Devuan bug report logs - #550
Unconditional addgroup kvm trouble

version graph

Package: eudev; Maintainer for eudev is Devuan Dev Team <devuan-dev@lists.dyne.org>;

Reported by: Bob Proulx <bob@proulx.com>

Date: Wed, 17 Feb 2021 21:03:02 UTC

Severity: normal

Found in version 3.2.9-8~beowulf1

Done: Bob Proulx <bob@proulx.com>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to devuan-bugs@lists.dyne.org, Devuan Dev Team <devuan-dev@lists.dyne.org>:
bug#550; Package eudev. (Wed, 17 Feb 2021 21:03:02 GMT) (full text, mbox, link).


Acknowledgement sent to Bob Proulx <bob@proulx.com>:
New bug report received and forwarded. Copy sent to Devuan Dev Team <devuan-dev@lists.dyne.org>. (Wed, 17 Feb 2021 21:03:05 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):

From: Bob Proulx <bob@proulx.com>
To: submit@bugs.devuan.org
Subject: Unconditional addgroup kvm trouble
Date: Wed, 17 Feb 2021 13:43:45 -0700
Package: eudev
Version: 3.2.9-8~beowulf1

The recent eudev 3.2.9-8~beowulf1 arrive on my systems and I noticed
that it configured two new groups "kvm" and "renderer".  Which is
okay.  And I note that libvirt-daemon-system also creates "kvm".

But the code used in the postinst is problematic.  The code is this.

    #!/bin/sh
    set -e
    ...
    case "$1" in
        configure)
        ...
        # Add new system group used by udev rules
        addgroup --quiet --system input

        # Make /dev/kvm accessible to kvm group
        addgroup --quiet --system kvm

        # Make /dev/dri/renderD* accessible to render group
        addgroup --quiet --system render

Those are unconditional additions.  Which means that if the group
already exists then there is an error.  And due to the set -e this
error prevents installation.  Problem reported by user DeepDive on
the #devuan IRC channel.

The group addition should not be unconditional.  It should be
conditional upon the group not already existing.  I present two
alternative examples.

The first from postfix.  The "try it and see" method.

    cd ${CHROOT}
    # make sure that the postfix user exists.  Simplest portable way to check is to
    # chown something, so we'll create the directories that we need here.
    makedir private         root:root 700
    chgrp postfix private 2>/dev/null ||
        addgroup --system postfix
    chown postfix private 2>/dev/null ||
        adduser --system --home ${CHROOT} --no-create-home --disabled-password --ingroup postfix postfix

The second from libvirt-daemon-system.  The "check it and see" method.

    if ! getent group libvirt >/dev/null; then
        addgroup --quiet --system libvirt
    fi
    if ! getent group kvm >/dev/null; then
        addgroup --quiet --system kvm
    fi

And so either way seems good and acceptable.  I would probably do the
same thing libvirt-daemon-system is doing as that is simple enough.
Here is a suggested fix for this.

    # Add new system group used by udev rules
    if ! getent group input >/dev/null; then
        addgroup --quiet --system input
    fi

    # Make /dev/kvm accessible to kvm group
    if ! getent group kvm >/dev/null; then
        addgroup --quiet --system kvm
    fi

    # Make /dev/dri/renderD* accessible to render group
    if ! getent group render >/dev/null; then
        addgroup --quiet --system render
    fi

Thank you for maintaining eudev in Devuan! :-)

Bob

Reply sent to Bob Proulx <bob@proulx.com>:
You have taken responsibility. (Wed, 17 Feb 2021 22:03:01 GMT) (full text, mbox, link).


Notification sent to Bob Proulx <bob@proulx.com>:
bug acknowledged by developer. (Wed, 17 Feb 2021 22:03:04 GMT) (full text, mbox, link).


Message #10 received at 550-done@bugs.devuan.org (full text, mbox, reply):

From: Bob Proulx <bob@proulx.com>
To: 550-done@bugs.devuan.org
Subject: Re: bug#550: Unconditional addgroup kvm trouble
Date: Wed, 17 Feb 2021 14:53:18 -0700
I just now discovered Bug#548 https://bugs.devuan.org/548 which I did
not originally see.  I haven't ever really liked how the BTS handles
merges.  Therefore I am simply going to close my report now with this
message and then add additional information to the original report.
That's simplest all around for everyone. :-)

Bob

Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sat Sep 18 13:54:54 2021;