Bug#983251: passwd is missing dependencies
On Mon, 22 Feb 2021, Tim Woodall wrote: On Sun, 21 Feb 2021, Chris Hofstaedtler wrote: * Tim Woodall [210221 15:28]: I am unsure how debootstrap avoids the first problem - It could just be down to luck that debootstrap configures base-passwd before passwd. grep is Priority: required and Essential: yes so it could be argued that it should be unpacked before attempting to configure passwd and so this dependency is not required. That is exactly the case. Both grep and base-passwd are Essential: yes, so they _must_ function already (even when not configured yet). Adding them to Depends: could be argued to be a bug. Hi Chris, As per my other message I think there is a bug, but it's not in this package. However if there is a bug it's possibly in the wording of the debian policy on essential packages which is somewhat vague about bootstraping a virgin system. I've now inspected debootstrap and it handles this case by having an explicit ordering on how it configures the first seven packages independent of any explicit or implicit dependencies. So go ahead and close this bug rather than reassign it to base-passwd. I've taken the discussion to debian-devel. Actually it should be consolidated into 924401 as that's exactly the same bug. Regards, Tim.
Bug#983251: passwd is missing dependencies
On Sun, 21 Feb 2021, Chris Hofstaedtler wrote: * Tim Woodall [210221 15:28]: I am unsure how debootstrap avoids the first problem - It could just be down to luck that debootstrap configures base-passwd before passwd. grep is Priority: required and Essential: yes so it could be argued that it should be unpacked before attempting to configure passwd and so this dependency is not required. That is exactly the case. Both grep and base-passwd are Essential: yes, so they _must_ function already (even when not configured yet). Adding them to Depends: could be argued to be a bug. Hi Chris, As per my other message I think there is a bug, but it's not in this package. However if there is a bug it's possibly in the wording of the debian policy on essential packages which is somewhat vague about bootstraping a virgin system. I've now inspected debootstrap and it handles this case by having an explicit ordering on how it configures the first seven packages independent of any explicit or implicit dependencies. So go ahead and close this bug rather than reassign it to base-passwd. I've taken the discussion to debian-devel. Regards, Tim.
Bug#983251: passwd is missing dependencies
On Sun, 21 Feb 2021, Chris Hofstaedtler wrote: * Tim Woodall [210221 15:28]: I am unsure how debootstrap avoids the first problem - It could just be down to luck that debootstrap configures base-passwd before passwd. grep is Priority: required and Essential: yes so it could be argued that it should be unpacked before attempting to configure passwd and so this dependency is not required. That is exactly the case. Both grep and base-passwd are Essential: yes, so they _must_ function already (even when not configured yet). Adding them to Depends: could be argued to be a bug. The fundamental problem is actually that base-passwd is marked as Essential but passwd required it to have run its postinst script. Therefore the issue seems to be that base-passwd shouldn't be essential at all.
Bug#983251: passwd is missing dependencies
* Tim Woodall [210221 15:28]: > I am unsure how debootstrap avoids the first problem - It could just be > down to luck that debootstrap configures base-passwd before passwd. grep > is Priority: required and Essential: yes so it could be argued that it > should be unpacked before attempting to configure passwd and so this > dependency is not required. That is exactly the case. Both grep and base-passwd are Essential: yes, so they _must_ function already (even when not configured yet). Adding them to Depends: could be argued to be a bug. Chris
Bug#983251: passwd is missing dependencies
Package: passwd
Version: 1:4.5-1.1
Severity: minor
Dear Maintainer,
passwd has a dependency on grep and base-passwd but does not explicitly
state those dependency.
When attempting to configure without base-passwd configured you get:
Setting up passwd (1:4.5-1.1) ...
pwck: cannot open /etc/passwd
Segmentation fault
chown: invalid user: 'root:root'
chmod: cannot access '/etc/passwd': No such file or directory
chown: invalid user: 'root:shadow'
chmod: cannot access '/etc/shadow': No such file or directory
Please correct the error and rerun `/sbin/shadowconfig on'
dpkg: error processing package passwd (--configure):
Adding that dependency and trying again you get:
Setting up passwd (1:4.5-1.1r1) ...
/var/lib/dpkg/info/passwd.postinst: 21: /var/lib/dpkg/info/passwd.postinst:
grep: not found
groupadd: group 'shadow' already exists
Group ID 42 has been allocated for the shadow group. You have either
used 42 yourself or created a shadow group with a different ID.
Please correct this problem and reconfigure with dpkg --configure passwd''.
Note that both user and group IDs in the range 0-99 are globally
allocated by the Debian project and must be the same on every Debian
system.
dpkg: error processing package passwd (--configure):
(Note that the report is spurious, grep being missing is treated as the
grep failing to find the expected line)
I am unsure how debootstrap avoids the first problem - It could just be
down to luck that debootstrap configures base-passwd before passwd. grep
is Priority: required and Essential: yes so it could be argued that it
should be unpacked before attempting to configure passwd and so this
dependency is not required.
The following patch resolves the two issues I've seen:
diff -ur shadow-4.5.orig/debian/control shadow-4.5/debian/control
--- shadow-4.5.orig/debian/control2018-07-26 15:41:12.0 +
+++ shadow-4.5/debian/control 2021-02-21 12:29:20.620702125 +
@@ -30,7 +30,9 @@
Multi-Arch: foreign
Depends: ${shlibs:Depends},
${misc:Depends},
- libpam-modules
+ libpam-modules,
+ base-passwd,
+ grep
Replaces: manpages-tr (<< 1.0.5),
manpages-zh (<< 1.5.1-1)
Description: change and administer password and group data
(This patch also applies successfully to 4.8.1 but with an offset)
=
FWIW, I think the problem line in passwd.postinst is actually incorrect:
if ! getent group shadow | grep -q '^shadow:[^:]*:42'
This will match if a shadow group has an id that starts 42, rather than
one that is exactly 42. I think an extra colon is required at the end of
the RE. That will mean that the message incorrectly printed above when
grep is missing about "Please correct this problem" will not be printed
if someone has created a group shadow with id 4200.
=
To reproduce this I am effectively doing:
1. download and unpack, but not configure, only the packages that apt
requires to run in a fakechroot. (around 15 packages)
2. fakeroot fakechroot chroot image apt-get install apt
and let apt-get resolve all the dependencies.
There are a few minor wrinkles to this process that I can supply if
anyone actually wants to reproduce what I did. My script is around 100
lines.
-- System Information:
Debian Release: 10.8
APT prefers stable-debug
APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-14-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages passwd depends on:
ii libaudit1 1:2.8.4-3
ii libc6 2.28-10
ii libpam-modules 1.3.1-5
ii libpam0g1.3.1-5
ii libselinux1 2.8-1+b1
ii libsemanage12.8-2
passwd recommends no packages.
passwd suggests no packages.
-- no debconf information
