[Pkg-sssd-devel] sssd: Changes to 'debian-unstable'

Timo Aaltonen tjaalton-guest at alioth.debian.org
Wed Aug 14 08:01:11 UTC 2013 

 debian/changelog            |    3 
 debian/generate-config      |  136 --------------------------------------------
 debian/rules                |    3 
 debian/sssd-common.postinst |   10 ---
 debian/sssd-common.postrm   |    1 
 5 files changed, 4 insertions(+), 149 deletions(-)

New commits:
commit 4953f2c897b305e6dd0527e3ca4c0eb6313b8f1a
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Aug 13 12:39:15 2013 +0300

    sssd-common.postinst: Remove /etc/apparmor.d too, if empty.

diff --git a/debian/changelog b/debian/changelog
index 9eaabc8..771505f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ sssd (1.10.1-1) UNRELEASED; urgency=low
   * New upstream bugfix release.
   * sssd-common.postinst, generate-config: Don't create a config on install,
     drop generate-config. (Closes: #717587)
+  * sssd-common.postinst: Remove /etc/apparmor.d too, if empty.
 
  -- Timo Aaltonen <tjaalton at ubuntu.com>  Tue, 06 Aug 2013 17:04:28 +0300
 
diff --git a/debian/sssd-common.postrm b/debian/sssd-common.postrm
index a8b21e1..340c460 100644
--- a/debian/sssd-common.postrm
+++ b/debian/sssd-common.postrm
@@ -44,6 +44,7 @@ esac
 # work around buggy dh_apparmor which doesn't do this for us
 if [ "$1" = "purge" ]; then
     rmdir /etc/apparmor.d/force-complain 2>/dev/null || true
+    rmdir /etc/apparmor.d 2>/dev/null || true
 fi
 
 exit 0

commit 2c9d517517afc5c2316f2ce581251c8ddf319bcd
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Aug 13 10:55:19 2013 +0300

    sssd-common.postinst, generate-config: Don't create a config on install, drop generate-config. (Closes: #717587)

diff --git a/debian/changelog b/debian/changelog
index b72ce6c..9eaabc8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 sssd (1.10.1-1) UNRELEASED; urgency=low
 
   * New upstream bugfix release.
+  * sssd-common.postinst, generate-config: Don't create a config on install,
+    drop generate-config. (Closes: #717587)
 
  -- Timo Aaltonen <tjaalton at ubuntu.com>  Tue, 06 Aug 2013 17:04:28 +0300
 
diff --git a/debian/generate-config b/debian/generate-config
deleted file mode 100755
index 4920f20..0000000
--- a/debian/generate-config
+++ /dev/null
@@ -1,136 +0,0 @@
-#!/bin/sh
-
-# Generate sssd.conf setup dynamically based on autodetectet LDAP
-# and Kerberos server.
-
-set -e
-
-# See if we can find an LDAP server.  Prefer ldap.domain, but also
-# accept SRV records if no ldap.domain server is found.
-lookup_ldap_uri() {
-    domain="$1"
-    if ping -c2 ldap.$domain > /dev/null 2>&1; then
-	echo ldap://ldap.$domain
-    else
-	host=$(host -N 2 -t SRV _ldap._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}' | head -1)
-	if [ "$host" ] ; then
-	    echo ldap://$host | sed 's/\.$//'
-	fi
-    fi
-}
-
-lookup_ldap_base() {
-    ldapuri="$1"
-    defaultcontext="$(ldapsearch -LLL -H "$ldapuri" -x -b '' -s base defaultNamingContext  2>/dev/null | awk '/^defaultNamingContext: / { print $2}')"
-    if [ -z "$defaultcontext" ] ; then
-	# If there are several contexts, pick the first one with
-	# posixAccount or posixGroup objects in it.
-	for context in $(ldapsearch -LLL -H "$ldapuri" -x -b '' \
-	    -s base namingContexts 2>/dev/null | \
-	    awk '/^namingContexts: / { print $2}') ; do
-	    if ldapsearch -LLL -H $ldapuri -x -b "$context" -s sub -z 1 \
-		'(|(objectClass=posixAccount)(objectclass=posixGroup))' 2>&1 | \
-		egrep -q '^dn:|^Administrative limit exceeded' ; then
-		echo $context
-		return
-	    fi
-	done
-    fi
-    echo $defaultcontext
-}
-
-lookup_kerberos_server() {
-    domain="$1"
-    if ping -c2 kerberos.$domain > /dev/null 2>&1; then
-	echo kerberos.$domain
-    else
-	host=$(host -t SRV _kerberos._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}'|head -1)
-	if [ "$host" ] ; then
-	    echo $host | sed 's/\.$//'
-	fi
-    fi
-}
-
-lookup_kerberos_realm() {
-    domain="$1"
-    realm=$(host -t txt _kerberos.$domain | grep -v NXDOMAIN | awk '{print $NF}'|head -1|tr -d '"')
-    if [ -z "$realm" ] ; then
-	realm=$(echo $domain | tr a-z A-Z)
-    fi
-    echo $realm
-}
-
-
-generate_config() {
-    if [ "$1" ] ; then
-	domain=$1
-    else
-	domain="$(hostname -d)"
-    fi
-    kerberosrealm=$(lookup_kerberos_realm $domain)
-    ldapuri=$(lookup_ldap_uri "$domain")
-    if [ -z "$ldapuri" ];  then
-	# autodetection failed
-	return
-    fi
-
-    ldapbase="$(lookup_ldap_base "$ldapuri")"
-    if [ -z "$ldapbase" ];  then
-	# autodetection failed
-	return
-    fi
-    kerberosserver=$(lookup_kerberos_server "$domain")
-
-cat <<EOF
-# SSSD configuration generated using $0
-[sssd]
-config_file_version = 2
-reconnection_retries = 3
-sbus_timeout = 30
-services = nss, pam
-domains = $domain
-
-[nss]
-filter_groups = root
-filter_users = root
-reconnection_retries = 3
-
-[pam]
-reconnection_retries = 3
-EOF
-if [ "$kerberosserver" ] ; then
-    auth="krb5"
-    chpass="krb5"
-else
-    auth="ldap"
-    chpass="ldap";
-fi
-
-cat <<EOF
-
-[domain/$domain]
-; Using enumerate = true leads to high load and slow response
-enumerate = false
-cache_credentials = true
-
-id_provider = ldap
-auth_provider = $auth
-chpass_provider = $chpass
-
-ldap_uri = $ldapuri
-ldap_search_base = $ldapbase
-ldap_tls_reqcert = demand
-ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
-EOF
-
-if [ "$kerberosserver" ] ; then
-    cat <<EOF
-
-krb5_kdcip = $kerberosserver
-krb5_realm = $kerberosrealm
-krb5_changepw_principle = kadmin/changepw
-krb5_auth_timeout = 15
-EOF
-fi
-}
-generate_config "$@"
diff --git a/debian/rules b/debian/rules
index 9c72122..7074d86 100755
--- a/debian/rules
+++ b/debian/rules
@@ -38,9 +38,6 @@ override_dh_auto_configure:
 	--with-sudo
 
 override_dh_install:
-	install -D -m755 $(CURDIR)/debian/generate-config \
-		$(CURDIR)/debian/tmp/usr/share/sssd/generate-config
-
 	mkdir -p $(CURDIR)/debian/libpam-sss/usr/share/pam-configs
 	install -m644 debian/libpam-sss.pam-auth-update \
 		$(CURDIR)/debian/libpam-sss/usr/share/pam-configs/sss
diff --git a/debian/sssd-common.postinst b/debian/sssd-common.postinst
index 75a7823..a46fc66 100644
--- a/debian/sssd-common.postinst
+++ b/debian/sssd-common.postinst
@@ -19,16 +19,6 @@ set -e
 
 case "$1" in
     configure)
-    # Try to autogenerate a configuration file on package install
-    if [ -z "$2" ] && [ ! -e /etc/sssd/sssd.conf ]; then
-        /usr/share/sssd/generate-config > /etc/sssd/sssd.conf.new
-	if [ ! -s /etc/sssd/sssd.conf.new ] ; then
-	    rm /etc/sssd/sssd.conf.new
-	else
-	    mv /etc/sssd/sssd.conf.new /etc/sssd/sssd.conf
-            chmod 0600 /etc/sssd/sssd.conf
-	fi
-    fi
     # Fix configuration file on package upgrade
     if dpkg --compare-versions "$2" lt-nl 1.0.2-0ubuntu1; then
         /usr/lib/sssd/sssd/upgrade_config.py

More information about the Pkg-sssd-devel mailing list