Package: dbconfig-common Version: 2.0.11 Severity: normal dbconfig-common assumes that, if "ident" auth is used with postgresql, then the database user must also exist as a local user.
This is ... not true. The "peer" auth in postgresql just means that the identity of the connecting user authenticates for the database user. There is no requirement that the two must be the same. Given a setup like this, upgrades fail in strange ways: runuser: options --{shell,fast,command,session-command,login} and --user are mutually exclusive Running with `dbc_debug` shows a more useful sequence (long command lines trimmed because it's only the start that is important): creating database backup in /var/cache/dbconfig-common/backups/... runuser --user -- /bin/sh -c "... unable to connect to postgresql server. dumping database as user failed, retrying with administrator credentials. dbc_get_admin_pass() . runuser --user postgres -- /bin/sh -c "... runuser --user postgres -- /bin/sh -c "... _dbc_apply_upgrades() 19.2. applying upgrade sql for 18.12+dfsg-1 -> 19.2. runuser --user -- /bin/sh -c "... error encountered processing /usr/share/dbconfig-common/data/... runuser: options --{shell,fast,command,session-command,login} and --user are mutually exclusive It doesn't help that `runuser` is giving a wildly misleading error here, but the root cause is the `_dbc_psql_local_username` function having this logic: if [ "${dbc_dbuser:-}" ] && id $dbc_dbuser >/dev/null 2>&1; then echo $dbc_dbuser return 0 else dbc_error="ident method specified but local account doesn't exist. mapping isn't supported" return 1 fi This is exacerbated by the call sites for this function not checking for errors, and blithely passing the empty username string to `runuser`. Ironically, in this configuration (system user is providing the real authentication for connection over a unix socket), it seems that selecting password auth and giving a bogus password may work, since pgsql won't be looking at the password at all. -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'stable'), (500, 'oldstable'), (490, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.0.0-trunk-amd64 (SMP w/16 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dbconfig-common depends on: ii debconf [debconf-2.0] 1.5.71 ii ucf 3.0038+nmu1 dbconfig-common recommends no packages. Versions of packages dbconfig-common suggests: ii dbconfig-mysql 2.0.11 ii dbconfig-pgsql 2.0.11 ii dbconfig-sqlite3 2.0.11 -- debconf information excluded