X2Go Bug report logs - #1458
unattended Debian installations (using preseed) fail when x2gobroker-ssh is involved

version graph

Package: x2gobroker-ssh; Maintainer for x2gobroker-ssh is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2gobroker-ssh is src:x2gobroker.

Reported by: Stefan Baur <X2Go-ML-1@baur-itcs.de>

Date: Fri, 17 Apr 2020 14:10:54 UTC

Severity: normal

Tags: pending

Fixed in version

Full log

đź”— View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1458: [X2Go-Dev] Bug#1458: Bug#1458: Bug#1458: Bug#1458: unattended Debian installations (using preseed) fail when x2gobroker-ssh is involved
Reply-To: 1458@bugs.x2go.org, 1458@bugs.x2go.org
Resent-From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Sun, 19 Apr 2020 18:25:02 +0000
Resent-Message-ID: <handler.1458.B1458.158732047021868@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1458
X-X2Go-PR-Package: x2gobroker-ssh
References: <CANVnVYJuGhHgK0o2RNZ15-V80faqGY1ngcWaH+6oM4LJGW-5mg@mail.gmail.com> <ae83255d-c9ca-fab9-d0f1-cd3325e720f2@baur-itcs.de> <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de> <CANVnVYJTBAXpuboCLDzXhPW_7AFVktSUtkuFzDxX2h-15xPTow@mail.gmail.com> <68797907-6554-1e47-c80a-2d7bffc0a6a7@baur-itcs.de> <CANVnVYJ4S_rCX3a43aWzW3FK4CvfW-k=fcFCFOOjRekHYWvG0Q@mail.gmail.com> <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de> <940c310b-3b83-fc1e-1066-431fbbd2d29f@baur-itcs.de> <09a01d9f-1db4-ad20-e0f5-d08889ab89f6@baur-itcs.de>
Received: via spool by 1458-submit@bugs.x2go.org id=B1458.158732047021868
          (code B ref 1458); Sun, 19 Apr 2020 18:25:02 +0000
Received: (at 1458) by bugs.x2go.org; 19 Apr 2020 18:21:10 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
X-Spam-Status: No, score=-2.7 required=3.0 tests=BAYES_00,RCVD_IN_MSPIKE_H2,
	SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no
Received: from mout.kundenserver.de (mout.kundenserver.de [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id A6F305DAE5
	for <1458@bugs.x2go.org>; Sun, 19 Apr 2020 20:20:53 +0200 (CEST)
Received: from [] ([]) by mrelayeu.kundenserver.de
 (mreue012 []) with ESMTPSA (Nemesis) id
 1MDN3O-1jYVla3mAI-00ASg2; Sun, 19 Apr 2020 20:20:53 +0200
From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
To: 1458@bugs.x2go.org, Ulrich Sibiller <uli42@gmx.de>, 1458@bugs.x2go.org
Autocrypt: addr=X2Go-ML-1@baur-itcs.de; prefer-encrypt=mutual; keydata=
Message-ID: <ff95d5ae-5917-b7d0-eaf8-0205ea5cc787@baur-itcs.de>
Date: Sun, 19 Apr 2020 20:20:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
MIME-Version: 1.0
In-Reply-To: <940c310b-3b83-fc1e-1066-431fbbd2d29f@baur-itcs.de>
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:L30fbHoKHD8lx5D5bBnN2WCFDs8Bj2ZFsSdlnliwm36SCFn7njU
X-UI-Out-Filterresults: notjunk:1;V03:K0:Jqez13M4jYY=:vJCZFs3K9x5UX601/orCxM
For the record,

Uli has contacted me off-list and indicated this is a course of action
he can live with.

In the meantime, I decided to dig through X2Go's git repo.

This is the commit that introduced the faulty nscd cache flushing code
in x2goserver-ssh:


author	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	
	Wed, 1 Apr 2015 03:50:45 +0000 (05:50 +0200)
committer	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	
	Wed, 1 Apr 2015 03:50:45 +0000 (05:50 +0200)
commit	9e44861e4a29897228cb70a95d6853dbe85779b0
tree	9bba4aeb6d2ffa2ac5bfe47a63e2f20fbb4c6a2a
parent	2cd0cdc8b73967b87d53c615a5952a83309ba63f

The previous commit that touched this file is:

author	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	
	Thu, 11 Sep 2014 23:29:14 +0000 (01:29 +0200)
committer	Mike Gabriel <mike.gabriel@das-netzwerkteam.de>	
	Thu, 11 Sep 2014 23:29:37 +0000 (01:29 +0200)
commit	67d9cfd0ba235c919af84aa9b0d647d0e8a47968
tree	88ed368b14cb2e440f7eebedec9a342257317ff3
parent	806224f2caab8db9c7accb7fa4c5e587d34cd5ca

So some time between September 11, 2014, and April 1, 2015, Mike#1
noticed that groupadd did not behave as expected, and added this code.
Which means Wheezy (7) and Jessie (8) are the most likely candidates
where the issue might have cropped up, as there's a good chance Mike#1
was using testing instead of stable, being so close to the official
release (which happened on April 25./26., 2015).  Squeeze (6) was
already out of support by September 11, 2014, which means it's unlikely
that whatever happened, happened on Squeeze.

Anyone curious enough to go through the groupadd source code for the
binaries that shipped in these two Debian releases in said time frame?


Am 19.04.20 um 15:30 schrieb Stefan Baur:
> Am 17.04.20 um 21:59 schrieb Ulrich Sibiller:
>> On Fri, Apr 17, 2020 at 8:36 PM Stefan Baur <X2Go-ML-1@baur-itcs.de> wrote:
>>> Currently, all automated Debian installs for x2gobroker-ssh are failing
>>> due to this faulty piece of code.
>> So, let's make this clear: Code, which should not be there at all ist
>> now breaking installation. That's exactly my point... It should not be
>> there.
> Code that has been put there to solve an actual issue, but which has a
> flaw in its detection routine as to when it should trigger.
>> I have just checked on my Debian 10. Here's a snipped from /usr/sbin/groupadd:
>> ...
>>     printf (gtx("Adding group `%s' (GID %d)
>> ...\n"),$new_name,$new_gid) if $verbose;
>>     &invalidate_nscd("group");
>>     my $groupadd = &which('groupadd');
>>     &systemcall($groupadd, '-g', $new_gid, $new_name);
>>     &invalidate_nscd("group");
>>     print (gtx("Done.\n")) if $verbose;
>> ...
>> So this is where this kind of code belongs to. Debian has everything in place.
> And it seems to be broken, or this code in the postinst script wouldn't
> be needed.  Or maybe it was only added to groupadd after the code in the
> postinst file had already been written.  It would be interesting to know
> when those "invalidate_nscd" calls were added.  Maybe an older Debian
> version is still affected by this, while Buster is safe?
>> So I agree that this should be fixed asap in x2gobroker-ssh, but it
>> should be fixed by removing the nscd code altogether.
>>> So if we remove it, we're likely to get another bug report tagged
>>> "severity: important", just coming from the other direction, begging us
>>> to add this code again.
>> No, those people begging for it can be instructed to check their
>> distro. And to run the flush manually. Or even to simply reboot.
> The proper way to handle this, IMO, is a two-step process.
> 1. Apply my patch ASAP and release a fixed package, to un-break
>    current preseeded installations.
> 2. Turn the blind execution if the condition is triggered into an
>    interactive, preseedable question, and check for sssd as well.
>    This is what Debian does e.g. when updating libc - you get a popup
>    asking you if it is okay to restart affected services, or if you
>    would like to do it manually at a later date.
>    So in addition to
> x2gobroker-ssh x2gobroker-ssh/group-x2gobroker-users string x2gobroker-users
> x2gobroker-ssh x2gobroker-ssh/group-does-not-exist note
> x2gobroker-ssh x2gobroker-ssh/use-existing-group boolean true|false
> x2gobroker-ssh x2gobroker-ssh/create-group boolean true|false
> x2gobroker-ssh x2gobroker-ssh/manual-setup-required boolean true|false
> x2gobroker-ssh x2gobroker-ssh/del-last-group-x2gobroker-users boolean
> true|false
> x2gobroker-ssh x2gobroker-ssh/last-group-x2gobroker-users string
> x2gobroker-users
>    we'd have new preseedable entries like
> x2gobroker-ssh x2gobroker-ssh/flush-nscd-groups boolean true|false
> x2gobroker-ssh x2gobroker-ssh/flush-sssd-groups boolean true|false
>   Whoever tries to run an unattended installation using preseeds can
>   then choose whichever option suits them best.
>   And if you're worried that the attempt to flush the cache has a
>   negative impact, even with the triggering condition fixed, we can make
>   those options default to "false" and add a notice like "this should
>   not be neccessary unless your groupadd implementation is faulty" in
>   the popup message.
> -Stefan

BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Jan 20 12:07:57 2022; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.