Public bug reported: The following ansible configuration
--- BEGIN --- - name: Allow users in group 'wireshark' to capture packets ansible.builtin.debconf: name: wireshark-common question: wireshark-common/install-setuid value: 'true' vtype: boolean --- END --- sets the value correctly, however no group 'wireshark' is created, as it is the case using 'dpkg-reconfigure wireshark-common' to accomplish the same. The group creation code appears in 'postinst' of wireshark-common: --- BEGIN file postinst --- #!/bin/sh set -e . /usr/share/debconf/confmodule PROGRAM=$(dpkg-divert --truename /usr/bin/dumpcap) GROUP=wireshark if ! dpkg-statoverride --list $PROGRAM > /dev/null; then db_get wireshark-common/install-setuid if [ -e "$PROGRAM" ]; then if [ "$RET" = "false" ] ; then chown root:root $PROGRAM chmod u=rwx,go=rx $PROGRAM else if ! addgroup --quiet --system $GROUP; then if ! getent group wireshark > /dev/null; then db_input high wireshark-common/addgroup-failed || true db_go exit 1 else db_input high wireshark-common/group-is-user-group || true db_go fi fi chown root:$GROUP $PROGRAM if which setcap > /dev/null ; then chmod u=rwx,g=rx,o=r $PROGRAM if ! setcap cap_net_raw,cap_net_admin=eip $PROGRAM; then db_input high wireshark-common/setcap-failed || true db_go chmod u=rwxs,g=rx,o=r $PROGRAM fi else chmod u=rwxs,g=rx,o=r $PROGRAM fi fi fi else dpkg-statoverride --list $PROGRAM fi --- END file postinst --- Not sure whether this is a bug or simply a missing feature. ** Affects: ansible (Ubuntu) Importance: Undecided Status: New ** Description changed: - The following configuration + The following ansible configuration - > - name: Allow users in group 'wireshark' to capture packets - > ansible.builtin.debconf: - > name: wireshark-common - > question: wireshark-common/install-setuid - > value: 'true' - > vtype: boolean + --- BEGIN --- + + - name: Allow users in group 'wireshark' to capture packets + ansible.builtin.debconf: + name: wireshark-common + question: wireshark-common/install-setuid + value: 'true' + vtype: boolean + + --- END --- sets the value correctly, however no group 'wireshark' is created, as it is the case using 'dpkg-reconfigure wireshark-common' to accomplish the same. The group creation code appears in 'postinst' of wireshark-common: - <pre> - #!/bin/sh + --- BEGIN file postinst --- + + #!/bin/sh set -e . /usr/share/debconf/confmodule PROGRAM=$(dpkg-divert --truename /usr/bin/dumpcap) GROUP=wireshark if ! dpkg-statoverride --list $PROGRAM > /dev/null; then - db_get wireshark-common/install-setuid - if [ -e "$PROGRAM" ]; then - if [ "$RET" = "false" ] ; then - chown root:root $PROGRAM - chmod u=rwx,go=rx $PROGRAM - else - if ! addgroup --quiet --system $GROUP; then - if ! getent group wireshark > /dev/null; then - db_input high wireshark-common/addgroup-failed || true - db_go - exit 1 - else - db_input high wireshark-common/group-is-user-group || true - db_go - fi - fi - chown root:$GROUP $PROGRAM - if which setcap > /dev/null ; then - chmod u=rwx,g=rx,o=r $PROGRAM - if ! setcap cap_net_raw,cap_net_admin=eip $PROGRAM; then - db_input high wireshark-common/setcap-failed || true - db_go - chmod u=rwxs,g=rx,o=r $PROGRAM - fi - else - chmod u=rwxs,g=rx,o=r $PROGRAM - fi - fi - fi + db_get wireshark-common/install-setuid + if [ -e "$PROGRAM" ]; then + if [ "$RET" = "false" ] ; then + chown root:root $PROGRAM + chmod u=rwx,go=rx $PROGRAM + else + if ! addgroup --quiet --system $GROUP; then + if ! getent group wireshark > /dev/null; then + db_input high wireshark-common/addgroup-failed || true + db_go + exit 1 + else + db_input high wireshark-common/group-is-user-group || true + db_go + fi + fi + chown root:$GROUP $PROGRAM + if which setcap > /dev/null ; then + chmod u=rwx,g=rx,o=r $PROGRAM + if ! setcap cap_net_raw,cap_net_admin=eip $PROGRAM; then + db_input high wireshark-common/setcap-failed || true + db_go + chmod u=rwxs,g=rx,o=r $PROGRAM + fi + else + chmod u=rwxs,g=rx,o=r $PROGRAM + fi + fi + fi else - dpkg-statoverride --list $PROGRAM + dpkg-statoverride --list $PROGRAM fi - </pre> - (Not sure whether this is a bug or simply a missing feature.) + --- END file postinst --- + + Not sure whether this is a bug or simply a missing feature. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1919379 Title: debconf module: does not execute postinst To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1919379/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs