1 files changed, 51 insertions, 0 deletions

diff --git a/debian/sudo.prerm b/debian/sudo.prerm
new file mode 100644
index 0000000..1503418
--- /dev/null
+++ b/debian/sudo.prerm
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -e
+
+check_password() {
+    if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
+	# let's check whether the root account is locked.
+	# if it is, we're not going another step. No Sirreee!
+	passwd=$(getent shadow root|cut -f2 -d:)
+	passwd1=$(echo "$passwd" |cut -c1)
+	# Note: we do need the 'xfoo' syntax here, since POSIX special-cases
+	# the $passwd value '!' as negation.
+	# bug #1001858 causes trouble here. In autopkgtest, the system
+	# might be switching back and forth between sudo and sudo-ldap
+	# without having a root password set. 
+	# autopkgtest environment is not under our control, so we cannot
+	# disable this test just for autopkgtest (it's autopkgtest itself
+	# installing packages).
+	if [ "x$passwd" = "x*" ] || [ "x$passwd1" = "x!" ]; then
+	    # yup, password is locked
+	    echo "You have asked that the sudo package be removed,"
+	    echo "but no root password has been set."
+	    echo "Without sudo, you may not be able to gain administrative privileges."
+	    echo
+	    echo "If you would prefer to access the root account with su(1)"
+	    echo "or by logging in directly,"
+	    echo "you must set a root password with \"sudo passwd\"."
+	    echo 
+	    echo "If you have arranged other means to access the root account,"
+	    echo "and you are sure this is what you want,"
+	    echo "you may bypass this check by setting an environment variable "
+	    echo "(export SUDO_FORCE_REMOVE=yes)."
+	    echo
+	    echo "Refusing to remove sudo."
+	    exit 1
+	fi
+    fi
+}
+	
+case $1 in
+	remove)
+		check_password;
+		;;
+	*)
+		;;
+esac
+
+#DEBHELPER#
+
+exit 0
+