X2Go Bug report logs - #1458
unattended Debian installations (using preseed) fail when x2gobroker-ssh is involved

version graph

Package: x2gobroker-ssh; Maintainer for x2gobroker-ssh is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2gobroker-ssh is src:x2gobroker.

Reported by: Stefan Baur <X2Go-ML-1@baur-itcs.de>

Date: Fri, 17 Apr 2020 14:10:54 UTC

Severity: normal

Tags: pending

Fixed in version 0.0.4.2

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1458: [X2Go-Dev] Bug#1458: Bug#1458: Bug#1458: Bug#1458: unattended Debian installations (using preseed) fail when x2gobroker-ssh is involved
Reply-To: 1458@bugs.x2go.org, 1458@bugs.x2go.org
Resent-From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Sun, 19 Apr 2020 18:25:02 +0000
Resent-Message-ID: <handler.1458.B1458.158732047021868@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1458
X-X2Go-PR-Package: x2gobroker-ssh
X-X2Go-PR-Keywords: 
References: <CANVnVYJuGhHgK0o2RNZ15-V80faqGY1ngcWaH+6oM4LJGW-5mg@mail.gmail.com> <ae83255d-c9ca-fab9-d0f1-cd3325e720f2@baur-itcs.de> <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de> <CANVnVYJTBAXpuboCLDzXhPW_7AFVktSUtkuFzDxX2h-15xPTow@mail.gmail.com> <68797907-6554-1e47-c80a-2d7bffc0a6a7@baur-itcs.de> <CANVnVYJ4S_rCX3a43aWzW3FK4CvfW-k=fcFCFOOjRekHYWvG0Q@mail.gmail.com> <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de> <940c310b-3b83-fc1e-1066-431fbbd2d29f@baur-itcs.de> <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de>
Received: via spool by 1458-submit@bugs.x2go.org id=B1458.158732047021868
          (code B ref 1458); Sun, 19 Apr 2020 18:25:02 +0000
Received: (at 1458) by bugs.x2go.org; 19 Apr 2020 18:21:10 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_00,RCVD_IN_MSPIKE_H2,
	SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.2
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id A6F305DAE5
	for <1458@bugs.x2go.org>; Sun, 19 Apr 2020 20:20:53 +0200 (CEST)
Received: from [192.168.0.15] ([78.43.58.112]) by mrelayeu.kundenserver.de
 (mreue012 [212.227.15.129]) with ESMTPSA (Nemesis) id
 1MDN3O-1jYVla3mAI-00ASg2; Sun, 19 Apr 2020 20:20:53 +0200
From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
To: 1458@bugs.x2go.org, Ulrich Sibiller <uli42@gmx.de>, 1458@bugs.x2go.org
Autocrypt: addr=X2Go-ML-1@baur-itcs.de; prefer-encrypt=mutual; keydata=
 xsBNBFLfOiwBCACzIiDVwWVRvuMzgSAvXRFRaPaZOSB8s84PG1oGLfmqhwzF44vj1Xv4tcKD
 mvu0TsLTksOkvop8WwGYeeU8lDaxEG1zyN8SOu1WU/FPEKw2jITRox8yIrSkUsMkWYuxdjv/
 9XcAh9qaPsHP7E1jD6/wVZuYZkuX6W41Nxt06VsvDGCfrbQh4ya7w1IiSnoQeIHNNQVN9f3j
 xcHLj5S5YriSCThtbFCdr3AJXfF5iMolu8kLgAXM0bH1C7PxAjM/pQjWmdMVN/Y+uXXzcMO8
 8aQ0f0q3QeGWxCAP2xwBapUfP6LHDRPp/tV7P7ji8wKlabrSGdv0M9Qd9pn/YCYQE0ZdABEB
 AAHNJlN0ZWZhbiBCYXVyIDxwb3N0bWFzdGVyQHN0ZWZhbmJhdXIuZGU+wsCCBBMBAgAsAhsj
 BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4ACGQEFAlwtWmgFCRK0IbcACgkQbt30GM2+URkj
 nwgAixhVoMxijCsh9jxxCUYBj7lC5HYhJmlAB+bZOfl1XI8xqMLw8YGECfu0VSe++FlaOAuc
 gArofqu79E2+wKxPaqW2lC94eKR1+kgkDOJyqckYj2Xmyi+vDfrOWjbyawIwiq5FUW2CB6zv
 nkTr68ZQ43mAVC1zz2tpAikn2Af4/OdHwUBzSAOpUt4rDbXDe93WW34XuyG2RDma6kE1Cr0u
 ilqvzKOz5SYp5ASmCyaA0wCzs7fjTy2KuMlOCSFRzwPJpzddr8rS9ZiTLdia/BZvShBEjOq4
 MZHWYv+RGK5RB4eDzw0KbPszXRJBUdXiZIcI0jqbC57Ht64ok3lXquXp987ATQRS3zosAQgA
 4KPXmGU1XE8CTRJ/4m/f8MTri3JfEvGJTerWwC2hBuXHGWrSBmmRNAdJHzNTvq5IoR9tQ6Cb
 Nrqxf6alr/v34Vr2bUg0s+jlK9TWOkVLAFoz6zytm/2BrRBIZ5So6Ymfc6efwsScsHOI++wi
 pzqELkpluqtXysb13RsBVLxBdp5TZCVPjCc9pLWjudfjEagQt2oJgtO2WndasrKvoZYkfRi6
 oSCK9B84YjNJoRF00LdK3n7K3SBvj4UPSl+ygzLVaD+3ZdIlbhX+bfn/Vp/10xdJ+/U8Fr7l
 7umrBKr17D8eO3mRYMGY9w1qc+pfNGOR76GIbPWj2tPVaBD9nmUaowARAQABwsBlBBgBAgAP
 AhsMBQJcLVqtBQkStCH9AAoJEG7d9BjNvlEZInkIAIcchwZxurIpwJJR8qMMXD+RSvj7mY55
 VIXOKUX0uAUTEoJTzFcqbdGkzcJB9y0NlUo9dv4chPT21M61y0bjJjhaDUshCLa1+YyFSSWp
 GBOKrLIsWusqC9zVwgf7TtjVmXt23jZwoDWjXoMlg9eQONMi5Z4u+lDOyPKD+lGJAcjJkQsI
 zL9hha3vuhmUclxgdALTJWzQBp+Y7u9QDub4uqf/TyuDpYASiP0winBRfTug+XjP5YZjU//P
 07H9WhiUCsHp6L9j3QzvrovVy2zz0j7JhyhW3e957vHz2skkSVv3QGtHMswcgK3XaQ9YdgWO
 ELHmBhevaIcJIxDvTBl3pYQ=
Message-ID: <ff95d5ae-5917-b7d0-eaf8-0205ea5cc787@baur-itcs.de>
Date: Sun, 19 Apr 2020 20:20:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <940c310b-3b83-fc1e-1066-431fbbd2d29f@baur-itcs.de>
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:L30fbHoKHD8lx5D5bBnN2WCFDs8Bj2ZFsSdlnliwm36SCFn7njU
 4HCoV72n7lR3EtjNVW3ue7be47jcNpdG4DVmMhyTD2dlo9Kf6n8K/0TzHiSsxjEXEP5/7QH
 nduJKBrJMUNyKQwWtZWFmgOIFo5AqxNWVpY8E+roUxVjHEN1MjOYOE+AKyBFk72kHdtpgag
 UODr/XWduJ+vcCqj3erbg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:Jqez13M4jYY=:vJCZFs3K9x5UX601/orCxM
 uUWFdrAW4M0xL55xtElHe7+zsxEvp5GtPMaEd/1PX7PlR1bE9I0fGv/GOWVPwF3eZRi8AkXvL
 L8Jv7TdzsjsYnMu/2Oq4Q6i2Wnho4MujWSiMW9ewRqEt+6L6Z8PetUWGfxkilglLLGiTyBTrK
 qzPo0JNeuPtP+NehpB/y0VY0PETULCflh9m1anT2k/Vrt5MvGYvwDW8HWaizMhrAdakRH4ZFN
 qolugYnPVKtpIVVl3RQ1eh9jJg6ew2Kvo+TybvJABactYP66qT5xxFpFls84+tJobpbJiddEM
 z8hleVI9QnxugsY7H6rgE/VWvrq1XtMJhFV64D2oPZFGd7UuYCgDjijYMhvsKtIMX9Sblv6MK
 o/AY1E8LzlDIXaQty1fJLt1RNCOHv0I4R90wcpioq0N1An3DKfMhIqcK6synaldp7yRsqDNkj
 e3GY1taXFqSYOGpTkwUutHo93diIFsnTrmCT7fD9Dndy2l7sg/1eKlXtxr2ZLbp5FUUCoc/5O
 VzFTRm8QVpnNED4LIibNJaYpsD4GR0BUyJnVwEKyEdplWgJBz82o70bNTQIDgjHYNiwH9N9LP
 Ez1RdyvapcthZ4whwu7aJfNJ2oOn3tJ0UfGqfu5l7Akj9r8n/jgXkWEexrpJtvUYgU0ulmHvg
 Prv8Dx3Ahv0tUflO2B5YDa4fhmLtZ/3dKsR06lC/EH+zkO/qPoUJ3kx8d92LcmAUBzJji4b1w
 QXnFq7VBjWAf8RmC7RMz1tLUu9aonj9hpsmSxikjmlieSPQkPKu9VEwj6MT+DhCp2+yPYBUSI
 va36MQ+qDsqUtbr2MnatX88lYVcZEBEtiwXmzwcf1GWMROQCP+jFyoKlWWcx1BbmDL+HX4v
For the record,

Uli has contacted me off-list and indicated this is a course of action
he can live with.

In the meantime, I decided to dig through X2Go's git repo.

This is the commit that introduced the faulty nscd cache flushing code
in x2goserver-ssh:

<https://code.x2go.org/gitweb?p=x2gobroker.git;a=commit;h=9e44861e4a29897228cb70a95d6853dbe85779b0>

author	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	
	Wed, 1 Apr 2015 03:50:45 +0000 (05:50 +0200)
committer	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	
	Wed, 1 Apr 2015 03:50:45 +0000 (05:50 +0200)
commit	9e44861e4a29897228cb70a95d6853dbe85779b0
tree	9bba4aeb6d2ffa2ac5bfe47a63e2f20fbb4c6a2a
parent	2cd0cdc8b73967b87d53c615a5952a83309ba63f

The previous commit that touched this file is:

author	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	
	Thu, 11 Sep 2014 23:29:14 +0000 (01:29 +0200)
committer	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	
	Thu, 11 Sep 2014 23:29:37 +0000 (01:29 +0200)
commit	67d9cfd0ba235c919af84aa9b0d647d0e8a47968
tree	88ed368b14cb2e440f7eebedec9a342257317ff3
parent	806224f2caab8db9c7accb7fa4c5e587d34cd5ca

So some time between September 11, 2014, and April 1, 2015, Mike#1
noticed that groupadd did not behave as expected, and added this code.
Which means Wheezy (7) and Jessie (8) are the most likely candidates
where the issue might have cropped up, as there's a good chance Mike#1
was using testing instead of stable, being so close to the official
release (which happened on April 25./26., 2015).  Squeeze (6) was
already out of support by September 11, 2014, which means it's unlikely
that whatever happened, happened on Squeeze.

Anyone curious enough to go through the groupadd source code for the
binaries that shipped in these two Debian releases in said time frame?

-Stefan

Am 19.04.20 um 15:30 schrieb Stefan Baur:
> Am 17.04.20 um 21:59 schrieb Ulrich Sibiller:
>> On Fri, Apr 17, 2020 at 8:36 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
> 
> 
>>> Currently, all automated Debian installs for x2gobroker-ssh are failing
>>> due to this faulty piece of code.
>>
>> So, let's make this clear: Code, which should not be there at all ist
>> now breaking installation. That's exactly my point... It should not be
>> there.
> 
> Code that has been put there to solve an actual issue, but which has a
> flaw in its detection routine as to when it should trigger.
> 
> 
>> I have just checked on my Debian 10. Here's a snipped from /usr/sbin/groupadd:
>> ...
>>     printf (gtx("Adding group `%s' (GID %d)
>> ...\n"),$new_name,$new_gid) if $verbose;
>>     &invalidate_nscd("group");
>>     my $groupadd = &which('groupadd');
>>     &systemcall($groupadd, '-g', $new_gid, $new_name);
>>     &invalidate_nscd("group");
>>     print (gtx("Done.\n")) if $verbose;
>> ...
>>
>> So this is where this kind of code belongs to. Debian has everything in place.
> 
> And it seems to be broken, or this code in the postinst script wouldn't
> be needed.  Or maybe it was only added to groupadd after the code in the
> postinst file had already been written.  It would be interesting to know
> when those "invalidate_nscd" calls were added.  Maybe an older Debian
> version is still affected by this, while Buster is safe?
> 
> 
>> So I agree that this should be fixed asap in x2gobroker-ssh, but it
>> should be fixed by removing the nscd code altogether.
>>
>>> So if we remove it, we're likely to get another bug report tagged
>>> "severity: important", just coming from the other direction, begging us
>>> to add this code again.
>>
>> No, those people begging for it can be instructed to check their
>> distro. And to run the flush manually. Or even to simply reboot.
> 
> 
> The proper way to handle this, IMO, is a two-step process.
> 
> 1. Apply my patch ASAP and release a fixed package, to un-break
>    current preseeded installations.
> 2. Turn the blind execution if the condition is triggered into an
>    interactive, preseedable question, and check for sssd as well.
>    This is what Debian does e.g. when updating libc - you get a popup
>    asking you if it is okay to restart affected services, or if you
>    would like to do it manually at a later date.
>    So in addition to
> 
> x2gobroker-ssh x2gobroker-ssh/group-x2gobroker-users string x2gobroker-users
> x2gobroker-ssh x2gobroker-ssh/group-does-not-exist note
> x2gobroker-ssh x2gobroker-ssh/use-existing-group boolean true|false
> x2gobroker-ssh x2gobroker-ssh/create-group boolean true|false
> x2gobroker-ssh x2gobroker-ssh/manual-setup-required boolean true|false
> x2gobroker-ssh x2gobroker-ssh/del-last-group-x2gobroker-users boolean
> true|false
> x2gobroker-ssh x2gobroker-ssh/last-group-x2gobroker-users string
> x2gobroker-users
> 
>    we'd have new preseedable entries like
> 
> x2gobroker-ssh x2gobroker-ssh/flush-nscd-groups boolean true|false
> x2gobroker-ssh x2gobroker-ssh/flush-sssd-groups boolean true|false
> 
>   Whoever tries to run an unattended installation using preseeds can
>   then choose whichever option suits them best.
>   And if you're worried that the attempt to flush the cache has a
>   negative impact, even with the triggering condition fixed, we can make
>   those options default to "false" and add a notice like "this should
>   not be neccessary unless your groupadd implementation is faulty" in
>   the popup message.
> 
> -Stefan
> 


-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 14:53:07 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.