On Mon, Feb 22, 2021 at 07:33:10AM +0000, Tim Woodall wrote: > A. /etc/passwd is part of base-passwd's interface and base-files is > right in relying on it working at all times. Then base-passwd is rc > buggy for violating a policy must. Fixing this violation is > technically impossible. > > > I seem to have hit this same issue independently. > > Could you explain why "Fixing this violation is technically impossible"
The requirement here is that base-passwd needs to work when unpacked. The only way to make that work is making /etc/passwd a conffile. That would technically be possible, but it would be very annoying, because this file is different on virtually any Debian installation. So we cannot make it a conffile in practice. The next bet would be ensuring that base-passwd.postinst is run before other packages' postint somehow. Such an ordering mechanism does not exist at present and it would be prone to dependency loops. > As far as I can see, making base-passwd not essential, only required, > and then making passwd and base-files pre-depend on base-passwd the > system seems to bootstrap /etc/passed and /etc/group OK. What you write is almost certainly self-contradictory. base-files is essential. Anything it depends on (including base-passwd in your scenario) is pseudo-essential and thus inherits all the same requirements except for actually being essential. You gained nothing. And you didn't explain how you'd make base-passwd non-essential. > That also seems to conform to the debian policy. The oddity is that > base-files and passwd only actually need to depend on base-passwd, not > pre-depend on it as they only use /etc/passwd and /etc/group in the > postinst scripts but the debian policy doesn't seem to consider this > case. They don't have to depend on base-passwd at all, because dependencies on essential packages should be omitted. I suggest that you detail on the practical issue you have been hitting. Doing so allows evaluating prospective solutions against all relevant use cases. Helmut