Bug#1024091: marked as done (systemd-nspawn creates /nonexistent)

Fri, 22 Dec 2023 13:09:15 -0800 

Your message dated Fri, 22 Dec 2023 21:04:34 +0000
with message-id <[email protected]>
and subject line Bug#1024091: fixed in debspawn 0.6.3-1
has caused the Debian Bug report #1024091,
regarding systemd-nspawn creates /nonexistent
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1024091: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024091
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: debspawn
Version: 0.6.0-1.1
Severity: normal

Hi,

invoking debspawn build unstable foo.dsc runs the build after the
/nonexistent directory has been created. I was able to pin that down to
the call to execute_sdnspawn. It might well be possible that this is a
bug in systemd-nspawn or systemd-run, but probably someone with more
intimate knowledge of systemd-nspawn (you, the maintainer *grins*) has
an easier job to debug this further.

The builder user is created with /nonexistent as the home directory, and
somewhere between the call to dsrun build-prepare and dsrun build-run
one of the calls to systemd-nspawn -u builder creates the home directory
of the user.

This is bad because this disables the security effect of having an
account's home directory point to a nonexistent directory, and also
because adduser's autopkgtests fail in such an environment since
adduser's autopkgtests test whether the special-case of /nonexistent
(which adduser takes care to never create) is handled correctly.

I have changed the call to adduser in dsrun and the setting of
os.environ['HOME'] to /home/builder and was able to successfully run
adduser's autopkgtest after doing a build --interactive. To make the
changes effective, re-creation of the container is necessary (the
account is only created once during container creation).

It would be nice if the underlying bug in systemd could be fixed,
declaring /nonexisting an exception, never creating it, or at least if
the builder account in debspawn could be created with a different home
directory to mitigate the painful results of systemd creating the
directory.

Greetings
Marc



-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.0.7-zgsrv20080 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages debspawn depends on:
ii  debootstrap        1.0.128+nmu2
ii  python3            3.10.6-1
ii  python3-tomlkit    0.11.6-1
ii  systemd-container  252-3
ii  zstd               1.5.2+dfsg-1

Versions of packages debspawn recommends:
ii  build-essential  12.9
ii  devscripts       2.22.2

Versions of packages debspawn suggests:
ii  sudo  1.9.11p3-2

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/lib/python3/dist-packages/debspawn/dsrun (from 
debspawn package)
debsums: changed file /usr/lib/python3/dist-packages/debspawn/osbase.py (from 
debspawn package)

--- End Message ---
--- Begin Message --- 
Source: debspawn
Source-Version: 0.6.3-1
Done: Matthias Klumpp <[email protected]>

We believe that the bug you reported is fixed in the latest version of
debspawn, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klumpp <[email protected]> (supplier of updated debspawn package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Dec 2023 21:08:22 +0100
Source: debspawn
Architecture: source
Version: 0.6.3-1
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klumpp <[email protected]>
Changed-By: Matthias Klumpp <[email protected]>
Closes: 991244 1024091 1055065
Changes:
 debspawn (0.6.3-1) unstable; urgency=medium
 .
   * New upstream version: 0.6.3
     - Adds workaround for systemd-nspawn creating $HOME
       for build user (Closes: #1024091)
     - Adds useradd to all images explicitly for now (Closes: #1055065)
     - Fixes support for package injection (Closes: #991244)
Checksums-Sha1:
 53020936fb1f85c866c55d162c600262a3da40d3 2082 debspawn_0.6.3-1.dsc
 e701563650ad665e0c0f71b586ea7cd924be6a91 64493 debspawn_0.6.3.orig.tar.gz
 53cea0dcc462677cc193543b67aa767d30a68558 5944 debspawn_0.6.3-1.debian.tar.xz
 f98b20aeaa1263f6853e5da06ac6008933b7d7f8 8154 debspawn_0.6.3-1_source.buildinfo
Checksums-Sha256:
 ca708715eb46492971638035c41f7c5f12878aad250b5aa66615f282e1dcd857 2082 
debspawn_0.6.3-1.dsc
 30bd1b094ab71730d2c9e8f0991958e19a65b55b86c834fffafba158339df57f 64493 
debspawn_0.6.3.orig.tar.gz
 bd4ecce22cfd803b3b3a19db222b56fab12ccde197bb5ef061554c8566d04ff9 5944 
debspawn_0.6.3-1.debian.tar.xz
 f0f057d062614ec8caa6b88635fe66308b086a1edc28fbce48c7ebed79dc3a6e 8154 
debspawn_0.6.3-1_source.buildinfo
Files:
 19f995bf59e70fdfbd26a94a683c84b7 2082 utils optional debspawn_0.6.3-1.dsc
 ea3849b4ae182289d696c570fbdc82e2 64493 utils optional 
debspawn_0.6.3.orig.tar.gz
 685431dc9c03a8dea34e25f5484e9ded 5944 utils optional 
debspawn_0.6.3-1.debian.tar.xz
 4755e2fe758b76396bf1ea7f18af93e7 8154 utils optional 
debspawn_0.6.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEE0zo/DKFrCsxRpgc4SUyKX79N7OsFAmWF8nQPHG1ha0BkZWJp
YW4ub3JnAAoJEElMil+/Tezry9MQAIIJYHcN4cQTi/LoaHBojet0X7NiyVDadyqd
2q3p9JaI+vtLfIs2qPPJKfBwSqxkZMwiKI/pPPGiLJxaHUfgOWzgHyMuHxEJTDQW
Bed7Tjhrc5pp8HsAaMizLgg2iY4ll7DyhXWvgbbiqwPWZY0Q4ndoK1Nd0+WVFlmT
tNPRlBlEIYX8BAeOt7n2EYrBahVZv/95cc8PSa+TMrIrlQZ+xfj6U3Ag7OH2DV1A
IkwNXXJMEt3oSejXS7cVF4PzVyBEFROui+3h/dT6fz/L1/su+tg9TiMHKO2fD7IB
g+l8Y0dIrvAn9EIHcHEmfVog/EiPjz2iAXJA0OloxM4/Ba636hWfbXqudKtVhokH
PZGBlPlttiBdaXki5NGcdfGkyDoZ6OupMM8dtatYtRBivoXxBWuY9Ir7jcdc1FAh
y/px+t5nGznwHLUNOoykj4cLnWkIHzgaeLuf9WA8kctF+fgp4ZInZcpWC64gXO2u
GCszj7vfmJvJO5Cyc4T1zQjLtI4F0Z6zdDY046NtzIPUrvWzhqPBjGGYELt2JKtn
cCMWQ1eqgVjzdEiHwpSoBrsOY7B7rMg+3OMm1/pxmXzZJu4LK0AV76AkgMVC/8Ww
MPq8ZI5iTxNfoBd/JAG3B2mG/A8JN3EOrB74FQ6yzGAIZQL1ajFPPv/VfTyKROmR
ZnZSHjcT
=hjs6
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to