diff options
| author | Sam Hartman <hartmans@debian.org> | 2021-02-25 14:58:25 -0500 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2021-09-15 17:52:36 -0700 |
| commit | d2540f941667b1bdf71e73c0ea7eb752d4f5a4fa (patch) | |
| tree | 03bd1e3dbc4cbe88741ec44976c4cdb7c265ccdc /debian/libpam-modules.preinst | |
| parent | 2547108793e587e35782a9ec96cd5f297b7afff1 (diff) | |
libpam-modules.preinst,templates: detect pam_tally
Detect any uses of pam_tally that are left after disabling profiles,
and halt upgrade on them.
Diffstat (limited to 'debian/libpam-modules.preinst')
| -rw-r--r-- | debian/libpam-modules.preinst | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/debian/libpam-modules.preinst b/debian/libpam-modules.preinst index 3102b6a6..25623fe8 100644 --- a/debian/libpam-modules.preinst +++ b/debian/libpam-modules.preinst @@ -36,7 +36,18 @@ handle_profiles_with_removed_modules() { if dpkg --compare-versions "$2" lt-nl 1.4.0-2; then db_version 2.0 - handle_profiles_with_removed_modules pam_tally + handle_profiles_with_removed_modules pam_tally + # We have a generic template for removing pam-profiles because + # there is a sane automatic action. If we detect the modules in + # user configurations we want a specific template so we can + # recommend a replacement + # /dev/null reference is to make sure we don't grep stdin if + # somehow ls returns empty + if grep -qe '^[^#]*pam_tally' $(ls -1d /etc/pam.d/* | grep -e '^/etc/pam.d/[0-9a-zA-Z/]*$' ) /dev/null ; then + db_input critical libpam-modules/deprecate-tally ||true + db_go ||true + exit 2 + fi if pidof xscreensaver xlockmore >/dev/null; then db_input critical libpam-modules/disable-screensaver || true |