Code review comment for ~ahasenack/ubuntu/+source/openldap:groovy-openldap-2.4.50-merge-and-delta-drop

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

If I check for the nss overlay in slapd.preinst, and exit 1 (just for the sake of testing, let's assume there are debconf prompts asking what to do, and the user chose to abort), then we get:

Preparing to unpack .../slapd_2.4.50+dfsg-1ubuntu1~ppa4_amd64.deb ...
Saving current slapd configuration to /var/backups/slapd-2.4.49+dfsg-2ubuntu2...
nss overlay in use, aborting install
dpkg: error processing archive ./slapd_2.4.50+dfsg-1ubuntu1~ppa4_amd64.deb (--install):
 new slapd package pre-installation script subprocess returned error exit status 1
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.50+dfsg-1ubuntu1~ppa4... done.
Setting up libldap-common (2.4.50+dfsg-1ubuntu1~ppa4) ...
Setting up libldap-2.4-2:amd64 (2.4.50+dfsg-1ubuntu1~ppa4) ...
Setting up ldap-utils (2.4.50+dfsg-1ubuntu1~ppa4) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for libc-bin (2.31-0ubuntu9) ...
Errors were encountered while processing:
$ echo $?

- apt exits 1, indicating a failure
- slapd stays at the previous version, but other packages remain upgraded
- slapd is restarted, but stays running instead of failing to come up

Removing the nss overlay configuration in postinst is complicated, error prone, and might render the system without a working login (assuming the overlay is being used in that system for logins: not always the case).

These are the options as far as I can see, at the moment:
a) don't remove nssov
b) remove nssov, and exit 1 in preinst if it's detected, with the outcome detailed above
c) remove nssov and not handle it. apt fails, slapd remains stopped at the end, system might be without a working logn
d) remove nssov, go through great lengths to remove it from slapd's config (very complicated due to cn=config and the fact that slapd doesn't support removing modules dynamically via ldap commands), and in the end have a running slapd, but without nssov. System might again be without a working login, if nssov was used for that on this system.

If we chose (a), I might as well fix bug #381829 and bug #1452087

« Back to merge proposal