Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected] Control: affects -1 + src:mmdebstrap User: [email protected] Usertags: pu
[ Reason ] This update adds UID support for subuids as requested in #1110876 (for sbuld). We found this while working on adding unshare support to the porterboxes. Fixing this in trixie would greatly simplify the work of DSA. [ Impact ] Without this we can't use mmdebstrap on the porterboxes. [ Tests ] sbuild has tests and autopkgtests which succeed and the patch adds a new test for the new use case. I also ran manual tests on a porterbox and my own system. [ Risks ] None, this just adds a new functionality where mmdebstrap threw an error before. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] The old code checks for the username in /etc/subuid and /etc/subgid and errors out if it does not find it. According to subuid(5) and subgid(5) the files can contain a username or numerical user ID (UID). The patch tests for the UID in addition.
diff --git a/debian/changelog b/debian/changelog index c63b606..5a349d4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +mmdebstrap (1.5.7-1+deb13u1) trixie; urgency=medium + + [ Jochen Sprickerhof ] + * Support numeric UID in /etc/sub[ug]id + + [ Johannes Schauer Marin Rodrigues ] + * add test for numeric UID in /etc/sub[ug]id + + -- Jochen Sprickerhof <[email protected]> Sat, 16 Aug 2025 09:17:59 +0200 + mmdebstrap (1.5.7-1) unstable; urgency=medium * New upstream version 1.5.7 diff --git a/debian/patches/0001-Support-numeric-UID-in-etc-sub-ug-id.patch b/debian/patches/0001-Support-numeric-UID-in-etc-sub-ug-id.patch new file mode 100644 index 0000000..c18f192 --- /dev/null +++ b/debian/patches/0001-Support-numeric-UID-in-etc-sub-ug-id.patch @@ -0,0 +1,97 @@ +From 6f0a2fcd7f0b21a69d6c2b7c90272a132ed58ff5 Mon Sep 17 00:00:00 2001 +From: Jochen Sprickerhof <[email protected]> +Date: Sun, 10 Aug 2025 18:06:47 +0200 +Subject: [PATCH] Support numeric UID in /etc/sub[ug]id + +Numeric user ids are supported in /etc/sub[ug]id since shadow 4.3.0, see +https://github.com/shadow-maint/shadow/commit/a113b87c4 so since before +Debian Bullseye. + +sbuild added support for them in 8779a02190 see also +https://salsa.debian.org/debian/sbuild/-/merge_requests/197 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110876 + +This was because porterboxes were configured with numeric uids, see +https://rt.debian.org/Ticket/Display.html?id=9664 +--- + coverage.txt | 3 +++ + mmdebstrap | 8 ++++---- + tests/numeric-uid-gid | 17 +++++++++++++++++ + 3 files changed, 24 insertions(+), 4 deletions(-) + create mode 100644 tests/numeric-uid-gid + +diff --git a/coverage.txt b/coverage.txt +index be105dd..4539dd4 100644 +--- a/coverage.txt ++++ b/coverage.txt +@@ -436,3 +436,6 @@ Modes: unshare + + Test: empty-suite + Needs-APT-Config: true ++ ++Test: numeric-uid-gid ++Needs-QEMU: true +diff --git a/mmdebstrap b/mmdebstrap +index 075582e..6ac88aa 100755 +--- a/mmdebstrap ++++ b/mmdebstrap +@@ -1455,14 +1455,14 @@ sub read_subuid_subgid { + } + while (my $line = <$fh>) { + ($n, $subid, $num_subid) = split(/:/, $line, 3); +- last if ($n eq $username); ++ last if ($n eq $username || $n eq $REAL_USER_ID); + } + close $fh; + if (!length $subid) { + maybe_warn("/etc/subuid is empty"); + return; + } +- if ($n ne $username) { ++ if ($n ne $username && $n ne $REAL_USER_ID) { + maybe_warn("no entry in /etc/subuid for $username"); + return; + } +@@ -1493,14 +1493,14 @@ sub read_subuid_subgid { + } + while (my $line = <$fh>) { + ($n, $subid, $num_subid) = split(/:/, $line, 3); +- last if ($n eq $username); ++ last if ($n eq $username || $n eq $REAL_USER_ID); + } + close $fh; + if (!length $subid) { + maybe_warn("/etc/subgid is empty"); + return; + } +- if ($n ne $username) { ++ if ($n ne $username && $n ne $REAL_USER_ID) { + maybe_warn("no entry in /etc/subgid for $username"); + return; + } +diff --git a/tests/numeric-uid-gid b/tests/numeric-uid-gid +new file mode 100644 +index 0000000..2438f15 +--- /dev/null ++++ b/tests/numeric-uid-gid +@@ -0,0 +1,17 @@ ++#!/bin/sh ++set -eu ++export LC_ALL=C.UTF-8 ++export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }} ++ ++trap "rm -f /tmp/debian-chroot.tar" EXIT INT TERM ++ ++if [ ! -e /mmdebstrap-testenv ]; then ++ echo "this test modifies the system and should only be run inside a container" >&2 ++ exit 1 ++fi ++# create a new user with known uid ++useradd --home-dir /home/user --create-home --uid 1000 user ++# create a subuid file with a numeric entry instead of using the username ++echo 1000:100000:65536 >/etc/subuid ++runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }} ++cmp ./cache/mmdebstrap-{{ DIST }}-apt.tar /tmp/debian-chroot.tar +-- +2.39.5 + diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..8594d4f --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +0001-Support-numeric-UID-in-etc-sub-ug-id.patch
