From unknown Thu Mar 28 18:41:55 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1458: [X2Go-Dev] Bug#1458: Bug#1458: unattended Debian installations (using preseed) fail when x2gobroker-ssh is involved Reply-To: Stefan Baur , 1458@bugs.x2go.org Resent-From: Stefan Baur Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 17 Apr 2020 18:35:04 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1458 X-X2Go-PR-Package: x2gobroker-ssh X-X2Go-PR-Keywords: References: <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de> <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de> Received: via spool by 1458-submit@bugs.x2go.org id=B1458.158714847822833 (code B ref 1458); Fri, 17 Apr 2020 18:35:04 +0000 Received: (at 1458) by bugs.x2go.org; 17 Apr 2020 18:34:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_00,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id D4E1D5DAE5 for <1458@bugs.x2go.org>; Fri, 17 Apr 2020 20:33:15 +0200 (CEST) Received: from [192.168.0.15] ([78.43.58.112]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.129]) with ESMTPSA (Nemesis) id 1MLRI3-1jhJdI0z5P-00IRrJ; Fri, 17 Apr 2020 20:33:15 +0200 To: Ulrich Sibiller , 1458@bugs.x2go.org From: Stefan Baur Autocrypt: addr=X2Go-ML-1@baur-itcs.de; prefer-encrypt=mutual; keydata= xsBNBFLfOiwBCACzIiDVwWVRvuMzgSAvXRFRaPaZOSB8s84PG1oGLfmqhwzF44vj1Xv4tcKD mvu0TsLTksOkvop8WwGYeeU8lDaxEG1zyN8SOu1WU/FPEKw2jITRox8yIrSkUsMkWYuxdjv/ 9XcAh9qaPsHP7E1jD6/wVZuYZkuX6W41Nxt06VsvDGCfrbQh4ya7w1IiSnoQeIHNNQVN9f3j xcHLj5S5YriSCThtbFCdr3AJXfF5iMolu8kLgAXM0bH1C7PxAjM/pQjWmdMVN/Y+uXXzcMO8 8aQ0f0q3QeGWxCAP2xwBapUfP6LHDRPp/tV7P7ji8wKlabrSGdv0M9Qd9pn/YCYQE0ZdABEB AAHNJlN0ZWZhbiBCYXVyIDxwb3N0bWFzdGVyQHN0ZWZhbmJhdXIuZGU+wsCCBBMBAgAsAhsj BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4ACGQEFAlwtWmgFCRK0IbcACgkQbt30GM2+URkj nwgAixhVoMxijCsh9jxxCUYBj7lC5HYhJmlAB+bZOfl1XI8xqMLw8YGECfu0VSe++FlaOAuc gArofqu79E2+wKxPaqW2lC94eKR1+kgkDOJyqckYj2Xmyi+vDfrOWjbyawIwiq5FUW2CB6zv nkTr68ZQ43mAVC1zz2tpAikn2Af4/OdHwUBzSAOpUt4rDbXDe93WW34XuyG2RDma6kE1Cr0u ilqvzKOz5SYp5ASmCyaA0wCzs7fjTy2KuMlOCSFRzwPJpzddr8rS9ZiTLdia/BZvShBEjOq4 MZHWYv+RGK5RB4eDzw0KbPszXRJBUdXiZIcI0jqbC57Ht64ok3lXquXp987ATQRS3zosAQgA 4KPXmGU1XE8CTRJ/4m/f8MTri3JfEvGJTerWwC2hBuXHGWrSBmmRNAdJHzNTvq5IoR9tQ6Cb Nrqxf6alr/v34Vr2bUg0s+jlK9TWOkVLAFoz6zytm/2BrRBIZ5So6Ymfc6efwsScsHOI++wi pzqELkpluqtXysb13RsBVLxBdp5TZCVPjCc9pLWjudfjEagQt2oJgtO2WndasrKvoZYkfRi6 oSCK9B84YjNJoRF00LdK3n7K3SBvj4UPSl+ygzLVaD+3ZdIlbhX+bfn/Vp/10xdJ+/U8Fr7l 7umrBKr17D8eO3mRYMGY9w1qc+pfNGOR76GIbPWj2tPVaBD9nmUaowARAQABwsBlBBgBAgAP AhsMBQJcLVqtBQkStCH9AAoJEG7d9BjNvlEZInkIAIcchwZxurIpwJJR8qMMXD+RSvj7mY55 VIXOKUX0uAUTEoJTzFcqbdGkzcJB9y0NlUo9dv4chPT21M61y0bjJjhaDUshCLa1+YyFSSWp GBOKrLIsWusqC9zVwgf7TtjVmXt23jZwoDWjXoMlg9eQONMi5Z4u+lDOyPKD+lGJAcjJkQsI zL9hha3vuhmUclxgdALTJWzQBp+Y7u9QDub4uqf/TyuDpYASiP0winBRfTug+XjP5YZjU//P 07H9WhiUCsHp6L9j3QzvrovVy2zz0j7JhyhW3e957vHz2skkSVv3QGtHMswcgK3XaQ9YdgWO ELHmBhevaIcJIxDvTBl3pYQ= Message-ID: <68797907-6554-1e47-c80a-2d7bffc0a6a7@baur-itcs.de> Date: Fri, 17 Apr 2020 20:33:14 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: de-DE Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:r1cFtwcByPVAbOWFxHWLbGDsOKG2M5IfYfTaC6y0ZNhMpll2OEs EmNivVOvKgqIn+qhu8qGCVrSaOGhY/QtaIMqP03c1s/Gt+7wOH+rOLKjN5BwySKp1eMuPBP VgcyINTbpWsZZI6DXJ4e2elvIlxwczRMoDIl/tPIRvljDqE3bN8PGI9RyQcpbCqT4air2+K 8RmuVVyrA0f1MKGkL9PUg== X-UI-Out-Filterresults: notjunk:1;V03:K0:xGEmmPth9Sk=:Dnzrat+msS2eOd4hG/Ddl9 JMP/jFvKe4gWVbL8xcHiRiAkeqO+8Q06PCN0y3IOhg2PNRd3jQtulYt63bTr5hK/LkyPyBTFP EVXjB1m9adsgxCKKwsdKIghk/13ZhpP86udkZm3QpObQfyudnp/6k6qqBRCddBhZ61+NKpMSj T3FZMnerQEztg9T+glJZsE4fpiRMweKz3JyHDAzBZHiwrV00h5B1iLmWjGd+j/9Ni3oZgaSFD d+0RABYobICiFgAoZasfbxwh6KmyG5Q1vGy9mA6H/Z/8H/6aMSqoet2M/BcpiEqrN2gG6qADA 9np/jaBcXKfKB3w7J9uLCmCs0L3cCxH+SfjLpyOxiY4SQXpqLANRz9j7TWq1ws3FOHzd/ehJi Sh8DyvE8qXG4w6SKtFm+hdfteIkHGwIhYvH71E3E69A3luHTQ71v1cA4nbBFRPJ5PRxzLPKS0 qjIPadLjdnUYLav1rmEjbbXH8kM1pLD3dZ1xh6YSk1n9/AlDT1Uj9SeMOB2Eq7MHM4goUun3S i3DOEhkeBU2lZ2tN4b5kuiwqIdRpil8yh89DuZSUlj8IwKMjmb9nDIjkHjXUul1alSZOREslA kmwZF3WV1lG8+udTtXRPm3GM164hMw+xTxT71mNBzFDEux9YHefmasAP3dsradMSUlG0RZjR6 l7Tms4+NzfGEtqsA/gClKYXWu3LNCvXEXkK2xgyPhTPOsqEe/1lq4/h+CLBUlCmaECQH6TZ6N Tbsn8S44YC/9Do0jZti41LQYZtpy76otcV9A3is0k0DmE2quw4BsNSwRzPF5VGs1pChRpZ/UB hKn/cm0f8bbw6VZUEenAjYzIXm1fQ4XG3WV1irhYJmCqShZCmLaTPG7EIoMecqGL2slNpjL Uli, let me make this clear, in case you missed the "severity: important" tag I gave this bug: Currently, all automated Debian installs for x2gobroker-ssh are failing due to this faulty piece of code. Even our own demo install scripts we have in the Wiki, for the newbies that want to try out X2GoBroker without having to figure out how to configure this hairy beast manually, are broken. This is NOT GOOD. At the same time, "when in doubt, dike it out" is not a feasible approach, as this code has been put there for a reason - and we can assume it was added after things broke while testing a manual install. So if we remove it, we're likely to get another bug report tagged "severity: important", just coming from the other direction, begging us to add this code again. That is why our only option right now is to deploy this patch into stable ASAP, to make the code do what it is supposed to do - flush the cache IF nscd is RUNNING, and ONLY THEN. No one is claiming that this is a magic cure-all for every problem there may be with nscd or sssd caching. But it WILL fix an actual issue we have RIGHT NOW and which is blocking users from deploying x2gobroker-ssh in an automated way. AND it will NOT make things WORSE for anyone else. After the release, we can re-open this bug and downgrade its severity as a reminder that this caching issue should be investigated further. But we won't be under pressure to get something working again that worked before like we are right now. -Stefan Am 17.04.20 um 20:02 schrieb Ulrich Sibiller: > On Fri, Apr 17, 2020 at 4:50 PM Stefan Baur wrote: >> >> Am 17.04.20 um 16:24 schrieb Ulrich Sibiller: >>> I think it is a totally wrong approach to fiddle with nscd. Creating a >>> group using system tools should take of that already. If not it's a >>> bug, I'd say. >> >> LOL. nscd caching the wrong(TM) things at the wrong(TM) time is an >> issue that's probably as old as Unix (or at least nscd) itself. If you >> take a look at the postinst script in question, you will see that it >> does, in fact, use the system tools to add the group. Still, it is >> neccesary to flush the cache or things have a tendency to go wrong. > > Well, if you go that route there are more things to take into account: > - is nscd properly configured to cache groups at all? > - is there a distro-tool available for configuring/flushing/handling nscd > - are the multiple versions of nscd around? Which one to take? > - probably more > - what happens if a newer version of nscd is around that needs to be > called otherwise > - waht happens if the nscd binary is something completely different > and just happens to have the same name? > - same for ssd > - same for ANY other caching mechanism you might not even know > > All these things tend to break sooner or later. That's the reason why > you should not do this in an installation script but report a bug > instead. This must be fixed at distro level. > > Are you aware of any installation postscripts other than x2go that > handle nscd problems? > >>> Besides: what about sssd that can also cache groups? >> >> That's a more interesting question, and we might have to add a check for >> it as well. But as of right now, sssd being installed in combination >> with x2gobroker-ssh during a preseeded installation won't break anything. > > I have seen the weirdest problems with sssd (and nscd as well). An I > still have one bug open at redhat for more than year which redhat has > not fixed yet... > > While you can work around such problems in local (site) scripts or as > local administrator you should NOT include such workaround in release > packages. > > Uli > -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243