Bug#806406: 1.1 regression: apt-get hangs forever, due to missing "_apt" user
Control: severity -1 important
On Fri, Nov 27, 2015 at 09:27:05AM +0100, Martin Pitt wrote:
> Package: apt
> Version: 1.1
> Severity: grave
>
> Hello,
>
> after dist-upgrading my sid schroot today, apt-get hangs forever. I
> suspected some local schroot breakage, so I wiped it and tried to
> rebuild one, but "mk-sbuild sid" hangs there too when it did the
> initial bootstrap and runs "apt-get update" in the schroot. Killing
> them, trying to chroot into the half-created env myself and running
> with debugging gives the output below.
>
> Dist-upgrading a jessie schroot to sid works on the other hand.
>
> Michael figured out that this is because apt expects the "_apt" system
> user. This isn't present in a fresh debootstrap, and also gets wiped
> with schroot as that usually copies /etc/passwd and friends from the
> host (which does not have the _apt user).
Why is it not present in a fresh debootstrap? APT is not essential,
so it is not supposed to be run without its postinst being run
first.
And in fact, I just did a debootstrap of sid, and everything
worked fine, and the _apt user was created as it should be.
Maybe sbuild is doing something messed up.
>
> For a critical package like apt which is part of deboostrap it's
> generally not a good idea to rely on a dynamic system user. Please try
> to avoid the _apt user altogether -- it cannot be relied upon and also
> looks a bit like clutter. If you want to run http with reduced
> privileges, could you use an existing static user, like "sys" or
> "daemon"?
The _apt user actually owns the partial directory and the files
below it. We cannot do this safely with a static user.
--
Julian Andres Klode - Debian Developer, Ubuntu Member
See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to (`inline'). Thank you.
Reply to: