[Dbconfig-common-devel] Re: debian-sys-maint now managed by the package dbconfig-common

Georges Khaznadar georges.khaznadar at free.fr
Fri Jun 9 12:29:21 UTC 2006 

Hello Sean,

your proposition about debian-sys-maint is pretty cool. I agree.

About working without ucf, I'll adopt the method you indicate. There is no
need to create a new variable dbc_generate_include_foo if other ways already
exist.

Best regards,			Georges.

sean finney a écrit :
> > debian_sys_maint_is_master=$(mysql --defaults-extra-file=/etc/mysql/debian.cnf mysql -e "select count(*) from user where User='debian-sys-maint' AND Select_priv='Y' AND Insert_priv='Y' AND Update_priv='Y' AND Delete_priv='Y' AND Create_priv='Y' AND Drop_priv='Y' AND Reload_priv='Y' AND Shutdown_priv='Y' AND Process_priv='Y' AND File_priv='Y' AND Grant_priv='Y' AND References_priv='Y' AND Index_priv='Y' AND Alter_priv='Y' AND Show_db_priv='Y' AND Super_priv='Y' AND Create_tmp_table_priv='Y' AND Lock_tables_priv='Y' AND Execute_priv='Y' AND Repl_slave_priv='Y' AND Repl_client_priv"|tail -1)
> > 
> > if this variable is assigned the value 1, the account exists and has enough
> > privileges.
> 
> okay, that's pretty cool.   i think i'm open to doing this; but instead
> of having a packager specify some option in the config script, i think
> it could even be done automatically.  this would require a small amount
> of changes to how things are done now, but i'd been planning some of
> these anyway.  this is what i envision:
> 
> 1 - no longer prompt for the dbadmin password in the config script
> 2 - have the dbadmin account name default to unset
> 3 - in the postinst (and any other part of dbc that needs to run
>     stuff as dbadmin):
>     - if the dbadmin account name is unset (default)
>       - if talking to a local server and the debian-sys-maint account
>         exists with sufficient privileges, use it as the dbadmin
>       - otherwise use root as the dbadmin account
>     - otherwise if we can connect as dbadmin (root) without a password, do that
>     - otherwise prompt for the dbadmin password
> 
> i've been meaning to do (1) anyway, because there are some corner-cases
> where it will otherwise ask for the admin password when it's not needed.
> adding in (3) after making the changes of (1) and (2) wouldn't be too
> hard (i'm doing something similar in the pgsql support).  what do
> you think?
> 
> > So when the config file is written, if it contains no more than the
> > accreditations to use the database, there is no benefit to keep a file
> > modified by hand.
> 
> except that policy requires it.  generally overwriting config files is
> not looked upon very fondly by admins and the debian release managers :)
> 
> *however*, if this is something you want to do, it's still possible to
> do it without this option.  in your postinst script, after calling
> dbc_go, you have everything you need to do this yourself.  
> 
> the dbc_generate_include_foo stuff is basically a wrapper around a bunch
> of logic on how to call /usr/sbin/dbconfig-generate-include, and you
> could always call it yourself without the -U option.  for example,
> something like this in your postinst:
> 
> 	. /usr/share/dbconfig-common/dpkg/postinst
> 	dbc_go PACKAGE $@
> 
> 	dbconfig-generate-include -f php /etc/dbconfig-common/PACKAGE.conf > foofile
> 
> would do what you want i'm pretty sure.  keep in mind if you're doing
> this for a configuration file, it will generally be considered buggy
> if you plan on having this package in debian's archive.  i should also
> probably remove the commented blurb about the file being managed by
> ucf if the file  isn't actually managed by ucf :)
> 
> > As the password for the database is generated randomly, after a cycle
> > install/purge/install, there is a question asked to determine whether the
> > config include file should be modified [N]. The default answer is dangerous,
> > because keeping the obsolete random password makes the new installation
> > useless. Then bypassing ucf is mandatory.
> 
> if you go through a install/purge/install cycle, you shouldn't be prompted
> at all.  if you are, it's because the file hasn't been purged from ucf
> (which the maintainer is currently required to do according to the dbc
> documentation, though i suppose this could be bundled into dbc).
> 
> > It has been uploaded at 
> > http://debian.ofset.org/dists/etch/main/source/dbconfig-common.diff
> 
> i'll take a look at this in the next couple of days, thanks.
> 
> 
> 	sean
> 
> 
> -- 



-- 
Georges KHAZNADAR et Jocelyne FOURNIER
22 rue des mouettes, 59240 Dunkerque France.
Téléphone +33 (0)3 28 29 17 70

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20060609/c7fce83d/attachment.pgp

More information about the Dbconfig-common-devel mailing list