[Pkg-openldap-devel] [openldap] 04/04: Comment 'smbk5pwd-enable krb5' on upgrade

Fri Nov 11 04:07:26 UTC 2016

This is an automated email from the git hooks/post-receive script.

rtandy-guest pushed a commit to branch master
in repository openldap.

commit 33ddb9625f226f30bd99e55088c36bf7c4332eb1
Author: Ryan Tandy <ryan at nardis.ca>
Date:   Thu Nov 10 19:58:03 2016 -0800

    Comment 'smbk5pwd-enable krb5' on upgrade
---
 debian/changelog       |  2 ++
 debian/slapd.NEWS      |  4 +++-
 debian/slapd.postinst  | 35 +++++++++++++++++++++++++++++++++--
 debian/slapd.templates |  7 +++++++
 4 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 8af456d..ce5c6e6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -31,6 +31,8 @@ openldap (2.4.44+dfsg-1) UNRELEASED; urgency=medium
     reproducible. Thanks to Daniel Shahaf for the patch. (Closes: #833179)
   * Build smbk5pwd without Kerberos support and drop the build-dependency on 
     heimdal. (Closes: #836885)
+  * On upgrade, comment the krb5 setting on any instances of the smbk5pwd 
+    overlay in slapd.conf.
 
   [ Helmut Grohne ]
   * Fix policy 8.2 violation (Closes: #330695)
diff --git a/debian/slapd.NEWS b/debian/slapd.NEWS
index 7cdf2c2..d73c567 100644
--- a/debian/slapd.NEWS
+++ b/debian/slapd.NEWS
@@ -7,7 +7,9 @@ openldap (2.4.44+dfsg-1) unstable; urgency=medium
 
    The slapd-smbk5pwd package is no longer built with Kerberos support,
    as the heimdal package is being removed at the request of its
-   maintainers. Please see <https://bugs.debian.org/836885> for more
+   maintainers. On upgrade, if slapd is using a slapd.conf file, any
+   instances of 'smbk5pwd-enable krb5' will be commented out
+   automatically. Please see <https://bugs.debian.org/836885> for more
    information.
 
  -- Ryan Tandy <ryan at nardis.ca>  Sat, 29 Oct 2016 20:36:03 -0700
diff --git a/debian/slapd.postinst b/debian/slapd.postinst
index 36ade57..1927096 100644
--- a/debian/slapd.postinst
+++ b/debian/slapd.postinst
@@ -8,6 +8,33 @@ set -e
 # various helper functions and $OLD_VERSION and $SLAPD_CONF
 #SCRIPTSCOMMON#
 
+disable_smbk5pwd_krb5() {						# {{{
+# Disable smbk5pwd's Kerberos support in slapd.conf
+	if ! read_slapd_conf < "$SLAPD_CONF" | grep -q '^smbk5pwd-enable\s\+krb5'; then
+		return 0
+	fi
+
+	write_slapd_conf "$SLAPD_CONF" 's/^(smbk5pwd-enable\s+krb5)/#$1/i'
+	update_slapd_conf_permissions
+
+	db_input critical slapd/smbk5pwd_krb5_disabled || true
+	db_go
+}
+# }}}
+
+postinst_upgrade_cn_config() {						# {{{
+	if previous_version_older '2.4.44+dfsg-1~'; then
+		upgrade_cnconfig_ppolicy_schema
+	fi
+}
+# }}}
+postinst_upgrade_slapd_conf() {						# {{{
+	if previous_version_older '2.4.44+dfsg-1~'; then
+		disable_smbk5pwd_krb5
+	fi
+}
+# }}}
+
 postinst_initial_configuration() {					# {{{
 # Configure slapd for the first time (when first installed)
 # Usage: postinst_initial_configuration
@@ -30,8 +57,12 @@ postinst_upgrade_configuration() {					# {{{
 	backup_config_once
 	echo done. >&2
 
-	# Add new required attribute to the ppolicy schema.
-	upgrade_cnconfig_ppolicy_schema
+	# Complete any config updates before trying to use slapadd
+	if [ -d "$SLAPD_CONF" ]; then
+		postinst_upgrade_cn_config
+	else
+		postinst_upgrade_slapd_conf
+	fi
 
 	# Check if the database format has changed.
 	if database_format_changed; then
diff --git a/debian/slapd.templates b/debian/slapd.templates
index afcbcb1..f58eb6d 100644
--- a/debian/slapd.templates
+++ b/debian/slapd.templates
@@ -182,3 +182,10 @@ _Description: Manual ppolicy schema update recommended
  schema before upgrading slapd. If replication is in use, the schema
  update should be applied on every server before continuing with the
  upgrade.
+
+Template: slapd/smbk5pwd_krb5_disabled
+Type: error
+_Description: Kerberos support disabled for smbk5pwd overlay
+ The smbk5pwd overlay is no longer built with Kerberos support. The
+ "smbk5pwd-enable krb5" setting has been automatically disabled in the
+ slapd configuration file.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

