From unknown Fri Mar 29 00:39:56 2024 X-Loop: owner@bugs.devuan.org Subject: bug#548: eudev: postinst fails when kvm group present Reply-To: Bob Proulx , 548@bugs.devuan.org Resent-From: Bob Proulx Resent-To: devuan-bugs@lists.dyne.org Resent-CC: Devuan Dev Team X-Loop: owner@bugs.devuan.org Resent-Date: Wed, 17 Feb 2021 22:18:12 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.devuan.org X-Devuan-PR-Message: followup 548 X-Devuan-PR-Package: eudev X-Devuan-PR-Keywords: References: <161335070595.15755.13300177891033620677.reportbug@vostro> <161335070595.15755.13300177891033620677.reportbug@vostro> Received: via spool by 548-submit@bugs.devuan.org id=B548.161359980212319 (code B ref 548); Wed, 17 Feb 2021 22:18:12 +0000 Received: (at 548) by bugs.devuan.org; 17 Feb 2021 22:10:02 +0000 Delivered-To: devuanbugs@dyne.org Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for (single-drop); Wed, 17 Feb 2021 22:10:02 +0000 (UTC) Received: from havoc.proulx.com (havoc.proulx.com [96.88.95.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 47B8BF60DCE; Wed, 17 Feb 2021 23:05:45 +0100 (CET) Authentication-Results: vm6.ganeti.dyne.org; dkim=pass (2048-bit key; unprotected) header.d=proulx.com header.i=@proulx.com header.b="dmf8QANF"; dkim-atps=neutral Received: from joseki.proulx.com (localhost [127.0.0.1]) by havoc.proulx.com (Postfix) with ESMTP id F2CE97CD; Wed, 17 Feb 2021 15:05:43 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proulx.com; s=dkim2048; t=1613599544; bh=463JNNOWTQJw/FM6UncFx0OcK00JptJsJg1poGX1wX0=; h=Date:From:To:Subject:References:In-Reply-To:From; b=dmf8QANFj3VybocqWhfID6higN9e1kYg4Ge3v+cz77njbKGpljqo1O2I9HxUmewZg UfvVJAt7KxhW/8yWs6UBgOceuj1y/0R7xOErKMjgz6QeOJbQ+KVBHPZxbEX/kpgIcd 0j8hU+d4Qr/bFoiE1G7R77fcW5YfTEgVDLKOezdFmteKLA+i8LzfXKVyL2Uzcw5KTV bBBx8A5r3gJnZHcBzV/5sLKjJ0gzWt9ygyYCRodBs37fJOaOiVmpamy1voaXE8/MYC bZWUfs5noZPqJguCQ1n3B2hZlZBr2KGS3x2J90HwYjZZnrZNtZSgAbGCqqaoHGqkJz L340qzhDfHghQ== Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id C828B21152; Wed, 17 Feb 2021 15:05:43 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 8D10C2DC9D; Wed, 17 Feb 2021 15:05:43 -0700 (MST) Date: Wed, 17 Feb 2021 15:05:43 -0700 From: Bob Proulx To: 548@bugs.devuan.org, Meeuwissen Olaf Message-ID: <20210217145406339565590@bob.proulx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <161335070595.15755.13300177891033620677.reportbug@vostro> X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org severity 548 important thanks Meeuwissen Olaf wrote: > I just upgraded a number of packages on a machine where I had > manually added a `kvm` group. This caused the postinst script > to fail with > > The group `kvm' already exists and is not a system group. Exiting. > > leaving `eudev` unconfigured. I noticed this on Sunday and also investigated. And then today another user DeepDive on #devuan IRC reported the same problem. Therefore I am raising the severity to important due to the effect this has for many users. > I don't know if the `kvm` *must* be a system group but things > have been working fine for me with a non-system group. As long as > a non-system `kvm` group exists, configuring `eudev` will fail. > This is easily confirmed with > > $ sudo dpkg-reconfigure eudev > The group `kvm' already exists and is not a system group. Exiting. > > Changing the group to a system group fixes this behaviour. > > I worked around the issue by appending `|| true` in the postscript > to the `adduser` command that tries to create the system group. > > If the `kvm` group does not have to be a system group, I would expect > configuration to succeed if a non-system `kvm` group is present. But the code used in the postinst is problematic. The code is this. (I know the web version does not show indentation. Imagine the code being indented. Check the original files.) #!/bin/sh set -e ... case "$1" in configure) ... # Add new system group used by udev rules addgroup --quiet --system input # Make /dev/kvm accessible to kvm group addgroup --quiet --system kvm # Make /dev/dri/renderD* accessible to render group addgroup --quiet --system render Those are unconditional additions. Which means that if the addgroup returns a non-zero exit code then due to the set -e the configure fails and the package is left unconfigured. It is true that the addgroup would return 0 (success) if it would not need to do the action. But if the user has already locally configured an account user or group then that previously existing configuration should be maintained. Therefore group addition should not be unconditional. It should be conditional upon the group not already existing. I present two alternative examples from existing packages that handle this in two different ways. The first from postfix. The "try it and see" method. cd ${CHROOT} # make sure that the postfix user exists. Simplest portable way to check is to # chown something, so we'll create the directories that we need here. makedir private root:root 700 chgrp postfix private 2>/dev/null || addgroup --system postfix chown postfix private 2>/dev/null || adduser --system --home ${CHROOT} --no-create-home --disabled-password --ingroup postfix postfix The second from libvirt-daemon-system. The "check it and see" method. if ! getent group libvirt >/dev/null; then addgroup --quiet --system libvirt fi if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm fi Again for the web display please imagine the above having indentation. And so either way seems good and acceptable. I would probably do the same thing libvirt-daemon-system is doing as that is simple enough. Here is a suggested fix for this. # Add new system group used by udev rules if ! getent group input >/dev/null; then addgroup --quiet --system input fi # Make /dev/kvm accessible to kvm group if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm fi # Make /dev/dri/renderD* accessible to render group if ! getent group render >/dev/null; then addgroup --quiet --system render fi Thank you for maintaining eudev in Devuan! :-) Bob