Your message dated Sun, 27 Aug 2023 12:36:14 +0000
with message-id <[email protected]>
and subject line Bug#1033167: fixed in usrmerge 36
has caused the Debian Bug report #1033167,
regarding usrmerge: messes with /etc/shells
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1033167: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033167
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: usrmerge
Version: 25
Severity: serious
Justification: violates policy section 10.7.4
Control: affects -1 + debianutils dash
X-Debbugs-Cc: [email protected], [email protected], [email protected], 
[email protected]

Hi,

I think that it is quite obvious that /etc/shells is debianutils'
territory. When I found that on some systems /etc/shells was out of sync
with /var/lib/shells.state, I was quite puzzled until I noticed that
usrmerge messes with this file. This really is debianutils'
configuration file and usrmerge has no business in touching it in
uncoordinated ways. Refer to policy section 10.7.4 for details, so
usrmerge is technically rc-buggy. However, usrmerge does have reason to
touch it, so the solution is not simply to drop convert-etc-shells with
no replacement.

Let us dive a bit into how an essential system can come to be.

1. We start either merged (e.g. debootstrap or mmdebstrap with
   --hook-dir=.../merged-usr) or unmerged (mmdebstrap without hook or
   an old debootstrap --no-merged-usr).

2. We either install usrmerge or usr-is-merged. Though we cannot
   combine starting unmerged with usr-is-merged for obvious reasons.

3. The last invocation of update-shells happens before or after
   usrmerge.postinst. (Not relevant in case of usr-is-merged)

So what happens in these cases?

If and only if usrmerge is used, convert-etc-shells turns /bin/sh into
/usr/bin/sh. So whenever we start out merged and use usr-is-merged,
/usr/bin/sh goes missing.

If usrmerge is used, the order of entries in /etc/shells depends on
whether update-shells is run after it or not. Likewise
/var/lib/shells.state also depends. This is not some mmdebstrap-specific
problem. You can easily observe this with debootstrap --no-merged-usr
and installing usrmerge vs just doing debootstrap.

This is bad from a reproducibility point of view and it is rooted in
usrmerge not cooperating with other packages, but instead doing things
behind their back, which happens to violate policy.

So how to fix this?

For one thing, the /bin/sh difference is rooted in the fact that /bin/sh
is a standard value of debianutils and not managed using shells.d even
though dash ships plain /bin/sh these days. I think dash should just add
/bin/sh to /usr/share/debianutils/shells.d/dash and we'd be done as all
entries in shells.d are correctly managed wrt. merged-/usr by
update-shells.

The next thing is that convert-etc-shells needs to go away from
usrmerge. In the age of systems with usr-is-merged, there is no
convert-etc-shells (as there is no usrmerge), so it must work without
somehow anyway. When you run update-shells after a merge, it will pick
up the merged shell locations (for shells managed in shells.d) and add
them to /etc/shells. So usrmerge should ensure that update-shells is
called after having performed the merge. This is the only way to get
reproducibility. (That doesn't quite answer yet when to run it, how to
run it, nor whether that makes convert-etc-shells unnecessary though.)

Then we still have add-shell and remove-shell and most packages using
them induce policy violations (reverting admin changes on upgrade), so
we want to change them to the shells.d mechanism in the long run, but
that's not where we are today and especially not what we can rely on in
bookworm. So for these entries, we still do need convert-etc-shells and
indeed we cannot just delete it. convert-etc-shells compensates for the
difference in behaviour of add-shell pre-merge vs post-merge.

I think the best solution here would be merging convert-etc-shells into
update-shells. Whenever we run update-shells, it should check whether
the system is already merged and when it is, perform the equivalent to
convert-etc-shells. Then usrmerge can just install an empty (except for
a comment) /usr/share/debianutils/shells.d/usrmerge to trigger
update-shells and things become fully reproducible in all cases, because
no matter how we started, we will run update-shells post merge and
that'll do the right thing. And since usrmerge now uses the tools
provided by debianutils, this fully resolves the policy violation. Also
note that usr-is-merged does not have to invoke the trigger as
debianutils is configured after /usr is merged.

So unless I am mistaken, this leads to the following action items:
 * update-shells absorbs convert-etc-shells.
 * dash adds /bin/sh to shells.d/dash.
 * usrmerge creates an empty shells.d/usrmerge file.
 * usrmerge depends on a version of debianutils that has absorbed
   convert-etc-shells.

Does that make sense to you? I haven't actually implemented and tested
this yet. Do you see any obvious flaws in the arguments or the proposed
solution?

I'm Ccing release managers as it looks like we're starting a transition
of an essential package right in the middle of the freeze. Not good, but
this looks still manageable to me.

Helmut

--- End Message ---
--- Begin Message ---
Source: usrmerge
Source-Version: 36
Done: Marco d'Itri <[email protected]>

We believe that the bug you reported is fixed in the latest version of
usrmerge, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marco d'Itri <[email protected]> (supplier of updated usrmerge package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 27 Aug 2023 13:56:49 +0200
Source: usrmerge
Architecture: source
Version: 36
Distribution: unstable
Urgency: medium
Maintainer: Marco d'Itri <[email protected]>
Changed-By: Marco d'Itri <[email protected]>
Closes: 1033167 1034346 1037362 1038832 1038853
Changes:
 usrmerge (36) unstable; urgency=medium
 .
   * Added code by Andreas Beckmann to clean up the biarch libraries
     directories when they are not needed. (Closes: #1038853)
   * Changed postinst to not run convert-etc-shells again on already
     converted systems and to run update-shells to make sure that the
     new shells.state file introduced in bookworm is up to date.
     (Closes: #1033167)
   * Improved the instructions to deal with a mounted /lib/modules/,
     which can also happen on some Xen-based systems. (Closes: 1034346)
   * Greatly improved the error messages when commands execution fails
     (see #1037362).
   * Added a versioned conflict with libc-bin, only relevant for the
     conversion script. (Closes: #1037362)
   * Added a versioned conflict with dhcpcd. (Closes: #1038832)
   * Added a versioned conflict with libparted1.8-10. (Closes: #1038832)
   * Added a versioned conflict with lustre-utils. (Closes: #1038832)
Checksums-Sha1:
 a4654ac1ec82bb7f065be496df7c4caaa18e0b2a 981 usrmerge_36.dsc
 3a59eb6ac4979b4cce37c90dba74d07e94300667 15060 usrmerge_36.tar.xz
 93cff580b69f661d9da156a3dbd89d005498dcdc 5464 usrmerge_36_amd64.buildinfo
Checksums-Sha256:
 4819f36315d478cc90a48f8731c97c60addd8df7f7da2374e930a44ebf65fa9a 981 
usrmerge_36.dsc
 20811fa4a8c382d6b06e1a9209bb3202fd846eecb50e512050b626a9ef512b81 15060 
usrmerge_36.tar.xz
 1c96ebdc91d46a8d83707d939ed360c7ecff78804d611bac36215aaeb8e30a3f 5464 
usrmerge_36_amd64.buildinfo
Files:
 c41e1cf845fdb64966c0f9f3833f91c7 981 admin optional usrmerge_36.dsc
 7955e9b2704967d1107ec4f7593b6c5d 15060 admin optional usrmerge_36.tar.xz
 81ae06adb5221cdfb7f436e6f9f5ca23 5464 admin optional 
usrmerge_36_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCZOs6bQAKCRDLPsM64d7X
gc3RAPwKxwtvrvnA2DcDKIwreOp6lXpGOEnuJDz2MN9Y6gazSAEAuSIuWOkmap9n
uucxlX29uCgvh9hRIw7w+qmaoZMCSQ8=
=0TM8
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to