Devuan bug report logs - #550
Unconditional addgroup kvm trouble

Package: eudev; Reported by: Bob Proulx <bob@proulx.com>; Done: Bob Proulx <bob@proulx.com>; Maintainer for eudev is Devuan Dev Team <devuan-dev@lists.dyne.org>.

Message received at 550-done@bugs.devuan.org:


Received: (at 550-done) by bugs.devuan.org; 17 Feb 2021 22:00:01 +0000
Return-Path: <bob@proulx.com>
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Wed, 17 Feb 2021 22:00:01 +0000 (UTC)
Received: from havoc.proulx.com (havoc.proulx.com [96.88.95.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id C6AD9F60DD5
	for <550-done@bugs.devuan.org>; Wed, 17 Feb 2021 22:53:22 +0100 (CET)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (2048-bit key; unprotected) header.d=proulx.com header.i=@proulx.com header.b="KAj5h4R6";
	dkim-atps=neutral
Received: from joseki.proulx.com (localhost [127.0.0.1])
	by havoc.proulx.com (Postfix) with ESMTP id 3B79E86A
	for <550-done@bugs.devuan.org>; Wed, 17 Feb 2021 14:53:19 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proulx.com;
	s=dkim2048; t=1613598799;
	bh=Q3DkzyLBISumpU+nhKAL6nxrjw+gRmhqmH17A6lk/bI=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=KAj5h4R6KowjRTPGNaERZY0Bv2xxjx8B+IrWQGkxOmMKiVsyS4mYGrizp36tVLDkB
	 QZQquGMf2lZrsIkjF3ak4keSYgzvkaHUYN3lRB75uu5BWVui/uE/ee1kFJZ7MW9yvO
	 HwFzEr5SJoryUmzuMOm9pi3CnU25Bl3acJCnGFeSMjxIl/XG1A5KmgYwZZ/yA/gdVe
	 IpxXS7Ggi5+7mJ35440NEo4Yn6aL3EwXKqX+kIrzqrrkVOKdC+J6X3+1nZD0ZNJSng
	 tyQsxr9KZTt3kfYSj+Eo3qbfbY0/v5fvt8Tuo0z/zcGZ1VP5w1qgh2k8rJTRqI8SvH
	 6rKG9Gylz14Tw==
Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119])
	by joseki.proulx.com (Postfix) with ESMTP id 0C7F521169
	for <550-done@bugs.devuan.org>; Wed, 17 Feb 2021 14:53:19 -0700 (MST)
Received: by hysteria.proulx.com (Postfix, from userid 1000)
	id BBA2C2DC9D; Wed, 17 Feb 2021 14:53:18 -0700 (MST)
Date: Wed, 17 Feb 2021 14:53:18 -0700
From: Bob Proulx <bob@proulx.com>
To: 550-done@bugs.devuan.org
Subject: Re: bug#550: Unconditional addgroup kvm trouble
Message-ID: <20210217145011741276571@bob.proulx.com>
References: <20210217133248778816570@bob.proulx.com>
 <handler.550.B.161359500311931.ack@bugs.devuan.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <handler.550.B.161359500311931.ack@bugs.devuan.org>
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

I just now discovered Bug#548 https://bugs.devuan.org/548 which I did
not originally see.  I haven't ever really liked how the BTS handles
merges.  Therefore I am simply going to close my report now with this
message and then add additional information to the original report.
That's simplest all around for everyone. :-)

Bob

Notification sent to Bob Proulx <bob@proulx.com>:
bug acknowledged by developer. Full text available.
Reply sent to Bob Proulx <bob@proulx.com>:
You have taken responsibility. Full text available.

Message received at submit@bugs.devuan.org:


Received: (at submit) by bugs.devuan.org; 17 Feb 2021 20:50:03 +0000
Return-Path: <bob@proulx.com>
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Wed, 17 Feb 2021 20:50:03 +0000 (UTC)
Received: from havoc.proulx.com (havoc.proulx.com [96.88.95.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 1CB07F60DDB
	for <submit@bugs.devuan.org>; Wed, 17 Feb 2021 21:43:49 +0100 (CET)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (2048-bit key; unprotected) header.d=proulx.com header.i=@proulx.com header.b="RbFPyGqK";
	dkim-atps=neutral
Received: from joseki.proulx.com (localhost [127.0.0.1])
	by havoc.proulx.com (Postfix) with ESMTP id D8133451
	for <submit@bugs.devuan.org>; Wed, 17 Feb 2021 13:43:45 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proulx.com;
	s=dkim2048; t=1613594625;
	bh=Ni8Qi6qCN+VHLPWyC/dDQcZwXMGzcEVHYgTWDspoGeU=;
	h=Date:From:To:Subject:From;
	b=RbFPyGqKIhRMN2LoxmnjDly3AB4wJYoE0BAR8Me9G64Rt1/44+F6nYeEWMhQHxRPd
	 GjTStW56xqUsBx7l8+3AiXVctmM1436BZIR7KJhiAFiWLObZjK9VNLUCHGeGmXGqnd
	 CGqQ8KzwGjDD4cP0ZsmngdIbHJx6puzPzbW97hsn1xkl3gB9woClOt8l86vLgpol/D
	 eLmO/xPAmyN6NC+QyPliflKH3+JKkR7UTy8IwM2G+gFz39geqggarBi/WWdGel4CCZ
	 CHeUoUKGLjcXtJ1KoRYiUeqzPK07m6imhQpfTat3MOhO9PIv7SAhd8mmWmKUhSuwkD
	 QRsxvTqOlS/Ug==
Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119])
	by joseki.proulx.com (Postfix) with ESMTP id 9F3662115F
	for <submit@bugs.devuan.org>; Wed, 17 Feb 2021 13:43:45 -0700 (MST)
Received: by hysteria.proulx.com (Postfix, from userid 1000)
	id 94DEC2DC9D; Wed, 17 Feb 2021 13:43:45 -0700 (MST)
Date: Wed, 17 Feb 2021 13:43:45 -0700
From: Bob Proulx <bob@proulx.com>
To: submit@bugs.devuan.org
Subject: Unconditional addgroup kvm trouble
Message-ID: <20210217133248778816570@bob.proulx.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

Package: eudev
Version: 3.2.9-8~beowulf1

The recent eudev 3.2.9-8~beowulf1 arrive on my systems and I noticed
that it configured two new groups "kvm" and "renderer".  Which is
okay.  And I note that libvirt-daemon-system also creates "kvm".

But the code used in the postinst is problematic.  The code is this.

    #!/bin/sh
    set -e
    ...
    case "$1" in
        configure)
        ...
        # Add new system group used by udev rules
        addgroup --quiet --system input

        # Make /dev/kvm accessible to kvm group
        addgroup --quiet --system kvm

        # Make /dev/dri/renderD* accessible to render group
        addgroup --quiet --system render

Those are unconditional additions.  Which means that if the group
already exists then there is an error.  And due to the set -e this
error prevents installation.  Problem reported by user DeepDive on
the #devuan IRC channel.

The group addition should not be unconditional.  It should be
conditional upon the group not already existing.  I present two
alternative examples.

The first from postfix.  The "try it and see" method.

    cd ${CHROOT}
    # make sure that the postfix user exists.  Simplest portable way to check is to
    # chown something, so we'll create the directories that we need here.
    makedir private         root:root 700
    chgrp postfix private 2>/dev/null ||
        addgroup --system postfix
    chown postfix private 2>/dev/null ||
        adduser --system --home ${CHROOT} --no-create-home --disabled-password --ingroup postfix postfix

The second from libvirt-daemon-system.  The "check it and see" method.

    if ! getent group libvirt >/dev/null; then
        addgroup --quiet --system libvirt
    fi
    if ! getent group kvm >/dev/null; then
        addgroup --quiet --system kvm
    fi

And so either way seems good and acceptable.  I would probably do the
same thing libvirt-daemon-system is doing as that is simple enough.
Here is a suggested fix for this.

    # Add new system group used by udev rules
    if ! getent group input >/dev/null; then
        addgroup --quiet --system input
    fi

    # Make /dev/kvm accessible to kvm group
    if ! getent group kvm >/dev/null; then
        addgroup --quiet --system kvm
    fi

    # Make /dev/dri/renderD* accessible to render group
    if ! getent group render >/dev/null; then
        addgroup --quiet --system render
    fi

Thank you for maintaining eudev in Devuan! :-)

Bob

Acknowledgement sent to Bob Proulx <bob@proulx.com>:
New bug report received and forwarded. Copy sent to Devuan Dev Team <devuan-dev@lists.dyne.org>. Full text available.
Report forwarded to devuan-bugs@lists.dyne.org, Devuan Dev Team <devuan-dev@lists.dyne.org>:
bug#550; Package eudev. Full text available.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Fri, 21 Jan 2022 10:39:01 UTC