Control: tags -1 confirmed
Control: found -1 0.18.1-1
thanks
This confirmation also applies to the severity of the issue :-( that
slipped itself in in March 2023 with 0.18.1-1. dh_installsysusers is not
called by the normal dh sequence in dh compat level 13 which leads to
the user not being created at package installation.
Patch to source package:
diff -Nru aide-0.18.3/debian/aide-common.postinst
aide-0.18.3/debian/aide-common.postinst
--- aide-0.18.3/debian/aide-common.postinst 2023-04-20 23:50:04.0
+0200
+++ aide-0.18.3/debian/aide-common.postinst 2023-05-18 10:25:22.0
+0200
@@ -45,18 +45,6 @@
# added updating to 0.18-1
rm -rf /var/tmp/aide.cron.daily /var/tmp/aide.cron.daily.old.*
-if dpkg --compare-versions "$2" lt 0.17.5-1; then
-# we're updating from a version earlier than 0.17.5, chown logs
-# and databases
-chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log
/var/log/aide/aide.log.* || true
-chmod --quiet 2755 /var/log/aide || true
-chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new
|| true
-fi
-if dpkg --compare-versions "$2" lt 0.18-3; then
-# we're updating from a version earlier than 0.18-3, chown aideinit logs
-chown --quiet _aide:adm /var/log/aide/aideinit.log
/var/log/aide/aideinit.errors|| true
-fi
-
rm -f /var/lib/aide/aide.conf.autogenerated
if dpkg --compare-versions "$2" le "0.16-1"; then
# we're updating from a version earlier than 0.16-1, rename DHCP conffiles
@@ -96,6 +84,20 @@
#DEBHELPER#
+# this needs to be after debhelper, otherwise the account doesn't
+# yet exist.
+if dpkg --compare-versions "$2" lt 0.17.5-1; then
+# we're updating from a version earlier than 0.17.5, chown logs
+# and databases
+chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log
/var/log/aide/aide.log.* || true
+chmod --quiet 2755 /var/log/aide || true
+chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new
|| true
+fi
+if dpkg --compare-versions "$2" lt 0.18-3; then
+# we're updating from a version earlier than 0.18-3, chown aideinit logs
+chown --quiet _aide:adm /var/log/aide/aideinit.log
/var/log/aide/aideinit.errors|| true
+fi
+
exit 0
# vim:sw=4:sts=4:et:
diff -Nru aide-0.18.3/debian/rules aide-0.18.3/debian/rules
--- aide-0.18.3/debian/rules2023-04-20 23:50:04.0 +0200
+++ aide-0.18.3/debian/rules2023-05-18 10:25:22.0 +0200
@@ -33,6 +33,10 @@
override_dh_auto_configure:
dh_auto_configure -- $(strip ${COMMON_CONFIGURE_ARGS}) $(strip
${EXTRA_CONFIGURE_ARGS})
+# make this execute_after_dh_auto_install after bookworm
override_dh_auto_install:
dh_auto_install
dh_installsystemd --name=dailyaidecheck
+ # this is needed until dh compat 14
+ dh_installsysusers
+
A run-time fix would be to call
adduser --system --home /var/lib/aide --shell /usr/sbin/nologin _aide
before package installation.
or to drop the following file
#Type NameID GECOS Home
directoryShell
u _aide - "Advanced Intrusion Detection Environment"
/var/lib/aide /usr/sbin/nologin
in /usr/lib/sysusers.d/aide-common.conf and execute systemd-sysusers.
A fixed package will be brought on the way by means of stable proposed
updates and a bookworm point release.
Greetings
Marc
