Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)

To: 977358@bugs.debian.org
Cc: Paul Gevers <elbrus@debian.org>, Andrei POPESCU <andreimpopescu@gmail.com>
Subject: Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
From: Justin B Rye <justin.byam.rye@gmail.com>
Date: Tue, 13 Apr 2021 10:14:25 +0100
Message-id: <[🔎] 20210413091425.GA7940@jbr.me.uk>
Reply-to: Justin B Rye <justin.byam.rye@gmail.com>, 977358@bugs.debian.org
In-reply-to: <[🔎] a9eec6d1-8def-6d35-52f2-3ecd7baf0237@debian.org>
References: <20201214111259.qrtyus5qqchs42w7@acr13.nuvreauspam> <218ff93f-62be-5af6-119e-90ca54996985@debian.org> <20210321073302.7zdtrfyrxkjrwblm@acr13.nuvreauspam> <[🔎] 7c3672c8-9018-ad01-6394-6dfaace9f260@debian.org> <20201214111259.qrtyus5qqchs42w7@acr13.nuvreauspam> <[🔎] 20210410061142.pgvpwe6xk3ptbep6@acr13.nuvreauspam> <[🔎] 20210410095352.GA5982@jbr.me.uk> <[🔎] 20210410145835.unh7xd25qg6ici3t@acr13.nuvreauspam> <[🔎] 20210410174439.GA27030@jbr.me.uk> <[🔎] a9eec6d1-8def-6d35-52f2-3ecd7baf0237@debian.org> <20201214111259.qrtyus5qqchs42w7@acr13.nuvreauspam>

Paul Gevers wrote:
> Hi Justin, Andrei,
> 
> Thanks for the proposed text below. I struggle a bit with where to place
> it. What do you suggest? It's not really an upgrading issue, is it?

Maybe at the end of "issues", next to the similarly chronic issue of
GNOME mouseless a11y?  That's under "package-specific-issues" at
present, mislabelled as a case where the package might not upgrade
smoothly; we don't really have any known cases of that to list, so
maybe we ought to reorganise the subsections a bit.  I would have
hoped we could arrange things so that the bookworm deprecations
subsection is at the very end, and whether we do that or not we might
want the "limited-security-support" bit to be alongside the a11y and
rescue.service bits in a "chronic-problems" section (but don't call it
that).

>>    <title>
>>      The <literal>rescue</literal> boot option is unusable without a root password
>>    </title>
>>    <para>

If this goes in a list that's organised in terms of packages then it
needs to give more of a hint about where the problem originated:

        ^With the implementation of <literal>sulogin</literal> now used,
>>      Booting with the <literal>rescue</literal> option always requires
>>      the root password. If one has not been set, this makes the rescue
>>      mode effectively unusable. However it is still possible to boot
>>      using the kernel parameter <literal>init=/sbin/sulogin --force</literal>
>>    </para>
>>    <para>
>>      To configure systemd to do the equivalent of this whenever it boots
>>      into rescue mode (also known as single mode: see <ulink
>>      url="&url-man;/bullseye/systemd/systemd.1.html">systemd(1)</ulink>),
>>      run <command>sudo systemctl edit rescue.service</command> and create
>>      a file saying just:
>>    </para>
>>    <screen>
>>      [Service]
>>      Environment=SYSTEMD_SULOGIN_FORCE=1
>>    </screen>
>>    <para>
>>      It might also (or instead) be useful to do this for the
>>      <literal>emergency.service</literal> unit, which is started
>>      <emphasis>automatically</emphasis> in the case of certain
>>      errors (see <ulink
>>      url="&url-man;/bullseye/systemd/systemd.special.7.html">systemd.special(7)</ulink>),
>>      or if <literal>emergency</literal> is added to the kernel
>>      command line (e.g. if the system can't be recovered by using
>>      the rescue mode).
>>    </para>

Looking at that paragraph again, the man page is good enough to make
me consider shortening it to

        The same applies to the <literal>emergency.service</literal>
        unit, for booting into emergency mode; see <ulink
        url="&url-man;/bullseye/systemd/systemd.special.7.html">systemd.special(7)</ulink>.

>>    <para>
>>      For background and a discussion on the security implications see
>>      <ulink url="&url-bts;/802211">#802211</ulink>.
                                      ^bug
>>    </para>
-- 
JBR	with qualifications in linguistics, experience as a Debian
	sysadmin, and probably no clue about this particular package

Reply to:

Follow-Ups:
- Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
  - From: Paul Gevers <elbrus@debian.org>

References:
- Re: Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
  - From: Paul Gevers <elbrus@debian.org>
- Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
  - From: Justin B Rye <justin.byam.rye@gmail.com>
- Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
  - From: Justin B Rye <justin.byam.rye@gmail.com>
- Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Bug#986322: Bug#986129: unblock: sendmail/8.15.2-22
Next by Date: Bug#986322: Bug#986129: unblock: sendmail/8.15.2-22
Previous by thread: Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
Next by thread: Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
Index(es):
- Date
- Thread