Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libpam-tmpdir breaks grml-debootstrap #232

Open
adrelanos opened this issue Nov 8, 2023 · 7 comments · May be fixed by #267 or #280
Open

libpam-tmpdir breaks grml-debootstrap #232

adrelanos opened this issue Nov 8, 2023 · 7 comments · May be fixed by #267 or #280

Comments

@adrelanos
Copy link
Contributor

adrelanos commented Nov 8, 2023
edited
Loading

https://packages.debian.org/bookworm/libpam-tmpdir installed on the host operating system breaks grml-debootstrap.

+ chroot /mnt/derivative-maker-grml-debootstrap.10940 dpkg --list grub-pc
+ echo 'Notice: grub-pc package not present yet, installing it therefore.'
Notice: grub-pc package not present yet, installing it therefore.
+ DEBIAN_FRONTEND=noninteractive
+ chroot /mnt/derivative-maker-grml-debootstrap.10940 apt-get -y --no-install-recommends install -o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o APT::Update::Error-Mode=any -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Apt::Install-Recommends=false -o Acquire::Retries=5 -o Dpkg::Options::=--force-confnew grub-pc
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  dmsetup gettext-base grub-common grub-pc-bin grub2-common libbrotli1 libdevmapper1.02.1 libefiboot1 libefivar1 libfreetype6 libfuse2 libpng16-16 sensible-utils ucf
Suggested packages:
  multiboot-doc grub-emu mtools xorriso desktop-base console-setup fuse
Recommended packages:
  os-prober
The following NEW packages will be installed:
  dmsetup gettext-base grub-common grub-pc grub-pc-bin grub2-common libbrotli1 libdevmapper1.02.1 libefiboot1 libefivar1 libfreetype6 libfuse2 libpng16-16 sensible-utils
  ucf
0 upgraded, 15 newly installed, 0 to remove and 0 not upgraded.
Need to get 6068 kB of archives.
After this operation, 27.8 MB of additional disk space will be used.
...
Setting up grub-pc (2.06-13+deb12u1) ...
mktemp: failed to create file via template '/tmp/user/0/grub.XXXXXXXXXX': No such file or directory
dpkg: error processing package grub-pc (--configure):
 installed grub-pc package post-installation script subprocess returned error exit status 1
Processing triggers for libc-bin (2.36-9+deb12u3) ...
Errors were encountered while processing:
 grub-pc
E: Sub-process /usr/bin/dpkg returned an error code (1)

Running:

    chroot "${MNTPOINT}" mkdir --parents /tmp/user/0/

before:

    if ! chroot "${MNTPOINT}" dpkg --list grub-pc 2>/dev/null | grep -q '^ii' ; then
      echo "Notice: grub-pc package not present yet, installing it therefore."
      # shellcheck disable=SC2086
      DEBIAN_FRONTEND=$DEBIAN_FRONTEND chroot "$MNTPOINT" apt-get -y --no-install-recommends install $DPKG_OPTIONS grub-pc
    fi

Fixes this.

For the purpose of a PR to fix this:
Can I add this mkdir unconditionally or should this only be done conditionally if using libpam-tmpdir (in that case environment variables TMP, TEMP and TMPDIR will be set accordingly already).

I will also investigate alternative solutions. 1 comes to mind. Maybe installing libpam-tmpdir inside the chroot would prevent this too. Will test.
@adrelanos adrelanos mentioned this issue Nov 8, 2023
Merged
@adrelanos
Copy link
Contributor Author

Maybe installing libpam-tmpdir inside the chroot would prevent this too. Will test.

Yes. Using grml-debootstrap with --include=...,libpam-tmpdir also fixed the issue for me.

Good enough for me but maybe you also want a general bugfix for everyone.

adrelanos added a commit to derivative-maker/derivative-maker that referenced this issue Nov 8, 2023
@adrelanos
fix build by installing libpam-tmpdir inside chroot
7f8acfa 
grml/grml-debootstrap#232
@adrelanos
Copy link
Contributor Author

Yes. Using grml-debootstrap with --include=...,libpam-tmpdir also fixed the issue for me.

Unfortunately, this is insufficient. Later on, dracut installation is failing.

+ echo 'Generating initrd.'
Generating initrd.
+ '[' dracut = dracut ']'
+ DEBIAN_FRONTEND=noninteractive
+ apt-get -y --no-install-recommends install -o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o APT::Update::Error-Mode=any -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Apt::Install-Recommends=false -o Acquire::Retries=5 -o Dpkg::Options::=--force-confnew dracut
Reading package lists... Done
...
Processing triggers for dracut (059-4) ...
dracut: Generating /boot/initrd.img-6.1.0-13-amd64
realpath: /tmp/user/0: No such file or directory
dracut: Invalid tmpdir '/tmp/user/0'.
dpkg: error processing package dracut (--configure):
 installed dracut package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 dracut
E: Sub-process /usr/bin/dpkg returned an error code (1)
++ error_handler

@adrelanos
Copy link
Contributor Author

Added to function preparechroot:

mkdir --parents "${MNTPOINT}/${TMPDIR}"

That helped a bit but still having dracut issues.

dracut-install: ERROR: installing 'poweroff'
dracut-install: ERROR: installing 'reboot'
dracut-install: ERROR: installing 'halt'
dracut: FAILED: /usr/lib/dracut/dracut-install -D /tmp/user/0/dracut.Yir3ea/initramfs -a umount poweroff reboot halt losetup stat sleep timeout
+ dracut --no-hostonly --kver 6.1.0-13-amd64 --fstab --add-fstab /etc/fstab --force --reproducible

@adrelanos
Copy link
Contributor Author

Even a workaround prepending:

     sudo env --unset TMPDIR --unset TMP --unset TEMPDIR  --unset TEMP grml-debootstrap ...

does not help.

@adrelanos
Copy link
Contributor Author

Added to function preparechroot:

mkdir --parents "${MNTPOINT}/${TMPDIR}"

That helped a bit but still having dracut issues.

dracut-install: ERROR: installing 'poweroff'
dracut-install: ERROR: installing 'reboot'
dracut-install: ERROR: installing 'halt'
dracut: FAILED: /usr/lib/dracut/dracut-install -D /tmp/user/0/dracut.Yir3ea/initramfs -a umount poweroff reboot halt losetup stat sleep timeout
+ dracut --no-hostonly --kver 6.1.0-13-amd64 --fstab --add-fstab /etc/fstab --force --reproducible

That is actually a different issue:

@adrelanos
Copy link
Contributor Author

I managed to fix grml-debootstrap comparability with libpam-tmpdir. 3 changes were required.

Now works for me. Image is bootable.

@adrelanos adrelanos mentioned this issue Nov 8, 2023
Closed
@adrelanos
Copy link
Contributor Author

TODO, in short: implement clean_chroot() { env -i chroot "$@" }

as previously discussed in #234

@zeha

Instead of $chroot, we could have sth like clean_chroot() { env -i chroot "$@" } (?)

@adrelanos

Since @mika liked the post, seems to agree with it (and I personally don't need the environment variable), I am happy to and will attempt to implement this at a later time when other PR is ready and merged to avoid merge conflicts.

adrelanos added a commit to adrelanos/grml-debootstrap that referenced this issue Dec 23, 2023
@adrelanos
implement clean_chroot,
975f14b 
avoid host environment variables such as TMP to leak into the chroot

fixes grml#232
adrelanos added a commit to adrelanos/grml-debootstrap that referenced this issue Dec 23, 2023
@adrelanos
implement clean_chroot,
221a31b 
avoid host environment variables such as TMP to leak into the chroot

fixes grml#232
@adrelanos adrelanos linked a pull request Dec 23, 2023 that will close this issue
Open
mika pushed a commit that referenced this issue Aug 14, 2024
@adrelanos @mika
Implement clean_chroot to avoid host env variables like TMP to leak i…
07a5fe6 
…nto the chroot

Some implementation notes:

If we use `env -i`, then we can no longer export shell functions.
So export -f "error_handler" had to be removed.

`PATH` needs to be set, otherwise `clean_chroot "$MNTPOINT" grub-install`
would fail, because grub-install is in /usr/sbin/grub-install in the
chroot.

http_proxy has to be passed otherwise apt-cacher-ng would be broken by
this commit.  While at it, I completed it and added https_proxy, and
ALL_PROXY there too for completeness sake.

Which environment variables are passed into the chroot is currently
hardcoded.

FTR, I was also wondering if it was better to use a similar mechanism to
the one you're using for CHROOT_VARIABLES, but that would not work
because only the chroot-script reads those. But we're not only using
that but also other calls from grml-debootstrap to chroot (now
clean_chroot), so the environment variables need to be set at the
grml-debootstrap level.

Closes: #232
@mika mika linked a pull request Aug 14, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@adrelanos