Bug#1037203: aide release notes to work around #1037171

To: 1037203@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Bug#1037203: aide release notes to work around #1037171
From: Justin B Rye <justin.byam.rye@gmail.com>
Date: Wed, 7 Jun 2023 20:01:23 +0100
Message-id: <[🔎] ZIDUA1JkTh5hB0LE@jbr.me.uk>
Reply-to: Justin B Rye <justin.byam.rye@gmail.com>, 1037203@bugs.debian.org
In-reply-to: <[🔎] 168615920936.380679.16811418068315730991.reportbug@drop.zugschlus.de>
References: <[🔎] 168615920936.380679.16811418068315730991.reportbug@drop.zugschlus.de> <[🔎] 168615920936.380679.16811418068315730991.reportbug@drop.zugschlus.de>

Marc Haber wrote:
> I am really sorry for this. #1037171 is an embarrassing one, sadly too
> late for the release, but I'll try to do a fix via spu.

I gather from the version data that when the bug submitter says buster
that's a typo for bookworm?

> Suggested wording for something along chapter 5.4:

It'll also need a section title and a summary of what the bug actually
is, which isn't completely clear to me.  Does the bug mean that
bullseye systems where aide was already working will break on
dist-upgrade to bookworm, or is it only a bug for systems where aide
is installed subsequently?  I'm guessing:

   <section id="aide-user-creation-bug">
     <title>Bug in <literal>aide</literal> user creation</title>
     <para>
       The version of <systemitem role="package">aide</systemitem> in the
       initial 12.0 release of bookworm has a bug
       (<ulink url="https://bugs.debian.org/1037171";>#1037171</ulink>) in
       its package scripts which results in the <literal>_aide</literal>
       user not being created, preventing <command>aideinit</command>
       from creating a new database.
     </para>

> Before upgrading your aide packages, create

So this needs to be done before the dist-upgrade?

> /usr/lib/sysusers.d/aide-common.conf with the following contents:

Isn't this the sort of thing that's usually overridable via files with
names like /etc/sysusers.d/aide-common.conf?  I'll assume for now that
this needs to live in /usr/lib (because we *want* it trampled when the
point release version installs its own copy).

> #Type   Name    ID      GECOS                                           Home directory        Shell↲
> u       _aide   -       "Advanced Intrusion Detection Environment"      /var/lib/aide /usr/sbin/nologin↲

(I'm assuming "↲" just means "newline"...)

> and call systemd-sysusers to work around Bug #1037171.

(...and that this is a plain root-privileged invocation of bullseye
"systemd-sysusers".  So:)

     <para>
       The bug can be avoided by creating the user before the dist-upgrade.
       Create a file <filename>/usr/lib/sysusers.d/aide-common.conf</filename>
       containing:
       <screen>
#Type  Name   ID  GECOS                                       Home directory Shell
u      _aide  -   "Advanced Intrusion Detection Environment"  /var/lib/aide  /usr/sbin/nologin
       </screen>
       and then run <command>systemd-sysusers</command>.
     </para>
   </section>
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Reply to:

Follow-Ups:
- Bug#1037203: aide release notes to work around #1037171
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

References:
- Bug#1037203: aide release notes to work around #1037171
  - From: Marc Haber <mh+debian-packages@zugschlus.de>

Prev by Date: Bug#1037203: aide release notes to work around #1037171
Next by Date: Re: Release Notes: Unknown reference "newreleasename"
Previous by thread: Bug#1037203: aide release notes to work around #1037171
Next by thread: Bug#1037203: aide release notes to work around #1037171
Index(es):
- Date
- Thread