[Pkg-shadow-devel] Bug#1124793: shadow: New version breaks a lot of adduser tests

Chris Hofstaedtler zeha at debian.org
Tue Jan 6 20:24:29 GMT 2026 

Control: clone -1 -2
Control: clone -2 src:adduser 3.154
Control: block -1 by -2

Hi Marc,

Marc wrote:
> feel free to file (copy, clone) bugs against adduser. I have expected that.

Thanks, doing so.

> To minimize the fallout you might want to temporarily revert in unstable and
> make a src:shadow upload of the new version to experimental. I will probably
> not have time to take closer looks before the weekend.

I think it can stay like that in unstable for a few days. There should be no
(relevant) r-deps to pick up dependency versions or anything.

On Tue, Jan 06, 2026 at 08:46:06PM +0100, Chris Hofstaedtler wrote:
> 
> 139s autopkgtest [09:30:49]: test package-test-suite:  - - - - - - - - - - stderr - - - - - - - - - -
> 139s chpasswd: (line 1, user aust) invalid password hash
> 139s chpasswd: error detected, changes ignored
> 139s chpasswd: (line 1, user aust) invalid password hash
> 139s chpasswd: error detected, changes ignored
> 139s 
> 139s #   Failed test 'command result 0 (expected 13): /usr/sbin/adduser --stdoutmsglevel=error --stderrmsglevel=error --system --disabled-login aust'
> 139s #   at debian/tests/lib/AdduserTestsCommon.pm line 72.
> 139s #          got: ''
> 139s #     expected: '1'
> 139s chpasswd: (line 1, user aust) invalid password hash
> 139s chpasswd: error detected, changes ignored
> 139s # Looks like you failed 1 test of 90.

Upstream introduced a (simple) validation of the string passed as 
the password hash. I would suggest the following patch, which now 
disguises the test string as a "DES hash" to the check:

diff --git i/debian/tests/f/adduser_system.t w/debian/tests/f/adduser_system.t
index bb60b54..6a13f35 100755
--- i/debian/tests/f/adduser_system.t
+++ w/debian/tests/f/adduser_system.t
@@ -204,7 +204,7 @@ assert_command_success(
 assert_user_exists('aust');
 assert_user_is_system('aust');

-system('echo "aust:!foobar" | chpasswd --encrypted');
+system('echo "aust:.invalidinval" | chpasswd --encrypted');
 # with #1099734 fixed, this should fail
 assert_command_result_silent(RET_WRONG_OBJECT_PROPERTIES,
     '/usr/sbin/adduser',


> 139s #   Failed test 'command success: sh -c /usr/sbin/useradd --badname -d /home/bob -m 'bob;>/hacked' 2>/dev/null'
> 139s #   at debian/tests/lib/AdduserTestsCommon.pm line 59.
> 139s #          got: '19'
> 139s #     expected: '0'
> 139s # Looks like you failed 1 test of 3.
> 140s autopkgtest [09:30:50]: test upstream-test-suite-full: preparing testbed

> I'd guess the bob test is a result of the name-checking changes 
> upstream.

As one would expect, useradd fails now:

% /usr/sbin/useradd --badname -d /home/bob -m 'bob;>/hacked'
useradd: WARNING: --badname is deprecated and will be removed
useradd: invalid user name 'bob;>/hacked'
% echo $?
19

This seems... good. The question might become: what to do with the test then?
I'll leave that to you, as I'm not sure what the test wants to test exactly.

Best,
Chris

More information about the Pkg-shadow-devel mailing list