Gentoo Archives: gentoo-dev

From: Martin Lesser <gentoo@××××××××××.de>
To: gentoo-dev <gentoo-dev@g.o>
Subject: [gentoo-dev] Policy violation possible (concerns openldap/nss_ldap)
Date: Wed, 18 Jun 2003 17:36:37
Yesterday we upgraded net-libs/nss_ldap/nss_ldap-207.ebuild to
net-libs/nss_ldap/nss_ldap-207-r1.ebuild and encountered an IMO fatal
error concerning writing into /etc *without* respecting the protection
of conf-files.

The relevant lines from src_install() of the different ebuilds are:

  dosym /etc/openldap/ldap.conf /etc/ldap.conf
(That's ok)

  insinto /etc/openldap
  doins ldap.conf
  dosym /etc/openldap/ldap.conf /etc/ldap.conf
(That's ok)

Until here /etc/ldap.conf was a symlink which was created or maintained
also by at least one other package (openldap itself), but

nss_ldap-207-r1.ebuild changed it totally:
  insinto /etc
  doins ldap.conf

So the symlink was overwritten with the vanilla configuration what - in
our case - caused several applications which depend on ldap to not work
properly any longer. That was really bad.

How can one prevent such an IMO unacceptable behavior of overwriting
config-files which are symlinks? Should this be seen as bug in

Have the changes described above to be reported as bug in nss_ldap?

How can we ensure the integrity of conf-files used by more than one
package when different packages use different locations for the *same*
configuration (a bad thing anyway)?


gentoo-dev@g.o mailing list