I'm hoping this is not going to be too philosophical, so I'll enlist the facts first (please let me know if I got any of them wrong): debootstrap'ing a system fails, because - chown root:root ... won't work when invoked from base-files' postinst - version 7.7 of base-files is the first to actually have this call when invoked from within (c)debootstrap - using root:root relies on /etc/passwd and /etc/group being in place and populated - /etc/passwd and /etc/group are provided by base-passwd, which is essential On Mon, Oct 27, 2014 at 11:08:55 +0100, Santiago Vila wrote: > I'm going to reply to Julien first, then to Michael. > > On Mon, 27 Oct 2014, Julien Cristau wrote: > > > On Mon, Oct 27, 2014 at 08:35:14 +0000, Michael Tautschnig wrote: > > I agree this should be fixed in base-files. > > Bugs should be fixed where they are. If base-files, or any other > package, essential or not, can't make a simple chown root:root, then > it is a bug in whatever package was responsible for making sure that > the root user exist in a Debian system, base-passwd and debootstrap in > this case. > [...] > This has worked for ages, and it should continue to work, because > base-passwd is essential. > So let's see what Debian Policy says in 3.8 Essential packages: "[...] Since dpkg will not prevent upgrading of other packages while an essential package is in an unconfigured state, all essential packages must supply all of their core functionality even when unconfigured. If the package cannot satisfy this requirement it must not be tagged as essential, and any packages depending on this package must instead have explicit dependency fields as appropriate. [...]" While base-passwd is essential, the question seems to be whether providing /etc/passwd and /etc/group are its "core functionality." The description of base-passwd states: "These are the canonical master copies of the user database files (/etc/passwd and /etc/group), containing the Debian-allocated user and group IDs." The package base-passwd, however, will only copy those files into place in its postinst script. It may thus be argued (if provision of the files is considered "core functionality") that base-passwd violates policy. Yet it may be impossible for base-passwd to implement this bit of policy unless unconditionally overwriting /etc/passwd and /etc/group were deemed acceptable (which it surely isn't, unless we implement something like /etc/passwd.d/ and /etc/group.d/). A collection of possible ways forward - feel free to add more: - base-passwd should no longer be marked essential, but instead base-files should depend on it (making base-passwd implicitly essential), hence neither would base-passwd be violating policy nor would we any longer face the problems in base-files/(c)debootstrap. But maybe other issues arise, which I might not be aware of. - base-files should explicitly depend on base-passwd, because it uses functionality that is not considered "core functionality" of base-passwd. - We ignore the policy violation of base-passwd or consider the use of /etc/passwd in base-files use of non-core functionality and hence ignore the bug in base-files. Either ignorance will then require working around those bugs in (c)debootstrap. Best, Michael
Attachment:
pgpln0DLpk_uY.pgp
Description: PGP signature