buster: UID/GID stability?

I’ve just pushed 483c87dd82d35fa4aacf73911a34c4cbd043ca98 to fix the FTBFS due to a fuzzy patch, and stumbled upon a new issue.

I thought this had been disabled in buster but apparently not (as the last and only commit to this file is 46c028aa4b230fd76673b997a4bb2d3e4303b2f0, dated mid-2018):

Checking UIDs and GIDs stability
/usr/share/tails/build/passwd /etc/passwd differ: char 1256, line 24
/etc/passwd differs from expected:
--- /usr/share/tails/build/passwd   2019-03-20 09:28:36.000000000 +0000
+++ /etc/passwd 2019-03-22 09:13:40.039408082 +0000
@@ -21,13 +21,13 @@
 systemd-network:x:102:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
 systemd-resolve:x:103:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
 memlockd:x:104:109:memlockd system account,,,:/usr/lib/memlockd:/bin/false
-debian-tor:x:105:110::/var/lib/tor:/bin/false
-messagebus:x:106:112::/nonexistent:/usr/sbin/nologin
-monkeysphere:x:107:113:monkeysphere authentication user,,,:/var/lib/monkeysphere:/bin/bash
-colord:x:108:117:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
-saned:x:109:119::/var/lib/saned:/usr/sbin/nologin
-speech-dispatcher:x:110:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
-pulse:x:111:120:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin
+messagebus:x:105:110::/nonexistent:/usr/sbin/nologin
+debian-tor:x:106:111::/var/lib/tor:/bin/false
+monkeysphere:x:107:114:monkeysphere authentication user,,,:/var/lib/monkeysphere:/usr/sbin/nologin
+pulse:x:108:117:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin
+speech-dispatcher:x:109:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
+saned:x:110:120::/var/lib/saned:/usr/sbin/nologin
+colord:x:111:121:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
 hplip:x:112:7:HPLIP system user,,,:/var/run/hplip:/bin/false
 Debian-gdm:x:113:122:Gnome Display Manager:/var/lib/gdm3:/bin/false
 tails-persistence-setup:x:114:123::/home/tails-persistence-setup:/usr/sbin/nologin
 config/chroot_local-hooks/99-zzz_check_uids_and_gids failed (exit non-zero). You should check for errors.

I’m not entirely sure what to do here.

Should it be fine to break this kind of stability when upgrading to a new major releae? I’d think so.

This seems to be confirmed by this commit message:

commit 07a043876d99f321d3d87b5ee173a4095807a704
Author: intrigeri <intrigeri@boum.org>
Date:   Fri Jan 4 18:04:21 2019 +0000

    Re-introduce 04-change-gids-and-uids hook (refs: #15854)

    We won't need it for Tails 4.0 but we'll probably need it later
    in the 4.x cycle. So let's bring the functions back but not call
    them for now.

So I’m tempted to update the reference file in the feature/buster branch with the file that’s currently being generated.

Thoughts?

Related issues

Blocks #16209
Blocks #16290 (closed)
Blocks #15182 (closed)

Original created by @CyrilBrulebois on 16604 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information