Bug#992153: bullseye-pu: package cloud-init/20.4.1-2+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: rvandegrift@debian.org, debian-cloud@lists.debian.org
[ Reason ]
The version of sudo in bullseye introduces a new syntax for includes,
"@includedir". This is supported alongside the previous syntax "#includedir".
cloud-init tries to ensure that /etc/sudoers.d is included. But the version in
bullseye only looks for the old sudo syntax. Since the default contains the
new syntax, this duplicates all of the config in /etc/sudoers.d. At least some
sudo config cannot be duplicated - details are in #991629.
The report+fix came too close to the bullseye release. The team considers it
RC, but have a workaround in place to prevent immediate user impact:
https://salsa.debian.org/cloud-team/debian-cloud-images/-/merge_requests/263
This requires modifying one of sudo's config file during the image build, so
we'd prefer a fixed cloud-init package.
[ Impact ]
Users may have previously working sudo configs break.
[ Tests ]
The upstream fix adds a unit test for this issue. This and the other tests
pass during package build.
[ Risks ]
Very low, the patch is trivial.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Effectively, s/#includedir/[#@]includedir/ in the /etc/sudoers handling.
Thanks,
Ross, for the cloud team
Reply to: