Bug#1107744: libnss-ldapd,debian-edu-config: flaky autopkgtest for debian-edu-config: newly-created group cannot be resolved

To: Simon McVittie <smcv@debian.org>, 1107744@bugs.debian.org
Subject: Bug#1107744: libnss-ldapd,debian-edu-config: flaky autopkgtest for debian-edu-config: newly-created group cannot be resolved
From: Mike Gabriel <sunweaver@debian.org>
Date: Thu, 24 Jul 2025 15:51:49 +0000
Message-id: <[🔎] 20250724155149.Horde.fExJDmLwdhthjM2lzRw6TXe@mail.das-netzwerkteam.de>
Reply-to: Mike Gabriel <sunweaver@debian.org>, 1107744@bugs.debian.org
In-reply-to: <aExHTpKQmqSWxH2x@remnant.pseudorandom.co.uk>
References: <aExHTpKQmqSWxH2x@remnant.pseudorandom.co.uk>

Hi Simon,

On  Fr 13 Jun 2025 17:44:14 CEST, Simon McVittie wrote:

The symptom of the failure is that sometimes, polkitd.postinst will
successfully invoke systemd-sysusers to create the polkitd user and
group in passwd(5) and group(5):

173s Configurando polkitd (126-2) ...
173s Creating group 'polkitd' with GID 989.
173s Creating user 'polkitd' (User for polkitd) with UID 989 and GID 989.


but then immediately after that, an operation that involves looking up
the newly-created polkitd group will fail, instead of falling back to
group(5) as it should:

173s chown: invalid group: ‘root:polkitd’
173s dpkg: erro processando pacote polkitd (--configure):
173s o subprocesso instalado pacote polkitd scriptpost-installation retornou estado de saída de erro 1


This is not specific to polkitd. Other postinsts also fail to look up a
newly-created user:

193s Configurando udev (257.6-1) ...
193s Creating group 'input' with GID 993.
193s Creating group 'sgx' with GID 992.
193s Creating group 'kvm' with GID 991.
193s Creating group 'render' with GID 990.
193s /usr/lib/tmpfiles.d/static-nodes-permissions.conf:18: Failedto resolve group 'kvm': No such process193s /usr/lib/tmpfiles.d/static-nodes-permissions.conf:19: Failedto resolve group 'kvm': No such process193s /usr/lib/tmpfiles.d/static-nodes-permissions.conf:20: Failedto resolve group 'kvm': No such process
194s systemd-udevd.service is a disabled or a static unit, not starting it.


The error message "No such process" indicates ESRCH, but that might be
an error synthesized internally by systemd utility code to represent
"the lookup failed" rather than specifically referring to a process not
being found.

I have looked into this a bit close with help from elbrus to intercepta testbed after autopkgtest run.

Only thing I could spot is that /etc/nsswitch.conf refers to thesystemd libnss plugin. This requires systemd-userdbd.service to bestarted which is not the case in the testbed it seems.


passwd:         files systemd
group:          files systemd
shadow:         files systemd
gshadow:        files systemd

Could a non-started systemd-userdbd be the cause of the problem?

Furthermore, the recommended setup is:

passwd:         files systemd
group:          files [SUCCESS=merge] systemd
shadow:         files systemd
gshadow:        files systemd

Greets,
Mike
--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: pgpRdREN4WiXF.pgp
Description: Digitale PGP-Signatur

Reply to:

Prev by Date: debian-edu-router_2.13.5_source.changes ACCEPTED into unstable
Next by Date: Processing of debian-edu-artwork_2.13.0-1_source.changes
Previous by thread: Bug#1107744: libnss-ldapd,debian-edu-config: flaky autopkgtest for debian-edu-config: newly-created group cannot be resolved
Next by thread: Processing of debian-edu-router_2.13.5_source.changes
Index(es):
- Date
- Thread