Comments (8)
I can envision several ways of solving this, all of them requiring careful thought and attention to detail. And time.
In the meantime we have a window during which an (unlikely) uid/gid change can go by unnoticed. I believe it makes sense to try to catch those before they go out the door. How about adding a step near the end of a compose, running diff of /etc/passwd and /etc/group against a known-good (stashed) copy, and aborting the compose if there's any difference?
from rpm-ostree.
+1 to the idea of a quick sanity check. Perhaps this should live in rpm-ostree-toolbox?
Note we actually do have a stashed copy - the one in the previous tree! We can extract it like so:
ostree --repo=repo checkout -U --subpath=/usr/lib fedora-atomic/rawhide/x86_64/docker-host^ usrlib-previous
ostree --repo=repo checkout -U --subpath=/usr/lib fedora-atomic/rawhide/x86_64/docker-host usrlib-new
parse/diff usrlib-previous/passwd usrlib-new/passwd, and same for group
from rpm-ostree.
(ostree currently coredumps if you try --subpath=/usr/lib/passwd, that should be fixed)
from rpm-ostree.
( I am reminded of when people started getting into similar issues in the Conary world, and in the end the solution was a UID registry: https://opensource.sas.com/conarywiki/index.php/rPath_Linux:RPath_UID_Registry ... not my favorite solution.)
I guess maybe the sanity check is the best we can do right now. I would rather see something where userlist gets checked against a previously-allocated set of users during the compose instead of just checking after, but you would have to hijack "useradd" and "groupadd" commands in post scripts. (Just using the previous passwd and group files as a starting point for a compose doesn't work, of course, because then you won't properly deal with package removals)
from rpm-ostree.
In Fedora there are many actually static uid/gids as well: https://fedoraproject.org/wiki/Packaging:UsersAndGroups
But there's a reason we have dynamic allocation: there are more daemons in the world than would fit in the < 1000 range. And in the general case, the package set used to compose a tree could include dynamic set that varies over time.
from rpm-ostree.
Uh-oh on the sanity check: I have one in progress in rpm-ostree-toolbox, but I now believe that this is too late in the process: the check should happen before corrupt data gets checked into the repo. Possibly just before the post-yum break in rpmostree_compose_builtin_tree(), and almost certainly done by an external helper script. Any objection to that approach?
EDIT: and, duh, with this approach the helper can be a fixup tool, not just a check-and=warn.
from rpm-ostree.
While a lot of the code in compose tree would be about 20% the length in a scripting language, I'd like to keep the direction of moving to C libraries (hawkey/libsolv + librepo) for the core code, because eventually to do package layering requires deep integration between the ostree side (C, though introspection bindings available) and RPM (C, though bindings available).
Secondly there are things that are inefficient to do in most scripting languages (e.g. avoiding lots of string allocations when processing package data and blowing up memory usage), or tend to be broken (e.g. xattrs).
As for fixup, yes I think so. It's going to be ugly though until we get to the point where we have control over what's happening in the rpm %posts. I think https://fedoraproject.org/wiki/Changes/SystemdSysusers would potentially help with that.
Short term though, something like listing the name -> uid mappings in the treefile json, then before commit, parse the generated /usr/lib/{passwd,group}, diff it versus what we expect. Error out if there are any unallocated users. Then do a recursive walk, look up the filesystem uid in the generated map, resolve back to name, then chown if it doesn't match the preallocated one?
from rpm-ostree.
Calling this fixed by #79
from rpm-ostree.
Related Issues (20)
- Add `--version` / equivalent to `--add-metadata-string=version=` to `compose image` path HOT 4
- rpm-ostree upgrade fail (fedora silverblue 40) HOT 2
- FR: support an "only when idle" mode HOT 1
- FR: "silent" mode
- FR: respect "only metered connections" HOT 1
- ostree container fails to do `rpm-ostree install https://`
- How would we feel about just packaging and adding /usr/bin/rpmostree-dracut-wrapper as a separate file in the repo? HOT 3
- compose tree fails with Fedora IoT 39 treefile HOT 1
- Automotive Stream Distribution builds failing HOT 22
- `build_mapping_recurse` is very slow, causes ostree container builds to take a long time HOT 6
- Add postprocess script or arbitrary execution
- `tmp-is-dir` broken symlink for /tmp by default HOT 1
- container: "rpm-ostree update" finds an update but "rpm-ostree update --check" does not HOT 2
- `opt-usrlocal` treefile option is too specific HOT 2
- Add packit test to build c9s or AutoSD image HOT 3
- Fails to install cuda with error: opendir(local): No such file or directory HOT 1
- Can't install local packages because of broken repo HOT 2
- allow `json` format for `rpm-ostree db diff --changelogs` HOT 3
- Rpm-ostree override replace on android aboot doesn't trigger aboot-update HOT 2
- `override replace` on the systemd rpm does not replace `/usr/bin/systemctl` HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rpm-ostree.