Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: rvandegr...@debian.org, debian-cl...@lists.debian.org
[ Reason ] The version of sudo in bullseye introduces a new syntax for includes, "@includedir". This is supported alongside the previous syntax "#includedir". cloud-init tries to ensure that /etc/sudoers.d is included. But the version in bullseye only looks for the old sudo syntax. Since the default contains the new syntax, this duplicates all of the config in /etc/sudoers.d. At least some sudo config cannot be duplicated - details are in #991629. The report+fix came too close to the bullseye release. The team considers it RC, but have a workaround in place to prevent immediate user impact: https://salsa.debian.org/cloud-team/debian-cloud-images/-/merge_requests/263 This requires modifying one of sudo's config file during the image build, so we'd prefer a fixed cloud-init package. [ Impact ] Users may have previously working sudo configs break. [ Tests ] The upstream fix adds a unit test for this issue. This and the other tests pass during package build. [ Risks ] Very low, the patch is trivial. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Effectively, s/#includedir/[#@]includedir/ in the /etc/sudoers handling. Thanks, Ross, for the cloud team