Debathena hacks

This page documents the various interesting hacks that we needed to do in order to create Debathena. Many of these hacks are considerably more generic than just Debathena (for example, anyone using libnss-hesiod or libnss-ldap probably wants libnss-nonlocal, and anyone using AFS PAGs probably wants libnss-afspag). The software is available in Debian package form from the Debathena repository.

PAM modules

We created several new PAM modules for Debathena:

NSS modules

We created two NSS modules for Debathena:

Clean dpkg-divert replacements for configuration files

In creating Debathena, we have often wanted to be able to replace a package’s configuration file without destroying any state on the user’s machine (so that he can uninstall Debathena completely).

The obvious mechanism for doing this would be to preseed Debconf with new configuration information (and then dpkg-reconfigure the affected packages), but this strategy destroys any configuration information that the user entered previously. We chose to use a different system, where our packages install new configuration files under the name FILE.debathena, where FILE is the name of the configuration file. Our system then uses dpkg-divert to move FILE to FILE.debathena-orig, and then install a symlink from FILE to FILE.debathena. This has the nice property that the machine’s original configuration file is preserved, and the user can easily choose which configuration file to use by simply moving the symbolic link to point to FILE.debathena-orig. Our package removes the symlink and undoes the diversion when it is uninstalled.

We eventually created the debathena-config-build-common package, which contains a CDBS (Common Debian Build System) module to include the shell functions for our diversion system into a package’s postinst and prerm scripts, and divert the relevant files. The interface is very simple, since we only need to add a single line to the rules file to divert an additional file. In Spring 2008, we prepared this system for broader release as the config-package-dev package.

One disadvantage of our system in comparison to the Debconf preseeding strategy is that when the user installs a package like krb5-config whose configuration files are going to be diverted, he is asked various questions, whose answers are irrelevant to the Debathena configuration he will eventually receive. This can be handled by setting the DEBIAN_FRONTEND=noninteractive, but it not as clean as we would like.

The Debathena system for configuration packages for Debian is described in detail on the config-package-dev page.

Supporting several distributions simultaneously

Debathena is built for all current releases of Debian and Ubuntu for 32-bit and 64-bit PCs:

For packages built from a single source, we currently append the suffix ~debian5.0 (or similar) to the binary package version number so that the binaries built on different distributions can share the repository. We’ll add more information about our system for building these all in the same repository and with the same source packages when possible later. The patches to upstream sbuild for implementing this are Debian bugs #475777 and #472350.