On Wed, Jun 07, 2023 at 08:01:23PM +0100, Justin B Rye wrote: > Marc Haber wrote: > > I am really sorry for this. #1037171 is an embarrassing one, sadly too > > late for the release, but I'll try to do a fix via spu. > > I gather from the version data that when the bug submitter says buster > that's a typo for bookworm?
Yes. It is. > > Suggested wording for something along chapter 5.4: > > It'll also need a section title and a summary of what the bug actually > is, which isn't completely clear to me. Does the bug mean that > bullseye systems where aide was already working will break on > dist-upgrade to bookworm, or is it only a bug for systems where aide > is installed subsequently? Sadly, aide will be broken after upgrades. bookworm's aide is the first version that doesn't run as root and thus needs the account. >I'm guessing: > > <section id="aide-user-creation-bug"> > <title>Bug in <literal>aide</literal> user creation</title> > <para> > The version of <systemitem role="package">aide</systemitem> in the > initial 12.0 release of bookworm has a bug > (<ulink url="https://bugs.debian.org/1037171";>#1037171</ulink>) in > its package scripts which results in the <literal>_aide</literal> > user not being created, preventing <command>aideinit</command> > from creating a new database. > </para> Yes. It prevents the package from working at all on systemd systems at least. > > Before upgrading your aide packages, create > > So this needs to be done before the dist-upgrade? It is the cleanest way, yes. Or the local admin can reinstall aide after creating the account. > > /usr/lib/sysusers.d/aide-common.conf with the following contents: > > Isn't this the sort of thing that's usually overridable via files with > names like /etc/sysusers.d/aide-common.conf? I'll assume for now that > this needs to live in /usr/lib (because we *want* it trampled when the > point release version installs its own copy). Yes. That's the idea. > > #Type Name ID GECOS > > Home directory Shell↲ > > u _aide - "Advanced Intrusion Detection Environment" > > /var/lib/aide /usr/sbin/nologin↲ > > (I'm assuming "↲" just means "newline"...) Yes, sorry, that's a cut and paste error. > > > and call systemd-sysusers to work around Bug #1037171. > > (...and that this is a plain root-privileged invocation of bullseye > "systemd-sysusers". So:) > > <para> > The bug can be avoided by creating the user before the dist-upgrade. > Create a file <filename>/usr/lib/sysusers.d/aide-common.conf</filename> > containing: > <screen> > #Type Name ID GECOS Home directory > Shell > u _aide - "Advanced Intrusion Detection Environment" /var/lib/aide > /usr/sbin/nologin > </screen> > and then run <command>systemd-sysusers</command>. > </para> > </section> Yes, that's it. Thanks for helping. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
