lists.arthurdejong.org
RSS feed

nss-pam-ldapd commit: r2042 - debian/nss-pam-ldapd/branches/experimental/debian

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss-pam-ldapd commit: r2042 - debian/nss-pam-ldapd/branches/experimental/debian

Author: arthur
Date: Fri Oct 18 14:40:21 2013
New Revision: 2042
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=2042&view=revision

Log:
when upgrading from a pre-0.9 version, have the nslcd postinst check if any 
services need to be restarted to load the new modules (heavily based on the 
eglibc and pam packaging)

Modified:
   debian/nss-pam-ldapd/branches/experimental/debian/changelog
   debian/nss-pam-ldapd/branches/experimental/debian/nslcd.postinst
   debian/nss-pam-ldapd/branches/experimental/debian/nslcd.templates

Modified: debian/nss-pam-ldapd/branches/experimental/debian/changelog
==============================================================================
--- debian/nss-pam-ldapd/branches/experimental/debian/changelog Fri Oct 18 
14:30:53 2013        (r2041)
+++ debian/nss-pam-ldapd/branches/experimental/debian/changelog Fri Oct 18 
14:40:21 2013        (r2042)
@@ -9,6 +9,9 @@
   * when upgrading from a pre-0.9 version, have the nslcd preinst check if
     a screensaver is running that could end up locking users out of their
     system (heavily based on the eglibc and pam packaging)
+  * when upgrading from a pre-0.9 version, have the nslcd postinst check
+    if any services need to be restarted to load the new modules (heavily
+    based on the eglibc and pam packaging)
 
  -- Arthur de Jong <adejong@debian.org>  Fri, 18 Oct 2013 14:00:00 +0200
 

Modified: debian/nss-pam-ldapd/branches/experimental/debian/nslcd.postinst
==============================================================================
--- debian/nss-pam-ldapd/branches/experimental/debian/nslcd.postinst    Fri Oct 
18 14:30:53 2013        (r2041)
+++ debian/nss-pam-ldapd/branches/experimental/debian/nslcd.postinst    Fri Oct 
18 14:40:21 2013        (r2042)
@@ -140,6 +140,39 @@
   fi
 }
 
+# check which of the provided to-check services are actually installed
+# Note: this function is taken from libpam0g postinst
+installed_services() {
+  check="$@"
+
+  # Only get the ones that are installed, and configured
+  check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if 
($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { 
print package }}')
+
+  # some init scripts don't match the package names
+  check=$(echo $check | \
+      sed -e's/\bapache2-common\b/apache2/g' \
+          -e's/\bat\b/atd/g' \
+          -e's/\bdovecot-common\b/dovecot/g' \
+          -e's/\bdante-server\b/danted/g' \
+          -e's/\bexim4-base\b/exim4/g' \
+          -e's/\bheartbeat-2\b/heartbeat/g' \
+          -e's/\bhylafax-server\b/hylafax/g' \
+          -e's/\bpartimage-server\b/partimaged/g' \
+          -e's/\bpostgresql-common\b/postgresql/g' \
+          -e's/\bsasl2-bin\b/saslauthd/g' \
+  )
+
+  for service in $check; do
+    idl="/etc/init.d/${service}"
+    if [ -n "$idl" ] && [ -x $idl ]; then
+      services="$service $services"
+    else
+      echo "WARNING: init script for $service not found." >&2
+    fi
+  done
+  echo "$services"
+}
+
 # real functions begin here
 if [ "$1" = "configure" ]
 then
@@ -237,6 +270,118 @@
   then
     cfg_disable ssl
   fi
+
+  # when upgrading from an pre-0.9 version of the package check to restart
+  # applications that otherwise may no longer be able to lookup or
+  # authenticate users (when nslcd is being configured, both modules should
+  # already be unpacked and will be loaded by restarted services)
+  if dpkg --compare-versions "$2" lt "0.9"
+  then
+    # code heavily based on eglibc and pam postinst
+
+    echo "Checking for services that may need to be restarted..."
+    check="apache2-common at bayonne cherokee courier-authdaemon"
+    check="$check cron cups"
+    check="$check dante-server diald dovecot-common exim exim4-base"
+    check="$check fcron fireflier-server freeradius gdm heartbeat"
+    check="$check heartbeat-2 hylafax-server iiimf-server inn2"
+    check="$check kannel linesrv linesrv-mysql lsh-server"
+    check="$check muddleftpd netatalk nuauth partimage-server"
+    check="$check perdition pgpool popa3d"
+    check="$check postgresql-common proftpd pure-ftpd"
+    check="$check pure-ftpd-ldap pure-ftpd-mysql"
+    check="$check pure-ftpd-postgresql racoon samba sasl2-bin"
+    check="$check sfs-server solid-pop3d squid squid3 tac-plus"
+    check="$check vsftpd wu-ftpd wzdftpd xrdp yardradius yaws"
+    # only restart wdm and xdm if no-one is logged in in X
+    if ! who | awk '{print $2}' | grep -q ':[0-9]'
+    then
+      check="$check wdm xdm"
+    fi
+    services=$(installed_services "$check")
+
+    if [ -n "$services" ]
+    then
+      db_input critical libraries/restart-without-asking || true
+      db_go || true
+      db_get libraries/restart-without-asking
+      if [ "$RET" != true ]
+      then
+        db_reset nslcd/restart-services
+        db_set nslcd/restart-services "$services"
+        db_input critical nslcd/restart-services || true
+        db_go || true
+        db_get nslcd/restart-services
+
+        if [ "x$RET" != "x" ]
+        then
+          services=$RET
+        else
+          services=""
+        fi
+      fi
+      echo
+      if [ "$services" != "" ]; then
+        echo "Restarting services possibly affected by the upgrade:"
+        failed=""
+        rl=$(runlevel | sed 's/.*\ //')
+        for service in $services; do
+          idl="invoke-rc.d ${service}"
+
+          case "$service" in
+            gdm)
+              echo -n "  $service: reloading..."
+              if $idl reload > /dev/null 2>&1; then
+                echo "done."
+              else
+                echo "FAILED! ($?)"
+                failed="$service $failed"
+              fi
+              continue
+            ;;
+          esac
+          echo -n "  $service: stopping..."
+          $idl stop > /dev/null 2>&1 || true
+          sleep 1
+          echo -n "starting..."
+          if $idl start > /dev/null 2>&1; then
+            echo "done."
+          else
+            echo "FAILED! ($?)"
+            failed="$service $failed"
+          fi
+        done
+        echo
+        if [ -n "$failed" ]; then
+          db_subst nslcd/restart-failed services "$failed"
+          db_input critical nslcd/restart-failed || true
+          db_go || true
+        else
+          echo "Services restarted successfully."
+        fi
+        echo
+      fi
+    else
+      echo "Nothing to restart."
+    fi
+
+    if who | awk '{print $2}' | grep -q ':[0-9]'
+    then
+      dms=""
+      for service in wdm xdm; do
+        case "$services" in
+          *$service*)   ;;
+          *)    dms="$dms $service"
+        esac
+      done
+      services=$(installed_services "$dms")
+      if [ -n "$services" ]; then
+        db_input critical nslcd/xdm-needs-restart || true
+        db_go || true
+      fi
+    fi
+  fi
+
   # we're done
   db_stop
 fi

Modified: debian/nss-pam-ldapd/branches/experimental/debian/nslcd.templates
==============================================================================
--- debian/nss-pam-ldapd/branches/experimental/debian/nslcd.templates   Fri Oct 
18 14:30:53 2013        (r2041)
+++ debian/nss-pam-ldapd/branches/experimental/debian/nslcd.templates   Fri Oct 
18 14:40:21 2013        (r2042)
@@ -134,3 +134,43 @@
  You should arrange for these programs to be restarted or stopped before
  continuing this upgrade, to avoid locking your users out of their current
  sessions.
+
+Template: libraries/restart-without-asking
+Type: boolean
+Default: false
+_Description: Restart services during package upgrades without asking?
+ There are services installed on your system which need to be restarted
+ when certain libraries, such as libpam, libc, and libssl, are upgraded.
+ Since these restarts may cause interruptions of service for the system,
+ you will normally be prompted on each upgrade for the list of services
+ you wish to restart.  You can choose this option to avoid being prompted;
+ instead, all necessary restarts will be done for you automatically so you
+ can avoid being asked questions on each library upgrade.
+
+Template: nslcd/restart-services
+Type: string
+_Description: Services to restart for nslcd upgrade:
+ Running services and programs that are using nslcd need to be restarted,
+ otherwise they might not be able to do lookup or authentication any more
+ (for services such as ssh, this can affect your ability to login).
+ Please review the following space-separated list of init.d scripts for
+ services to be restarted now, and correct it if needed.
+
+Template: nslcd/restart-failed
+Type: error
+#flag:translate!:3
+_Description: Failure restarting some services for nslcd upgrade
+ The following services could not be restarted:
+ .
+ ${services}
+ .
+ You will need to start these manually by running
+ '/etc/init.d/<service> start'.
+
+Template: nslcd/xdm-needs-restart
+Type: error
+_Description: Display manager must be restarted manually
+ The wdm and xdm display managers require a restart for the new version of
+ nslcd, but there are X login sessions active on your system that would be
+ terminated by this restart.  You will therefore need to restart these
+ services by hand before further X logins will be possible.
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits/