X2Go Bug report logs - #1458
unattended Debian installations (using preseed) fail when x2gobroker-ssh is involved

version graph

Package: x2gobroker-ssh; Maintainer for x2gobroker-ssh is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2gobroker-ssh is src:x2gobroker.

Reported by: Stefan Baur <X2Go-ML-1@baur-itcs.de>

Date: Fri, 17 Apr 2020 14:10:54 UTC

Severity: normal

Tags: pending

Fixed in version 0.0.4.2

Full log


Message #25 received at 1458@bugs.x2go.org (full text, mbox, reply):

Received: (at 1458) by bugs.x2go.org; 17 Apr 2020 18:34:38 +0000
From X2Go-ML-1@baur-itcs.de  Fri Apr 17 20:33:34 2020
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_00,RCVD_IN_MSPIKE_H2,
	SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.2
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id D4E1D5DAE5
	for <1458@bugs.x2go.org>; Fri, 17 Apr 2020 20:33:15 +0200 (CEST)
Received: from [192.168.0.15] ([78.43.58.112]) by mrelayeu.kundenserver.de
 (mreue010 [212.227.15.129]) with ESMTPSA (Nemesis) id
 1MLRI3-1jhJdI0z5P-00IRrJ; Fri, 17 Apr 2020 20:33:15 +0200
Subject: Re: [X2Go-Dev] Bug#1458: Bug#1458: unattended Debian installations
 (using preseed) fail when x2gobroker-ssh is involved
To: Ulrich Sibiller <uli42@gmx.de>, 1458@bugs.x2go.org
References: <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de>
 <CANVnVYJuGhHgK0o2RNZ15-V80faqGY1ngcWaH+6oM4LJGW-5mg@mail.gmail.com>
 <ae83255d-c9ca-fab9-d0f1-cd3325e720f2@baur-itcs.de>
 <CANVnVYJTBAXpuboCLDzXhPW_7AFVktSUtkuFzDxX2h-15xPTow@mail.gmail.com>
From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
Autocrypt: addr=X2Go-ML-1@baur-itcs.de; prefer-encrypt=mutual; keydata=
 xsBNBFLfOiwBCACzIiDVwWVRvuMzgSAvXRFRaPaZOSB8s84PG1oGLfmqhwzF44vj1Xv4tcKD
 mvu0TsLTksOkvop8WwGYeeU8lDaxEG1zyN8SOu1WU/FPEKw2jITRox8yIrSkUsMkWYuxdjv/
 9XcAh9qaPsHP7E1jD6/wVZuYZkuX6W41Nxt06VsvDGCfrbQh4ya7w1IiSnoQeIHNNQVN9f3j
 xcHLj5S5YriSCThtbFCdr3AJXfF5iMolu8kLgAXM0bH1C7PxAjM/pQjWmdMVN/Y+uXXzcMO8
 8aQ0f0q3QeGWxCAP2xwBapUfP6LHDRPp/tV7P7ji8wKlabrSGdv0M9Qd9pn/YCYQE0ZdABEB
 AAHNJlN0ZWZhbiBCYXVyIDxwb3N0bWFzdGVyQHN0ZWZhbmJhdXIuZGU+wsCCBBMBAgAsAhsj
 BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4ACGQEFAlwtWmgFCRK0IbcACgkQbt30GM2+URkj
 nwgAixhVoMxijCsh9jxxCUYBj7lC5HYhJmlAB+bZOfl1XI8xqMLw8YGECfu0VSe++FlaOAuc
 gArofqu79E2+wKxPaqW2lC94eKR1+kgkDOJyqckYj2Xmyi+vDfrOWjbyawIwiq5FUW2CB6zv
 nkTr68ZQ43mAVC1zz2tpAikn2Af4/OdHwUBzSAOpUt4rDbXDe93WW34XuyG2RDma6kE1Cr0u
 ilqvzKOz5SYp5ASmCyaA0wCzs7fjTy2KuMlOCSFRzwPJpzddr8rS9ZiTLdia/BZvShBEjOq4
 MZHWYv+RGK5RB4eDzw0KbPszXRJBUdXiZIcI0jqbC57Ht64ok3lXquXp987ATQRS3zosAQgA
 4KPXmGU1XE8CTRJ/4m/f8MTri3JfEvGJTerWwC2hBuXHGWrSBmmRNAdJHzNTvq5IoR9tQ6Cb
 Nrqxf6alr/v34Vr2bUg0s+jlK9TWOkVLAFoz6zytm/2BrRBIZ5So6Ymfc6efwsScsHOI++wi
 pzqELkpluqtXysb13RsBVLxBdp5TZCVPjCc9pLWjudfjEagQt2oJgtO2WndasrKvoZYkfRi6
 oSCK9B84YjNJoRF00LdK3n7K3SBvj4UPSl+ygzLVaD+3ZdIlbhX+bfn/Vp/10xdJ+/U8Fr7l
 7umrBKr17D8eO3mRYMGY9w1qc+pfNGOR76GIbPWj2tPVaBD9nmUaowARAQABwsBlBBgBAgAP
 AhsMBQJcLVqtBQkStCH9AAoJEG7d9BjNvlEZInkIAIcchwZxurIpwJJR8qMMXD+RSvj7mY55
 VIXOKUX0uAUTEoJTzFcqbdGkzcJB9y0NlUo9dv4chPT21M61y0bjJjhaDUshCLa1+YyFSSWp
 GBOKrLIsWusqC9zVwgf7TtjVmXt23jZwoDWjXoMlg9eQONMi5Z4u+lDOyPKD+lGJAcjJkQsI
 zL9hha3vuhmUclxgdALTJWzQBp+Y7u9QDub4uqf/TyuDpYASiP0winBRfTug+XjP5YZjU//P
 07H9WhiUCsHp6L9j3QzvrovVy2zz0j7JhyhW3e957vHz2skkSVv3QGtHMswcgK3XaQ9YdgWO
 ELHmBhevaIcJIxDvTBl3pYQ=
Message-ID: <68797907-6554-1e47-c80a-2d7bffc0a6a7@baur-itcs.de>
Date: Fri, 17 Apr 2020 20:33:14 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <CANVnVYJTBAXpuboCLDzXhPW_7AFVktSUtkuFzDxX2h-15xPTow@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:r1cFtwcByPVAbOWFxHWLbGDsOKG2M5IfYfTaC6y0ZNhMpll2OEs
 EmNivVOvKgqIn+qhu8qGCVrSaOGhY/QtaIMqP03c1s/Gt+7wOH+rOLKjN5BwySKp1eMuPBP
 VgcyINTbpWsZZI6DXJ4e2elvIlxwczRMoDIl/tPIRvljDqE3bN8PGI9RyQcpbCqT4air2+K
 8RmuVVyrA0f1MKGkL9PUg==
X-UI-Out-Filterresults: notjunk:1;V03:K0:xGEmmPth9Sk=:Dnzrat+msS2eOd4hG/Ddl9
 JMP/jFvKe4gWVbL8xcHiRiAkeqO+8Q06PCN0y3IOhg2PNRd3jQtulYt63bTr5hK/LkyPyBTFP
 EVXjB1m9adsgxCKKwsdKIghk/13ZhpP86udkZm3QpObQfyudnp/6k6qqBRCddBhZ61+NKpMSj
 T3FZMnerQEztg9T+glJZsE4fpiRMweKz3JyHDAzBZHiwrV00h5B1iLmWjGd+j/9Ni3oZgaSFD
 d+0RABYobICiFgAoZasfbxwh6KmyG5Q1vGy9mA6H/Z/8H/6aMSqoet2M/BcpiEqrN2gG6qADA
 9np/jaBcXKfKB3w7J9uLCmCs0L3cCxH+SfjLpyOxiY4SQXpqLANRz9j7TWq1ws3FOHzd/ehJi
 Sh8DyvE8qXG4w6SKtFm+hdfteIkHGwIhYvH71E3E69A3luHTQ71v1cA4nbBFRPJ5PRxzLPKS0
 qjIPadLjdnUYLav1rmEjbbXH8kM1pLD3dZ1xh6YSk1n9/AlDT1Uj9SeMOB2Eq7MHM4goUun3S
 i3DOEhkeBU2lZ2tN4b5kuiwqIdRpil8yh89DuZSUlj8IwKMjmb9nDIjkHjXUul1alSZOREslA
 kmwZF3WV1lG8+udTtXRPm3GM164hMw+xTxT71mNBzFDEux9YHefmasAP3dsradMSUlG0RZjR6
 l7Tms4+NzfGEtqsA/gClKYXWu3LNCvXEXkK2xgyPhTPOsqEe/1lq4/h+CLBUlCmaECQH6TZ6N
 Tbsn8S44YC/9Do0jZti41LQYZtpy76otcV9A3is0k0DmE2quw4BsNSwRzPF5VGs1pChRpZ/UB
 hKn/cm0f8bbw6VZUEenAjYzIXm1fQ4XG3WV1irhYJmCqShZCmLaTPG7EIoMecqGL2slNpjL
Uli,

let me make this clear, in case you missed the "severity: important" tag
I gave this bug:

Currently, all automated Debian installs for x2gobroker-ssh are failing
due to this faulty piece of code.

Even our own demo install scripts we have in the Wiki, for the newbies
that want to try out X2GoBroker without having to figure out how to
configure this hairy beast manually, are broken.

This is NOT GOOD.

At the same time, "when in doubt, dike it out" is not a feasible
approach, as this code has been put there for a reason - and we can
assume it was added after things broke while testing a manual install.

So if we remove it, we're likely to get another bug report tagged
"severity: important", just coming from the other direction, begging us
to add this code again.

That is why our only option right now is to deploy this patch into
stable ASAP, to make the code do what it is supposed to do - flush the
cache IF nscd is RUNNING, and ONLY THEN.

No one is claiming that this is a magic cure-all for every problem there
may be with nscd or sssd caching.

But it WILL fix an actual issue we have RIGHT NOW and which is blocking
users from deploying x2gobroker-ssh in an automated way.  AND it will
NOT make things WORSE for anyone else.

After the release, we can re-open this bug and downgrade its severity as
a reminder that this caching issue should be investigated further.
But we won't be under pressure to get something working again that
worked before like we are right now.

-Stefan

Am 17.04.20 um 20:02 schrieb Ulrich Sibiller:
> On Fri, Apr 17, 2020 at 4:50 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
>>
>> Am 17.04.20 um 16:24 schrieb Ulrich Sibiller:
>>> I think it is a totally wrong approach to fiddle with nscd. Creating a
>>> group using system tools should take of that already. If not it's a
>>> bug, I'd say.
>>
>> LOL.  nscd caching the wrong(TM) things at the wrong(TM) time is an
>> issue that's probably as old as Unix (or at least nscd) itself.  If you
>> take a look at the postinst script in question, you will see that it
>> does, in fact, use the system tools to add the group.  Still, it is
>> neccesary to flush the cache or things have a tendency to go wrong.
> 
> Well, if you go that route there are more things to take into account:
> - is nscd properly configured to cache groups at all?
> - is there a distro-tool available for configuring/flushing/handling nscd
> - are the multiple versions of nscd around? Which one to take?
> - probably more
> - what happens if a newer version of nscd is around that needs to be
> called otherwise
> - waht happens if the nscd binary is something completely different
> and just happens to have the same name?
> - same for ssd
> - same for ANY other caching mechanism you might not even know
> 
> All these things tend to break sooner or later. That's the reason why
> you should not do this in an installation script but report a bug
> instead. This must be fixed at distro level.
> 
> Are you aware of any installation postscripts other than x2go that
> handle nscd problems?
> 
>>> Besides: what about sssd that can also cache groups?
>>
>> That's a more interesting question, and we might have to add a check for
>> it as well.  But as of right now, sssd being installed in combination
>> with x2gobroker-ssh during a preseeded installation won't break anything.
> 
> I have seen the weirdest problems with sssd (and nscd as well). An I
> still have one bug open at redhat for more  than year which redhat has
> not fixed yet...
> 
> While you can work around such problems in local (site) scripts or as
> local administrator you should NOT include such workaround in release
> packages.
> 
> Uli
> 


-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Jan 20 10:35:53 2022; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.