Your message dated Wed, 1 Jun 2011 17:05:02 +0200
with message-id <[email protected]>
and subject line Re: initramfs-tools: Having "/lib64" in /etc/ld.so.conf
results in unusable initrd image
has caused the Debian Bug report #543815,
regarding initramfs-tools: Having "/lib64" in /etc/ld.so.conf results in
unusable initrd image
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
543815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543815
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: initramfs-tools
Version: 0.85i
Severity: critical
Justification: breaks the whole system
--------------
Summary:
This problem is in essence (AFAICT) the same as #337176, #420754
I think the solution is to fix the hook-functions to not just
catch a few well known optimized locations, but to also dereference
library paths to absolute locations? (or create the initrd with
symlinks for found lib directories back to /lib)
(sorry, i don't have enough time to really dig into this, myself)
--------------
If /etc/ld.so.conf contains /lib64, update-initramfs will create a
filesystem containing /lib64/libcrypt.so.1, but /bin/sh is looking only
for /lib/libcrypto.so.1 yielding:
--------------------------
/bin/sh: error while loading shared libraryes: libcrypt.so.1: cannot
open shared object file: No such file or directory
Kernel panic - not syncing: Attempted to kill init!
--------------------------
So /lib64 is default symlink to /lib (on running system):
+ stat -c %N /lib64
`/lib64' -> `/lib'
+ grep lib64 /etc/ld.so.conf
/lib64
Note: you could argue this is a "mistake", but the end result is that
kernel security updates render the system unbootable. As far as the
running system is concerned, since /lib64 is a symlink to /lib, it
operates the same. Theoretically, though someone COULD make /lib64
a real directory and have a custom libcrypt.so.1 there and i suspect
that update-initramfs would still break.
+ ldconfig -p
+ grep libcrypt.so
libcrypt.so.1 (libc6,x86-64, OS ABI: Linux 2.6.0) =>
/lib64/libcrypt.so.1
libcrypt.so.1 (libc6, OS ABI: Linux 2.6.0) => /lib32/libcrypt.so.1
libcrypt.so (libc6,x86-64, OS ABI: Linux 2.6.0) => /usr/lib/libcrypt.so
note that /lib64 is where libcrypt.so is found in this configuration.
If i remove /lib64 from /etc/ld.so.conf and 'ldconfig', we get instead:
+ ldconfig -p
+ grep libcrypt.so
libcrypt.so.1 (libc6,x86-64, OS ABI: Linux 2.6.0) => /lib/libcrypt.so.1
libcrypt.so.1 (libc6, OS ABI: Linux 2.6.0) => /lib32/libcrypt.so.1
libcrypt.so (libc6,x86-64, OS ABI: Linux 2.6.0) => /usr/lib/libcrypt.so
(where it's now found in /lib)
+ gunzip -c /boot/initrd.img-2.6.18-6-amd64.bak
+ cpio -tiv
+ grep crypt
28172 blocks
-rw-r--r-- 1 root root 22656 Jan 4 2009 lib64/libcrypt.so.1
Note: i'm using the .bak since we fixed the system previously by
removing /lib64 from /etc/ld.so.conf and i've only put it back
in here for the bugreport (so /boot/initrd.img-2.6.18-6-amd64
is fixed as seen here:.
+ gunzip -c /boot/initrd.img-2.6.18-6-amd64
+ cpio -tiv
+ grep crypt
28172 blocks
-rw-r--r-- 1 root root 22656 Jan 4 2009 lib/libcrypt.so.1
thanks,
--stephen
-- Package-specific info:
-- /proc/cmdline
root=/dev/sda1 ro vga=771
-- /proc/filesystems
cramfs
ext3
-- lsmod
Module Size Used by
nfsd 256200 17
exportfs 10368 1 nfsd
ipt_MASQUERADE 8320 1
iptable_nat 12292 1
ip_nat 24492 2 ipt_MASQUERADE,iptable_nat
ip_conntrack 63140 3 ipt_MASQUERADE,iptable_nat,ip_nat
nfnetlink 11976 2 ip_nat,ip_conntrack
ip_tables 25576 1 iptable_nat
x_tables 22024 3 ipt_MASQUERADE,iptable_nat,ip_tables
ppdev 14088 0
parport_pc 41640 0
lp 17736 0
parport 44684 3 ppdev,parport_pc,lp
nfs 236216 1
lockd 67600 3 nfsd,nfs
nfs_acl 8320 2 nfsd,nfs
sunrpc 166984 13 nfsd,nfs,lockd,nfs_acl
autofs4 27912 1
ipv6 286048 38
dm_snapshot 20664 0
dm_mirror 25216 0
dm_mod 62800 2 dm_snapshot,dm_mirror
serio_raw 12036 0
psmouse 44432 0
pcspkr 7808 0
shpchp 42156 0
pci_hotplug 20872 1 shpchp
evdev 15360 2
tsdev 13056 0
joydev 15360 0
ext3 138512 7
jbd 65392 1 ext3
mbcache 14216 1 ext3
sd_mod 25856 9
ide_cd 45088 1
cdrom 40488 1 ide_cd
usbhid 45088 0
piix 15492 0 [permanent]
mptsas 31120 8
mptscsih 29184 1 mptsas
generic 10500 0 [permanent]
mptbase 56672 2 mptsas,mptscsih
uhci_hcd 28696 0
ide_core 147584 3 ide_cd,piix,generic
scsi_transport_sas 36608 1 mptsas
ehci_hcd 36104 0
scsi_mod 153008 4 sd_mod,mptsas,mptscsih,scsi_transport_sas
bnx2 86640 0
tg3 108292 0
thermal 20240 0
processor 38248 1 thermal
fan 9864 0
-- kernel-img.conf
do_symlinks = Yes
do_initrd = Yes
silent_modules=yes
clobber_modules=yes
do_boot_enable=no
postinst_hook = /usr/sbin/update-grub
postrm_hook = /usr/sbin/update-grub
do_bootloader = no
-- System Information:
Debian Release: 4.0
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages initramfs-tools depends on:
ii busybox 1:1.1.3-4 Tiny utilities for small and embed
ii cpio 2.6-18.1+etch1 GNU cpio -- a program to manage ar
ii klibc-utils 1.4.34-2 small statically-linked utilities
ii module-init-tools 3.3-pre4-2 tools for managing Linux kernel mo
ii udev 0.105-4etch1 /dev/ and hotplug management daemo
initramfs-tools recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.99
Latest initramfs-tools copies over any ld.so.conf to initramfs
and runs ldconfing on it, thus this bug should be catched
for proper /lib64 copying there is a seperate bug report,
aka longstanding #337176. Keeping that one open.
thank you for the report.
--
maks
--- End Message ---
