[Pkg-utopia-maintainers] Bug#1074789: polkitd: setup uses non-failsafe manner of checking whether user/group exists

[Lionel Élie Mamane]

Running "systemd-sysusers polkitd.conf" under strace shows it tries to
connect to:

onnect(5, {sa_family=AF_UNIX, sun_path="/run/systemd/userdb/io.systemd.DynamicUser"}, 45) = -1 ECONNREFUSED (Connection refused)

this looks like it would be provided by the systemd-userdbd
package. This package is not installed on this system, and package
polkitd does not depend directly or indirectly on it.

The postinst script guards the call to systemd-sysusers by:

  if command -v systemd-sysusers >/dev/null

but that binary is part of package systemd, not
systemd-userdbd. Running it without argument returns exit code 0
(success / no error), although it prints error messages:


$ sudo systemd-sysusers; echo $?
Failed to check if group sync already exists: Connection refused
Failed to check if group _apt already exists: Connection refused
Failed to check if group nobody already exists: Connection refused
Failed to check if group polkitd already exists: Connection refused
0

Additionally, according to bash's documentation (hopefully POSIX/dash
behaviour is the same) "command -v" merely checks if the command is
found, and not if it has run successfully (which it does anyway in
this case):

  If the -V or -v option is supplied, the exit status is 0 if command
  was found, and 1 if not If neither option is supplied and an error
  occurred or command can‐ not be found, the exit status is 127.
  Otherwise, the exit sta‐ tus of the command builtin is the exit
  status of command.

$ sudo bash -c 'command -v systemd-sysusers; echo $?'
/bin/systemd-sysusers
0

Tests show that "systemd-sysusers" is not run at all with "command -v".

It looks like the guard must be changed to something that actually
checks that systemd-sysusers is functional, not merely present?