Bug#888721: sanlock uninstallable due to ordering of user handling in postinst

Sun, 28 Jan 2018 22:18:31 -0800 

Package: sanlock
Version: 3.6.0-1
Severity: grave

Hi,
since the following change in the last upload:
  * Add `sanlock' user to `disk' group, thanks to Charlie Smurthwaite;
    closes: #888102.
sanlock became uninstallable.

What happens is:
# apt install sanlock
[...]
Setting up sanlock (3.6.0-1) ...
addgroup: The user `sanlock' does not exist.
dpkg: error processing package sanlock (--configure):

The error itself is rather trivial, it is the ordering of actions in
the postinst:
It is atm (simplified)
1. addgroup sanlock disk
2. adduser sanlock

And of these #1 fails since only after #2 the sanlock user would be around.
This might have been missed since on an upgrade things are fine with
the user already existing, but the issue makes sanlock effectively
uninstallable - therefore grave severity.

Fix was tested by repackaging:

  apt-get download sanlock
  dpkg-deb -x sanlock_3.6.0-1_amd64.deb sanlock
  dpkg-deb -e sanlock_3.6.0-1_amd64.deb sanlock/DEBIAN
  vim sanlock/DEBIAN/postinst
Change order of user creation and adding to the group.
  dpkg-deb -b sanlock sanlock_3.6.0-2_amd64.deb
  dpkg -i sanlock_3.6.0-2_amd64.deb

Note, by being uninstallable it also breaks dependent packages like
e.g. atm the build of a new libvirt.

The required change is just to move the addgroup below the useradd like:


Author: Christian Ehrhardt <christian.ehrha...@canonical.com>
Date:   Mon Jan 29 07:10:59 2018 +0100

    d/sanlock.postinst: run addgroup after creating the user

    Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com>

diff --git a/debian/sanlock.postinst b/debian/sanlock.postinst
index ccbf821..3c1895a 100755
--- a/debian/sanlock.postinst
+++ b/debian/sanlock.postinst
@@ -40,9 +40,6 @@ case "$1" in
        if ! getent group sanlock >/dev/null; then
                addgroup --quiet --system sanlock
        fi
-       if ! { getent group disk | grep --quiet '\<sanlock\>'; }; then
-               addgroup --quiet sanlock disk
-       fi

        if ! getent passwd sanlock >/dev/null; then
                adduser --quiet \
@@ -56,6 +53,9 @@ case "$1" in
                --gecos "sanlock" \
                sanlock
        fi
+       if ! { getent group disk | grep --quiet '\<sanlock\>'; }; then
+               addgroup --quiet sanlock disk
+       fi

        ;;

Reply via email to