Bug#977877: console-setup: setupcon --setup-dir ... generates temporary file name inside etc/console-setup directory

To: Philip Hands <phil@hands.com>, 977877@bugs.debian.org
Cc: Adithya.Balakumar@toshiba-tsip.com, anton@lml.bas.bg, dinesh.kumar@toshiba-tsip.com, Shivanand.Kunijadar@toshiba-tsip.com, kazuhiro.hayashi.f74@mail.toshiba, toshiko.yoshida.n88@mail.toshiba
Subject: Bug#977877: console-setup: setupcon --setup-dir ... generates temporary file name inside etc/console-setup directory
From: Chris Hofstaedtler <zeha@debian.org>
Date: Sun, 7 Sep 2025 01:52:42 +0200
Message-id: <[🔎] aLzJSg92Fcu7jeSd@per.namespace.at>
Reply-to: Chris Hofstaedtler <zeha@debian.org>, 977877@bugs.debian.org
In-reply-to: <[🔎] 87h5xfmdf5.fsf@nimble.hk.hands.com>
References: <20201222100419.12336.56331.reportbug@odysseus.grml.info> <TYCPR01MB9669A591875E6BA4FE7353ADC465A@TYCPR01MB9669.jpnprd01.prod.outlook.com> <8734crpfby.fsf@hands.com> <TYCPR01MB9669A90C8D3404406FEE49D0C454A@TYCPR01MB9669.jpnprd01.prod.outlook.com> <TYCPR01MB9669B732DBF3BAA4C6244ADBC45CA@TYCPR01MB9669.jpnprd01.prod.outlook.com> <87qzwsrklq.fsf@nimble.hk.hands.com> <20201222100419.12336.56331.reportbug@odysseus.grml.info> <[🔎] TYCPR01MB9669D3122F9FB4B2E1525961C400A@TYCPR01MB9669.jpnprd01.prod.outlook.com> <20201222100419.12336.56331.reportbug@odysseus.grml.info> <[🔎] 87h5xfmdf5.fsf@nimble.hk.hands.com> <20201222100419.12336.56331.reportbug@odysseus.grml.info>

Hi,

On Sun, Sep 07, 2025 at 12:19:58AM +0200, Philip Hands wrote:
> <Adithya.Balakumar@toshiba-tsip.com> writes:
> AFAICS $TMPFILE (configured to be tmpkbd.*) is being used in the (outer)
> setupcon script in order to record the commands used in the (initrd)
> setupcon that is being written to "$setupdir"/bin/setupcon

Yes.

> $TMPFILE is then used to store a list of things that will need to be
> copied to the initrd, and that list is then used to create
> "$setupdir"/morefiles, but $TMPFILE looks like it ought to be in either
> /run or /tmp, and those should be removed by the trap, so if it's ending
> up under $setupdir, what is copying it there?

>From my analysis, setupcon has a code path, which:

- only runs if no /etc/console-setup/cached* exist
- and KMAP is not set in config

Then it proceeds to use a tempfile (created in /tmp) and call 
loadkeys with this.
Example commands it wants to use for me:
   kbd_mode -a
   loadkeys /tmp/tmpkbd.KLgbbu > /dev/null

setupcon with --setup-dir at the very end then analyzed all commands 
it wants to use, and tries to *copy* all mentioned filenames into 
the initramfs.
This happens around line 1371-1376 and in the fileargs function.

> Your patch seems to assume that it is being copied in fileargs(), which
> seems to imply that the tmpkbd.* filename is being passed as an argument
> to one of the run() calls (if I'm reading the script correctly), but I
> don't see where that's happening, and I don't yet understand why it's
> happening.

Indeed this is what happens. I think it only happens as I described 
above. It's this if-branch:
https://salsa.debian.org/installer-team/console-setup/-/blob/a7bea22f15d7927921beef4858e95b4f7f885307/setupcon#L1261

> If that _is_ what's happening, and if there's a good reason for it, then
> I would think that the right place to fix the nondeterminism would be in
> the run() call that's causing the copy to be made, rather than by
> modifying the filename in fileargs(), [..]

Agreed.

> > Now, this script ('/bin/setupcon') is used in the initrd by the 'keymap' initrd script [2].
> > In fact the 'keymap' hook script [3] is what is calling the setupcon script with the --setup-dir option.
> >
> > In my use case, this issue surfaced due to the use of the cryptsetup-initramfs package which triggers the run of the 'keymap' hook script by setting 'KEYMAP=y' here[4].
> >
> > There *maybe*(speculating, not sure) more packages which triggers this 'keymap' hook script.
> >
> > Apologies for this long answer. I hope this gives some context.
> 
> No, that's great, thanks -- anyway, my reply is longer :-/
> 
> The question that's still bothering me is:
> 
>   Does anything within the resulting initrd actually make use of the
>   'keymap.*' file, and if so, where?

I'm not sure which file you mean now with 'keymap.*'. But all 
commands that setupcon would run are also copied into the 
built-setupcon (including some patching of referenced filenames).

Chris

Reply to:

Follow-Ups:
- Bug#977877: console-setup: setupcon --setup-dir ... generates temporary file name inside etc/console-setup directory
  - From: Philip Hands <phil@hands.com>

References:
- Bug#977877: console-setup: setupcon --setup-dir ... generates temporary file name inside etc/console-setup directory
  - From: <Adithya.Balakumar@toshiba-tsip.com>
- Bug#977877: console-setup: setupcon --setup-dir ... generates temporary file name inside etc/console-setup directory
  - From: Philip Hands <phil@hands.com>

Prev by Date: Bug#977877: console-setup: setupcon --setup-dir ... generates temporary file name inside etc/console-setup directory
Next by Date: Multiarch in testing?
Previous by thread: Bug#977877: console-setup: setupcon --setup-dir ... generates temporary file name inside etc/console-setup directory
Next by thread: Bug#977877: console-setup: setupcon --setup-dir ... generates temporary file name inside etc/console-setup directory
Index(es):
- Date
- Thread