Devuan bug report logs - #548
eudev: postinst fails when kvm group present

version graph

Package: eudev; Maintainer for eudev is Devuan Dev Team <devuan-dev@lists.dyne.org>; Source for eudev is src:eudev.

Reported by: Meeuwissen Olaf <Meeuwissen.Olaf@exc.epson.co.jp>

Date: Mon, 15 Feb 2021 01:18:01 UTC

Severity: normal

Found in version 3.2.9-8~beowulf1

Fixed in version 3.2.9-9

Done: dak@devuan.org

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.devuan.org
Subject: bug#548: eudev: postinst fails when kvm group present
Reply-To: Bob Proulx <bob@proulx.com>, 548@bugs.devuan.org
Resent-From: Bob Proulx <bob@proulx.com>
Resent-To: devuan-bugs@lists.dyne.org
Resent-CC: Devuan Dev Team <devuan-dev@lists.dyne.org>
X-Loop: owner@bugs.devuan.org
Resent-Date: Wed, 17 Feb 2021 22:18:01 +0000
Resent-Message-ID: <handler.548.B548.161359980212315@bugs.devuan.org>
Resent-Sender: owner@bugs.devuan.org
X-Devuan-PR-Message: followup 548
X-Devuan-PR-Package: eudev
X-Devuan-PR-Keywords: 
References: <161335070595.15755.13300177891033620677.reportbug@vostro> <161335070595.15755.13300177891033620677.reportbug@vostro>
Received: via spool by 548-submit@bugs.devuan.org id=B548.161359980212315
          (code B ref 548); Wed, 17 Feb 2021 22:18:01 +0000
Received: (at 548) by bugs.devuan.org; 17 Feb 2021 22:10:02 +0000
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Wed, 17 Feb 2021 22:10:02 +0000 (UTC)
Received: from havoc.proulx.com (havoc.proulx.com [96.88.95.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 47B8BF60DCE;
	Wed, 17 Feb 2021 23:05:45 +0100 (CET)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (2048-bit key; unprotected) header.d=proulx.com header.i=@proulx.com header.b="dmf8QANF";
	dkim-atps=neutral
Received: from joseki.proulx.com (localhost [127.0.0.1])
	by havoc.proulx.com (Postfix) with ESMTP id F2CE97CD;
	Wed, 17 Feb 2021 15:05:43 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proulx.com;
	s=dkim2048; t=1613599544;
	bh=463JNNOWTQJw/FM6UncFx0OcK00JptJsJg1poGX1wX0=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=dmf8QANFj3VybocqWhfID6higN9e1kYg4Ge3v+cz77njbKGpljqo1O2I9HxUmewZg
	 UfvVJAt7KxhW/8yWs6UBgOceuj1y/0R7xOErKMjgz6QeOJbQ+KVBHPZxbEX/kpgIcd
	 0j8hU+d4Qr/bFoiE1G7R77fcW5YfTEgVDLKOezdFmteKLA+i8LzfXKVyL2Uzcw5KTV
	 bBBx8A5r3gJnZHcBzV/5sLKjJ0gzWt9ygyYCRodBs37fJOaOiVmpamy1voaXE8/MYC
	 bZWUfs5noZPqJguCQ1n3B2hZlZBr2KGS3x2J90HwYjZZnrZNtZSgAbGCqqaoHGqkJz
	 L340qzhDfHghQ==
Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119])
	by joseki.proulx.com (Postfix) with ESMTP id C828B21152;
	Wed, 17 Feb 2021 15:05:43 -0700 (MST)
Received: by hysteria.proulx.com (Postfix, from userid 1000)
	id 8D10C2DC9D; Wed, 17 Feb 2021 15:05:43 -0700 (MST)
Date: Wed, 17 Feb 2021 15:05:43 -0700
From: Bob Proulx <bob@proulx.com>
To: 548@bugs.devuan.org, Meeuwissen Olaf <Meeuwissen.Olaf@exc.epson.co.jp>
Message-ID: <20210217145406339565590@bob.proulx.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <161335070595.15755.13300177891033620677.reportbug@vostro>
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org
severity 548 important
thanks


Meeuwissen Olaf wrote:
> I just upgraded a number of packages on a machine where I had
> manually added a `kvm` group.  This caused the postinst script
> to fail with
>
>   The group `kvm' already exists and is not a system group. Exiting.
>
> leaving `eudev` unconfigured.

I noticed this on Sunday and also investigated.  And then today
another user DeepDive on #devuan IRC reported the same problem.
Therefore I am raising the severity to important due to the effect
this has for many users.

> I don't know if the `kvm` *must* be a system group but things
> have been working fine for me with a non-system group.  As long as
> a non-system `kvm` group exists, configuring `eudev` will fail.
> This is easily confirmed with
>
>   $ sudo dpkg-reconfigure eudev
>   The group `kvm' already exists and is not a system group. Exiting.
>
> Changing the group to a system group fixes this behaviour.
>
> I worked around the issue by appending `|| true` in the postscript
> to the `adduser` command that tries to create the system group.
>
> If the `kvm` group does not have to be a system group, I would expect
> configuration to succeed if a non-system `kvm` group is present.

But the code used in the postinst is problematic.  The code is this.
(I know the web version does not show indentation.  Imagine the code
being indented.  Check the original files.)

    #!/bin/sh
    set -e
    ...
    case "$1" in
        configure)
        ...
        # Add new system group used by udev rules
        addgroup --quiet --system input

        # Make /dev/kvm accessible to kvm group
        addgroup --quiet --system kvm

        # Make /dev/dri/renderD* accessible to render group
        addgroup --quiet --system render

Those are unconditional additions.  Which means that if the addgroup
returns a non-zero exit code then due to the set -e the configure
fails and the package is left unconfigured.

It is true that the addgroup would return 0 (success) if it would not
need to do the action.  But if the user has already locally configured
an account user or group then that previously existing configuration
should be maintained.

Therefore group addition should not be unconditional.  It should be
conditional upon the group not already existing.  I present two
alternative examples from existing packages that handle this in two
different ways.

The first from postfix.  The "try it and see" method.

    cd ${CHROOT}
    # make sure that the postfix user exists.  Simplest portable way to check is to
    # chown something, so we'll create the directories that we need here.
    makedir private         root:root 700
    chgrp postfix private 2>/dev/null ||
        addgroup --system postfix
    chown postfix private 2>/dev/null ||
        adduser --system --home ${CHROOT} --no-create-home --disabled-password --ingroup postfix postfix

The second from libvirt-daemon-system.  The "check it and see" method.

    if ! getent group libvirt >/dev/null; then
        addgroup --quiet --system libvirt
    fi
    if ! getent group kvm >/dev/null; then
        addgroup --quiet --system kvm
    fi

Again for the web display please imagine the above having indentation.

And so either way seems good and acceptable.  I would probably do the
same thing libvirt-daemon-system is doing as that is simple enough.
Here is a suggested fix for this.

    # Add new system group used by udev rules
    if ! getent group input >/dev/null; then
        addgroup --quiet --system input
    fi

    # Make /dev/kvm accessible to kvm group
    if ! getent group kvm >/dev/null; then
        addgroup --quiet --system kvm
    fi

    # Make /dev/dri/renderD* accessible to render group
    if ! getent group render >/dev/null; then
        addgroup --quiet --system render
    fi

Thank you for maintaining eudev in Devuan! :-)

Bob

Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sun Nov 24 12:30:54 2024;