Bug#767999: debootstrap/base-passwd: #767999 and #766459 should really be fixed in base-passwd
On Thu, Nov 06, 2014 at 02:06:07PM +0000, Michael Tautschnig wrote:
> At least Santiago's and my opinion diverge on whether base-passwd is presently
> in line with policy on 3.8 Essential packages. Therefore the route from here
> appears to hinge on interpreting policy in one of two ways: my point is that
> base-passwd, at present, is not providing its functionality after just being
> unpacked - it does require postinst having been run. Santiago claims, if I
> interpret this correctly, that every package has to be configured at least once
> before being useful at all (irrespective of whether it is essential or not).
I'm not a policy lawyer so I might be wrong, but:
3.8. doesn't give an exception for not configured before.
6.5. does give it but only for Pre-Depends rather than essential, and only
for preinst (base-files uses it in postinst)
Santiago's intepretation might come from 6.5.<new-preinst>`install' talking
first about essential and pre-depends in one place, then about just
pre-depends in the very next sentence. A non-strict reader might assume the
second sentence omits "and essentials" for brevity.
> 1. Determine whether base-passwd is in line with policy on providing its
> functionality as an "essential" package.
> A) If it is, then debootstrap is buggy.
Even if it somehow is, there's a practical problem: it's impossible to
deploy a fix to a significant part of users.
> B) If base-passwd violates policy, then base-passwd is buggy.
I say it is, but since the only consumer that matters is base-files, it
might be safer to change the latter.
> My point of view is that base-passwd should be changed, and thanks to
> suggestions from Tollef last night the attached patch should actually achieve
> this. The idea simply is to sort out creating /etc/passwd and /etc/group in
> preinst already, so that these files will be present once the package reaches
> the state "unpacked."
I tested your patch when debootstrapping from squeeze, it did work. Should
I test some more scenarios (cdebootstrap? 2-phase cross-arch debootstrap?
some other distro?) -- or do you think it should be safe?
// If you believe in so-called "intellectual property", please immediately
// cease using counterfeit alphabets. Instead, contact the nearest temple
// of Amon, whose priests will provide you with scribal services for all
// your writing needs, for Reasonable and Non-Discriminatory prices.