[Zope-dev] Re: Debian and Zope

Thaddeus H. Black t at b-tk.org
Wed Aug 18 16:40:12 EDT 2004


This question regards the code in Zope's
zpasswd.py.  If you know zpasswd.py or are
involved in Debian, please reply.

Debian GNU/Linux 3.1 releases soon.  The Debian
Zope package (actually the Debian `zopectl'
package) has what Debian calls a Release
Critical Bug open against it
[http://bugs.debian.org/251038].  Normally,
Debian's Zope maintainer would handle such a
bug, but the maintainer seems to be inactive
this year, so it falls to me to fix it.  This is
okay.  The maintainer's work in earlier years is
appreciated.  The trouble is, I do not use Zope
myself, so I am fixing the bug with limited
understanding of the potential consequences of
the fix.

The part of the Debian fix which affects your
Zope source is in zpasswd.py.  At present, a
user can invoke zpasswd in either of two ways:

  (1) without command-line options, in which
  case zpasswd prompts the user on tty for
  username and password; or

  (2) with username and password supplied on the
  command line.

How the user cannot presently invoke zpasswd is

  (3) with username supplied on the command
  line, so that zpasswd prompts the user on tty
  for a password only.

The Zope installation procedure on Debian
requires option (3).  With (3), I can cleanly
eliminate the Release Critical Bug now and
prevent Zope from being dropped from Debian 3.1.
Thus I am adding (3) to Debian Zope.

Question, please.  Does my addition create some
subtle problem I should know about?  If Zope
were coded perfectly cleanly, then the addition
of option (3) should create no problem; but you
and I have both done enough coding to realize
that old code can sometimes depend in strange
ways on the odd behavior of even older code.
With my small addition, zpasswd now correctly
handles (3).  Is this okay, or can you think of
something specific it might break, something I
might not have noticed?  I have checked
everything I know how to check, but I do not
know Zope; you guys do.

Regrettably, Zope's public SVN seems to be down
as I write these words, so in the unlikely event
that someone had already added option (3) to
zpasswd.py, I would not know about it.  I do
understand and respect that, like any good
free-software developers, you will probably all
want me to update Debian Zope now to Zope's
latest version!  To this, I must plead that such
an update far exceeds the limits of my Zope
ignorance (also, it would violate Debian Project
policy, which permits me minimally to fix a
Release Critical Bug for an inactive maintainer
but forbids me from unilaterally hijacking his
Debian package).  The matter at hand now is not
how to include the latest Zope (it is not
Debian's usual practice to include the very
latest software in any event) but rather how to
keep Zope in Debian at all.  This is a good
cause and I am pleased to help.

I do not regularly subscribe to zope-dev, so
please copy your reply to me and to
251038 at bugs.debian.org (the latter automatically
attaches your reply to the relevant official
Debian bug report, #251038).  If there were no
reply, this would be okay; I would just assume
that my fix were as good as it seems to be, and
would proceed accordingly.  Please reply by 23
August.

If any active Zope developer on this list also
happens to be a registered Debian Developer, he
is asked to step in and take charge of Debian
bug #251038 from here: one can find my full
zopectl/zope Debian patch attached to the Debian
bug report.  Otherwise, thank you for your
attention in this matter.  If you want my patch
to zpasswd.py, here it is.  You probably want to
apply it to your own SVN Zope source.

diff -u zope-2.6.4/zpasswd.py zope-2.6.4.new/zpasswd.py
--- zope-2.6.4/zpasswd.py	2004-08-03 20:34:53.000000000 +0000
+++ zope-2.6.4.new/zpasswd.py	2004-08-03 18:49:11.000000000 +0000
@@ -87,6 +87,16 @@
 
         import do; do.ch(ac_path, user, group)
 
+def get_password():
+    while 1:
+        password = getpass.getpass("Password: ")
+        verify = getpass.getpass("Verify password: ")
+        if verify == password:
+            return password
+        else:
+            password = verify = ''
+            print "Password mismatch, please try again..."
+
 
 def main(argv):
     short_options = ':u:p:e:d:'
@@ -150,7 +160,10 @@
 
             # Verify that we got what we need
             if not username or not password:
-                raise "CommandLineError"
+                if username:
+                    password = get_password()
+                else:
+                    raise "CommandLineError"
 
             access_file.write(username + ':' +
                               generate_passwd(password, encoding) +
@@ -163,14 +176,7 @@
                 if username != '':
                     break
 
-            while 1:
-                password = getpass.getpass("Password: ")
-                verify = getpass.getpass("Verify password: ")
-                if verify == password:
-                    break
-                else:
-                    password = verify = ''
-                    print "Password mismatch, please try again..."
+            password = get_password()
 
             while 1:
                 print """

-- 
Thaddeus H. Black
508 Nellie's Cave Road, Blacksburg,
Virginia 24060, USA; +1 540 961 0920, t at b-tk.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20040818/7f24e1d8/attachment.bin


More information about the Zope-Dev mailing list