[Dbconfig-common-devel] dbconfig-common/debian README.pgsql,NONE,1.1 TODO,1.6,1.7 changelog,1.8,1.9 control,1.3,1.4 dbconfig-common.docs,1.1.1.1,1.2 dbconfig-common.postinst,1.3,1.4 dbconfig-common.templates,1.7,1.8 rules,1.5,1.6
seanius@haydn.debian.org
seanius@haydn.debian.org
- Previous message: [Dbconfig-common-devel] dbconfig-common/dpkg common,1.5,1.6 config,1.4,1.5 postinst,1.3,1.4 preinst,1.2,1.3 prerm,1.3,1.4
- Next message: [Dbconfig-common-devel] dbconfig-common dbconfig-generate-include,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvsroot/dbconfig-common/dbconfig-common/debian
In directory haydn:/org/alioth.debian.org/chroot/home/users/seanius/tmp/cvs-serv31239/debian
Modified Files:
TODO changelog control dbconfig-common.docs
dbconfig-common.postinst dbconfig-common.templates rules
Added Files:
README.pgsql
Log Message:
another load of work done.
the pgsql support now includes support for both ident (local, remote)
and password (password, crypt, md5, some pam) based authentication.
there's still a couple lurking bugs which i'll be fixing in 1.3:
- dpkg-reconfigure with multi-dbtype applications remembers some values
that perhaps it shouldn't.
- the pgsql support always asks the admin about modifying the configuration,
even if it doesn't need to.
- the pgsql support doesn't have a way of modifying the config
what i'm working on next:
- the above
- hitting at what's left in TODO (esp. verifying updates and script support)
- ssl support to pgsql
- dbconfig-generate-include
if anyone is interested, i can upload the current version to experimental.
just let me know!
sean
--- NEW FILE: README.pgsql ---
helpful information for users who are using postgresql databases
AUTHENTICATION METHODS
postgres supports many types of authentication methods. dbconfig-common
currently classifies them into two families: "ident", and "password".
the former consists of local and remote postgresql "ident" type connections.
and the latter consists of all the postgresql connections that require
a password (password, crypt, md5, maybe pam/krb5).
for "ident" connections on a local host, the server will check that the
owner of the local unix socket is authorized to connect to the database.
for "ident' connections on a remote host, the server will use an rfc 1413
based ident connection to establish identification. this is probably a
bad idea, as ident is easily spoofable in non-secured networks.
for "password" connections, the psql client will send along passwords
with its connection attempts to the server. the server will then
pass the password to whatever authentication backends it's configured
to use. note that dbconfig-common has no control over whether or not
the password is sent cleartext over the network (see USING SSL), so
you should be aware of the security risks involved with network
based connections.
if you're using a default debian install of postgres, your server
is probably set to use "ident" based authentication from the local machine.
USING SSL
the postgres command-line client has no way of enforcing that connections
use ssl, this is something you must configure on your server.
Index: TODO
===================================================================
RCS file: /cvsroot/dbconfig-common/dbconfig-common/debian/TODO,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- TODO 25 Jan 2005 14:48:19 -0000 1.6
+++ TODO 4 Feb 2005 06:26:06 -0000 1.7
@@ -3,17 +3,15 @@
this is the general state of things:
- database support
+ - general
+ - should we remove users completely at purge?
- mysql
- - installation
- - can't do ssl (see bug #291945)
- - removing user issues
- pgsql
- installation
- haven't verified that the script method works
- - support the various forms of pgsql authentication
- - whatever new debconf templates we need
- upgrading
- haven't verified that the script method works
+ - ssl
- translations
- still need to stabilize (primarily pgsql) templates
@@ -24,12 +22,10 @@
- oliver elphick's suggestion of storing previously used configurations
- dbconfig-generate-include
- - has no way for getting passwords not in the config file
+ - source config file, and if something is needed that's not in there
+ (the password, specifically), using shell func dbc_get_user_pass()
- stabilize the cmdline interface
- man page
-- security related
- - don't send passwords on the cmdline (requires hacking/replacing wwwconfig)
-
- unresolved issues
- - mysql does not support ssl for the time being
+ - mysql does not support ssl for the time being (see bug #291945)
Index: changelog
===================================================================
RCS file: /cvsroot/dbconfig-common/dbconfig-common/debian/changelog,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- changelog 25 Jan 2005 14:48:19 -0000 1.8
+++ changelog 4 Feb 2005 06:26:06 -0000 1.9
@@ -1,3 +1,11 @@
+dbconfig-common (1.2) experimental; urgency=low
+
+ * config file / debconf interaction fixes
+ * additional support for different postgres authentication methods
+ * debconf template updates
+
+ -- sean finney <seanius@debian.org> Wed, 02 Feb 2005 23:56:09 -0500
+
dbconfig-common (1.1) experimental; urgency=low
* huge re-write of internal db management code. this fixes a lot
Index: control
===================================================================
RCS file: /cvsroot/dbconfig-common/dbconfig-common/debian/control,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- control 30 Nov 2004 20:51:07 -0000 1.3
+++ control 4 Feb 2005 06:26:06 -0000 1.4
@@ -7,7 +7,7 @@
Package: dbconfig-common
Architecture: all
-Depends: wwwconfig-common, ${shlibs:Depends}, ${misc:Depends}
+Depends: ${misc:Depends}
Description: common framework for packaging database applications
dbconfig-common presents a policy and implementation for
managing various databases used by applications included in
Index: dbconfig-common.docs
===================================================================
RCS file: /cvsroot/dbconfig-common/dbconfig-common/debian/dbconfig-common.docs,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -d -r1.1.1.1 -r1.2
--- dbconfig-common.docs 21 Nov 2004 02:15:56 -0000 1.1.1.1
+++ dbconfig-common.docs 4 Feb 2005 06:26:06 -0000 1.2
@@ -1,3 +1,4 @@
+README.pgsql
doc/dbapp-policy.html
doc/dbconfig-common-design.html
doc/dbconfig-common.html
Index: dbconfig-common.postinst
===================================================================
RCS file: /cvsroot/dbconfig-common/dbconfig-common/debian/dbconfig-common.postinst,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- dbconfig-common.postinst 25 Jan 2005 14:48:19 -0000 1.3
+++ dbconfig-common.postinst 4 Feb 2005 06:26:06 -0000 1.4
@@ -6,7 +6,7 @@
# get some of our helper functions
. /usr/share/dbconfig-common/dpkg/common
-dbc_config
+dbc_config dbconfig-common $@
db_get dbconfig-common/remember-admin-pass
dbc_remember_admin_pass="$RET"
Index: dbconfig-common.templates
===================================================================
RCS file: /cvsroot/dbconfig-common/dbconfig-common/debian/dbconfig-common.templates,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- dbconfig-common.templates 25 Jan 2005 14:48:19 -0000 1.7
+++ dbconfig-common.templates 4 Feb 2005 06:26:06 -0000 1.8
@@ -80,7 +80,7 @@
Template: dbconfig-common/database-type
Type: select
Choices: ${database_types}
-Default: ${database_type}
+Default:
_Description: What database type should ${pkg} use?
${pkg} can be configured to use one of many database types.
Below, you will be presented with the available choices.
@@ -317,3 +317,67 @@
Type: password
_Description: Please re-enter the administrative password
Please re-enter the administrative password.
+
+Template: dbconfig-common/pgsql/authmethod-admin
+Type: select
+Choices: ident, password
+Default: ident
+_Description: How should the PostgreSQL admin authenticate to the server?
+ PostgreSQL servers provide several different mechanisms for authenticating
+ connections. Please select what method the administrative user should use
+ when connecting to the server.
+ .
+ With "ident" authentication on the local machine, the
+ server will check that the owner of the unix socket is allowed to connect.
+ .
+ With "ident" authentication to remote hosts, RFC 1413 based ident is
+ used (note this can be considered a security risk).
+ .
+ With "password" authentication, a password will be passed to the server
+ for use with some authentication backend (such as "md5" or "pam"). Note
+ that the password is still passed in the clear across network-based
+ connections if your server is not configured to use SSL.
+ .
+ For a default debian PostgreSQL installation running on the same host,
+ you probably want "ident".
+
+Template: dbconfig-common/pgsql/authmethod-user
+Type: select
+Choices: ident, password
+Default: ident
+_Description: How should the PostgreSQL user authenticate to the server?
+ PostgreSQL servers provide several different mechanisms for authenticating
+ connections. Please select what method the database user should use
+ when connecting to the server.
+ .
+ With "ident" authentication on the local machine, the
+ server will check that the owner of the unix socket is allowed to connect.
+ .
+ With "ident" authentication to remote hosts, RFC 1413 based ident is
+ used (note this can be considered a security risk).
+ .
+ With "password" authentication, a password will be passed to the server
+ for use with some authentication backend (such as "md5" or "pam"). Note
+ that the password is still passed in the clear across network-based
+ connections if your server is not configured to use SSL.
+ .
+ For a default debian PostgreSQL installation running on the same host,
+ you probably want "ident".
+
+Template: dbconfig-common/pgsql/changeconf
+Type: boolean
+Default: false
+_Description: Change PostgreSQL configuration automatically?
+ To enable bootstrapping the PostgreSQL database for ${pkg}, the
+ configuration of PostgreSQL has to be changed. It is suggested that
+ this is done by dbconfig-common when your package is
+ installed. If you answer here with "No" make sure you read
+ /usr/share/doc/${pkg}/README.Debian.
+
+Template: dbconfig-common/pgsql/manualconf
+Type: note
+_Description: Please change /etc/postgresql/pg_hba.conf
+ To get the database for package ${pkg} bootstrapped you have
+ to edit the configuration of your PostgreSQL server. You may be able to
+ find help in the file /usr/share/doc/${pkg}/README.Debian.
+
Index: rules
===================================================================
RCS file: /cvsroot/dbconfig-common/dbconfig-common/debian/rules,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- rules 19 Jan 2005 23:23:41 -0000 1.5
+++ rules 4 Feb 2005 06:26:06 -0000 1.6
@@ -37,7 +37,6 @@
dh_clean -k
dh_installdirs
mkdir -p debian/dbconfig-common/etc/dbconfig-common
- touch debian/dbconfig-common/etc/dbconfig-common/config
cp -Pr dpkg debian/dbconfig-common/usr/share/dbconfig-common/
cp -Pr internal debian/dbconfig-common/usr/share/dbconfig-common/
cp -P dbconfig-generate-include debian/dbconfig-common/usr/sbin/
- Previous message: [Dbconfig-common-devel] dbconfig-common/dpkg common,1.5,1.6 config,1.4,1.5 postinst,1.3,1.4 preinst,1.2,1.3 prerm,1.3,1.4
- Next message: [Dbconfig-common-devel] dbconfig-common dbconfig-generate-include,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]