[Pkg-openldap-devel] Bug#864719: Bug#864719: Bug#864719: slapd: fails to configure when olcSuffix contains a backslash-escaped umlaut

Fri Jun 16 02:54:54 UTC 2017

On Wed, Jun 14, 2017 at 12:59:04PM +0200, Thorsten Glaser wrote:
>> For the backslashes case, the attached ought to do. Would you be willing to
>> test it? It should apply to /var/lib/dpkg/info/slapd.postinst.
>
>The patch works as-is, however, as a shell author and informed about
>writing portable shell scripts, I’m a tad concerned about the use of
>the accent gravis form of command substitution, especially as it can
>*not* be quoted both inside and outside (which is not the case here,
>but someone might decide to do that in the future).
>
>Therefore I’m urging you to change the last addition to…
>+		grep "olcDbDirectory:" $(grep -Fl "olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif) | cut -d: -f 2 | sed 's/^  *//g'
>… or possibly, quoting, just to be safe:
>+		grep "olcDbDirectory:" "$(grep -Fl "olcSuffix: $1" "${SLAPD_CONF}/cn\=config/olcDatabase*.ldif")" | cut -d: -f 2 | sed 's/^  *//g'
>
>(Side note, I cringe every time I see such grep|cut|sed thingies,
>this can almost certainly be done with just sed¹.)

Agreed on all points. The code that uses backticks and grep|cut|sed is 
mostly from before my time. I don't have the energy for a wholesale 
update of the code style, but I'm updating pieces to a style like you 
suggest as I touch them. The diff was meant as an example of a very 
minimal change that would be suitable for backporting to stable, or 
applying to a customer system in your case.

I have to check more closely but I think the lack of quoting around the 
second grep may be intentional. I have a vague recollection of a case 
where it was valid to have multiple databases configured for the same 
suffix.

>> Still thinking about the base64 case. Since we use the suffix to name files
>> and directories for backup and restore, I guess it's most robust to just use
>> the base64 directly - even if it's not quite as nice for showing to users.
>
>Remember that that can span multiple lines (although this is also true
>for the non-base64 base). I usually just read LDIF line by line in my
>shell scripts concatenating as needed, but for quick, I’ve found this
>useful:
>
>cat² x.ldif | tr '\n' '\001' | sed $'s/\001 //g' | tr '\001' '\n' >y

Possibly less portable, but for scripts targeted at Debian I've 
generally used a perl one-liner:

perl -00 -pe 's/\n[ \t]//g; s/^#.*\n//mg' "$@"

In any case I'm trying to (gradually...) update the maintainer scripts 
to use slapcat instead of parsing the config backend files directly, 
which comes with a '-o ldif-wrap=no' option.