From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-3843-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 2582 invoked by uid 1002); 18 Jun 2003 17:36:37 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 2565 invoked from network); 18 Jun 2003 17:36:37 -0000
To: gentoo-dev <gentoo-dev@gentoo.org>
X-URL: <http://www.better-com.de>
X-Face: "d[&>8')a)wbF:+L#^<_cohnX6#m5RCCeKF/6_gD(iQ9bX?xe2~Aq*!')D(1ks`?YhomOYbL3R:{4e4a]qft_]<.q/Lf4hIr,`G+LX33&TYp}XGf<b?+GPT;3I8k/|[DR#MO1N(h>e~^5m$28R"$C(EwnB\n8t
Organization: Better-Com IT-Services GmbH
From: Martin Lesser <gentoo@better-com.de>
Date: 18 Jun 2003 19:36:34 +0200
Message-ID: <871xxrb84d.fsf@nb-acer.better-com.de>
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Common Lisp)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: [gentoo-dev] Policy violation possible (concerns openldap/nss_ldap)
X-Archives-Salt: f62ad624-55f3-4678-9c5f-80ec93958b75
X-Archives-Hash: badbd6e1faca9ec55e06d0432dc29b89

Yesterday we upgraded net-libs/nss_ldap/nss_ldap-207.ebuild to
net-libs/nss_ldap/nss_ldap-207-r1.ebuild and encountered an IMO fatal
error concerning writing into /etc *without* respecting the protection
of conf-files.

The relevant lines from src_install() of the different ebuilds are:

nss_ldap-202.ebuild:
  dosym /etc/openldap/ldap.conf /etc/ldap.conf
(That's ok)

nss_ldap-207.ebuild:
  insinto /etc/openldap
  doins ldap.conf
  dosym /etc/openldap/ldap.conf /etc/ldap.conf
(That's ok)

Until here /etc/ldap.conf was a symlink which was created or maintained
also by at least one other package (openldap itself), but

nss_ldap-207-r1.ebuild changed it totally:
  insinto /etc
  doins ldap.conf

So the symlink was overwritten with the vanilla configuration what - in
our case - caused several applications which depend on ldap to not work
properly any longer. That was really bad.

How can one prevent such an IMO unacceptable behavior of overwriting
config-files which are symlinks? Should this be seen as bug in
gentoo/emerge?

Have the changes described above to be reported as bug in nss_ldap?

How can we ensure the integrity of conf-files used by more than one
package when different packages use different locations for the *same*
configuration (a bad thing anyway)?

Martin

--
gentoo-dev@gentoo.org mailing list