Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1037171: aide: fresh aide package install fails to add the requried _aide user to system
39 views
Skip to first unread message
Marc Haber
Jun 7, 2023, 1:40:05 PM6/7/23
to
Control: tags -1 confirmed
Control: found -1 0.18.1-1
thanks
This confirmation also applies to the severity of the issue :-( that
slipped itself in in March 2023 with 0.18.1-1. dh_installsysusers is not
called by the normal dh sequence in dh compat level 13 which leads to
the user not being created at package installation.
Patch to source package:
diff -Nru aide-0.18.3/debian/aide-common.postinst aide-0.18.3/debian/aide-common.postinst
--- aide-0.18.3/debian/aide-common.postinst 2023-04-20 23:50:04.000000000 +0200
+++ aide-0.18.3/debian/aide-common.postinst 2023-05-18 10:25:22.000000000 +0200
@@ -45,18 +45,6 @@
# added updating to 0.18-1
rm -rf /var/tmp/aide.cron.daily /var/tmp/aide.cron.daily.old.*
-if dpkg --compare-versions "$2" lt 0.17.5-1; then
- # we're updating from a version earlier than 0.17.5, chown logs
- # and databases
- chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true
- chmod --quiet 2755 /var/log/aide || true
- chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true
-fi
-if dpkg --compare-versions "$2" lt 0.18-3; then
- # we're updating from a version earlier than 0.18-3, chown aideinit logs
- chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true
-fi
-
rm -f /var/lib/aide/aide.conf.autogenerated
if dpkg --compare-versions "$2" le "0.16-1"; then
# we're updating from a version earlier than 0.16-1, rename DHCP conffiles
@@ -96,6 +84,20 @@
#DEBHELPER#
+# this needs to be after debhelper, otherwise the account doesn't
+# yet exist.
+if dpkg --compare-versions "$2" lt 0.17.5-1; then
+ # we're updating from a version earlier than 0.17.5, chown logs
+ # and databases
+ chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true
+ chmod --quiet 2755 /var/log/aide || true
+ chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true
+fi
+if dpkg --compare-versions "$2" lt 0.18-3; then
+ # we're updating from a version earlier than 0.18-3, chown aideinit logs
+ chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true
+fi
+
exit 0
# vim:sw=4:sts=4:et:
diff -Nru aide-0.18.3/debian/rules aide-0.18.3/debian/rules
--- aide-0.18.3/debian/rules 2023-04-20 23:50:04.000000000 +0200
+++ aide-0.18.3/debian/rules 2023-05-18 10:25:22.000000000 +0200
@@ -33,6 +33,10 @@
override_dh_auto_configure:
dh_auto_configure -- $(strip ${COMMON_CONFIGURE_ARGS}) $(strip ${EXTRA_CONFIGURE_ARGS})
+# make this execute_after_dh_auto_install after bookworm
override_dh_auto_install:
dh_auto_install
dh_installsystemd --name=dailyaidecheck
+ # this is needed until dh compat 14
+ dh_installsysusers
+
A run-time fix would be to call
adduser --system --home /var/lib/aide --shell /usr/sbin/nologin _aide
before package installation.
or to drop the following file
#Type Name ID GECOS Home directory Shell
u _aide - "Advanced Intrusion Detection Environment" /var/lib/aide /usr/sbin/nologin
in /usr/lib/sysusers.d/aide-common.conf and execute systemd-sysusers.
A fixed package will be brought on the way by means of stable proposed
updates and a bookworm point release.
Greetings
Marc
Control: found -1 0.18.1-1
thanks
This confirmation also applies to the severity of the issue :-( that
slipped itself in in March 2023 with 0.18.1-1. dh_installsysusers is not
called by the normal dh sequence in dh compat level 13 which leads to
the user not being created at package installation.
Patch to source package:
diff -Nru aide-0.18.3/debian/aide-common.postinst aide-0.18.3/debian/aide-common.postinst
--- aide-0.18.3/debian/aide-common.postinst 2023-04-20 23:50:04.000000000 +0200
+++ aide-0.18.3/debian/aide-common.postinst 2023-05-18 10:25:22.000000000 +0200
@@ -45,18 +45,6 @@
# added updating to 0.18-1
rm -rf /var/tmp/aide.cron.daily /var/tmp/aide.cron.daily.old.*
-if dpkg --compare-versions "$2" lt 0.17.5-1; then
- # we're updating from a version earlier than 0.17.5, chown logs
- # and databases
- chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true
- chmod --quiet 2755 /var/log/aide || true
- chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true
-fi
-if dpkg --compare-versions "$2" lt 0.18-3; then
- # we're updating from a version earlier than 0.18-3, chown aideinit logs
- chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true
-fi
-
rm -f /var/lib/aide/aide.conf.autogenerated
if dpkg --compare-versions "$2" le "0.16-1"; then
# we're updating from a version earlier than 0.16-1, rename DHCP conffiles
@@ -96,6 +84,20 @@
#DEBHELPER#
+# this needs to be after debhelper, otherwise the account doesn't
+# yet exist.
+if dpkg --compare-versions "$2" lt 0.17.5-1; then
+ # we're updating from a version earlier than 0.17.5, chown logs
+ # and databases
+ chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true
+ chmod --quiet 2755 /var/log/aide || true
+ chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true
+fi
+if dpkg --compare-versions "$2" lt 0.18-3; then
+ # we're updating from a version earlier than 0.18-3, chown aideinit logs
+ chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true
+fi
+
exit 0
# vim:sw=4:sts=4:et:
diff -Nru aide-0.18.3/debian/rules aide-0.18.3/debian/rules
--- aide-0.18.3/debian/rules 2023-04-20 23:50:04.000000000 +0200
+++ aide-0.18.3/debian/rules 2023-05-18 10:25:22.000000000 +0200
@@ -33,6 +33,10 @@
override_dh_auto_configure:
dh_auto_configure -- $(strip ${COMMON_CONFIGURE_ARGS}) $(strip ${EXTRA_CONFIGURE_ARGS})
+# make this execute_after_dh_auto_install after bookworm
override_dh_auto_install:
dh_auto_install
dh_installsystemd --name=dailyaidecheck
+ # this is needed until dh compat 14
+ dh_installsysusers
+
A run-time fix would be to call
adduser --system --home /var/lib/aide --shell /usr/sbin/nologin _aide
before package installation.
or to drop the following file
#Type Name ID GECOS Home directory Shell
u _aide - "Advanced Intrusion Detection Environment" /var/lib/aide /usr/sbin/nologin
in /usr/lib/sysusers.d/aide-common.conf and execute systemd-sysusers.
A fixed package will be brought on the way by means of stable proposed
updates and a bookworm point release.
Greetings
Marc
0 new messages