Bug 1577174
Summary: | ecryptfs-utils calls authconfig in postinstall and postuninstall, but authconfig is depredicated in Fedora 28 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Edgar Hoch <edgar.hoch> | ||||
Component: | ecryptfs-utils | Assignee: | Michal Hlavinka <mhlavink> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 28 | CC: | esandeen, mhlavink, pbrezina, projects.rg | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | ecryptfs-utils-111-15.fc28 ecryptfs-utils-111-15.fc29 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-10-01 02:46:31 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Edgar Hoch
2018-05-11 11:58:13 UTC
Why did nothing happen since nearly four months??? It would be so easy to release a package that no longer calls authconfig. But now, with a new release of authselect, the installation of your package destroys our running systems, because it changes the profile to sssd and disables rpcbind.service and ypbind.service! This makes our systems unusable. Very bad! From the logs: Running authconfig compatibility tool. The purpose of this tool is to enable authentication against chosen services with authselect and minimum configuration. It does not provide all capabilities of authconfig. IMPORTANT: authconfig is replaced by authselect, please update your scripts. See Fedora 28 Change Page: https://fedoraproject.org/wiki/Changes/AuthselectAsDefault See man authselect-migration(7) to help you with migration to authselect Executing: /usr/bin/authselect select sssd --force with-ecryptfs Removing file: /etc/krb5.conf.d/authconfig-krb.conf Executing: /usr/bin/systemctl disable sssd.service Executing: /usr/bin/systemctl stop sssd.service Removing file: /etc/sssd/conf.d/authconfig-sssd.conf Executing: /usr/bin/systemctl disable winbind.service Executing: /usr/bin/systemctl stop winbind.service Executing: /usr/bin/domainname (none) Executing: /usr/sbin/setsebool -P allow_ypbind 0 Executing: /usr/bin/systemctl disable rpcbind.service Executing: /usr/bin/systemctl disable ypbind.service Executing: /usr/bin/systemctl stop rpcbind.service Executing: /usr/bin/systemctl stop ypbind.service Sorry for inactivity here. But I guess upstream development is nearly dead, so the package isn't updated for a long time due to no plan for any official release(s) ahead. <rant> ecryptfs has never correctly worked for me in RPM based distributions but on ubuntu, maybe they use weird patches, also in kernel. Maybe we should consider to file a ticket about non-responsive maintainer, or at least orphan this package. There are better alternatives available like e.g. cryfs or securefs but not packaged yet. Thanks for the reaction. I have excluded the package from our installation list now. I don't know if any of our users have used it. (The package was included as dependency of python2-ecryptfs-utils, which was in my list because of the (not really good) idea to provide our users all available python packages...). python2-ecryptfs-utils should go away anyways, see rhbz#1458602. python2-ecryptfs-utils should go away anyways, see bug #1458602. Created attachment 1481563 [details]
F28 dist-git patch
I attached a patch for F28 dist-git that should be pushed. I do not have the permission to do so as I am not a maintainer nor member of provenpackager group. It should be applied to f28, f29 and rawhide. Pavel, thanks for the patch. Just a minor thing. Be aware that rpm scripts are executed with /bin/sh and while on most systems it means bash, it's not guaranteed, so you should not use any bashisms in scripts, only posix. Anyway, thanks for the patch ecryptfs-utils-111-15.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-73af536826 ecryptfs-utils-111-15.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0523848188 ecryptfs-utils-111-15.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-73af536826 ecryptfs-utils-111-15.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0523848188 ecryptfs-utils-111-15.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. ecryptfs-utils-111-15.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. |