to 0.99.7.1-3, restart known PAM-using services so that they + get the new libpam symbols, since otherwise the newer PAM modules + will fail to load. Postinst taken from libssl0.9.8; thanks to + Christoph Martin for the fine example! Closes: #439835. + * Build-depend on po-debconf to support l10n of the debconf questions + from the above. + + -- Steve Langasek <vorlon@debian.org> Tue, 28 Aug 2007 05:53:51 -0700 pam (0.99.7.1-2) unstable; urgency=low @@ -4,7 +4,7 @@ Priority: optional Uploaders: Karl Ramm <kcr@debian.org>, Sam Hartman <hartmans@debian.org>, Roger Leigh <rleigh@debian.org> Maintainer: Steve Langasek <vorlon@debian.org> Standards-Version: 3.7.2 -Build-Depends: cracklib2-dev (>= 2.7-9), bzip2, debhelper, quilt, flex, libdb-dev, libcap-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64 !netbsd-i386], libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64 !netbsd-i386] +Build-Depends: cracklib2-dev (>= 2.7-9), bzip2, debhelper, quilt, flex, libdb-dev, libcap-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64 !netbsd-i386], libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64 !netbsd-i386], po-debconf Build-Depends-Indep: xsltproc, libxml2-utils, docbook-xml, docbook-xsl, w3m Build-Conflicts-Indep: fop XS-Vcs-Svn: svn://svn.debian.org/svn/pkg-pam/trunk/pam/ diff --git a/libpam0g.postinst b/libpam0g.postinst new file mode 100755 index 00000000..07d3d909 --- /dev/null +++ b/libpam0g.postinst @@ -0,0 +1,171 @@ +#!/bin/bash + +# postinst based heavily on the postinst of libssl0.9.8, courtesy of +# Christoph Martin. + +. /usr/share/debconf/confmodule + +set -e + +# element() is a helper function for file-rc: +element() { + local element list IFS + + element="$1" + + [ "$2" = "in" ] && shift + list="$2" + [ "$list" = "-" ] && return 1 + [ "$list" = "*" ] && return 0 + + IFS="," + set -- $list + case $element in + "$1"|"$2"|"$3"|"$4"|"$5"|"$6"|"$7"|"$8"|"$9") + return 0 + esac + return 1 +} + +# filerc (runlevel, service) returns /etc/init.d/service, if service is +# running in $runlevel: +filerc() { + local runlevel basename + runlevel=$1 + basename=$2 + while read LINE + do + case $LINE in + \#*|"") continue + esac + + set -- $LINE + SORT_NO="$1"; STOP="$2"; START="$3"; CMD="$4" + [ "$CMD" = "/etc/init.d/$basename" ] || continue + + if element "$runlevel" in "$START" || element "S" in "$START" + then + echo "/etc/init.d/$basename" + return 0 + fi + done < /etc/runlevel.conf + echo "" +} + +if [ "$1" = "configure" ] +then + if [ ! -z "$2" ]; then + if dpkg --compare-versions "$2" lt 0.99.7.1-3; then + echo -n "Checking for services that may need to be restarted..." + + check="apache2-common atd bayonne cherokee cron cupsys" + check="$check dante-server diald dovecot-common exim exim4-base" + check="$check fcron fireflier-server freeradius gdm heartbeat" + check="$check heartbeat-2 hylafax-server iiimf-server inn2" + check="$check kannel kdm linesrv linesrv-mysql lsh-server" + check="$check muddleftpd netatalk nuauth partimage-server" + check="$check perdition pgpool popa3d postgresql-7.4" + check="$check postgresql-8.1 postgresql-8.2 proftpd pure-ftpd" + check="$check pure-ftpd-ldap pure-ftpd-mysql" + check="$check pure-ftpd-postgresql racoon samba sasl2-bin" + check="$check sfs-server solid-pop3d squid squid3 tac-plus" + check="$check vsftpd wdm wu-ftpd wzdftpd xdm xrdp yardradius" + check="$check yaws" + # Only get the ones that are installed, and configured + check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}') + # some init scripts don't match the package names + check=$(echo $check | \ + sed -e's/\bapache2-common\b/apache2/g' \ + -e's/\bat\b/atd/g' \ + -e's/\bdovecot-common\b/dovecot/g' \ + -e's/\bdante-server\b/danted/g' \ + -e's/\bexim4-base\b/exim4/g' \ + -e's/\bheartbeat-2\b/heartbeat/g' \ + -e's/\bhylafax-server\b/hylafax/g' \ + -e's/\bpartimage-server\b/partimaged/g' \ + -e's/\bsasl2-bin\b/saslauthd/g' \ + ) + + echo "Checking init scripts..." + for service in $check; do + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + idl=$(ls /etc/init.d/${service} 2> /dev/null | head -n 1) + if [ -n "$idl" ] && [ -x $idl ]; then + services="$service $services" + else + echo "WARNING: init script for $service not found." + fi + else + if [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then + idl=$(filerc $rl $service) + else + idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) + fi + if [ -n "$idl" ] && [ -x $idl ]; then + services="$service $services" + fi + fi + done + if [ -n "$services" ]; then + db_version 2.0 + + db_reset libpam0g/restart-services + db_set libpam0g/restart-services "$services" + db_input critical libpam0g/restart-services || true + db_go || true + db_get libpam0g/restart-services + + if [ "x$RET" != "x" ] + then + services=$RET + else + services="" + fi + echo + if [ "$services" != "" ]; then + echo "Restarting services possibly affected by the upgrade:" + failed="" + rl=$(runlevel | sed 's/.*\ //') + for service in $services; do + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + idl="invoke-rc.d ${service}" + elif [ -f /usr/share/file-rc/rc ] || [ -f /usr/lib/file-rc/rc ] && [ -f /etc/runlevel.conf ]; then + idl=$(filerc $rl $service) + else + idl=$(ls /etc/rc${rl}.d/S??${service} 2> /dev/null | head -n 1) + fi + + echo -n " $service: stopping..." + $idl stop > /dev/null 2>&1 || true + sleep 1 + echo -n "starting..." + if $idl start > /dev/null 2>&1; then + echo "done." + else + echo "FAILED! ($?)" + failed="$service $failed" + fi + done + echo + if [ -n "$failed" ]; then + db_fset libpam0g/restart-failed seen false + db_subst libpam0g/restart-failed services "$failed" + db_input critical libpam0g/restart-failed || true + db_go || true + else + echo "Services restarted successfully." + fi + echo + fi + # Shut down the frontend, to make sure none of the + # restarted services keep a connection open to it + db_stop + else + echo "Nothing to restart." + fi + fi # end upgrading and $2 lt 0.99.7.1-3 + fi # Upgrading +fi + +#DEBHELPER# + diff --git a/libpam0g.templates b/libpam0g.templates new file mode 100644 index 00000000..f12cb6e2 --- /dev/null +++ b/libpam0g.templates @@ -0,0 +1,33 @@ +Template: libpam0g/restart-services +Type: string +_Description: Services to restart for PAM library upgrade: + This release of Linux-PAM introduces new programming interfaces. PAM + modules that require these interfaces will not be usable by + already-running services until these services have been restarted. + . + Please check the list of detected services that need to be restarted and + correct it, if needed. The services names must be identical to the init + script names in /etc/init.d and separated by spaces. To avoid restarting + any services at this time, use an empty list. + . + Among the services that need to be restarted for the Linux-PAM upgrade are + the X display managers, gdm, kdm, wdm, and xdm. If you are performing + this upgrade from within an X session started with one of these display + managers, restarting the service will terminate your X session. In this + case it is recommended that you remove this service from the list here and + restart it later at your convenience. + . + Other services that use PAM but cannot be restarted with this script + include xscreensaver, gnome-screensaver, xlockmore, and vlock. You + will not be able to authenticate to these services until they have + been restarted manually. + +Template: libpam0g/restart-failed +Type: error +_Description: Failure restarting some services for PAM upgrade + The following services could not be restarted for the PAM library upgrade: + . + ${services} + . + You will need to start these manually by running + '/etc/init.d/<service> start'. diff --git a/po/POTFILES.in b/po/POTFILES.in new file mode 100644 index 00000000..8c641cfc --- /dev/null +++ b/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] libpam0g.templates diff --git a/po/templates.pot b/po/templates.pot new file mode 100644 index 00000000..d365a444 --- /dev/null +++ b/po/templates.pot @@ -0,0 +1,90 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: vorlon@debian.org\n" +"POT-Creation-Date: 2007-08-28 06:06-0700\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "Services to restart for PAM library upgrade:" +msgstr "" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"This release of Linux-PAM introduces new programming interfaces. PAM " +"modules that require these interfaces will not be usable by already-running " +"services until these services have been restarted." +msgstr "" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Please check the list of detected services that need to be restarted and " +"correct it, if needed. The services names must be identical to the init " +"script names in /etc/init.d and separated by spaces. To avoid restarting " +"any services at this time, use an empty list." +msgstr "" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Among the services that need to be restarted for the Linux-PAM upgrade are " +"the X display managers, gdm, kdm, wdm, and xdm. If you are performing this " +"upgrade from within an X session started with one of these display managers, " +"restarting the service will terminate your X session. In this case it is " +"recommended that you remove this service from the list here and restart it " +"later at your convenience." +msgstr "" + +#. Type: string +#. Description +#: ../libpam0g.templates:1001 +msgid "" +"Other services that use PAM but cannot be restarted with this script include " +"xscreensaver, gnome-screensaver, xlockmore, and vlock. You will not be able " +"to authenticate to these services until they have been restarted manually." +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "Failure restarting some services for PAM upgrade" +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"The following services could not be restarted for the PAM library upgrade:" +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "${services}" +msgstr "" + +#. Type: error +#. Description +#: ../libpam0g.templates:2001 +msgid "" +"You will need to start these manually by running '/etc/init.d/<service> " +"start'." +msgstr "" @@ -114,6 +114,7 @@ binary-arch: install rm -f $(d)/libpam-modules/usr/share/man/man5/pam.conf.5 rm -f $(d)/libpam-modules/usr/share/man/man5/pam.d.5 + dh_installdebconf -a dh_installdocs -a $(BUILD_TREE)/README dh_installexamples -a find $(d)/libpam0g-dev/usr/share/doc/libpam0g-dev/examples -type f -name 'Makefile*' -print0 | xargs -0 rm -f |