Debian Bug report logs - #565613
overwrites customized /etc/passwd and /etc/group

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Sascha Silbe <sascha-debian-bugs-exim4-1@silbe.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: exim4: syntax error: unknown group 'Debian-exim' in statoverride file

Date: Sun, 17 Jan 2010 13:21:18 +0100

Package: exim4
Severity: critical
Justification: breaks unrelated software


Reason for marking critical: Until /var/lib/dpkg/statoverride is fixed manually (even dpkg-statoverride --remove doesn't work anymore) all package management operations fail.

Replacing exim4 with nullmailer causes aptitude/dpkg to break:

dpkg: unrecoverable fatal error, aborting:
 syntax error: unknown group 'Debian-exim' in statoverride file
E: Sub-process /usr/bin/dpkg returned an error code (2)

=== Begin full transcript ===
(sugar-deb)sascha.silbe@flatty:~$ sudo aptitude purge exim4 exim4-base exim4-config exim4-daemon-light
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Reading extended state information       
Initializing package states... Done
Reading task descriptions... Done  
The following packages are BROKEN:
  bsd-mailx 
The following packages will be REMOVED:
  exim4{p} exim4-base{p} exim4-config{p} exim4-daemon-light{p} 
0 packages upgraded, 0 newly installed, 4 to remove and 45 not upgraded.
Need to get 0B of archives. After unpacking 3924kB will be freed.
The following packages have unmet dependencies:
  bsd-mailx: Depends: exim4 but it is not installable or
                      mail-transport-agent which is a virtual package.
The following actions will resolve these dependencies:

Install the following packages:
xmail [1.25-4.1 (testing, unstable)]

Score is 39

Accept this solution? [Y/n/q/?] n
The following actions will resolve these dependencies:

Install the following packages:
ssmtp [2.64-1 (testing, unstable)]

Score is 39

Accept this solution? [Y/n/q/?] n
The following actions will resolve these dependencies:

Install the following packages:
nullmailer [1:1.04-1.2 (testing, unstable)]

Score is 39

Accept this solution? [Y/n/q/?] y
The following NEW packages will be installed:
  nullmailer{a} 
The following packages will be REMOVED:
  exim4{p} exim4-base{p} exim4-config{p} exim4-daemon-light{p} 
0 packages upgraded, 1 newly installed, 4 to remove and 45 not upgraded.
Need to get 88.3kB of archives. After unpacking 3527kB will be freed.
Do you want to continue? [Y/n/?] 
Writing extended state information... Done
Get:1 http://ftp.de.debian.org squeeze/main nullmailer 1:1.04-1.2 [88.3kB]
Fetched 88.3kB in 0s (460kB/s)
Preconfiguring packages ...
(Reading database ... 64356 files and directories currently installed.)
Removing exim4 ...
Purging configuration files for exim4 ...
dpkg: exim4-config: dependency problems, but removing anyway as you requested:
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.
Removing exim4-config ...
Purging configuration files for exim4-config ...
dpkg-statoverrides: unrecoverable fatal error, aborting:
 syntax error: unknown group 'Debian-exim' in statoverride file
dpkg-statoverrides: unrecoverable fatal error, aborting:
 syntax error: unknown group 'Debian-exim' in statoverride file
dpkg: exim4-daemon-light: dependency problems, but removing anyway as you requested:
 bsd-mailx depends on exim4 | mail-transport-agent; however:
  Package exim4 is not installed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.
Removing exim4-daemon-light ...
************************************
All rc.d operations denied by policy
************************************
Purging configuration files for exim4-daemon-light ...
Removing exim4-base ...
************************************
All rc.d operations denied by policy
************************************
Purging configuration files for exim4-base ...
Processing triggers for man-db ...
dpkg: unrecoverable fatal error, aborting:
 syntax error: unknown group 'Debian-exim' in statoverride file
E: Sub-process /usr/bin/dpkg returned an error code (2)
A package failed to install.  Trying to recover:
Reading package lists... Done             
Building dependency tree       
Reading state information... Done
Reading extended state information       
Initializing package states... Done
Writing extended state information... Done
Reading task descriptions... Done         

Current status: 1 broken [+1], 45 updates [-4].
(sugar-deb)sascha.silbe@flatty:~$ grep exim /var/lib/dpkg/statoverride
root Debian-exim 0640 /etc/exim4/passwd.client
(sugar-deb)sascha.silbe@flatty:~$ sudo aptitude install nullmailer
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Reading extended state information       
Initializing package states... Done
Reading task descriptions... Done  
The following NEW packages will be installed:
  nullmailer 
The following packages will be REMOVED:
  libdb4.6{u} 
0 packages upgraded, 1 newly installed, 1 to remove and 45 not upgraded.
Need to get 0B/88.3kB of archives. After unpacking 799kB will be freed.
Do you want to continue? [Y/n/?] 
Writing extended state information... Done
Preconfiguring packages ...
(Reading database ... 64155 files and directories currently installed.)
Removing libdb4.6 ...
dpkg: unrecoverable fatal error, aborting:
 syntax error: unknown group 'Debian-exim' in statoverride file
E: Sub-process /usr/bin/dpkg returned an error code (2)
A package failed to install.  Trying to recover:
Reading package lists... Done             
Building dependency tree       
Reading state information... Done
Reading extended state information       
Initializing package states... Done
Writing extended state information... Done
Reading task descriptions... Done         

(sugar-deb)sascha.silbe@flatty:~$ sudo dpkg-statoverride --remove /etc/exim4/passwd.client
dpkg-statoverrides: unrecoverable fatal error, aborting:
 syntax error: unknown group 'Debian-exim' in statoverride file
(sugar-deb)sascha.silbe@flatty:~$ sudo vi /var/lib/dpkg/statoverride
(sugar-deb)sascha.silbe@flatty:~$ sudo aptitude install nullmailer
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Reading extended state information       
Initializing package states... Done
Reading task descriptions... Done  
The following NEW packages will be installed:
  nullmailer 
0 packages upgraded, 1 newly installed, 0 to remove and 45 not upgraded.
Need to get 0B/88.3kB of archives. After unpacking 397kB will be used.
Writing extended state information... Done
Preconfiguring packages ...
Selecting previously deselected package nullmailer.
(Reading database ... 64151 files and directories currently installed.)
Unpacking nullmailer (from .../nullmailer_1%3a1.04-1.2_armel.deb) ...
Processing triggers for man-db ...
Setting up nullmailer (1:1.04-1.2) ...
************************************
All rc.d operations denied by policy
************************************
Reading package lists... Done             
Building dependency tree       
Reading state information... Done
Reading extended state information       
Initializing package states... Done
Writing extended state information... Done
Reading task descriptions... Done         

Current status: 0 broken [-1].
(sugar-deb)sascha.silbe@flatty:~$
=== End full transcript ===


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: armel (armv5tel)

Kernel: Linux 2.6.32-rc4-flatty-ocf-1-00019-g8b6ae29
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Message #10 received at 565613@bugs.debian.org (full text, mbox, reply):

From: Andreas Metzler <ametzler@downhill.at.eu.org>

To: Sascha Silbe <sascha-debian-bugs-exim4-1@silbe.org>, 565613@bugs.debian.org

Subject: Re: Bug#565613: exim4: syntax error: unknown group 'Debian-exim' in statoverride file

Date: Sun, 17 Jan 2010 13:50:24 +0100

On 2010-01-17 Sascha Silbe <sascha-debian-bugs-exim4-1@silbe.org> wrote:
> Package: exim4
> Severity: critical
> Justification: breaks unrelated software


> Reason for marking critical: Until /var/lib/dpkg/statoverride is fixed manually (even dpkg-statoverride --remove doesn't work anymore) all package management operations fail.

> Replacing exim4 with nullmailer causes aptitude/dpkg to break:

> dpkg: unrecoverable fatal error, aborting:
>  syntax error: unknown group 'Debian-exim' in statoverride file
> E: Sub-process /usr/bin/dpkg returned an error code (2)
[...]

Hello,

the major question is: What/who removed the Debian-exim group? The
exim4 packages don't.

cu andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Message #19 received at 565613@bugs.debian.org (full text, mbox, reply):

From: Sascha Silbe <sascha-debian-bugs-exim4-1@silbe.org>

To: Andreas Metzler <ametzler@downhill.at.eu.org>

Cc: 565613@bugs.debian.org, control@bugs.debian.org

Subject: Re: Bug#565613: exim4: syntax error: unknown group 'Debian-exim' in statoverride file

Date: Sun, 17 Jan 2010 18:41:34 +0100

[Message part 1 (text/plain, inline)]

reassign 565613 schroot 1.2.3-1+b1
retitle 565613 overwrites customized /etc/passwd and /etc/group
thanks

On Sun, Jan 17, 2010 at 01:50:24PM +0100, Andreas Metzler wrote:

> the major question is: What/who removed the Debian-exim group?
I found the culprit: With the default configuration schroot (used to 
managed the chroots this happened in) copies /etc/{passwd,group} from 
the host to the chroot, overwriting any changes done within the chroot.
So we can reassign this bug to schroot. Not sure about the severity; 
while it certain breaks the system inside the chroot (and thus is a 
significant bug) schroot manages that system, so it's not exactly 
"unrelated".

schroot certainly shouldn't overwrite /etc/passwd and /etc/group by 
default. It makes a lot of sense to copy over additional account 
information from the host, but not to remove users and groups that have 
been added inside the chroot.

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/

[signature.asc (application/pgp-signature, inline)]

Message #30 received at 565613@bugs.debian.org (full text, mbox, reply):

From: Roger Leigh <rleigh@codelibre.net>

To: 565613@bugs.debian.org

Cc: Sascha Silbe <sascha-debian-bugs-exim4-1@silbe.org>, Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>

Subject: Re: [buildd-tools-devel] Processed: Re: Bug#565613: exim4: syntax error: unknown group 'Debian-exim' in statoverride file

Date: Mon, 18 Jan 2010 18:45:23 +0000

[Message part 1 (text/plain, inline)]

On Mon, Jan 18, 2010 at 05:48:10PM +0000, Debian Bug Tracking System wrote:
> Processing commands for control@bugs.debian.org:
> Bug reassigned from package 'exim4' to 'schroot'.
> Bug #565613 [schroot] exim4: syntax error: unknown group 'Debian-exim' in statoverride file
> Bug Marked as found in versions schroot/1.2.3-1.
> > retitle 565613 overwrites customized /etc/passwd and /etc/group
> Bug #565613 [schroot] exim4: syntax error: unknown group 'Debian-exim' in statoverride file
> Changed Bug title to 'overwrites customized /etc/passwd and /etc/group' from 'exim4: syntax error: unknown group 'Debian-exim' in statoverride file'

Thanks for the report.

schroot can not (does not) support running dæmons such as exim.
At least, not sensibly.  The chroot does not by default have
any running daemons such as syslog, and the init scripts need
invoking manually.  Lastly, unless you're using the "plain"
chroot type, the chroot will be umounted when schroot terminates
(or the session is ended), and all running processes in the chroot
are terminated prior to this.

That said, this is definitely a bug, though the severity is
debatable.  For most uses of schroot, the existing default is
appropriate.  It's not a separate system from the host, so using
the same system databases is OK.  What's not OK is losing
data inside the chroot.

We could add logic to compare the two and merge the differences
rather than using the existing approach of replacing the whole lot.
But, there would be issues of having different accounts with the same
UID/GID where dynamically added entires conflict between the host and
the chroot.

For now, I would suggest disabling the update in your specific case.
Any suggestions about how best to solve this would be appreciated,
and patches even more so.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

[signature.asc (application/pgp-signature, inline)]

Message #35 received at 565613@bugs.debian.org (full text, mbox, reply):

From: Sascha Silbe <sascha-debian-bugs-exim4-1@silbe.org>

To: Roger Leigh <rleigh@codelibre.net>

Cc: 565613@bugs.debian.org, Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>

Subject: Re: Bug#565613: exim4: syntax error: unknown group 'Debian-exim' in statoverride file

Date: Tue, 19 Jan 2010 00:34:38 +0100

[Message part 1 (text/plain, inline)]

On Mon, Jan 18, 2010 at 06:45:23PM +0000, Roger Leigh wrote:

> schroot can not (does not) support running dæmons such as exim.
The problem was not running it, but removing it (because it used 
dpkg-statoverride with a "custom" group). It was installed via some 
dependency chain (about any non-trivial installation pulls in an MTA and 
exim4 is the default, for better or worse).

> We could add logic to compare the two and merge the differences
> rather than using the existing approach of replacing the whole lot.
That would be the golden way of course. In practice I think it would 
suffice to have schroot detect that the files inside the chroot have 
been changed (by comparing with a stored checksum) and refuse to 
overwrite them (with an appropriate warning printed).

At the very least the defaults should be commented out with a warning 
what might break.

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/

[signature.asc (application/pgp-signature, inline)]

Message #40 received at 565613@bugs.debian.org (full text, mbox, reply):

From: Sascha Silbe <sascha-debian-bugs-exim4-1@silbe.org>

To: Roger Leigh <rleigh@codelibre.net>

Cc: 565613@bugs.debian.org, Debian buildd-tools Developers <buildd-tools-devel@lists.alioth.debian.org>

Subject: Re: Bug#565613: overwrites customized /etc/passwd and /etc/group

Date: Sat, 23 Jan 2010 13:26:32 +0100

[Message part 1 (text/plain, inline)]

On Tue, Jan 19, 2010 at 12:34:38AM +0100, Sascha Silbe wrote:

>> We could add logic to compare the two and merge the differences
>> rather than using the existing approach of replacing the whole lot.
> That would be the golden way of course.
Thinking twice about it the proper way to do it would be to use 
libnss-extrausers inside the chroot and let schroot copy 
/etc/{passwd,...} from the host to /var/lib/extrausers/ within the 
chroot.
This currently fails in my case since my users have "users" (GID 100) as 
their primary group, but that's a different bug. [1]


[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566399

CU Sascha

-- 
http://sascha.silbe.org/
http://www.infra-silbe.de/

[signature.asc (application/pgp-signature, inline)]

Message #49 received at 565613@bugs.debian.org (full text, mbox, reply):

From: Nicholas Brown <nickbroon@gmail.com>

To: 565613@bugs.debian.org

Date: Tue, 26 Jan 2021 17:25:23 +0000

[Message part 1 (text/plain, inline)]

This is an issue when creating Debian schroot on a Ubuntu host.

It's specifically mentioned here, with a workaround:
https://wiki.ubuntu.com/SecurityTeam/BuildEnvironment#Creating_the_schroots
```
Note 2: Debian schroots pull in exim4-base but Ubuntu systems do not. Due
to Debian bug #565613 the passwd and group databases are pulled in from the
host, overwriting what is in the chroot. Since Ubuntu by default does not
have exim4-base installed, the user isn't there and you will end up with
errors like this when updating the schroot at a later date: dpkg: syntax
error: unknown group Debian-exim' in statusoverride file`. You can either
create the user/group on the Ubuntu host or remove the exim4-base package
from the schroot (this may not work with older Debian releases):

$ schroot -u root -c source:sid-amd64 -- apt-get remove --purge -y
--force-yes exim4-base
$ schroot -u root -c source:sid-amd64 -- cp /var/lib/dpkg/statoverride-old
/var/lib/dpkg/statoverride # remove
```

It would be great if the work around could be avoided.
Is there any traction on getting schroot to do some sort of merging of
passwd/group instead of just replacing just copying the hosts into the
chroot?

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.