[OE-core] bug with dpkg-native and sstate-cache mirrors

Wed Dec 21 03:45:07 UTC 2016

Should I open a bug report for this?
Does this make sense and does it sound like a problem?
Are you interested in a patch or fixes? I see some activity with dpkg,
so I know there's a maintainer out there?

On Fri, Dec 16, 2016 at 11:31 AM, Anders Oleson <anders at openpuma.org> wrote:
> I originally posted this here:
> https://lists.yoctoproject.org/pipermail/yocto/2016-December/033542.html.
> Apologies, I did not know to report OE core issues here.
>
> Also, following Jussi's advice I started reading the submission
> guidelines and I posted the patch to dpkg itself to their list to see
> if it was something that could be upstreamed. Led to a good discussion
> here: https://lists.debian.org/debian-dpkg/2016/12/msg00013.html.
> While this was an expedient way to fix my problem, it probably isn't
> the best way forward as a real change to dpkg. They have offered to
> look at submissions to fix what I think is the true root cause - the
> non-override-able, hard-coded CONFIGDIR.
>
> Problem description:
> 1. user "joe" clones the build repo, ex. poky from Yocto and builds
> everything, ex. core-system-minimal completely clean build from
> scratch. The local.conf is set to use package_deb for our system.
> 2. "joe" is the build master and then publishes the resultant
> "sstate-cache" in a shared directory to be used as a mirror for the
> other users. Makes the sstate-cache-mirror directory read-only, etc.
> 3. "joe" deletes the build directory creates a new one and tests the
> build in a new directory which works fine and runs quickly using the
> sstate-cache-mirror.
> 3. user "bob" clones a similar revision and builds using the
> SSTATE_MIRROR pointing at the mirror.
> 4. During "do_rootfs" dpkg (dpkg-native) fails with the message:
> dpkg: error: error opening configuration directory
> '/home/net/joe/work/sysgen-mrp/build/tmp/sysroots/x86_64-linux/etc/dpkg/dpkg.cfg.d':
> Permission denied
> E: Sub-process dpkg returned an error code (2)
>
> What happened is that in dpkg-native, the CONFIGDIR is compiled in and
> hard-coded to the failing path. dpkg does not currently have a way to
> override this at runtime in the same way as --instdir and --admindir.
> So dpkg is still looking for config files user "joes" directory which
> may:
> - have wrong permissions
> - be missing or parent dirs missing
> - contain malicious garbage because "joe" wants to screw with "bob" :)
> - any/all of the above (we had a combination)
>
> Normally /etc/dpkg/dpkg.d is empty for the native sysroot, so our
> quick fix was to modify dpkg to just ignore ANY error reading that
> directory and pretend it was empty (which for Yocto builds it was
> anyway). This was preferable to removing the whole package from the
> SSTATE_MIRROR to force rebuilds in each work directory. See the patch
> I posted to the Yocto list linked above. Debian dpkg developers don't
> want to remove those checks and that seems advisable.
>
> So that leaves two options that I can see (is there an easier/better fix?):
> - we can carry a patch to dpkg-native similar to what I posted. For
> Yocto/OE it probably is good enough, at least if we limit it to
> dpkg-native
> - add something like a --configdir command line switch to dpkg so that
> we can point it toward the proper sysroot rather than use the compiled
> in default
>
> I'd actually prefer the second option because, for one thing, it would
> eliminate the baked in paths that contain user names, etc. I'd suggest
> that if we pass in --configdir we should configure/compile dpkg-native
> with the default paths pointing to neutral, constant, invalid paths to
> avoid leaking build specific information into sstate and to catch
> errors.
>
> Does this sound like I'm on the right track or like something that
> could be included? I'd like to fix this so that it doesn't sneak up on
> someone else.
>
> I'm willing to take a hack at it and test it in the scenario where
> this bit us. It would involve steps:
> 1. develop a patch to dpkg to add the option
> 2. develop a patch for OE to change the configure for dpkg-native
> 3. a patch for OE to pass --configdir to dpkg in all the right places.
> I could use help to insure I find them all.
>
> Thanks,
>
> Anders
>
> error log below:
> ----------------------
> ERROR: system-image-1.0-r0 do_rootfs: Unable to install packages.
> Command '/home/local/MrProductName/mrp-system/build/tmp/sysroots/x86_64-linux/usr/bin/apt-get
>  install --force-yes --allow-unauthenticated bash run-postinsts
> packagegroup-core-eclipse-debug mrp-ofp dosfstools apt e2fsprogs dpkg
> packagegroup-core-boot' returned 100:
> Reading package lists...
> Building dependency tree...
> The following extra packages will be installed:
>   base-files base-passwd busybox busybox-hwclock busybox-syslog busybox-udhcpc
>   ca-certificates debianutils debianutils-run-parts e2fsprogs-badblocks
>   e2fsprogs-e2fsck e2fsprogs-mke2fs eudev gdbserver init-ifupdown initscripts
>   initscripts-functions kernel-4.4.26-yocto-standard kernel-module-uvesafb
>   libblkid1 libbz2-1 libc6 libc6-thread-db libcom-err2 libcrypto1.0.0 libcurl4
>   libe2p2 libext2fs2 libgcc1 libgmp10 libgnutls30 libidn11 libkmod2 liblzma5
>   libperl5 libss2 libssl1.0.0 libstdc++6 libtinfo5 libuuid1 libz1
>   modutils-initscripts ncurses-terminfo-base netbase nettle
>   openssh-sftp-server openssl-conf perl sysvinit sysvinit-inittab
>   sysvinit-pidof tcf-agent udev-cache update-alternatives-opkg update-rc.d
>   v86d xz
> Suggested packages:
>   ncurses-terminfo
> The following NEW packages will be installed:
>   apt mrp-ofp base-files base-passwd bash busybox busybox-hwclock
>   busybox-syslog busybox-udhcpc ca-certificates debianutils
>   debianutils-run-parts dosfstools dpkg e2fsprogs e2fsprogs-badblocks
>   e2fsprogs-e2fsck e2fsprogs-mke2fs eudev gdbserver init-ifupdown initscripts
>   initscripts-functions kernel-4.4.26-yocto-standard kernel-module-uvesafb
>   libblkid1 libbz2-1 libc6 libc6-thread-db libcom-err2 libcrypto1.0.0 libcurl4
>   libe2p2 libext2fs2 libgcc1 libgmp10 libgnutls30 libidn11 libkmod2 liblzma5
>   libperl5 libss2 libssl1.0.0 libstdc++6 libtinfo5 libuuid1 libz1
>   modutils-initscripts ncurses-terminfo-base netbase nettle
>   openssh-sftp-server openssl-conf packagegroup-core-boot
>   packagegroup-core-eclipse-debug perl run-postinsts sysvinit sysvinit-inittab
>   sysvinit-pidof tcf-agent udev-cache update-alternatives-opkg update-rc.d
>   v86d xz
> 0 upgraded, 66 newly installed, 0 to remove and 0 not upgraded.
> Need to get 0 B/7850 kB of archives.
> After this operation, 0 B of additional disk space will be used.
> WARNING: The following packages cannot be authenticated!
>   libc6 libgcc1 libstdc++6 liblzma5 libz1 libgmp10 nettle libidn11 libgnutls30
>   libcurl4 update-alternatives-opkg libtinfo5 base-files bash run-postinsts
>   libperl5 perl xz libbz2-1 dpkg debianutils-run-parts debianutils apt mrp-ofp
>   base-passwd busybox busybox-hwclock busybox-syslog busybox-udhcpc
>   ca-certificates dosfstools libcom-err2 libss2 libuuid1 libblkid1 libe2p2
>   libext2fs2 e2fsprogs-badblocks e2fsprogs e2fsprogs-e2fsck e2fsprogs-mke2fs
>   libkmod2 eudev gdbserver netbase init-ifupdown initscripts-functions
>   initscripts kernel-4.4.26-yocto-standard kernel-module-uvesafb
>   libc6-thread-db libcrypto1.0.0 libssl1.0.0 modutils-initscripts
>   ncurses-terminfo-base openssh-sftp-server openssl-conf v86d sysvinit-pidof
>   sysvinit-inittab sysvinit packagegroup-core-boot tcf-agent
>   packagegroup-core-eclipse-debug udev-cache update-rc.d
> Authentication warning overridden.
> dpkg: error: error opening configuration directory
> '/home/net/joe/work/sysgen-mrp/build/tmp/sysroots/x86_64-linux/etc/dpkg/dpkg.cfg.d':
> Permission denied
> E: Sub-process dpkg returned an error code (2)
>
> ERROR: system-image-1.0-r0 do_rootfs: Function failed: do_rootfs
> ERROR: Logfile of failure stored in:
> /home/local/MrProductName/mrp-system/build/tmp/work/qemux86-hbdc-linux/system-image/1.0-r0/temp/log.do_rootfs.31848
> ERROR: Task 9 (/home/local/MrProductName/mrp-system/poky/../meta-system/recipes-core/images/system-image.bb,
> do_rootfs) failed with exit code '1'