reopen 412989 thanks > > I think that correct solution for the issue is to make udev package to > > create (in local /etc/groups) all missing groups referenced in it's > > default configuration files. > > I don't. > If you believe that some users or groups need to be unconditionally > created please discuss this with the base-passwd maintainer. > (Or feel free to propose a different solution which does not involve the > udev package creating users/groups which are used by different > packages.) Sorry Marco, but it is not valid to close a bug report that describes an existing issue only because you don't like the solution suggested by the submitter. There could be different solutions for the issue. - base-passwd could include all groups that udev references; - libnss-ldap (and likely other network nss modules) could enhance it's 'early bootup' handling such that it will just fail silently if it can't connect to LDAP server; - it is possible to make local admins to create these groups manually. However, I think there are reasons to fix the issue inside udev package. I will try to write my reasoning below. If you don't agree, I believe we should ask people on -devel, and/or tech-ctte, to resolve this. Udev startup script does operate in restricted environment, where not all system services are already up and running. And it should be written as such. For ages, there was an agreement related to non-local auth services, that everything that is referenced before network service is up, should be resolvable by local data. 'Resolvable' here means that the result (being it positive or negative) should be available locally, without attempts to request data from not-yet-available service. And in the current situation, udev is *the* package that, by installing it's default configuration files, injects references to non-resolvable-locally users and groups into early stage of boot. So a *fix* for this issue could be only inside udev package. In all other places, only workarounds are possible. And these workarounds do have the following drawbacks. - if base-passwd will be used as workaround location, this will create a situation when changes to default udev configuration files, introducing references to new groups or removing references to old ones, will cause need of base-files update - which is increased complexity and will cause out-of-sync situations; - workaround at libnss-* level is complex (see all that logic with files noting boot process etc), needed in any libnss-* that references network, and generally misplaced - because, unlike udev init script, nss is not a system designed for restricted environment, and it is not it's job to guess at which points of boot process errors are ok, and at which they are errors; - forcing local admins to manually workaround issue that could be fixed is against Debian quality standards. Also, it is unclear what udevd is going to do with non-resolved groups. Likely it will create devices with invalid ownership. Won't that introduce breakage at unexpected moments? E.g. if a package that actually uses device (and creates a group if it does no exist) will be installed and used before next reboot. From the other hand, fix at udev level is relatively easy. It just should extract a list of referenced groups (and probably users) from config files at build time (not at install time, because the talk is only groups referenced in default configs), and add several lines to postinst to create these groups if they don't exist.
Attachment:
pgpRrPptkskwW.pgp
Description: PGP signature