Bug#963788: systemd: please make user order and ids of systemd and systemd-timesyncd reproducible

Johannes 'josch' Schauer josch at debian.org
Sat Jun 27 06:54:53 BST 2020


Source: systemd
Severity: normal
User: reproducible-builds at lists.alioth.debian.org
Usertags: randomness

Hi,

the packages systemd and systemd-timesyncd depend on each other. This
means, that they form a dependency cycle and it is impossible to figure
out whether the postinst script of systemd or systemd-timesyncd should
be executed first. But depending on which postinst script is executed
first, the systemd-{journal,network,resolve} users from the systemd
postinst and the systemd-timesync user from the systemd-timesyncd
package will end up with differing user ids because they are chosen
sequentially, starting with 101. In addition to the user ids, the order
of users and their associated groups will differ in /etc/shadow,
/etc/passwd, /etc/group and associated files.

This is problem for reproducible installations because the exact same
package set, consisting of systemd and systemd-timesyncd can result in a
different system after installation.

Thanks!

cheers, josch



More information about the Pkg-systemd-maintainers mailing list