Bug#941198: marked as done (initscripts: packages should ship systemd units)

[Debian Bug Tracking System]

Your message dated Mon, 20 Jan 2020 20:53:26 +
with message-id 
and subject line Bug#941198: fixed in debian-policy 4.5.0.0
has caused the Debian Bug report #941198,
regarding initscripts: packages should ship systemd units
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
941198: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941198
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debian-policy
Version: 4.4.0.1
Severity: normal

Packages should ship systemd units as this provides a better
experience to users.  (In particular the systemd-sysv-generator has to
make some assumptions that are not always correct; it is better to
explicitly tell systemd what to do.)

Ansgar
>From 58a2c3d5c7d25d70c687fa7b79515970c50b5481 Mon Sep 17 00:00:00 2001
From: Ansgar 
Date: Thu, 26 Sep 2019 09:56:53 +0200
Subject: [PATCH] initscripts: packages should ship systemd units

---
 policy/ch-opersys.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/ch-opersys.rst b/policy/ch-opersys.rst
index 6e0c020..2ce1b5e 100644
--- a/policy/ch-opersys.rst
+++ b/policy/ch-opersys.rst
@@ -388,6 +388,9 @@ argument ``stop``.
 Writing the scripts
 ~~~
 
+Packages that include system services should include ``systemd`` units
+to start or stop services.
+
 Packages that include daemons for system services should place scripts
 in ``/etc/init.d`` to start or stop services at boot time or during a
 change of runlevel. These scripts should be named
-- 
2.23.0

--- End Message ---
--- Begin Message ---
Source: debian-policy
Source-Version: 4.5.0.0

We believe that the bug you reported is fixed in the latest version of
debian-policy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 941...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sean Whitton  (supplier of updated debian-policy 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jan 2020 12:37:09 -0700
Source: debian-policy
Architecture: source
Version: 4.5.0.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Policy Editors 
Changed-By: Sean Whitton 
Closes: 941198 948115 949007 949390
Changes:
 debian-policy (4.5.0.0) unstable; urgency=medium
 .
   [ Russ Allbery ]
   * Clarify the footnote explaining why packages should not depend on X
 fonts.  Thanks, Stephen Kitt.
 .
   [ Sean Whitton ]
   * Policy: Packages including daemons should ship systemd units
 Wording: Russ Allbery 
 Seconded: Sean Whitton 
 Seconded: Ansgar 
 Closes: #941198
   * Policy: New package usernames should begin with an underscore
 Wording: Philipp Kern 
 Seconded: Sean Whitton 
 Seconded: Russ Allbery 
 Closes: #949390
   * Policy: Revise init script policy in light of GR result
 Wording: Russ Allbery 
 Seconded: Sam Hartman 
 Seconded: Sean Whitton 
 Closes: #948115
 - This change involved changing a number of Sphinx anchor names.  This
   may break some external links into Policy.
 .
 debian-policy (4.4.1.3) UNRELEASED; urgency=medium
 .
   [ Sean Whitton ]
   * Fix 'day-of week'.
 Thanks to Jakub Wilk.
 .
   [ Russ Allbery ]
   * Fix error in Perl example for the gain root command.  Thanks, Niels
 Thykier.  (Closes: #949007)
Checksums-Sha1:
 097221d4cd4981ac92d1410800eb91ef17e92705 2023 debian-policy_4.5.0.0.dsc
 351dcd44e0ae9bd65be167bb504073ea87edc255 540968 debian-policy_4.5.0.0.tar.xz
Checksums-Sha256:
 52d3de968c60fc66dc40d5c195d39718a20eb619c0e373c4e0ce30a94729dc44 2023 
debian-policy_4.5.0.0.dsc
 523b1847ed4448564150ac860e6b7a3df93837e7ccb6b0530ba7d071f5d457a7 540968 
debian-policy_4.5.0.0.tar.xz
Files:
 fd2e9e5ff66c7f06c7353700557c5f78 2023 doc optional debian-policy_4.5.0.0.dsc
 5f8da84e127fc6266b4450cb3a8cd670 540968 doc optional 
debian-policy_4.5.0.0.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAl4mAlMACgkQaVt65L8G
YkADjg//SkyBizCLSqdCi9dcnvfREzopVNVen2mgKpO5tCu487XD34LyRgIZe2J/
5/IhQqIzYwSci1j3xfPM/FUFw7O4mIOQEdU73UTgjVJKrnhBJ+VqhTBcko3JrIdZ
TGwXEUT9SmLRQemNEnesenEhlwbNOF+MvPR5P7RmU4TEonj9sefvh3VudTDk458S
Z6mMYFl07j/lhjRI2xDHt4+eT

debian-policy_4.5.0.0_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jan 2020 12:37:09 -0700
Source: debian-policy
Architecture: source
Version: 4.5.0.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Policy Editors 
Changed-By: Sean Whitton 
Closes: 941198 948115 949007 949390
Changes:
 debian-policy (4.5.0.0) unstable; urgency=medium
 .
   [ Russ Allbery ]
   * Clarify the footnote explaining why packages should not depend on X
 fonts.  Thanks, Stephen Kitt.
 .
   [ Sean Whitton ]
   * Policy: Packages including daemons should ship systemd units
 Wording: Russ Allbery 
 Seconded: Sean Whitton 
 Seconded: Ansgar 
 Closes: #941198
   * Policy: New package usernames should begin with an underscore
 Wording: Philipp Kern 
 Seconded: Sean Whitton 
 Seconded: Russ Allbery 
 Closes: #949390
   * Policy: Revise init script policy in light of GR result
 Wording: Russ Allbery 
 Seconded: Sam Hartman 
 Seconded: Sean Whitton 
 Closes: #948115
 - This change involved changing a number of Sphinx anchor names.  This
   may break some external links into Policy.
 .
 debian-policy (4.4.1.3) UNRELEASED; urgency=medium
 .
   [ Sean Whitton ]
   * Fix 'day-of week'.
 Thanks to Jakub Wilk.
 .
   [ Russ Allbery ]
   * Fix error in Perl example for the gain root command.  Thanks, Niels
 Thykier.  (Closes: #949007)
Checksums-Sha1:
 097221d4cd4981ac92d1410800eb91ef17e92705 2023 debian-policy_4.5.0.0.dsc
 351dcd44e0ae9bd65be167bb504073ea87edc255 540968 debian-policy_4.5.0.0.tar.xz
Checksums-Sha256:
 52d3de968c60fc66dc40d5c195d39718a20eb619c0e373c4e0ce30a94729dc44 2023 
debian-policy_4.5.0.0.dsc
 523b1847ed4448564150ac860e6b7a3df93837e7ccb6b0530ba7d071f5d457a7 540968 
debian-policy_4.5.0.0.tar.xz
Files:
 fd2e9e5ff66c7f06c7353700557c5f78 2023 doc optional debian-policy_4.5.0.0.dsc
 5f8da84e127fc6266b4450cb3a8cd670 540968 doc optional 
debian-policy_4.5.0.0.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAl4mAlMACgkQaVt65L8G
YkADjg//SkyBizCLSqdCi9dcnvfREzopVNVen2mgKpO5tCu487XD34LyRgIZe2J/
5/IhQqIzYwSci1j3xfPM/FUFw7O4mIOQEdU73UTgjVJKrnhBJ+VqhTBcko3JrIdZ
TGwXEUT9SmLRQemNEnesenEhlwbNOF+MvPR5P7RmU4TEonj9sefvh3VudTDk458S
Z6mMYFl07j/lhjRI2xDHt4+eTfJ5HjfdgrkymZ5fXd70en4or3iIbEvvsZB1Kn1T
K1mnWSsNv3cMKjSumPH4tryxabMWOo/hgKf0MZJtemoL1X9veIEMHkc0CzB/ESES
U+IwJx6jNfsl8Fri41S3ESvbjTGicX29MGJonH9k113P5FJKIt0bhNGXfnuqAY0H
QMsOHCjZwGWrxGI/aWWUj+s4FZ8R74B9F5ib+DCdcKkpGSOQRJm0Qb5MDyh9C9zp
KWDc5HwiBze1VI8xSqRk6Hsf8rvNjh0e5pBQHYuetGT+1xDtYHvm3WSmiXe5z3oJ
BE0GSOiaYJPevLM8cwQm62c+7SE7oa6e+FSDtmIM3qw4eAz43NxOK0yw/mPnbDiX
KphcjAsq2e7Kyb3KeUJ/A44YI32JRIvtngWbPpv57zUrkntisuXnjRpwobFaejXa
kTcQCayZZTuhnafvJkZnydT2AHs3ipkmPp8koF8Xye5FO3BL++s=
=duDb
-END PGP SIGNATURE-


Thank you for your contribution to Debian.

Processing of debian-policy_4.5.0.0_source.changes

[Debian FTP Masters]

debian-policy_4.5.0.0_source.changes uploaded successfully to localhost
along with the files:
  debian-policy_4.5.0.0.dsc
  debian-policy_4.5.0.0.tar.xz

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Bug#949390: marked as done (Newly created package usernames should begin with an underscore)

[Debian Bug Tracking System]

Your message dated Mon, 20 Jan 2020 20:53:27 +
with message-id 
and subject line Bug#949390: fixed in debian-policy 4.5.0.0
has caused the Debian Bug report #949390,
regarding Newly created package usernames should begin with an underscore
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
949390: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949390
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debian-policy
Version: 4.4.1.2
Tags: patch

Hello,

On Sun 05 Jan 2020 at 11:33PM +01, Philipp Kern wrote:

>> --- a/policy/ch-opersys.rst
>> +++ b/policy/ch-opersys.rst
>> @@ -231,7 +231,10 @@ starting at 100.
>>
>>  Apart from this we should have dynamically allocated ids, which should
>>  by default be arranged in some sensible order, but the behavior should
>> -be configurable.
>> +be configurable. When maintainers choose a new hardcoded or dynamically
>> +generated username for packages to use, they should start this username
>> +with an underscore. This minimizes collisions with locally created user
>> +accounts.
>>
>>  Packages other than ``base-passwd`` must not modify ``/etc/passwd``,
>>  ``/etc/shadow``, ``/etc/group`` or ``/etc/gshadow``.

Seconded.

Filing a separate bug for this as we ought to get it into the next
Policy release to avoid creating any more cases that have to be migrated.

-- 
Sean Whitton


signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: debian-policy
Source-Version: 4.5.0.0

We believe that the bug you reported is fixed in the latest version of
debian-policy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sean Whitton  (supplier of updated debian-policy 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jan 2020 12:37:09 -0700
Source: debian-policy
Architecture: source
Version: 4.5.0.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Policy Editors 
Changed-By: Sean Whitton 
Closes: 941198 948115 949007 949390
Changes:
 debian-policy (4.5.0.0) unstable; urgency=medium
 .
   [ Russ Allbery ]
   * Clarify the footnote explaining why packages should not depend on X
 fonts.  Thanks, Stephen Kitt.
 .
   [ Sean Whitton ]
   * Policy: Packages including daemons should ship systemd units
 Wording: Russ Allbery 
 Seconded: Sean Whitton 
 Seconded: Ansgar 
 Closes: #941198
   * Policy: New package usernames should begin with an underscore
 Wording: Philipp Kern 
 Seconded: Sean Whitton 
 Seconded: Russ Allbery 
 Closes: #949390
   * Policy: Revise init script policy in light of GR result
 Wording: Russ Allbery 
 Seconded: Sam Hartman 
 Seconded: Sean Whitton 
 Closes: #948115
 - This change involved changing a number of Sphinx anchor names.  This
   may break some external links into Policy.
 .
 debian-policy (4.4.1.3) UNRELEASED; urgency=medium
 .
   [ Sean Whitton ]
   * Fix 'day-of week'.
 Thanks to Jakub Wilk.
 .
   [ Russ Allbery ]
   * Fix error in Perl example for the gain root command.  Thanks, Niels
 Thykier.  (Closes: #949007)
Checksums-Sha1:
 097221d4cd4981ac92d1410800eb91ef17e92705 2023 debian-policy_4.5.0.0.dsc
 351dcd44e0ae9bd65be167bb504073ea87edc255 540968 debian-policy_4.5.0.0.tar.xz
Checksums-Sha256:
 52d3de968c60fc66dc40d5c195d39718a20eb619c0e373c4e0ce30a94729dc44 2023 
debian-policy_4.5.0.0.dsc
 523b1847ed4448564150ac860e6b7a3df93837e7ccb6b0530ba7d071f5d457a7 540968 
debian-policy_4.5.0.0.tar.xz
Files:
 fd2e9e5ff66c7f06c7353700557c5f78 2023 doc optional debian-policy_4.5.0.0.dsc
 5f8da84e127fc6266b4450cb3a8cd670 540968 doc optional 
debian-policy_4.5.0.0.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAl4mAlMACgkQaVt65L8G
YkADjg//SkyBizCLSqdCi9dcnvfREzopVNVen2mgKpO5tCu487XD34LyRgIZe2J/
5/IhQqIzYwSci1j3xfPM/FUFw7O4mIOQEdU73UTgjVJKrnhBJ+VqhTBcko3JrIdZ
TGwXEUT9SmLRQemNEnesenEhlwbNOF+MvPR5P7RmU4TEonj9sefvh3VudTDk458S
Z6mMYFl07j/lhjRI2xDHt4+eTfJ5HjfdgrkymZ5fXd70en4or3iIbEvvsZB1Kn1T
K1mnWSsNv3cMKjSumPH4tryxabMWOo/hgKf0MZJtemoL1X9veIEMHkc0Cz

Bug#948115: marked as done (Revise init script Policy based on GR result)

[Debian Bug Tracking System]

Your message dated Mon, 20 Jan 2020 20:53:26 +
with message-id 
and subject line Bug#948115: fixed in debian-policy 4.5.0.0
has caused the Debian Bug report #948115,
regarding Revise init script Policy based on GR result
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948115
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: debian-policy
Version: 4.4.1.2
Severity: important

Per recent (non-BTS) discussion, this patch is a first draft at
reconciling Policy with the recent GR result.  Summary of changes:

* Change section headings and anchors to reflect the more general topic
* Add recommended naming convention for service units
* Encourage including an init script if there is no service unit
* Describe including an init script alongside a service unit as optional
* Recommend appropriate naming of an init script alongside a service unit
* Remove recommendation to include an init script
* Use init script rather than initscript consistently
* Move some things around that belong more naturally in other sections
* Be consistent about saying update-rc.d is a requirement
* Remove the section on alternate init systems, which is now not relevant

Policy itself has no links to the previous anchors.  This might
break external links; let me know if you feel like that's a larger
issue than I thought it was and we can look at keeping the old
(but pretty wildly inaccurate) anchors.

diff --git a/policy/ch-opersys.rst b/policy/ch-opersys.rst
index 4551196..47d9fe4 100644
--- a/policy/ch-opersys.rst
+++ b/policy/ch-opersys.rst
@@ -315,46 +315,53 @@ set to this value.
 The Debian autobuilders set HOME to ``/nonexistent`` so that packages
 which try to write to a home directory will fail to build.
 
-.. _s-sysvinit:
+.. _s-services:
 
-System run levels and ``init.d`` scripts
-
+Starting system services
+
 
-.. _s-etc-init.d:
+.. _s-services-intro:
 
 Introduction
 
 
-The ``/etc/init.d`` directory contains the scripts executed by ``init``
-at boot time and when the init state (or "runlevel") is changed (see
-:manpage:`init(8)`).
-
-``systemd`` uses dependency information contained within the init
-scripts and symlinks in ``/etc/rcn.d`` to decide which scripts to run
-and in which order. The ``sysv-rc`` runlevel system uses symlinks in
-``/etc/rcn.d`` to decide which scripts to run and in which order; see
-the ``README.runlevels`` file shipped with ``sysv-rc`` for
-implementation details. Other alternatives might exist.
-
-Maintainer scripts must use ``update-rc.d`` as described below to
-interact with the service manager for requests such as enabling or
-disabling services. They should use ``invoke-rc.d`` as described below
-to invoke initscripts for requests such as starting and stopping
-service.
+Packages that include system services should include ``systemd`` service
+units to start or stop those services.  See :manpage:`systemd.service(5)`
+for details on the syntax of a service unit file.  In the common case that
+a package includes a single system service, the service unit should have
+the same name as the package plus the ``.service`` extension.
+
+If the package does not include a service unit (if, for example, no one
+has yet written one), including an init script, as described below, to
+start the service is encouraged.
+
+Packages including a service unit may optionally include an init script to
+support other init systems.  In this case, the init script should have the
+same name as the ``systemd`` service unit so that ``systemd`` will ignore
+it and use the service unit instead.  Packages may also support other init
+systems by including configuration in the native format of those init
+systems.
+
+If a service unit is not present, ``systemd`` uses dependency information
+contained within the init scripts and symlinks in ``/etc/rcn.d`` to decide
+which scripts to run and in which order.  The ``sysv-rc`` runlevel system
+for ``sysvinit`` uses the same symlinks in ``/etc/rcn.d`` to decide which
+scripts to run and in which order at boot time and when the init state (or
+"runlevel") is changed.  See the ``README.runlevels`` file shipped with
+``sysv-rc`` for implementation details.  Other alternatives might exist.
+
+The sections below describe how to write those scripts and configure those
+symlinks.
 
 .. _s-writing-init:
 
 Writing the scripts
 ~~~
 
-Packages that include system services should include ``systemd`` service
-units t

Bug#949007: marked as done (debian-policy: Typo in example)

[Debian Bug Tracking System]

Your message dated Mon, 20 Jan 2020 20:53:26 +
with message-id 
and subject line Bug#949007: fixed in debian-policy 4.5.0.0
has caused the Debian Bug report #949007,
regarding debian-policy: Typo in example
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
949007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949007
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: debian-policy
Severity: minor


In
https://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-gainrootapi
we find the following example:


"""
Examples of valid use of the gain root command:

# sh-syntax (assumes set -e semantics for error handling)
$DEB_GAIN_ROOT_CMD some-cmd --which-requires-root

# perl
my @cmd = ('some-cmd', '--which-requires-root');
unshift(@cmd, split(' ', $ENV{DEB_GAIN_ROOT_CMD})) if $ENV{DEB_GAIN_ROOT_CMD};
system(@cmd) == or die("@cmd failed");

"""

The Perl code is invalid.  There is missing a 0 after "==" and before "or 
die(...)".

Thanks,
~Niels
--- End Message ---
--- Begin Message ---
Source: debian-policy
Source-Version: 4.5.0.0

We believe that the bug you reported is fixed in the latest version of
debian-policy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 949...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sean Whitton  (supplier of updated debian-policy 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Mon, 20 Jan 2020 12:37:09 -0700
Source: debian-policy
Architecture: source
Version: 4.5.0.0
Distribution: unstable
Urgency: medium
Maintainer: Debian Policy Editors 
Changed-By: Sean Whitton 
Closes: 941198 948115 949007 949390
Changes:
 debian-policy (4.5.0.0) unstable; urgency=medium
 .
   [ Russ Allbery ]
   * Clarify the footnote explaining why packages should not depend on X
 fonts.  Thanks, Stephen Kitt.
 .
   [ Sean Whitton ]
   * Policy: Packages including daemons should ship systemd units
 Wording: Russ Allbery 
 Seconded: Sean Whitton 
 Seconded: Ansgar 
 Closes: #941198
   * Policy: New package usernames should begin with an underscore
 Wording: Philipp Kern 
 Seconded: Sean Whitton 
 Seconded: Russ Allbery 
 Closes: #949390
   * Policy: Revise init script policy in light of GR result
 Wording: Russ Allbery 
 Seconded: Sam Hartman 
 Seconded: Sean Whitton 
 Closes: #948115
 - This change involved changing a number of Sphinx anchor names.  This
   may break some external links into Policy.
 .
 debian-policy (4.4.1.3) UNRELEASED; urgency=medium
 .
   [ Sean Whitton ]
   * Fix 'day-of week'.
 Thanks to Jakub Wilk.
 .
   [ Russ Allbery ]
   * Fix error in Perl example for the gain root command.  Thanks, Niels
 Thykier.  (Closes: #949007)
Checksums-Sha1:
 097221d4cd4981ac92d1410800eb91ef17e92705 2023 debian-policy_4.5.0.0.dsc
 351dcd44e0ae9bd65be167bb504073ea87edc255 540968 debian-policy_4.5.0.0.tar.xz
Checksums-Sha256:
 52d3de968c60fc66dc40d5c195d39718a20eb619c0e373c4e0ce30a94729dc44 2023 
debian-policy_4.5.0.0.dsc
 523b1847ed4448564150ac860e6b7a3df93837e7ccb6b0530ba7d071f5d457a7 540968 
debian-policy_4.5.0.0.tar.xz
Files:
 fd2e9e5ff66c7f06c7353700557c5f78 2023 doc optional debian-policy_4.5.0.0.dsc
 5f8da84e127fc6266b4450cb3a8cd670 540968 doc optional 
debian-policy_4.5.0.0.tar.xz

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAl4mAlMACgkQaVt65L8G
YkADjg//SkyBizCLSqdCi9dcnvfREzopVNVen2mgKpO5tCu487XD34LyRgIZe2J/
5/IhQqIzYwSci1j3xfPM/FUFw7O4mIOQEdU73UTgjVJKrnhBJ+VqhTBcko3JrIdZ
TGwXEUT9SmLRQemNEnesenEhlwbNOF+MvPR5P7RmU4TEonj9sefvh3VudTDk458S
Z6mMYFl07j/lhjRI2xDHt4+eTfJ5HjfdgrkymZ5fXd70en4or3iIbEvvsZB1Kn1T
K1mnWSsNv3cMKjSumPH4tryxabMWOo/hgKf0MZJtemoL1X9veIEMHkc0CzB/ESES
U+IwJx6jNfsl8Fri41S3ESvbjTGicX29MGJonH9k113P5FJKIt0bhNGXfnuqAY0H
QMsOHCjZwGWrxGI/aWWUj+s4FZ8R74B9F5ib+DCdcKkpGSOQRJm0Qb5MDyh9C9zp
KWDc5HwiBze1VI8xSqRk6Hsf8rvNjh0e5pBQHYuetGT+1xDtYHvm3WSmiXe5z3oJ
BE0GSOiaYJPevLM8cwQm62c+7SE7oa6e+FSDtmIM3qw4eAz43NxOK0yw/mPnbDiX
KphcjAsq2e7Kyb3KeUJ/A44YI32JRIvtngWbPpv57zUrkntisuXnjRpwobFaejXa
kTcQCayZZTuhnafvJkZnydT2AHs3ipkmPp8koF8Xye5FO3BL++s=
=duDb
-END PGP SIGNATURE-

Processed: Re: Bug#948115: Revise init script Policy based on GR result

[Debian Bug Tracking System]

Processing control commands:

> tag -1 +pending
Bug #948115 [debian-policy] Revise init script Policy based on GR result
Added tag(s) pending.

-- 
948115: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948115
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#948115: Revise init script Policy based on GR result

[Sean Whitton]

control: tag -1 +pending

Hello,

On Sat 04 Jan 2020 at 05:51PM -05, Sam Hartman wrote:

> Russ said off-list he was ready for seconds.
> I second his patch with the status being encouraged rather than
> recommended change.
> In seconding, my primary review criteria was whether I thought the
> change accurately reflected what the GR conclusion was.

Likewise seconded.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#949390: Newly created package usernames should begin with an underscore

[Russ Allbery]

Sean Whitton  writes:
> On Sun 05 Jan 2020 at 11:33PM +01, Philipp Kern wrote:

>>> --- a/policy/ch-opersys.rst
>>> +++ b/policy/ch-opersys.rst
>>> @@ -231,7 +231,10 @@ starting at 100.
>>>
>>>  Apart from this we should have dynamically allocated ids, which should
>>>  by default be arranged in some sensible order, but the behavior should
>>> -be configurable.
>>> +be configurable. When maintainers choose a new hardcoded or dynamically
>>> +generated username for packages to use, they should start this username
>>> +with an underscore. This minimizes collisions with locally created user
>>> +accounts.
>>>
>>>  Packages other than ``base-passwd`` must not modify ``/etc/passwd``,
>>>  ``/etc/shadow``, ``/etc/group`` or ``/etc/gshadow``.

> Seconded.

> Filing a separate bug for this as we ought to get it into the next
> Policy release to avoid creating any more cases that have to be migrated.

Seconded as well.  I don't see any reason why this part can't go in now.

The one thing that I think might be worth adding to this is to carve out
an explicit exception for users starting with systemd-*, since we're
unlikely to rename those and it seems reasonable to reserve that namespace
for the systemd project (which is somewhat unique in the number of
low-level users that it wants to create).  But we can deal with that in a
separate bug; this is only a should, so it doesn't require the systemd
maintainers do something different with new systemd users.

-- 
Russ Allbery (r...@debian.org)  

Processed: limit source to debian-policy, tagging 949390

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> limit source debian-policy
Limiting to bugs with field 'source' containing at least one of 'debian-policy'
Limit currently set to 'source':'debian-policy'

> tags 949390 + pending
Bug #949390 [debian-policy] Newly created package usernames should begin with 
an underscore
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
949390: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949390
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Re: Guidance on solving the username namespacing problem

[Sean Whitton]

Hello,

On Sun 05 Jan 2020 at 11:33PM +01, Philipp Kern wrote:

> I'd also propose the following hunk as I was myself confused where this
> list was maintained - base-passwd is mentioned in 0-99 but not
> explicitly in the on demand part. As policy seems to defer to that
> package as the list, it would seem like policy should state this explicitly.
>
>> @@ -268,8 +271,10 @@ The UID and GID numbers are divided into classes as 
>> follows:
>>
>>  6-64999:
>>  Globally allocated by the Debian project, but only created on
>> -demand. The ids are allocated centrally and statically, but the
>> -actual accounts are only created on users' systems on demand.
>> +demand. The ids are allocated centrally, but the actual accounts are
>> +only created on users' systems on demand. Some of them are statically
>> +allocated. The authoritative allocation for this range is maintained
>> +in the ``base-passwd`` package.
>>
>>  These ids are for packages which are obscure or which require many
>>  statically-allocated ids. These packages should check for and create

I think it would be good to say what you mean by 'statically allocated'.
This could be done by combining your last two sentences to say that the
UIDs are statically allocated by means of the base-passwd package.

This is purely informative, not normative, so it doesn't need seconding.

> Now there's the question if we need explicit guidance in the UID bit
> about existing packages as well. How would the following sound instead
> of my prior proposal?
>
>> @@ -259,7 +262,9 @@ The UID and GID numbers are divided into classes as 
>> follows:
>>  and differently on each system, should use ``adduser --system`` to
>>  create the group and/or user. ``adduser`` will check for the
>>  existence of the user or group, and if necessary choose an unused id
>> -based on the ranges specified in ``adduser.conf``.
>> +based on the ranges specified in ``adduser.conf``. New packages
>> +should follow the guidance of using an underscore prefix for their
>> +username.
>>
>>  1000-5:
>>  Dynamically allocated user accounts. By default ``adduser`` will

I believe this should be a bit broader -- packages which are not new but
which are adding new users should also follow the underscore prefix
convention.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#949390: Newly created package usernames should begin with an underscore

[Sean Whitton]

Package: debian-policy
Version: 4.4.1.2
Tags: patch

Hello,

On Sun 05 Jan 2020 at 11:33PM +01, Philipp Kern wrote:

>> --- a/policy/ch-opersys.rst
>> +++ b/policy/ch-opersys.rst
>> @@ -231,7 +231,10 @@ starting at 100.
>>
>>  Apart from this we should have dynamically allocated ids, which should
>>  by default be arranged in some sensible order, but the behavior should
>> -be configurable.
>> +be configurable. When maintainers choose a new hardcoded or dynamically
>> +generated username for packages to use, they should start this username
>> +with an underscore. This minimizes collisions with locally created user
>> +accounts.
>>
>>  Packages other than ``base-passwd`` must not modify ``/etc/passwd``,
>>  ``/etc/shadow``, ``/etc/group`` or ``/etc/gshadow``.

Seconded.

Filing a separate bug for this as we ought to get it into the next
Policy release to avoid creating any more cases that have to be migrated.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Processed: user debian-pol...@packages.debian.org, limit package to debian-policy, usertagging 948275 ...

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> user debian-pol...@packages.debian.org
Setting user to debian-pol...@packages.debian.org (was 
spwhit...@spwhitton.name).
> limit package debian-policy
Limiting to bugs with field 'package' containing at least one of 'debian-policy'
Limit currently set to 'package':'debian-policy'

> usertags 948275 = normative dubious
There were no usertags set.
Usertags are now: normative dubious.
> tags 948275 + wontfix
Bug #948275 [debian-policy] is Debian POSIX compliant?
Added tag(s) wontfix.
> close 948275
Bug #948275 [debian-policy] is Debian POSIX compliant?
Marked Bug as done
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
948275: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948275
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#940144: developers-reference: document self-service givebacks in wanna-build section

[Philipp Kern]

On January 20, 2020 10:59:48 Drew Parsons  wrote:


Has the self-service wannabuild giveback script been disabled?

It's now rejecting connections, e.g.
https://buildd.debian.org/auth/giveback.cgi?pkg=ga&suite=sid&arch=armel
generates

  Forbidden
  You don't have permission to access this resource.Reason: Cannot
perform Post-Handshake Authentication.
  Apache Server at buildd.debian.org Port 443

My SSO is otherwise working fine, e.g. triggering debci tests at
https://ci.debian.net/user


I'm told it was broken by the upgrade of Apache - apparently it can no 
longer do per path client certificate authentication. There is a pending RT 
ticket from DSA to fix that but I don't think there is anything I can do at 
the moment - except turn on SSO for the whole vhost. Maybe that could even 
be a workaround for now and we could check if someone is annoyed by that. :)


Kind regards
Philipp Kern

Bug#940144: developers-reference: document self-service givebacks in wanna-build section

[Drew Parsons]

Has the self-service wannabuild giveback script been disabled?

It's now rejecting connections, e.g. 
https://buildd.debian.org/auth/giveback.cgi?pkg=ga&suite=sid&arch=armel 
generates


  Forbidden
  You don't have permission to access this resource.Reason: Cannot 
perform Post-Handshake Authentication.

  Apache Server at buildd.debian.org Port 443

My SSO is otherwise working fine, e.g. triggering debci tests at 
https://ci.debian.net/user