Your message dated Mon, 15 Jan 2024 08:32:08 +0000 with message-id <e1rpio8-004wab...@fasolo.debian.org> and subject line Bug#1033167: fixed in usrmerge 37~deb12u1 has caused the Debian Bug report #1033167, regarding usrmerge: messes with /etc/shells to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033167: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033167 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: usrmerge Version: 25 Severity: serious Justification: violates policy section 10.7.4 Control: affects -1 + debianutils dash X-Debbugs-Cc: jo...@debian.org, cl...@debian.org, andre...@debian.org, debian-rele...@lists.debian.org Hi, I think that it is quite obvious that /etc/shells is debianutils' territory. When I found that on some systems /etc/shells was out of sync with /var/lib/shells.state, I was quite puzzled until I noticed that usrmerge messes with this file. This really is debianutils' configuration file and usrmerge has no business in touching it in uncoordinated ways. Refer to policy section 10.7.4 for details, so usrmerge is technically rc-buggy. However, usrmerge does have reason to touch it, so the solution is not simply to drop convert-etc-shells with no replacement. Let us dive a bit into how an essential system can come to be. 1. We start either merged (e.g. debootstrap or mmdebstrap with --hook-dir=.../merged-usr) or unmerged (mmdebstrap without hook or an old debootstrap --no-merged-usr). 2. We either install usrmerge or usr-is-merged. Though we cannot combine starting unmerged with usr-is-merged for obvious reasons. 3. The last invocation of update-shells happens before or after usrmerge.postinst. (Not relevant in case of usr-is-merged) So what happens in these cases? If and only if usrmerge is used, convert-etc-shells turns /bin/sh into /usr/bin/sh. So whenever we start out merged and use usr-is-merged, /usr/bin/sh goes missing. If usrmerge is used, the order of entries in /etc/shells depends on whether update-shells is run after it or not. Likewise /var/lib/shells.state also depends. This is not some mmdebstrap-specific problem. You can easily observe this with debootstrap --no-merged-usr and installing usrmerge vs just doing debootstrap. This is bad from a reproducibility point of view and it is rooted in usrmerge not cooperating with other packages, but instead doing things behind their back, which happens to violate policy. So how to fix this? For one thing, the /bin/sh difference is rooted in the fact that /bin/sh is a standard value of debianutils and not managed using shells.d even though dash ships plain /bin/sh these days. I think dash should just add /bin/sh to /usr/share/debianutils/shells.d/dash and we'd be done as all entries in shells.d are correctly managed wrt. merged-/usr by update-shells. The next thing is that convert-etc-shells needs to go away from usrmerge. In the age of systems with usr-is-merged, there is no convert-etc-shells (as there is no usrmerge), so it must work without somehow anyway. When you run update-shells after a merge, it will pick up the merged shell locations (for shells managed in shells.d) and add them to /etc/shells. So usrmerge should ensure that update-shells is called after having performed the merge. This is the only way to get reproducibility. (That doesn't quite answer yet when to run it, how to run it, nor whether that makes convert-etc-shells unnecessary though.) Then we still have add-shell and remove-shell and most packages using them induce policy violations (reverting admin changes on upgrade), so we want to change them to the shells.d mechanism in the long run, but that's not where we are today and especially not what we can rely on in bookworm. So for these entries, we still do need convert-etc-shells and indeed we cannot just delete it. convert-etc-shells compensates for the difference in behaviour of add-shell pre-merge vs post-merge. I think the best solution here would be merging convert-etc-shells into update-shells. Whenever we run update-shells, it should check whether the system is already merged and when it is, perform the equivalent to convert-etc-shells. Then usrmerge can just install an empty (except for a comment) /usr/share/debianutils/shells.d/usrmerge to trigger update-shells and things become fully reproducible in all cases, because no matter how we started, we will run update-shells post merge and that'll do the right thing. And since usrmerge now uses the tools provided by debianutils, this fully resolves the policy violation. Also note that usr-is-merged does not have to invoke the trigger as debianutils is configured after /usr is merged. So unless I am mistaken, this leads to the following action items: * update-shells absorbs convert-etc-shells. * dash adds /bin/sh to shells.d/dash. * usrmerge creates an empty shells.d/usrmerge file. * usrmerge depends on a version of debianutils that has absorbed convert-etc-shells. Does that make sense to you? I haven't actually implemented and tested this yet. Do you see any obvious flaws in the arguments or the proposed solution? I'm Ccing release managers as it looks like we're starting a transition of an essential package right in the middle of the freeze. Not good, but this looks still manageable to me. Helmut
--- End Message ---
--- Begin Message ---Source: usrmerge Source-Version: 37~deb12u1 Done: Andreas Beckmann <a...@debian.org> We believe that the bug you reported is fixed in the latest version of usrmerge, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated usrmerge package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 10 Jan 2024 09:07:08 +0100 Source: usrmerge Architecture: source Version: 37~deb12u1 Distribution: bookworm Urgency: medium Maintainer: Marco d'Itri <m...@linux.it> Changed-By: Andreas Beckmann <a...@debian.org> Closes: 1033167 1034346 1037362 1038832 1038853 1050755 Changes: usrmerge (37~deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm. . usrmerge (37) unstable; urgency=medium . [ Johannes Schauer Marin Rodrigues ] * Use $DPKG_ROOT in usr-is-merged.postinst. (Closes: #1050755) . usrmerge (36) unstable; urgency=medium . * Added code by Andreas Beckmann to clean up the biarch libraries directories when they are not needed. (Closes: #1038853) * Changed postinst to not run convert-etc-shells again on already converted systems and to run update-shells to make sure that the new shells.state file introduced in bookworm is up to date. (Closes: #1033167) * Improved the instructions to deal with a mounted /lib/modules/, which can also happen on some Xen-based systems. (Closes: 1034346) * Greatly improved the error messages when commands execution fails (see #1037362). * Added a versioned conflict with libc-bin, only relevant for the conversion script. (Closes: #1037362) * Added a versioned conflict with dhcpcd. (Closes: #1038832) * Added a versioned conflict with libparted1.8-10. (Closes: #1038832) * Added a versioned conflict with lustre-utils. (Closes: #1038832) Checksums-Sha1: 7aa4a7c6f9b6f5d7c22a7603ae6fc72a7b9eb7e9 1643 usrmerge_37~deb12u1.dsc 0f2cf6710e7e80ecde66c352a7c830ee817615ce 15136 usrmerge_37~deb12u1.tar.xz 72b383c74cefb9851717f137891df8694934891c 5670 usrmerge_37~deb12u1_source.buildinfo Checksums-Sha256: 3a561ff99013607db5bc61721aae08a236afc4b04b13baab17fb2e8d18fc0b7f 1643 usrmerge_37~deb12u1.dsc 351ed3d74135ac82d686b3b93700976f269229e7fae37491fa79758a45c96ff4 15136 usrmerge_37~deb12u1.tar.xz 0ef476c501142d42e7921a100901b7e4e4c6ce2f7faf50ab28062044a180dbe1 5670 usrmerge_37~deb12u1_source.buildinfo Files: 58d018dcafee9b0f874ff1404c27fd8b 1643 admin optional usrmerge_37~deb12u1.dsc a8faf42f083dd781cd68f075143e18e3 15136 admin optional usrmerge_37~deb12u1.tar.xz 4fd57bd85687cebf22581fcc947bf8e3 5670 admin optional usrmerge_37~deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAmWeUNkQHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCHqrEACTTpicR3R6y3jBX1oieY7ijXHK8uELb0Ld yDLgMjgVxZLiH6YqwlQazg/ix2KjPlgODelpJMevS+VGDZDzQ+5lR/9wOGg3WQq0 j3RO1UgygZjGkFze9gAFmiTpdIFdwfQMGETwuQPh5WiwjKAH9lSpXlVDk2tVD7uA 1mGXl4CBPWKwMXY1JQoo398PFESQ+I1k8VEdtKEw3qCWveZ6oSPYStJbrNEo3RT/ 23/SoYYy+pjRIaPxRsQex4GtHLiA+tsdWfnWrdHCL61wkouOIn0tVyhg2AsKEeR8 wc4dOtry6IUJFP0F//r3mu54i+sbbHsZvA8g6lKOhUpQmQQ2Ig/9MJ6+9Lwc9ud6 SCTdrM3IfQECi4irREZbgKWNpdblgHMuqMWDu4ffpbaq1Nu2Ew9wXHBeOu/aNA50 xzO1DS8M6X7AVzgpYJMU5Oujyy4B8YUZOI/PWJO+mnps6smvwN0TEqEU8WT7MNUg A4bsdT+0FNR2BYV3XoKPDOZysNQcuLdGVE5+705xqTeJr0hvCeJilPwv1CZ3by1a AJavf9AzKDFdMDIlPK1np0hgJj1oYkO0Gat9UtvWuq+MaE1IMZuiX1jS6H5phAxG OvPQbVz2okiaSdmJnxU9KWGyWAgIB+31pAs6+lMbXT5DwOM9nAQsfY/KTP8SAkG+ WGkXgPI8/g== =MZNb -----END PGP SIGNATURE-----
--- End Message ---
