On 24/03/2025 at 20:29, Cyril Brulebois wrote:
Oh wow, that's indeed badly broken, and will need fixing before the next
release. Reproduced locally with a 'û' in my last name:
Mar 24 19:17:59 finish-install: info: Running
/usr/lib/finish-install.d/06user-setup
Mar 24 19:17:59 user-setup: Shadow passwords are now on.
Mar 24 20:17:59 chpasswd[8387]: pam_unix(chpasswd:chauthtok): password
changed for root
Mar 24 19:17:59 user-setup: invalid characters in Cyril
Br\x{fffd}\x{fffd}lebois at /usr/share/perl5/Debian/AdduserCommon.pm line 141.
(...)
No feedback during the installation process, just silent failure to
create the user. :(
Looping in adduser people for awareness and maybe tips. A quick look at
adduser.git suggests sanitation got added end 2024/beginning 2025…
If adduser exists in the target system then user-setup runs
adduser --disabled-password --gecos "$fullname" "$user" || true
else it runs
useradd -c "$fullname" -m "$user" || true
What is the advantage of calling adduser instead of useradd ?
IIUC adduser's new sanitation regex for the 'comment' (ex-gecos) value)
is defined by:
commentre => qr/["-_\.+!\$%&()\]\[;0-9a-zA-Z\/ ]*/
It looks like only ASCII characters are allowed. Oddly, adduser allows
non ASCII characters in interactive mode. useradd does not seem to have
such restriction for -c.
Possible options may include:
- align adduser's comment sanitation regex on useradd
- make user-setup have the same restriction on the full name as adduser
(it currently does not seem to have any)
- make user-setup always call useradd
PS: Why are user settings collected early in the installation process
(before partitioning) even though they are written out at the end ?