Bug#991629: cloud.debian.org: Bullseye AWS AMI: cloud-init creates duplicate #includedir in /etc/sudoers
On Sat, Aug 07, 2021 at 08:30:17PM -0600, Ross Vandegrift wrote:
> > > > In the sudoers file there is a duplicate includedir
> > > > statement; at the end of the file you will find the following contents:
> > > >
> > > > """
> > > > # See sudoers(5) for more information on "@include" directives:
> > > >
> > > > @includedir /etc/sudoers.d
> > > >
> > > > # Added by cloud-init v. 20.4.1 on Wed, 28 Jul 2021 20:40:05 +0000
> > > > #includedir /etc/sudoers.d
> > > ^
> > >
> > > Is this a copy/paste mistake? It looks commented out.
> >
> > It's isn't a copy/paste mistake, nor is it commented out. This was the
> > syntax used up to Buster, but from Bullseye the new @includedir syntax is
> > preferred (but sudo accepts both). That's presumably why it was changed in
> > sudo.
>
> 👍, thanks.
>
> This is fixed upstream in 21.1, though many other changes are included. I
> didn't look through the list carefully. The fix for this particular bug is
> trivial, I staged it here:
> https://salsa.debian.org/rvandegrift/cloud-init/-/tree/debian/bullseye
>
> Either a targeted fix or a new upstream release will need to wait for a stable
> update at this point.
Summarizing the path forward based on the discussion from today's cloud
team meeting:
1. I will upload new cloud-init packages to unstable containing the fix.
2. I will implement a temporary change to our bullseye images to revert the
sudoers file to use the old syntax that cloud-init will detect.
3. The cloud team will work with the stable release managers to get updated
packages containing this fix accepted for the first bullseye point
release.
4. Once bullseye includes a fixed version of cloud-init, we will revert
(2) from our image build configuration.
noah
Reply to: