[Debian-olpc-devel] Modifying /etc/nsswitch.conf in Debian Packages

Jonas Smedegaard dr at jones.dk
Thu Sep 10 08:35:17 UTC 2009

Hi Luke,

On Wed, Sep 09, 2009 at 09:58:34PM -0400, Luke Faraone wrote:
>I'm currently working on packaging 
>Rainbow<http://wiki.laptop.org/go/Rainbow>, an implementation of the 
>Bitfrost <http://wiki.laptop.org/go/OLPC_Bitfrost> security 
>spesification. Rainbow runs user-level desktop applications with the 
>same level of resource isolation already used with a variety of system 
>daemons, giving each application instance its own UID, GID, and 
>persistent storage directory.
>In order to function, Rainbow requires a NSS module, libnss-rainbow, to 
>be installed and enabled in /etc/nsswitch.conf.
>From what I can tell (as seen on bug 
>388864<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388864> ), 
>libnss-mdns modifies /etc/nsswitch.conf directly as part of its 
>postinst. I thought this wasn't allowed by Debian policy, but if I'm 
>misunderstanding I'm more than happy to adopt their solution.

libnss-mdns 0.10-3.1 currently in Sid contains the following:

---- README.Debian ----
Previously the base-files package shipped /etc/nsswitch.conf and specified:

     hosts:          files dns mdns

However, due to bug#351990, this is no longer the case. /etc/nsswitch.conf
is now generated post-installation. Upon installation of nss-mdns, if the
strings 'mdns', 'mdns_minimal', 'mdns4', 'mdns4_minimal', 'mdns6' or
'mdns6_minimal' appear on the hosts line, your /etc/nsswitch.conf file
will not be updated, otherwise it will updated to match the upstream
recommended configuration which usually looks like:

     hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
---- README.Debian ----

Perhaps you could do similar arrangements until a unified solution is 

>On Ubuntu AuthClientConfig <https://wiki.ubuntu.com/AuthClientConfig> 
>seems to serve a similar purpose. Assuming the above workaround was not 
>acceptable, would porting ACC to Debian and using that hook in my 
>package be so?

I don't know that tool (and have no time to investigate it currently) so 
can't comment on that at the moment.

>Please CC me, as I'm not subscribed to this list.

You _are_ subscribed to the OLPC list at Alioth, so I've just made sure 
to include that one :-)


 - Jonas

* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

  [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-olpc-devel/attachments/20090910/d9d4d28a/attachment.pgp>

More information about the Debian-olpc-devel mailing list