[OE-core] Regression bug: dbus messagebus user generation is wrong

Martin Jansa martin.jansa at gmail.com
Thu Dec 22 13:17:53 UTC 2011 

On Thu, Dec 22, 2011 at 10:10:41AM +0100, Martin Jansa wrote:
> On Thu, Dec 22, 2011 at 09:49:01AM +0100, Bernhard Guillon wrote:
> > Hi all,
> > we switched the way we chown /usr/libexec/dbus-daemon-launch-helper
> > with this commit:
> > 
> > commit 46e6c3fa8034b12d178d605f3f5d7efe69671a13
> > Author: Otavio Salvador <otavio at ossystems.com.br>
> > Date:   Fri Oct 21 02:49:51 2011 +0000
> > 
> >      dbus: use useradd class to allow use in read-only filesystems
> > 
> >      Move creation of required user/groups to useradd class thus allowing
> >      use with read-only filesystems and booting the initial boot.
> > 
> >      Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
> > 
> > 
> > We changed the owner ship of the user on the device before this commit. 
> > Now we change the owner ship on build time which is wrong. If we change 
> > the owner ship on buildtime we cannot know the gid of the messagebus 
> > group. On my system it is e.g 117 but on my targtet it is 997. There is no 
> > standard mapping for gid to names so we need to switch back to change the 
> > group on the device.
> 
> See http://bugzilla.pokylinux.org/show_bug.cgi?id=1711
> but it's still broken in some cases (on my buildhost 3 from 5 machines
> are broken, 2 are working after last opkg changes).
> 
> Good test is to enable testlab and run this in your deploy/images directory
> find . ! -type l -name \*tar.gz`; do 
>   echo $i; 
>   tar -tvf $i | grep dbus-daemon-launch; 
>   tar --numeric-owner -tvf $i | grep dbus-daemon-launch; 
>   tar xzvpf $i ./etc/group; 
>   grep messagebus ./etc/group; 
> done | tee -a image.test

./om-gta02/shr-image-om-gta02-20111221231021.rootfs.tar.gz
-rwsr-xr-- root/messagebus  142604 2011-12-19 14:11 ./usr/libexec/dbus-daemon-launch-helper
-rwsr-xr-- 0/997        142604 2011-12-19 14:11 ./usr/libexec/dbus-daemon-launch-helper
./etc/group
messagebus:x:997:
./qemux86-64/shr-image-qemux86-64-20111222003421.rootfs.tar.gz
-rwsr-xr-- root/messagebus  250448 2011-12-19 15:10 ./usr/libexec/dbus-daemon-launch-helper
-rwsr-xr-- 0/997        250448 2011-12-19 15:10 ./usr/libexec/dbus-daemon-launch-helper
./etc/group
messagebus:x:997:
./spitz/shr-image-spitz-20111222011259.rootfs.tar.gz
-rwsr-xr-- root/997     138408 2011-12-21 07:47 ./usr/libexec/dbus-daemon-launch-helper
-rwsr-xr-- 0/997        138408 2011-12-21 07:47 ./usr/libexec/dbus-daemon-launch-helper
./etc/group
./nokia900/shr-image-nokia900-20111221234558.rootfs.tar.gz
-rwsr-xr-- root/sshd    187568 2011-12-19 14:35 ./usr/libexec/dbus-daemon-launch-helper
-rwsr-xr-- 0/998        187568 2011-12-19 14:35 ./usr/libexec/dbus-daemon-launch-helper
./etc/group

This is output from that on my buildhost (qemuarm which was also broken is gone, removed when
testing to rebuild spitz - also armv5te from scratch).

So spitz and nokia900 are wrong, qemux86 and om-gta02 working.

When trying to find what's different in spitz and nokia900 I've tried:
OE @ ~/shr-core $ grep messagebus tmp-eglibc/sysroots/*/usr/share/base-passwd/group.master
OE @ ~/shr-core $ grep messagebus tmp-eglibc/sysroots/*/etc/group
tmp-eglibc/sysroots/nokia900/etc/group:messagebus:x:998:
tmp-eglibc/sysroots/om-gta02/etc/group:messagebus:x:998:
tmp-eglibc/sysroots/qemux86-64/etc/group:messagebus:x:998:
tmp-eglibc/sysroots/spitz/etc/group:messagebus:x:997:

OE @ ~/shr-core $ grep messagebus tmp-eglibc/sysroots/*/etc/passwd
tmp-eglibc/sysroots/nokia900/etc/passwd:messagebus:!:999:998::/var/lib/dbus:/bin/false
tmp-eglibc/sysroots/om-gta02/etc/passwd:messagebus:!:999:998::/var/lib/dbus:/bin/false
tmp-eglibc/sysroots/qemux86-64/etc/passwd:messagebus:!:999:998::/var/lib/dbus:/bin/false
tmp-eglibc/sysroots/spitz/etc/passwd:messagebus:!:998:997::/var/lib/dbus:/bin/false

Sofar looks the same, but from log.do_rootfs files it looks
like base-passwd is not installed soon enough on spitz and nokia900.

Not sure why nscd is so picky or why base-passwd isn't installed soon enough in some cases,
but I'll try to debug more and provide more info (as I have done before).

I've tried to -c cleansstate base-passwd dbus dbus-native to fix
or break any machine, but it doesn't change it (broken are broken again
after rebuild and correct also stay correct).

/********* logs *************/
Checking ERRORs in log.do_rootfs files
============== correct om-gta02:
Installing base-passwd (3.5.22-r9) to root...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/armv4t/base-passwd_3.5.22-r9_armv4t.ipk.
Running groupadd commands...
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
Installing dbus-1 (1.4.16-r2) to root...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/armv4t/dbus-1_1.4.16-r2_armv4t.ipk.
Installing libexpat1 (2.0.1-r1) to root...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/armv4t/libexpat1_2.0.1-r1_armv4t.ipk.
Running groupadd commands...
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
Running useradd commands...
useradd: group '1000' does not exist
useradd: the GROUP= configuration in /etc/default/useradd will be ignored
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
Installing util-linux-blkid (2.19.1-r12) to root...

And similar sequence is in qemux86-64 (also correct)

============== wrong nokia900:
Installing dbus-1 (1.4.16-r2) to root...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/armv7a-vfp-neon/dbus-1_1.4.16-r2_armv7a-vfp-neon.ipk.
Running groupadd commands...
grep: /OE/shr-core/tmp-eglibc/work/nokia900-oe-linux-gnueabi/shr-image-2.0-r20/rootfs//etc/group: No such file or directory
groupadd: cannot open /etc/group
Running useradd commands...
grep: /OE/shr-core/tmp-eglibc/work/nokia900-oe-linux-gnueabi/shr-image-2.0-r20/rootfs//etc/passwd: No such file or directory
useradd: group '1000' does not exist
useradd: the GROUP= configuration in /etc/default/useradd will be ignored
useradd: cannot open /etc/passwd
...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/armv7a-vfp-neon/connman_0.78-r9_armv7a-vfp-neon.ipk.
Running useradd commands...
useradd: group '1000' does not exist
useradd: the GROUP= configuration in /etc/default/useradd will be ignored
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
Installing iptables (1.4.12.1-r0) to root...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/nokia900/shadow_4.1.4.3-r7_nokia900.ipk.
Running groupadd commands...
grep: /OE/shr-core/tmp-eglibc/work/nokia900-oe-linux-gnueabi/shr-image-2.0-r20/rootfs//etc/group: No such file or directory
groupadd: cannot open /etc/group

and later
Installing base-passwd (3.5.22-r9) to root...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/armv7a-vfp-neon/base-passwd_3.5.22-r9_armv7a-vfp-neon.ipk.

and then groupadd/useradd working better
Installing connman (0.78-r9) to root...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/armv7a-vfp-neon/connman_0.78-r9_armv7a-vfp-neon.ipk.
Running useradd commands...
useradd: group '1000' does not exist
useradd: the GROUP= configuration in /etc/default/useradd will be ignored
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/armv7a-vfp-neon/openssh-sshd_5.9p1-r6_armv7a-vfp-neon.ipk.
Running useradd commands...
useradd: group '1000' does not exist
useradd: the GROUP= configuration in /etc/default/useradd will be ignored
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
...
Installing ppp-dialin (0.1-r8) to root...
Downloading file:/OE/shr-core/tmp-eglibc/deploy/ipk/all/ppp-dialin_0.1-r8_all.ipk.
Running useradd commands...
useradd: group '1000' does not exist
useradd: the GROUP= configuration in /etc/default/useradd will be ignored
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!
/usr/sbin/nscd: Only root is allowed to use this option!

And similar sequence is in spitz (also wrong)

Cheers,
> 
> And working image needs to have not only messagebus as owner but also
> matching GID in 2nd line and last line from packaged /etc/group. With
> latest opkg fixes it seems to work, but only if there is messagebus in
> packaged /etc/group at all, reported here:
> http://lists.linuxtogo.org/pipermail/openembedded-core/2011-December/014619.html
> but probably got lost in other issues with new opkg, like this one
> http://lists.linuxtogo.org/pipermail/openembedded-core/2011-December/014654.html
> (if D is not needed to be set from opkg then why was offlineroot_varname.patch
> added in first place? and I have updated this after
> offlineroot_varname.patch removal and new version is in shr branch)
>  
> > I can send a patch which reenables the postinstall owner ship change if 
> > you like.
> 
> Such patch is already on ML from me, now I'm using .bbappend from my
> layer 
> http://git.shr-project.org/git/?p=meta-smartphone.git;a=commit;h=c08dfd5f5559902f6966648f75d6c6bfd2597a5b
> 
> Cheers,
> -- 
> Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com



-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20111222/b4667dab/attachment-0002.sig>

More information about the Openembedded-core mailing list