[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#930428: debootstrap should ensure matching _apt uid



> But the effects of the patch are different from calling adduser, for
> example the _apt user it creates has no entry in /etc/shadow.  Such
> inconsistencies are not good.

Oops. Added a fix for that to the merge request.


> P.S.: the patch seems ok to me, I don't like hard-conding the _apt user
> line in /etc/passwd, as apt postinst uses adduser, but it's not clear
> to me when adduser is installed during debootstrap

adduser and apt are installed as part of the base packages.
base-passwd is installed earlier as part of the required packages.
Hence I also added a fix that moves the setup_* calls for apt directly
before the base package installation.

With that I get the following log output:
$ debootstrap ...
...
I: Configuring required packages...
...
I: Configuring base-passwd...
...
I: Unpacking the base system...
I: Added _apt user with uid 103
I: Unpacking adduser...
I: Unpacking apt...
...


> Do you think there should be logic in debootstrap to handle the case of
> trying to have the same UID within a chroot and outside, or could you
> apply for a static UID assignment? I would also prefer the latter, but I
> honestly don't know how messy the migration would be...

I would prefer if _apt would use a reserved uid (reserved by
base-passwd). I presume that the migration of the existing _apt user
would be messy though, particularly because of existing firewall
rules. So I suggest reserving a completely new user name / uid in
base-passwd for that purpose. As the _apt user seems to only be used
for fetches the new user could be named _apt_fetch.

On Sun, Jun 23, 2019 at 3:18 PM Philipp Kern <phil@philkern.de> wrote:
>
> On 2019-06-21 07:51, Trek wrote:
> > On Thu, 20 Jun 2019 22:31:15 +0200
> > Ansgar Burchardt <ansgar@43-1.org> wrote:
> >
> >> If _apt deserves a special solution, I would suggest assigning the
> >> _apt user a static uid instead of patching debootstrap.
> >
> > it seems to me the simplest approach, from a technical point of view,
> > and it's the one I'm using since _apt user was introduced (making sure
> > uids match)
>
> Adding deity@l.d.o. APT maintainers, please see the context in the bug.
> Do you think there should be logic in debootstrap to handle the case of
> trying to have the same UID within a chroot and outside, or could you
> apply for a static UID assignment? I would also prefer the latter, but I
> honestly don't know how messy the migration would be...
>
> (If so, I guess this bug should be reassigned to apt.)
>
> Kind regards and thanks
> Philipp Kern


Reply to: