Source: postgresql-common Version: 225 Severity: normal The postgres postinst script creates the postgres user with matching group if, and only if, it doesn't already exist. It also adds the user to the ssl-cert but does this unconditionally, which is a bit inconsistent.
This has cropped up in certain corner cases where the system config is unwriteable for some odd reason (in one reported case, due to broken oneconf; in a more immediate case we're hitting it building postgres inside Docker, possibly due to a change in glibc/libseccomp behavior). This change makes the postinst script more consistent in how it handles setting up the postgres user's groups, and in so doing enables a workaround for corner cases: the postgres user can be set up prior to installing postgres; the postinst will then skip trying to make those changes itself. -- System Information: Debian Release: bullseye/sid APT prefers focal-updates APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal'), (100, 'focal-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.0-65-generic (SMP w/12 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled