From unknown Fri Mar 29 12:52:29 2024 X-Loop: owner@bugs.devuan.org Subject: bug#550: Unconditional addgroup kvm trouble Reply-To: Bob Proulx , 550@bugs.devuan.org Resent-From: Bob Proulx Resent-To: devuan-bugs@lists.dyne.org Resent-CC: Devuan Dev Team X-Loop: owner@bugs.devuan.org Resent-Date: Wed, 17 Feb 2021 21:03:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.devuan.org X-Devuan-PR-Message: report 550 X-Devuan-PR-Package: eudev X-Devuan-PR-Keywords: Received: via spool by submit@bugs.devuan.org id=B.161359500311931 (code B); Wed, 17 Feb 2021 21:03:02 +0000 Received: (at submit) by bugs.devuan.org; 17 Feb 2021 20:50:03 +0000 Delivered-To: devuanbugs@dyne.org Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for (single-drop); Wed, 17 Feb 2021 20:50:03 +0000 (UTC) Received: from havoc.proulx.com (havoc.proulx.com [96.88.95.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 1CB07F60DDB for ; Wed, 17 Feb 2021 21:43:49 +0100 (CET) Authentication-Results: vm6.ganeti.dyne.org; dkim=pass (2048-bit key; unprotected) header.d=proulx.com header.i=@proulx.com header.b="RbFPyGqK"; dkim-atps=neutral Received: from joseki.proulx.com (localhost [127.0.0.1]) by havoc.proulx.com (Postfix) with ESMTP id D8133451 for ; Wed, 17 Feb 2021 13:43:45 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proulx.com; s=dkim2048; t=1613594625; bh=Ni8Qi6qCN+VHLPWyC/dDQcZwXMGzcEVHYgTWDspoGeU=; h=Date:From:To:Subject:From; b=RbFPyGqKIhRMN2LoxmnjDly3AB4wJYoE0BAR8Me9G64Rt1/44+F6nYeEWMhQHxRPd GjTStW56xqUsBx7l8+3AiXVctmM1436BZIR7KJhiAFiWLObZjK9VNLUCHGeGmXGqnd CGqQ8KzwGjDD4cP0ZsmngdIbHJx6puzPzbW97hsn1xkl3gB9woClOt8l86vLgpol/D eLmO/xPAmyN6NC+QyPliflKH3+JKkR7UTy8IwM2G+gFz39geqggarBi/WWdGel4CCZ CHeUoUKGLjcXtJ1KoRYiUeqzPK07m6imhQpfTat3MOhO9PIv7SAhd8mmWmKUhSuwkD QRsxvTqOlS/Ug== Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 9F3662115F for ; Wed, 17 Feb 2021 13:43:45 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 94DEC2DC9D; Wed, 17 Feb 2021 13:43:45 -0700 (MST) Date: Wed, 17 Feb 2021 13:43:45 -0700 From: Bob Proulx To: submit@bugs.devuan.org Message-ID: <20210217133248778816570@bob.proulx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org Package: eudev Version: 3.2.9-8~beowulf1 The recent eudev 3.2.9-8~beowulf1 arrive on my systems and I noticed that it configured two new groups "kvm" and "renderer". Which is okay. And I note that libvirt-daemon-system also creates "kvm". But the code used in the postinst is problematic. The code is this. #!/bin/sh set -e ... case "$1" in configure) ... # Add new system group used by udev rules addgroup --quiet --system input # Make /dev/kvm accessible to kvm group addgroup --quiet --system kvm # Make /dev/dri/renderD* accessible to render group addgroup --quiet --system render Those are unconditional additions. Which means that if the group already exists then there is an error. And due to the set -e this error prevents installation. Problem reported by user DeepDive on the #devuan IRC channel. The group addition should not be unconditional. It should be conditional upon the group not already existing. I present two alternative examples. The first from postfix. The "try it and see" method. cd ${CHROOT} # make sure that the postfix user exists. Simplest portable way to check is to # chown something, so we'll create the directories that we need here. makedir private root:root 700 chgrp postfix private 2>/dev/null || addgroup --system postfix chown postfix private 2>/dev/null || adduser --system --home ${CHROOT} --no-create-home --disabled-password --ingroup postfix postfix The second from libvirt-daemon-system. The "check it and see" method. if ! getent group libvirt >/dev/null; then addgroup --quiet --system libvirt fi if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm fi And so either way seems good and acceptable. I would probably do the same thing libvirt-daemon-system is doing as that is simple enough. Here is a suggested fix for this. # Add new system group used by udev rules if ! getent group input >/dev/null; then addgroup --quiet --system input fi # Make /dev/kvm accessible to kvm group if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm fi # Make /dev/dri/renderD* accessible to render group if ! getent group render >/dev/null; then addgroup --quiet --system render fi Thank you for maintaining eudev in Devuan! :-) Bob From unknown Fri Mar 29 12:52:29 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) X-Loop: owner@bugs.devuan.org From: "Devuan bug Tracking System" To: Bob Proulx Subject: bug#550 closed by Bob Proulx (Re: bug#550: Unconditional addgroup kvm trouble) Message-ID: References: <20210217145011741276571@bob.proulx.com> <20210217133248778816570@bob.proulx.com> X-Devuan-PR-Message: they-closed 550 X-Devuan-PR-Package: eudev Reply-To: 550@bugs.devuan.org Date: Wed, 17 Feb 2021 22:03:04 +0000 Content-Type: multipart/mixed; boundary="----------=_1613599384-12254-1" This is a multi-part message in MIME format... ------------=_1613599384-12254-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is an automatic notification regarding your bug report which was filed against the eudev package: #550: Unconditional addgroup kvm trouble It has been closed by Bob Proulx . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Bob Proulx by replying to this email. --=20 550: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D550 Devuan Bug Tracking System Contact owner@bugs.devuan.org with problems ------------=_1613599384-12254-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 550-done) by bugs.devuan.org; 17 Feb 2021 22:00:01 +0000 Return-Path: Delivered-To: devuanbugs@dyne.org Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for (single-drop); Wed, 17 Feb 2021 22:00:01 +0000 (UTC) Received: from havoc.proulx.com (havoc.proulx.com [96.88.95.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id C6AD9F60DD5 for <550-done@bugs.devuan.org>; Wed, 17 Feb 2021 22:53:22 +0100 (CET) Authentication-Results: vm6.ganeti.dyne.org; dkim=pass (2048-bit key; unprotected) header.d=proulx.com header.i=@proulx.com header.b="KAj5h4R6"; dkim-atps=neutral Received: from joseki.proulx.com (localhost [127.0.0.1]) by havoc.proulx.com (Postfix) with ESMTP id 3B79E86A for <550-done@bugs.devuan.org>; Wed, 17 Feb 2021 14:53:19 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proulx.com; s=dkim2048; t=1613598799; bh=Q3DkzyLBISumpU+nhKAL6nxrjw+gRmhqmH17A6lk/bI=; h=Date:From:To:Subject:References:In-Reply-To:From; b=KAj5h4R6KowjRTPGNaERZY0Bv2xxjx8B+IrWQGkxOmMKiVsyS4mYGrizp36tVLDkB QZQquGMf2lZrsIkjF3ak4keSYgzvkaHUYN3lRB75uu5BWVui/uE/ee1kFJZ7MW9yvO HwFzEr5SJoryUmzuMOm9pi3CnU25Bl3acJCnGFeSMjxIl/XG1A5KmgYwZZ/yA/gdVe IpxXS7Ggi5+7mJ35440NEo4Yn6aL3EwXKqX+kIrzqrrkVOKdC+J6X3+1nZD0ZNJSng tyQsxr9KZTt3kfYSj+Eo3qbfbY0/v5fvt8Tuo0z/zcGZ1VP5w1qgh2k8rJTRqI8SvH 6rKG9Gylz14Tw== Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 0C7F521169 for <550-done@bugs.devuan.org>; Wed, 17 Feb 2021 14:53:19 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id BBA2C2DC9D; Wed, 17 Feb 2021 14:53:18 -0700 (MST) Date: Wed, 17 Feb 2021 14:53:18 -0700 From: Bob Proulx To: 550-done@bugs.devuan.org Subject: Re: bug#550: Unconditional addgroup kvm trouble Message-ID: <20210217145011741276571@bob.proulx.com> References: <20210217133248778816570@bob.proulx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org I just now discovered Bug#548 https://bugs.devuan.org/548 which I did not originally see. I haven't ever really liked how the BTS handles merges. Therefore I am simply going to close my report now with this message and then add additional information to the original report. That's simplest all around for everyone. :-) Bob ------------=_1613599384-12254-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.devuan.org; 17 Feb 2021 20:50:03 +0000 Return-Path: Delivered-To: devuanbugs@dyne.org Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for (single-drop); Wed, 17 Feb 2021 20:50:03 +0000 (UTC) Received: from havoc.proulx.com (havoc.proulx.com [96.88.95.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 1CB07F60DDB for ; Wed, 17 Feb 2021 21:43:49 +0100 (CET) Authentication-Results: vm6.ganeti.dyne.org; dkim=pass (2048-bit key; unprotected) header.d=proulx.com header.i=@proulx.com header.b="RbFPyGqK"; dkim-atps=neutral Received: from joseki.proulx.com (localhost [127.0.0.1]) by havoc.proulx.com (Postfix) with ESMTP id D8133451 for ; Wed, 17 Feb 2021 13:43:45 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proulx.com; s=dkim2048; t=1613594625; bh=Ni8Qi6qCN+VHLPWyC/dDQcZwXMGzcEVHYgTWDspoGeU=; h=Date:From:To:Subject:From; b=RbFPyGqKIhRMN2LoxmnjDly3AB4wJYoE0BAR8Me9G64Rt1/44+F6nYeEWMhQHxRPd GjTStW56xqUsBx7l8+3AiXVctmM1436BZIR7KJhiAFiWLObZjK9VNLUCHGeGmXGqnd CGqQ8KzwGjDD4cP0ZsmngdIbHJx6puzPzbW97hsn1xkl3gB9woClOt8l86vLgpol/D eLmO/xPAmyN6NC+QyPliflKH3+JKkR7UTy8IwM2G+gFz39geqggarBi/WWdGel4CCZ CHeUoUKGLjcXtJ1KoRYiUeqzPK07m6imhQpfTat3MOhO9PIv7SAhd8mmWmKUhSuwkD QRsxvTqOlS/Ug== Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 9F3662115F for ; Wed, 17 Feb 2021 13:43:45 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 94DEC2DC9D; Wed, 17 Feb 2021 13:43:45 -0700 (MST) Date: Wed, 17 Feb 2021 13:43:45 -0700 From: Bob Proulx To: submit@bugs.devuan.org Subject: Unconditional addgroup kvm trouble Message-ID: <20210217133248778816570@bob.proulx.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org Package: eudev Version: 3.2.9-8~beowulf1 The recent eudev 3.2.9-8~beowulf1 arrive on my systems and I noticed that it configured two new groups "kvm" and "renderer". Which is okay. And I note that libvirt-daemon-system also creates "kvm". But the code used in the postinst is problematic. The code is this. #!/bin/sh set -e ... case "$1" in configure) ... # Add new system group used by udev rules addgroup --quiet --system input # Make /dev/kvm accessible to kvm group addgroup --quiet --system kvm # Make /dev/dri/renderD* accessible to render group addgroup --quiet --system render Those are unconditional additions. Which means that if the group already exists then there is an error. And due to the set -e this error prevents installation. Problem reported by user DeepDive on the #devuan IRC channel. The group addition should not be unconditional. It should be conditional upon the group not already existing. I present two alternative examples. The first from postfix. The "try it and see" method. cd ${CHROOT} # make sure that the postfix user exists. Simplest portable way to check is to # chown something, so we'll create the directories that we need here. makedir private root:root 700 chgrp postfix private 2>/dev/null || addgroup --system postfix chown postfix private 2>/dev/null || adduser --system --home ${CHROOT} --no-create-home --disabled-password --ingroup postfix postfix The second from libvirt-daemon-system. The "check it and see" method. if ! getent group libvirt >/dev/null; then addgroup --quiet --system libvirt fi if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm fi And so either way seems good and acceptable. I would probably do the same thing libvirt-daemon-system is doing as that is simple enough. Here is a suggested fix for this. # Add new system group used by udev rules if ! getent group input >/dev/null; then addgroup --quiet --system input fi # Make /dev/kvm accessible to kvm group if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm fi # Make /dev/dri/renderD* accessible to render group if ! getent group render >/dev/null; then addgroup --quiet --system render fi Thank you for maintaining eudev in Devuan! :-) Bob ------------=_1613599384-12254-1--