[PATCH] scripting: No longer install samba_upgradeprovision

Michael Adam obnox at samba.org
Mon Mar 11 17:43:10 MDT 2013 

pushed to autobuild

On 2013-03-01 at 18:58 +1100, Andrew Bartlett wrote:
> On Fri, 2013-03-01 at 18:58 +1100, Andrew Bartlett wrote:
> > I know this is a sensitive issue, but given the available developer time
> > and the issues we have found so far, I think this is the best option for
> > now. 
> > 
> > Too many of our users just run this tool blindly, when it was written to
> > be run by administrators with a deep knowledge of their Samba
> > databases.  
> > 
> > My hope is to get this into Samba 4.0.4, so that I am not in a rush to
> > finish the patches to improve the safety and effectiveness of
> > samba_upgradeprovision under that deadline.  (patch freeze is in a
> > little over a week). 
> > 
> > For users upgrading to 4.0.4, I'll see if I can build a dbcheck mode to
> > just reset the ACLs to the original values (much as what
> > samba_upgradeprovision does), but do so via the interactive mode that
> > tool has.
> > 
> > From here, I do want to continue to improve this tool, with increased
> > safely checks (only running on databases that have a positive marker as
> > being provisioned by Samba), not adding additional partition objects,
> > only making changes to attributes we want to change (by some kind of
> > command line option) and generally changing as little about the
> > installation as possible. 
> > 
> > Finally, I want to have much more testing, not only of 'empty'
> > provisions, but with additional users in place.  I don't think I can get
> > the tool to a state where I'm happy with it being safe in the timeframe,
> > which is why I would like to buy more time by steering our users away
> > from it. 
> 
> (and now with the patch for review/comment/push).
> 
> Thanks,
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> 

> >From f661a423cb6c4206d86bd6aba6c6c3b03ecb5be9 Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Thu, 28 Feb 2013 00:03:19 +1100
> Subject: [PATCH] scripting: No longer install samba_upgradeprovision
> 
> This tool is an important part of the toolkit a Samba Team member can
> use to assist a user with the upgrade of a very old Samba 4.0 AD DC
> installation.
> 
> However, like all powerful tools, it has sharp edges, and these need
> to have more protection added before we recommend the tool be used.
> 
> The WHATSNEW already indicated that this tool should not be used but a
> large number of users have run it, and due to lack of testing in the
> past, some have run into bugs.
> 
> While this tool can be run in debug modes, by default it simply fixes
> the database following a series of internal rule.  This does a good
> job much of the time, but does not request permission in the way that
> dbcheck does, and will create extra objects for things like the DNS
> partitions.
> 
> By removing this from the installed binaries, we provide another
> signal that it should not be used right now, until these matters are
> fixed and some clear documentation on how to safely use the tool can
> be written.
> 
> Andrew Bartlett
> ---
>  source4/scripting/wscript_build | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/source4/scripting/wscript_build b/source4/scripting/wscript_build
> index 9af23f6..39408ba 100644
> --- a/source4/scripting/wscript_build
> +++ b/source4/scripting/wscript_build
> @@ -4,7 +4,7 @@ from samba_utils import MODE_755
>  
>  sbin_files = None
>  if bld.CONFIG_SET('AD_DC_BUILD_IS_ENABLED'):
> -    sbin_files = 'bin/samba_upgradeprovision bin/samba_dnsupdate bin/samba_spnupdate bin/samba_upgradedns bin/samba_kcc'
> +    sbin_files = 'bin/samba_dnsupdate bin/samba_spnupdate bin/samba_upgradedns bin/samba_kcc'
>  
>  if sbin_files:
>      bld.INSTALL_FILES('${SBINDIR}',
> -- 
> 1.7.11.7
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130312/4b1fa0e8/attachment.pgp>

More information about the samba-technical mailing list