From X2Go-ML-1@baur-itcs.de Sun Apr 19 15:30:47 2020 Received: (at 1458) by bugs.x2go.org; 19 Apr 2020 13:30:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_00,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id B85965DAE5 for <1458@bugs.x2go.org>; Sun, 19 Apr 2020 15:30:46 +0200 (CEST) Received: from [192.168.0.15] ([78.43.58.112]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPSA (Nemesis) id 1M1q8m-1jNyAw1HWC-002KNc; Sun, 19 Apr 2020 15:30:46 +0200 Subject: Re: [X2Go-Dev] Bug#1458: Bug#1458: Bug#1458: unattended Debian installations (using preseed) fail when x2gobroker-ssh is involved To: Ulrich Sibiller , 1458@bugs.x2go.org References: <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de> <68797907-6554-1e47-c80a-2d7bffc0a6a7@baur-itcs.de> From: Stefan Baur Autocrypt: addr=X2Go-ML-1@baur-itcs.de; prefer-encrypt=mutual; keydata= xsBNBFLfOiwBCACzIiDVwWVRvuMzgSAvXRFRaPaZOSB8s84PG1oGLfmqhwzF44vj1Xv4tcKD mvu0TsLTksOkvop8WwGYeeU8lDaxEG1zyN8SOu1WU/FPEKw2jITRox8yIrSkUsMkWYuxdjv/ 9XcAh9qaPsHP7E1jD6/wVZuYZkuX6W41Nxt06VsvDGCfrbQh4ya7w1IiSnoQeIHNNQVN9f3j xcHLj5S5YriSCThtbFCdr3AJXfF5iMolu8kLgAXM0bH1C7PxAjM/pQjWmdMVN/Y+uXXzcMO8 8aQ0f0q3QeGWxCAP2xwBapUfP6LHDRPp/tV7P7ji8wKlabrSGdv0M9Qd9pn/YCYQE0ZdABEB AAHNJlN0ZWZhbiBCYXVyIDxwb3N0bWFzdGVyQHN0ZWZhbmJhdXIuZGU+wsCCBBMBAgAsAhsj BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4ACGQEFAlwtWmgFCRK0IbcACgkQbt30GM2+URkj nwgAixhVoMxijCsh9jxxCUYBj7lC5HYhJmlAB+bZOfl1XI8xqMLw8YGECfu0VSe++FlaOAuc gArofqu79E2+wKxPaqW2lC94eKR1+kgkDOJyqckYj2Xmyi+vDfrOWjbyawIwiq5FUW2CB6zv nkTr68ZQ43mAVC1zz2tpAikn2Af4/OdHwUBzSAOpUt4rDbXDe93WW34XuyG2RDma6kE1Cr0u ilqvzKOz5SYp5ASmCyaA0wCzs7fjTy2KuMlOCSFRzwPJpzddr8rS9ZiTLdia/BZvShBEjOq4 MZHWYv+RGK5RB4eDzw0KbPszXRJBUdXiZIcI0jqbC57Ht64ok3lXquXp987ATQRS3zosAQgA 4KPXmGU1XE8CTRJ/4m/f8MTri3JfEvGJTerWwC2hBuXHGWrSBmmRNAdJHzNTvq5IoR9tQ6Cb Nrqxf6alr/v34Vr2bUg0s+jlK9TWOkVLAFoz6zytm/2BrRBIZ5So6Ymfc6efwsScsHOI++wi pzqELkpluqtXysb13RsBVLxBdp5TZCVPjCc9pLWjudfjEagQt2oJgtO2WndasrKvoZYkfRi6 oSCK9B84YjNJoRF00LdK3n7K3SBvj4UPSl+ygzLVaD+3ZdIlbhX+bfn/Vp/10xdJ+/U8Fr7l 7umrBKr17D8eO3mRYMGY9w1qc+pfNGOR76GIbPWj2tPVaBD9nmUaowARAQABwsBlBBgBAgAP AhsMBQJcLVqtBQkStCH9AAoJEG7d9BjNvlEZInkIAIcchwZxurIpwJJR8qMMXD+RSvj7mY55 VIXOKUX0uAUTEoJTzFcqbdGkzcJB9y0NlUo9dv4chPT21M61y0bjJjhaDUshCLa1+YyFSSWp GBOKrLIsWusqC9zVwgf7TtjVmXt23jZwoDWjXoMlg9eQONMi5Z4u+lDOyPKD+lGJAcjJkQsI zL9hha3vuhmUclxgdALTJWzQBp+Y7u9QDub4uqf/TyuDpYASiP0winBRfTug+XjP5YZjU//P 07H9WhiUCsHp6L9j3QzvrovVy2zz0j7JhyhW3e957vHz2skkSVv3QGtHMswcgK3XaQ9YdgWO ELHmBhevaIcJIxDvTBl3pYQ= Message-ID: <940c310b-3b83-fc1e-1066-431fbbd2d29f@baur-itcs.de> Date: Sun, 19 Apr 2020 15:30:45 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: de-DE Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:jBeGXpa4kbPodObYKIGZpr6aUzjKuP4Q8IzFtkK7hNzARWUgkXL L45u8LI8wIMQnwiNSAkKa7kGEscYA7hGtFWr5SX12AYA/ZCU4xb7rh3/sVtR12UaiX3Vl5n G5utFq1hQeqKlVLPhsloPM40aVYXQGaPlKU0XurC9FyAtY3PjNqtl5eHMSAoFOHJgpCIbVA UGij+kqPIrxc57fVjHpOQ== X-UI-Out-Filterresults: notjunk:1;V03:K0:0BECYKF5vag=:hqh9Pz/flwyIuwRW5/n8JS fl41Wb6OzAOqXSLTjG2XQFzP0vwk79q2YYTX3LKBKjSDYb2uBOO/2mCTnUvriXW5+uokPSkYZ ZTJAKS3tAd9h+lmDRwOTcCDFyJ18tEwh6AJCLDxRtqC6MXHoQketMBvWn/iVGhUlKiWPbuUhy fGHifEgn5NNIfx7IC/UKt2FsZJGcNsDCdKR0xqvS7BCi0JaRWZlS52fO1toI4dKyCfI7XUCS6 7OaTIcB6BjG1XAu6sFsvNJ5PnNq0FPaMer4W1Kl1r1Y+/HH74Kbt9ol1u+7SZlYMSFmvQdOZB vJQS517vL0BqOWre/mRQbI4LrAakIsAr1A8/IiseBK7B1NYjE4WnzF2U1AsGCJoX8Xu/bPgEN EexlpuJK9tOD/LJapHI68c5PSjW8GLiu0YU+Yrx33prGp9z2kqL0fLLbxnEW4vsh8H3UFPSaw PHmnFi9Tk5NN1v1xe5buNamC2vcz/1qTWn7hBcRgtP2mrAEvdLLlWolS2hbwbCCXr97JJd8qg F42FD+VmkCjLm5ZClfgZ5SZH6iGgh7xQNZD6aQXkM1nw5ts0b3R2vyjpOxhSow5xIgmsRZR2W 8RCZeIKNxQUrqgK8hZ56AetRk091uRrBW61+dwakaYInklksmoSg23H1NYP04nKOv+EXIm05M XbB2eiYAlBCSw2WKO/gylfSlGJIUQlSJ2vFhNtsWQe1DGABkuZt08s/1oL4h6NJRR1oal2yr1 fhwQN012Q8SLFCtpgf6Ha4feafvkvUaPGBxAHlO3oqRgkl8R9eJegfDYshxHK8TTUyiyPyajd ptaLQ3pArIw7EJ9C3HPpCeKw2N/ySHkoIMif9hXNrzUsqr3B82p5Id3nXvcfdZAs0258+fO Am 17.04.20 um 21:59 schrieb Ulrich Sibiller: > On Fri, Apr 17, 2020 at 8:36 PM Stefan Baur wrote: >> Currently, all automated Debian installs for x2gobroker-ssh are failing >> due to this faulty piece of code. > > So, let's make this clear: Code, which should not be there at all ist > now breaking installation. That's exactly my point... It should not be > there. Code that has been put there to solve an actual issue, but which has a flaw in its detection routine as to when it should trigger. > I have just checked on my Debian 10. Here's a snipped from /usr/sbin/groupadd: > ... > printf (gtx("Adding group `%s' (GID %d) > ...\n"),$new_name,$new_gid) if $verbose; > &invalidate_nscd("group"); > my $groupadd = &which('groupadd'); > &systemcall($groupadd, '-g', $new_gid, $new_name); > &invalidate_nscd("group"); > print (gtx("Done.\n")) if $verbose; > ... > > So this is where this kind of code belongs to. Debian has everything in place. And it seems to be broken, or this code in the postinst script wouldn't be needed. Or maybe it was only added to groupadd after the code in the postinst file had already been written. It would be interesting to know when those "invalidate_nscd" calls were added. Maybe an older Debian version is still affected by this, while Buster is safe? > So I agree that this should be fixed asap in x2gobroker-ssh, but it > should be fixed by removing the nscd code altogether. > >> So if we remove it, we're likely to get another bug report tagged >> "severity: important", just coming from the other direction, begging us >> to add this code again. > > No, those people begging for it can be instructed to check their > distro. And to run the flush manually. Or even to simply reboot. The proper way to handle this, IMO, is a two-step process. 1. Apply my patch ASAP and release a fixed package, to un-break current preseeded installations. 2. Turn the blind execution if the condition is triggered into an interactive, preseedable question, and check for sssd as well. This is what Debian does e.g. when updating libc - you get a popup asking you if it is okay to restart affected services, or if you would like to do it manually at a later date. So in addition to x2gobroker-ssh x2gobroker-ssh/group-x2gobroker-users string x2gobroker-users x2gobroker-ssh x2gobroker-ssh/group-does-not-exist note x2gobroker-ssh x2gobroker-ssh/use-existing-group boolean true|false x2gobroker-ssh x2gobroker-ssh/create-group boolean true|false x2gobroker-ssh x2gobroker-ssh/manual-setup-required boolean true|false x2gobroker-ssh x2gobroker-ssh/del-last-group-x2gobroker-users boolean true|false x2gobroker-ssh x2gobroker-ssh/last-group-x2gobroker-users string x2gobroker-users we'd have new preseedable entries like x2gobroker-ssh x2gobroker-ssh/flush-nscd-groups boolean true|false x2gobroker-ssh x2gobroker-ssh/flush-sssd-groups boolean true|false Whoever tries to run an unattended installation using preseeds can then choose whichever option suits them best. And if you're worried that the attempt to flush the cache has a negative impact, even with the triggering condition fixed, we can make those options default to "false" and add a notice like "this should not be neccessary unless your groupadd implementation is faulty" in the popup message. -Stefan -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243