Bug#1035820: 9base: leaves entries in /etc/shells after upgrade from bullseye

Mon, 12 Jun 2023 22:33:15 -0700 

Hi Andreas,

On Mon, Jun 12, 2023 at 07:40:32PM +0200, Andreas Beckmann wrote:
> > It's a 12 byte difference. That's not 9base's entries. What you see here
> > is "/usr/bin/sh\n". So this is a /usr-merge bug. We already know it.
> > Thus force-merging.
> 
> No, it's "/usr/bin/rc\n".

Huh! I stand corrected.

> # cat /usr/share/debianutils/shells.d/plan9
> /bin/rc
> /usr/lib/plan9/bin/rc
> 
> If I install 9base in an unmerged-/usr sid chroot, I get
> 
> # /etc/shells: valid login shells
> /bin/sh
> /bin/bash
> /bin/rbash
> /bin/dash
> /bin/rc
> /usr/lib/plan9/bin/rc
> /usr/lib/plan9/bin/rc
> 
> who is responsible for the duplicate entry?

This is caused by update-shells and the code it carries to support
/usr-merge. When it encounters /bin/rc, it canonicalizes it using
dpkg-realpath and adds it as well. So the first duplicate is the
canonicalization of /bin/rc and the second one is the actual entry.

In essence, the /usr-merge implementation in update-shells assumes that
any kind of symlinking for shells happens due to /usr-merge. This
assumption is false and violated by the use of update-alternatives.

In update-shells, we should not resolve the final link, but only
directory components as those are the ones that may lead to aliasing
effects. Instead of

    realshell=$(dirname "$(dpkg-realpath --root "$ROOT" "$line")")/$(basename 
"$line")

we probably should have said

    realshell="$(dpkg-realpath --root "$ROOT" "$(dirname "$line")")/$(basename 
"$line")"

and with that, we'd pass /bin rather than /bin/rc to dpkg-realpath and
avoid resolving the alternative.

> If I reconfigure usrmerge afterwards, I get
> 
> # /etc/shells: valid login shells
> /bin/sh
> /bin/bash
> /usr/bin/bash
> /bin/rbash
> /usr/bin/rbash
> /bin/dash
> /usr/bin/dash
> /usr/bin/sh
> /bin/rc
> /usr/lib/plan9/bin/rc
> /usr/lib/plan9/bin/rc
> /usr/bin/rc
> 
> Now we got the additional /usr/bin/rc entry

The entry is added by /usr/lib/usrmerge/convert-etc-shells (which is the
policy violation this bug has been merged into). The merging strategy
there is based on a knowledge of the symlinks that should exist rather
than looking them up in the filesystem.

So this is two distinct bugs actually. We also need to fix update-shells
to properly deal with update-alternatives using the patch above.

Thank you Andreas for your persistence on this.

Helmut

Reply via email to