[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#897170: marked as done (autopkgtest: qemu, lxc, lxd: suggests wrong normal user account if systemd-sysusers is active)



Your message dated Mon, 02 Jul 2018 11:19:01 +0000
with message-id <E1fZwrF-0007gU-8z@fasolo.debian.org>
and subject line Bug#897170: fixed in autopkgtest 5.4
has caused the Debian Bug report #897170,
regarding autopkgtest: qemu, lxc, lxd: suggests wrong normal user account if systemd-sysusers is active
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
897170: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897170
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: autopkgtest
Version: 5.3.1
Severity: normal
Tags: patch

Some autopkgtests, such as the ones for dbus, require an ordinary user
account with a non-trivial home directory. Debian Policy says we are
most likely to find such accounts in the 1000-59999 range, and the
vmdebootstrap invocation suggested in autopkgtest-virt-qemu(1)
creates one.

However, the qemu, lxc and lxd virt providers actually
look for uids >= 500, which seems to have started in commit
b10700511e45355461699d013a7572f62b95dcf2 "adt-virt-lxc: Dynamically
detect suggested normal user". Martin, can you remember why you chose 500+
instead of 1000+? Did Ubuntu Touch use uid 500 or something?

This is normally OK anyway, because adduser --system creates system
users in the range 100-999, starting from the bottom and working
upwards. However, some system users for systemd daemons are now allocated
dynamically by systemd-sysusers, which allocates uids in the system
range 100-999 from the top down: on my test VM, the offending user
account was systemd-coredump, uid 998, which is used by systemd-coredump
but currently created by /usr/lib/sysusers.d/systemd.conf in systemd.
This is not a suitable account for automated testing, because it cannot
write to its home directory '/' and has the nologin shell.

I think all these backends should prefer to use uids in the 1000-59999
range specified by Policy, as in the attached patch. I'll send a pull
request on salsa.d.o shortly.

    smcv

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages autopkgtest depends on:
ii  apt-utils       1.6.1
ii  libdpkg-perl    1.19.0.5
ii  procps          2:3.3.14-1
ii  python3         3.6.5-3
ii  python3-debian  0.1.32

Versions of packages autopkgtest recommends:
ii  autodep8  0.12

Versions of packages autopkgtest suggests:
pn  lxc          <none>
pn  lxd-client   <none>
ii  qemu-system  1:2.12+dfsg-1
ii  qemu-utils   1:2.12+dfsg-1
ii  schroot      1.6.10-4

-- no debconf information
>From 1e1464f0287c23cdc431906fe6badefce1fe007f Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Sun, 29 Apr 2018 11:47:47 +0100
Subject: [PATCH] qemu, lxc, lxd: Try to use a user account in the 1000-59999
 range

Some autopkgtests, such as the ones for dbus, require an ordinary user
account with a non-trivial home directory. Debian Policy says we are
most likely to find such accounts in the 1000-59999 range, and the
vmdebootstrap invocation suggested in autopkgtest-virt-qemu(1)
creates one.

These virt providers look for uids >= 500, which is usually OK,
because adduser --system creates system users in the range 100-999,
starting from the bottom and working upwards.

However, some system users for systemd daemons are now allocated
dynamically by systemd-sysusers, which allocates uids in the system
range 100-999 from the top down: on my test VM, the offending user
account was systemd-coredump, which is used by systemd-coredump but
currently created by /usr/lib/sysusers.d/systemd.conf in systemd.
This is not a suitable account for automated testing, because it
cannot write to its home directory '/' and has the nologin shell.

Signed-off-by: Simon McVittie <smcv@debian.org>
---
 virt/autopkgtest-virt-lxc  | 17 ++++++++++++++++-
 virt/autopkgtest-virt-lxd  | 15 +++++++++++++++
 virt/autopkgtest-virt-qemu | 21 ++++++++++++++++++++-
 3 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/virt/autopkgtest-virt-lxc b/virt/autopkgtest-virt-lxc
index 2dceb72..021e39d 100755
--- a/virt/autopkgtest-virt-lxc
+++ b/virt/autopkgtest-virt-lxc
@@ -139,7 +139,22 @@ def determine_normal_user(lxc_name):
 
     global capabilities, normal_user
 
-    # get the first UID >= 500
+    # get the first UID in the Debian Policy §9.2.2 "dynamically allocated
+    # user account" range
+    cmd = ['lxc-attach', '--name', lxc_name, '--', 'sh', '-c',
+           'getent passwd | sort -t: -nk3 | '
+           "awk -F: '{if ($3 >= 100 && $3 <= 59999) { print $1; exit } }'"]
+    out = VirtSubproc.execute_timeout(None, 10, sudoify(cmd),
+                                      stdout=subprocess.PIPE)[1].strip()
+    if out:
+        normal_user = out
+        capabilities.append('suggested-normal-user=' + normal_user)
+        adtlog.debug('determine_normal_user: got user "%s"' % normal_user)
+        return
+    else:
+        adtlog.debug('determine_normal_user: no uid in [1000,59999] available')
+
+    # failing that, get the first UID >= 500
     cmd = ['lxc-attach', '--name', lxc_name, '--', 'sh', '-c',
            'getent passwd | sort -t: -nk3 | '
            "awk -F: '{if ($3 >= 500) { print $1; exit } }'"]
diff --git a/virt/autopkgtest-virt-lxd b/virt/autopkgtest-virt-lxd
index a79316f..30e6666 100755
--- a/virt/autopkgtest-virt-lxd
+++ b/virt/autopkgtest-virt-lxd
@@ -115,6 +115,21 @@ def determine_normal_user():
 
     global capabilities, normal_user
 
+    # get the first UID in the Debian Policy §9.2.2 "dynamically allocated
+    # user account" range
+    cmd = ['lxc', 'exec', container_name, '--', 'sh', '-c',
+           'getent passwd | sort -t: -nk3 | '
+           "awk -F: '{if ($3 >= 1000 && $3 <= 59999) { print $1; exit } }'"]
+    out = VirtSubproc.execute_timeout(None, 10, cmd,
+                                      stdout=subprocess.PIPE)[1].strip()
+    if out:
+        normal_user = out
+        capabilities.append('suggested-normal-user=' + normal_user)
+        adtlog.debug('determine_normal_user: got user "%s"' % normal_user)
+        return
+    else:
+        adtlog.debug('determine_normal_user: no uid in [1000,59999] available')
+
     # get the first UID >= 500
     cmd = ['lxc', 'exec', container_name, '--', 'sh', '-c',
            'getent passwd | sort -t: -nk3 | '
diff --git a/virt/autopkgtest-virt-qemu b/virt/autopkgtest-virt-qemu
index afb82e7..37b5db5 100755
--- a/virt/autopkgtest-virt-qemu
+++ b/virt/autopkgtest-virt-qemu
@@ -494,7 +494,26 @@ def determine_normal_user(shared_dir):
         normal_user = args.user
         return
 
-    # get the first UID >= 500
+    # get the first UID in the Debian Policy §9.2.2 "dynamically allocated
+    # user account" range
+    term = VirtSubproc.get_unix_socket(os.path.join(workdir, 'ttyS1'))
+    term.send(b"getent passwd | sort -t: -nk3 | "
+              b"awk -F: '{if ($3 >= 1000 && $3 <= 59999) { print $1; exit } }'"
+              b"> /run/autopkgtest/shared/normal_user\n")
+    with VirtSubproc.timeout(5, 'timed out on determining normal user'):
+        outfile = os.path.join(shared_dir, 'normal_user')
+        while not os.path.exists(outfile):
+            time.sleep(0.2)
+    with open(outfile) as f:
+        out = f.read()
+        if out:
+            normal_user = out.strip()
+            adtlog.debug('determine_normal_user: got user "%s"' % normal_user)
+            return
+        else:
+            adtlog.debug('determine_normal_user: no uid in [1000,59999] available')
+
+    # failing that, get the first UID >= 500
     term = VirtSubproc.get_unix_socket(os.path.join(workdir, 'ttyS1'))
     term.send(b"getent passwd | sort -t: -nk3 | "
               b"awk -F: '{if ($3 >= 500) { print $1; exit } }'"
-- 
2.17.0


--- End Message ---
--- Begin Message ---
Source: autopkgtest
Source-Version: 5.4

We believe that the bug you reported is fixed in the latest version of
autopkgtest, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 897170@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Gevers <elbrus@debian.org> (supplier of updated autopkgtest package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 02 Jul 2018 11:50:21 +0200
Source: autopkgtest
Binary: autopkgtest
Architecture: source
Version: 5.4
Distribution: unstable
Urgency: medium
Maintainer: Debian CI team <team+ci@tracker.debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Description:
 autopkgtest - automatic as-installed testing for Debian packages
Closes: 832751 851558 867081 897170 901643
Changes:
 autopkgtest (5.4) unstable; urgency=medium
 .
   [ Simon McVittie ]
   * README.package-tests.rst: Document AUTOPKGTEST_NORMAL_USER
   * d/tests/lxd: Don't assume all test-runners set AUTOPKGTEST_NORMAL_USER
   * qemu: Only set up base image device if requested
   * qemu: Document --baseimage
   * qemu: Update test for --baseimage no longer being the default
   * qemu, lxc, lxd: Look for a user account in the 1000-59999 range
     (Closes: #897170)
   * qemu: Add a shortcut for running tests on an EFI-booted image
   * doc: Describe how to parse Features, Restrictions, Classes
   * Add support for flaky tests (Closes: #851558)
   * Add support for tests declaring themselves to have been skipped
   * autopkgtest(1): Document FLAKY as a possible summary status
 .
   [ Balint Reczey ]
   * Fix bashism in retrying apt update
 .
   [ Paul Gevers ]
   * Enable testing to continue after badpkg (Closes: #832751)
   * adt_testbed.py fix missed piece of regular expression in commit a7e1dad
   * d/tests/autopkgtest Update SchrootRunner
   * runner/autopkgtest: Drop Ubuntu 12.04 fallback
   * manpage: make ordering consistent with --help (Closes: #901643)
 .
   [ Julian Andres Klode ]
   * ssh-setup/nova: Add support for keystone v3 auth (LP: #1767433)
 .
   [ Rafael Laboissiere ]
   * Set Maintainer email address to team+ci@tracker.debian.org
 .
   [ Niko Tyni ]
   * Add a couple of testcases for versioned provides support
   * Ensure synthesized test dependencies are not satisfied by versioned Provides
     (Closes: #867081)
   * Remove the old '(>= 0)' hack for ensuring '@' pulls in real packages
Checksums-Sha1:
 1720155af7c18ae32212b2e6a0bde1a73b79e98b 1582 autopkgtest_5.4.dsc
 f9b0c5ab38b22484d0176eec1f115bb0b369116b 173636 autopkgtest_5.4.tar.xz
Checksums-Sha256:
 5ccc59ec2985b5557763764309867a6068f7139de3e9d06f1e43e240894b4aa4 1582 autopkgtest_5.4.dsc
 c8c5c14298105d1798ce9a20a4f7d2b837279939a94da5fdc761111517575030 173636 autopkgtest_5.4.tar.xz
Files:
 b12bae17fc3461b1d46d93bf4863c768 1582 devel optional autopkgtest_5.4.dsc
 7abe82af7806ef1c477f0fb1be65b7c7 173636 devel optional autopkgtest_5.4.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAls59cMACgkQnFyZ6wW9
dQo6kQf/XkKDoSKtvBNmtwkmV62jefiKqvdZlJVVxCyfnrQ5V/3ObsZAkKNCIL8e
MIlVOXrbGWSFj4qsnVH1l6+1pZkKjYboL+65xqazt2K8bWwTe1zi6/TDFnU/dcg5
HXS6s0/5U2eO5UvrDObxaKZFwvbex/DrMzTGR3xluvsYheVIA89+qD5MfJ/rUSP8
fMBb8GcbGN2hTIB1PufXhg0wnj99j3tE30Ziycpe87+14Ol9aTpu8b+p3+XU1Uwa
LJ4F0+iDnfkG0433GXEGVV4dhq0IpaQySp77DPRC9GQ/OeXod406mU/CtUZkQxnK
ZhMfnGZ81Ez8qmrpFDEJoLzTn+pWUw==
=joYo
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: