c1) if a setting is disabled by this sed:
sed -i '/^\['"$1"'\]$/,/^\[/ s/^[^#;]*'"$2".*'\b/#& # disabled by dpkg\n'"$setting"'/g' "$SSSD_CONF" || true
That is also adding a blank line at the end (see the last \n) and breaks a bit the flow of the config file. For example, for kicks, I disabled "config_file_version" in [sssd], and the section became:
[sssd]
#config_file_version = 2 # disabled by dpkg
services = nss, pam
domains = LDAP # here is the domain
Just esthetics. If we happen to get another upload, then this \n could be dropped, unless it's handling a case I haven't seen.
c2) this function will fail if the section name ([name]) contains a "/", which is quite common:
That's not the case in any of the uses in postinst, however, so no need to complicate it now to fix a problem that hasn't happened yet.
I was wondering if the certificate_verification and pam_cert_verification could appear inside a [domain/] section, but looks like that's not a valid config.
c) replace_setting()
c1) if a setting is disabled by this sed: $1"'\]$ /,/^\[/ s/^[^#; ]*'"$2" .*'\b/# & # disabled by dpkg\n' "$setting" '/g' "$SSSD_CONF" || true
sed -i '/^\['"
That is also adding a blank line at the end (see the last \n) and breaks a bit the flow of the config file. For example, for kicks, I disabled "config_ file_version" in [sssd], and the section became:
[sssd] file_version = 2 # disabled by dpkg
#config_
services = nss, pam
domains = LDAP # here is the domain
Just esthetics. If we happen to get another upload, then this \n could be dropped, unless it's handling a case I haven't seen.
c2) this function will fail if the section name ([name]) contains a "/", which is quite common:
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
[domain/LDAP]
id_provider = ldap
ldap_uri = ldap://localhost
cache_credentials = True
ldap_search_base = dc=example,dc=com
That's not the case in any of the uses in postinst, however, so no need to complicate it now to fix a problem that hasn't happened yet.
I was wondering if the certificate_ verification and pam_cert_ verification could appear inside a [domain/] section, but looks like that's not a valid config.