From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id C8A86602E9 for ; Tue, 1 Sep 2020 15:21:52 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B732A9AA0 for ; Tue, 1 Sep 2020 15:21:22 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 282289A95 for ; Tue, 1 Sep 2020 15:21:22 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E105A4499C for ; Tue, 1 Sep 2020 15:21:21 +0200 (CEST) To: Proxmox Backup Server development discussion , Stefan Reiter References: <20200901122728.12566-1-s.reiter@proxmox.com> <20200901122728.12566-2-s.reiter@proxmox.com> From: Thomas Lamprecht Message-ID: <7470c3f8-ab4c-67e3-42ac-bc0d969e6169@proxmox.com> Date: Tue, 1 Sep 2020 15:21:21 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Thunderbird/81.0 MIME-Version: 1.0 In-Reply-To: <20200901122728.12566-2-s.reiter@proxmox.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.946 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -2.13 Looks like a legit reply (A) RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH v2 proxmox-backup 2/2] d/postinst: always fixup termproxy user id and for all users X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2020 13:21:52 -0000 On 01.09.20 14:27, Stefan Reiter wrote: > Anyone with a PAM account and Sys.Console access could have started a > termproxy session, adapt the regex. >=20 > Always run the sed expression to make sure eventually all occurences of= > the broken syntax are fixed. >=20 > Signed-off-by: Stefan Reiter > --- >=20 > v2: new patch >=20 > This one is definitely necessary though, as otherwise broken entries wi= ll just > remain forever. This way they'll at least be fixed up eventually at som= e > upgrade (and for all users, not just root@pam). >=20 > debian/postinst | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) >=20 > diff --git a/debian/postinst b/debian/postinst > index 9ab78798..bc414ccb 100644 > --- a/debian/postinst > +++ b/debian/postinst > @@ -15,12 +15,8 @@ case "$1" in > fi > deb-systemd-invoke $_dh_action proxmox-backup.service proxmox-backup-= proxy.service >/dev/null || true > =20 > - if test -n "$2"; then > - if dpkg --compare-versions "$2" 'le' '0.8.10-1'; then > - echo "Fixing up termproxy user id in task log..." > - flock -w 30 /var/log/proxmox-backup/tasks/active.lock sed -i 's/:te= rmproxy::root: /:termproxy::root@pam: /' /var/log/proxmox-backup/tasks/ac= tive > - fi > - fi > + echo "Fixing up termproxy user id in task log..." > + flock -w 30 /var/log/proxmox-backup/tasks/active.lock sed -i 's/:term= proxy::\([^@]\+\): /:termproxy::\1@pam: /' /var/log/proxmox-backup/tasks/= active I mean, guard it at least with a grep, so that this log and the flock onl= y gets called when required.. And anyway, this is a beta, why adding already that much legacy handling = code here? I mean if the old fixup worked, OK, that wasn't much, but this is g= ets ugly fast, quite inclined to NAK it altogether... Why not just document (i.e., post it as reply in the forum) the sed comma= nd, and refer to it if a user runs into this? Much simpler and avoids adding cruft already now.