Your message dated Mon, 23 Feb 2026 17:19:15 +0000
with message-id <[email protected]>
and subject line Bug#1128117: fixed in dnsmasq 2.92-2
has caused the Debian Bug report #1128117,
regarding dnsmasq: install declarative sysusers.d file for system user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1128117: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128117
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dnsmasq
Severity: wishlist
Tags: patch
Dear Maintainer(s),
Please find attached patches to install a sysusers.d config file for
the system user, and to further clean up (in fact remove) the
dnsmasq-base* manually written maintainer scripts.
sysusers.d config files allow a package to use declarative
configuration instead of manually written maintainer scripts. This
also allows image-based systems to be created with /usr/ only, and
also allows for factory resetting a system and recreating /etc/ on
boot.
https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.html
From b692c7fe4897c28f03600869ab8e9a4121bb0551 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <[email protected]>
Date: Sun, 15 Feb 2026 23:05:50 +0000
Subject: [PATCH 3/3] Install and use sysusers.d config file
sysusers.d config files allow a package to use declarative configuration
instead of manually written maintainer scripts.
This also allows image-based systems to be created with /usr/ only, and
also allows for factory resetting a system and recreating /etc/ on boot.
https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.html
---
debian/control | 6 +++---
debian/dnsmasq-base-lua.postinst | 1 -
debian/dnsmasq-base-lua.sysusers | 1 +
debian/dnsmasq-base.postinst | 19 -------------------
debian/dnsmasq-base.sysusers | 1 +
5 files changed, 5 insertions(+), 23 deletions(-)
delete mode 120000 debian/dnsmasq-base-lua.postinst
create mode 120000 debian/dnsmasq-base-lua.sysusers
delete mode 100644 debian/dnsmasq-base.postinst
create mode 100644 debian/dnsmasq-base.sysusers
diff --git a/debian/control b/debian/control
index 90dbab0..87254cd 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,7 @@
Source: dnsmasq
Section: net
Priority: optional
-Build-Depends: dh-exec, gettext, libnetfilter-conntrack-dev [linux-any],
+Build-Depends: dh-exec, dh-sequence-installsysusers, gettext, libnetfilter-conntrack-dev [linux-any],
libidn2-dev, libdbus-1-dev (>=0.61), libgmp-dev,
nettle-dev (>=2.4-3), libbsd-dev [kfreebsd-any],
liblua5.4-dev, dh-runit, debhelper-compat (= 13),
@@ -35,7 +35,7 @@ Description: Small caching DNS proxy and DHCP/TFTP server - system daemon
Package: dnsmasq-base
Architecture: any
Multi-Arch: foreign
-Depends: passwd, ${misc:Depends}, ${shlibs:Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}
Breaks: dnsmasq (<< 2.63-1~)
Replaces: dnsmasq (<< 2.63-1~), dnsmasq-base
Recommends: dns-root-data
@@ -49,7 +49,7 @@ Description: Small caching DNS proxy and DHCP/TFTP server - executable
Package: dnsmasq-base-lua
Architecture: any
Multi-Arch: foreign
-Depends: passwd, ${misc:Depends}, ${shlibs:Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}
Breaks: dnsmasq (<< 2.63-1~)
Replaces: dnsmasq (<< 2.63-1~), dnsmasq-base
Recommends: dns-root-data
diff --git a/debian/dnsmasq-base-lua.postinst b/debian/dnsmasq-base-lua.postinst
deleted file mode 120000
index 20bc4e0..0000000
--- a/debian/dnsmasq-base-lua.postinst
+++ /dev/null
@@ -1 +0,0 @@
-dnsmasq-base.postinst
\ No newline at end of file
diff --git a/debian/dnsmasq-base-lua.sysusers b/debian/dnsmasq-base-lua.sysusers
new file mode 120000
index 0000000..9f8fa43
--- /dev/null
+++ b/debian/dnsmasq-base-lua.sysusers
@@ -0,0 +1 @@
+dnsmasq-base.sysusers
\ No newline at end of file
diff --git a/debian/dnsmasq-base.postinst b/debian/dnsmasq-base.postinst
deleted file mode 100644
index 1733259..0000000
--- a/debian/dnsmasq-base.postinst
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-set -e
-
-# Create the dnsmasq user in dnsmasq-base, so that Dbus doesn't complain.
-
-if [ "$1" = "configure" ]; then
- # Create the user to run as.
- if [ -z "`id -u dnsmasq 2> /dev/null`" ]; then
- useradd --system \
- --gid nogroup \
- --comment dnsmasq \
- --home-dir /var/lib/misc --no-create-home \
- --shell /usr/sbin/nologin \
- dnsmasq
- fi
-fi
-
-#DEBHELPER#
-
diff --git a/debian/dnsmasq-base.sysusers b/debian/dnsmasq-base.sysusers
new file mode 100644
index 0000000..ceb7aa4
--- /dev/null
+++ b/debian/dnsmasq-base.sysusers
@@ -0,0 +1 @@
+u! dnsmasq -:nogroup - /var/lib/misc
--
2.47.3
From ee1cd5d390bd34456595240b8c9b04952c218d2a Mon Sep 17 00:00:00 2001
From: Luca Boccassi <[email protected]>
Date: Sun, 15 Feb 2026 23:04:49 +0000
Subject: [PATCH 2/3] postinst/postrm: do not manage directory in /run/
/run/ is completely ephemeral, as it's a tmpfs and has been for
a very long time now. Packages must not rely on maintainer scripts
creating/removing directories/files in /run/, as it is runtime
managed, while packages can be installed in chroots, images,
etc, and systems can be rebooted.
---
debian/dnsmasq-base-lua.postrm | 1 -
debian/dnsmasq-base.postinst | 11 -----------
debian/dnsmasq-base.postrm | 9 ---------
3 files changed, 21 deletions(-)
delete mode 120000 debian/dnsmasq-base-lua.postrm
delete mode 100644 debian/dnsmasq-base.postrm
diff --git a/debian/dnsmasq-base-lua.postrm b/debian/dnsmasq-base-lua.postrm
deleted file mode 120000
index ecdb249..0000000
--- a/debian/dnsmasq-base-lua.postrm
+++ /dev/null
@@ -1 +0,0 @@
-dnsmasq-base.postrm
\ No newline at end of file
diff --git a/debian/dnsmasq-base.postinst b/debian/dnsmasq-base.postinst
index e992a36..1733259 100644
--- a/debian/dnsmasq-base.postinst
+++ b/debian/dnsmasq-base.postinst
@@ -13,17 +13,6 @@ if [ "$1" = "configure" ]; then
--shell /usr/sbin/nologin \
dnsmasq
fi
-
- # Make the directory where we keep the pid file - this
- # has to be owned by "dnsmasq" so that the file can be unlinked.
- # This is only actually used by the dnsmasq binary package, not
- # dnsmasq-base, but it's much easier to create it here so that
- # we don't have synchronisation issues with the creation of the
- # dnsmasq user.
- if [ ! -d /run/dnsmasq ]; then
- mkdir /run/dnsmasq
- chown dnsmasq:nogroup /run/dnsmasq
- fi
fi
#DEBHELPER#
diff --git a/debian/dnsmasq-base.postrm b/debian/dnsmasq-base.postrm
deleted file mode 100644
index fea7ac7..0000000
--- a/debian/dnsmasq-base.postrm
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-set -e
-
-if [ purge = "$1" ]; then
- rm -rf /run/dnsmasq
-fi
-
-#DEBHELPER#
-
--
2.47.3
From 137fe82b734bd43016f491c2d2bc59f44ec083b0 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <[email protected]>
Date: Sun, 15 Feb 2026 23:02:50 +0000
Subject: [PATCH 1/3] postrm: do not delete dnsmasq user
Deleting system users/groups is widely considered bad practice,
as it is not possible to be reasonably sure there are no files
left on persistent storage owned by such users/groups. Given
UIDs/GIDs are recycled, this means it is theoretically possible
for existing files to end up owned by entirely different users/groups
as intended.
---
debian/dnsmasq-base.postrm | 4 ----
1 file changed, 4 deletions(-)
diff --git a/debian/dnsmasq-base.postrm b/debian/dnsmasq-base.postrm
index 4fa2538..fea7ac7 100644
--- a/debian/dnsmasq-base.postrm
+++ b/debian/dnsmasq-base.postrm
@@ -2,10 +2,6 @@
set -e
if [ purge = "$1" ]; then
- # Handle the rare case "userdel" not being available, see bug #1071142.
- if [ command -v userdel 1>dev/null 2>&1 ]; then
- userdel dnsmasq
- fi
rm -rf /run/dnsmasq
fi
--
2.47.3
--- End Message ---
--- Begin Message ---
Source: dnsmasq
Source-Version: 2.92-2
Done: Sven Geuer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dnsmasq, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Geuer <[email protected]> (supplier of updated dnsmasq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 23 Feb 2026 18:03:31 +0100
Source: dnsmasq
Architecture: source
Version: 2.92-2
Distribution: unstable
Urgency: medium
Maintainer: Simon Kelley <[email protected]>
Changed-By: Sven Geuer <[email protected]>
Closes: 1128117
Changes:
dnsmasq (2.92-2) unstable; urgency=medium
.
* d/dnsmasq-base.postrm: Drop deleting dnsmasq user.
* d/dnsmasq-base*.post*: Stop managing directory in /run.
- dnsmasq-base.postrm: Removed
- dnsmasq-base-lua.postrm: Removed
- dnsmasq-base.postinst: Updated
* Configure dnsmasq user per sysusers.d config file.
- d/dnsmasq-base*.sysuser: Add these files.
- dnsmasq-base*.postinst: Drop these files.
- d/control: Update Build-Depends and Depends fields.
* Thanks to Luca Boccassi for providing patches to the three issues above
(Closes: #1128117).
* d/dnsmasq*.install: Remove leading '/' from target paths.
* d/control:
- Drop kfreebsd-related Build-Dependency.
kfreebsd-any is not recognized as valid architecture anymore.
- Drop 'Priority: optional'.
- Drop unnecessary greater-than versioned build-dependencies.
- Drop unnecessary older-than versioned dependencies.
* d/u/metadate: Drop Contact field, cme reports it as being deprecated.
* Apply 'wrap-and-sort -at', excluding d/dnsmasq-base-lua.maintscript.
Checksums-Sha1:
4e8d98632aa9bbf1158b8ecd1a9456ca83863da7 2611 dnsmasq_2.92-2.dsc
9db9139c41aea40c979c3e74809b8eec00b35ec4 33052 dnsmasq_2.92-2.debian.tar.xz
5c5cc2db748b10b5dc387d7f09c334f86a13402d 8222 dnsmasq_2.92-2_amd64.buildinfo
Checksums-Sha256:
46f2240415446047c8e5285bea5ad849f711715a83e9144b970fc73f7b1d63cd 2611
dnsmasq_2.92-2.dsc
a6b2d12f3c4a98d1fb651447a7b9e1201c6395590a97a455fe09def279bae66e 33052
dnsmasq_2.92-2.debian.tar.xz
94c9f1d82e4473b523951e919c431d22a60c93ba3e609bff69e253ce17516d77 8222
dnsmasq_2.92-2_amd64.buildinfo
Files:
aa1b123528d36890211f4dcbf9dcf97e 2611 net optional dnsmasq_2.92-2.dsc
19f111e9d1015bf3df6f1b2dd83bc7ec 33052 net optional
dnsmasq_2.92-2.debian.tar.xz
b45a39dcd0bdb95b76cc0590cbcde248 8222 net optional
dnsmasq_2.92-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAmmciY4PHHNnZUBkZWJp
YW4ub3JnAAoJEK31Dtr4rdWFZKsP/jhHWrdpJBaKqD0umyVZErtaNrT6Sic9e15c
KL/a3PQCLEx9XFotwJphlSlMXSRLteRe54cD7VpDIe8gOtttrqE//pRR/Uqs2an7
XGOeJF3UcAMrDHvld06Rs7wfxje2M7cckZq5veg9CJjBwFU2nVxWcshx4q+Dqi/P
Kuvjyeh9lsG/yoAPqDjAp31w6X79D5kTXwX3tqdo7htG7G4svhwSVNMqf3MKE8c7
KlK6fLGYPEQiaM0zvYJUkEOuO4fd3tCvx+UcuCm/w6ii1KQqOqNhkod1PrGaZ8vV
Bosog2q2U6OSzFYJhffb1JPTbOJAVBOMohg/RO62ile2I4sTTgHcwtABIAKeMtKe
5dGZiNEh5kFRAYnmMLhS20iB37Zax37jQpqfcNWYo1AZn4EHD914bplae4gjo+To
97vdPoc6KuMGz6/wZzW0WFcfzYdfVAWLFDjqJzRaBCUXjeKAZUGrKqoEqpyOObLK
MMfJOa608A1JeV/SBnwfP57xO2WbaB21UovFBdsz3ioxS+AOJ6JzX4VmQsFNDc6K
UH3ictHoaJd8RUaoxRG5m0vaFQ2QKgyiPOnE9aJRVBrGwv4r/jEpBwugvfKY7Qh6
JZdoKjONKOEAA2DgRDH0h/2iLBCMmKddYm6EuyKPX8hgd1IR69JA62JIGlLrRuIK
GDCAWzFZ
=E0EL
-----END PGP SIGNATURE-----
pgpxSa6tq38HN.pgp
Description: PGP signature
--- End Message ---
