[Dbconfig-common-devel] Re: debian-sys-maint now managed by the
package dbconfig-common
Georges Khaznadar
georges.khaznadar at free.fr
Fri Jun 9 12:29:21 UTC 2006
Hello Sean,
your proposition about debian-sys-maint is pretty cool. I agree.
About working without ucf, I'll adopt the method you indicate. There is no
need to create a new variable dbc_generate_include_foo if other ways already
exist.
Best regards, Georges.
sean finney a écrit :
> > debian_sys_maint_is_master=$(mysql --defaults-extra-file=/etc/mysql/debian.cnf mysql -e "select count(*) from user where User='debian-sys-maint' AND Select_priv='Y' AND Insert_priv='Y' AND Update_priv='Y' AND Delete_priv='Y' AND Create_priv='Y' AND Drop_priv='Y' AND Reload_priv='Y' AND Shutdown_priv='Y' AND Process_priv='Y' AND File_priv='Y' AND Grant_priv='Y' AND References_priv='Y' AND Index_priv='Y' AND Alter_priv='Y' AND Show_db_priv='Y' AND Super_priv='Y' AND Create_tmp_table_priv='Y' AND Lock_tables_priv='Y' AND Execute_priv='Y' AND Repl_slave_priv='Y' AND Repl_client_priv"|tail -1)
> >
> > if this variable is assigned the value 1, the account exists and has enough
> > privileges.
>
> okay, that's pretty cool. i think i'm open to doing this; but instead
> of having a packager specify some option in the config script, i think
> it could even be done automatically. this would require a small amount
> of changes to how things are done now, but i'd been planning some of
> these anyway. this is what i envision:
>
> 1 - no longer prompt for the dbadmin password in the config script
> 2 - have the dbadmin account name default to unset
> 3 - in the postinst (and any other part of dbc that needs to run
> stuff as dbadmin):
> - if the dbadmin account name is unset (default)
> - if talking to a local server and the debian-sys-maint account
> exists with sufficient privileges, use it as the dbadmin
> - otherwise use root as the dbadmin account
> - otherwise if we can connect as dbadmin (root) without a password, do that
> - otherwise prompt for the dbadmin password
>
> i've been meaning to do (1) anyway, because there are some corner-cases
> where it will otherwise ask for the admin password when it's not needed.
> adding in (3) after making the changes of (1) and (2) wouldn't be too
> hard (i'm doing something similar in the pgsql support). what do
> you think?
>
> > So when the config file is written, if it contains no more than the
> > accreditations to use the database, there is no benefit to keep a file
> > modified by hand.
>
> except that policy requires it. generally overwriting config files is
> not looked upon very fondly by admins and the debian release managers :)
>
> *however*, if this is something you want to do, it's still possible to
> do it without this option. in your postinst script, after calling
> dbc_go, you have everything you need to do this yourself.
>
> the dbc_generate_include_foo stuff is basically a wrapper around a bunch
> of logic on how to call /usr/sbin/dbconfig-generate-include, and you
> could always call it yourself without the -U option. for example,
> something like this in your postinst:
>
> . /usr/share/dbconfig-common/dpkg/postinst
> dbc_go PACKAGE $@
>
> dbconfig-generate-include -f php /etc/dbconfig-common/PACKAGE.conf > foofile
>
> would do what you want i'm pretty sure. keep in mind if you're doing
> this for a configuration file, it will generally be considered buggy
> if you plan on having this package in debian's archive. i should also
> probably remove the commented blurb about the file being managed by
> ucf if the file isn't actually managed by ucf :)
>
> > As the password for the database is generated randomly, after a cycle
> > install/purge/install, there is a question asked to determine whether the
> > config include file should be modified [N]. The default answer is dangerous,
> > because keeping the obsolete random password makes the new installation
> > useless. Then bypassing ucf is mandatory.
>
> if you go through a install/purge/install cycle, you shouldn't be prompted
> at all. if you are, it's because the file hasn't been purged from ucf
> (which the maintainer is currently required to do according to the dbc
> documentation, though i suppose this could be bundled into dbc).
>
> > It has been uploaded at
> > http://debian.ofset.org/dists/etch/main/source/dbconfig-common.diff
>
> i'll take a look at this in the next couple of days, thanks.
>
>
> sean
>
>
> --
--
Georges KHAZNADAR et Jocelyne FOURNIER
22 rue des mouettes, 59240 Dunkerque France.
Téléphone +33 (0)3 28 29 17 70
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/dbconfig-common-devel/attachments/20060609/c7fce83d/attachment.pgp
More information about the Dbconfig-common-devel
mailing list