diff options
author | Steve Langasek <vorlon@debian.org> | 2008-08-19 14:07:30 -0700 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:28:23 -0800 |
commit | ff86399a6a1e03b9bb85fbadc286a9309044f094 (patch) | |
tree | e303e457d2552b6fdd342bbe3596c9a145094aab /debian | |
parent | d91f63093adeb151457e464602c7fe8c5a31ccdd (diff) |
implement the force option and the debconf override template
Diffstat (limited to 'debian')
-rw-r--r-- | debian/libpam-runtime.templates | 11 | ||||
-rwxr-xr-x | debian/local/pam-auth-update | 54 |
2 files changed, 44 insertions, 21 deletions
diff --git a/debian/libpam-runtime.templates b/debian/libpam-runtime.templates index bfb577d6..5415a416 100644 --- a/debian/libpam-runtime.templates +++ b/debian/libpam-runtime.templates @@ -20,3 +20,14 @@ _Description: Incompatible PAM profiles selected. ${conflicts} . Please select a different set of modules to enable. + +Template: libpam-runtime/override +Type: boolean +Default: false +_Description: Override local changes to /etc/pam.d/common-*? + One or more of the files /etc/pam.d/common-{auth,account,password,session} + have been locally modified. Should these local changes be overridden + using the system-provided configuration? If you decline this option, + you will need to manage your system's authentication configuration by + hand. + diff --git a/debian/local/pam-auth-update b/debian/local/pam-auth-update index 6c80ea04..dfa0b950 100755 --- a/debian/local/pam-auth-update +++ b/debian/local/pam-auth-update @@ -33,8 +33,10 @@ my $capb=capb('backup'); my $inputdir = '/usr/share/pam-configs'; my $template = 'libpam-runtime/profiles'; my $errtemplate = 'libpam-runtime/conflicts'; +my $overridetemplate = 'libpam-runtime/override'; my $confdir = '/etc/pam.d'; my (%profiles, @sorted, @enabled, @conflicts); +my $force = 0; opendir(DIR, $inputdir) || die "could not open config directory: $!"; while (my $profile = readdir(DIR)) { @@ -43,6 +45,22 @@ while (my $profile = readdir(DIR)) { } closedir DIR; +# use a '--force' arg to specify that /etc/pam.d should be overwritten; +# used only on upgrades where the postinst has already determined that the +# checksums match. Module packages other than libpam-runtime itself must +# NEVER use this option! Document with big skullses and crossboneses! It +# needs to be exposed for libpam-runtime because that's the package that +# decides whether we have a pristine config to be converted, and knows +# whether the version being upgraded from is one for which the conversion +# should be done. + +while ($#ARGV >= 0) { + my $opt = shift; + if ($opt eq '--force') { + $force = 1; + } +} + x_loadtemplatefile('/var/lib/dpkg/info/libpam-runtime.templates','libpam-runtime'); # always sort by priority, so we have consistency and don't have to @@ -62,28 +80,18 @@ set($template, my $diff = diff_profiles($confdir); -# we need a commandline '--force' arg to specify that /etc/pam.d should be -# overwritten; used only on upgrades where the postinst has already -# determined that the checksums match. Module packages other than -# libpam-runtime itself must NEVER use this option! Document with big -# skullses and crossboneses! It needs to be exposed for libpam-runtime -# because that's the package that decides whether we have a pristine config -# to be converted, and knows whether the version being upgraded from is one -# for which the conversion should be done. - # if diff_profiles() fails, and we weren't passed a 'force' argument -# (either because this isn't an upgrade from an old version, or because the -# checksum didn't match, or because we're being called by some other module -# package), prompt the user whether to override. If the user declines -# (which is the default), we never again manage this config unless manually -# called with '--force'. - -# at the end of a successful write, reset the 'seen' flag and the value of -# the debconf override question. - -# FIXME: none of the above comments are implemented! +# (because this isn't an upgrade from an old version, or the checksum +# didn't match, or we're being called by some other module package), prompt +# the user whether to override. If the user declines (the default), we +# never again manage this config unless manually called with '--force'. +if (!$diff && !$force) { + input('high',$overridetemplate); + go(); + $force = 1 if (get($overridetemplate) eq 'true'); +} -if (!$diff) { +if (!$diff && !$force) { print STDERR <<EOF; pam-auth-update: Local modifications to /etc/pam.d/common-*, not updating. @@ -138,12 +146,16 @@ do { # config; these are always preserved unless manually overridden with # the --force option -write_profiles(\%profiles, \@enabled, $diff); +write_profiles(\%profiles, \@enabled, $diff, $force); # merge a set of module declarations into a set of new config files, # using the information returned from diff_profiles(). sub write_profiles { + my($profiles,$enabled,$diff,$force) = @_; + + # at the end of a successful write, reset the 'seen' flag and the + # value of the debconf override question. } # reconcile the current config in /etc/pam.d with the saved ones in |