Bug#1041129: krb5-config install doesn't gracefully handle read-only /etc/krb5.conf file and errors out
Package: krb5-config Version: 2.7 When attempting to install krb5-config, if there is a pre-existing /etc/krb5.conf file that is part of a read-only filesystem,example: mounted through something like a container Docker/Kubernetes,the install process will error and fail. Here are reproducible steps: 1. Start a Debain instance with a read-only copy of /etc/krb5.conf. 2. $ apt-get update && apt-get -y install krb5-config Unpacking krb5-config (2.7) ... dpkg: krb5-config: dependency problems, but configuring anyway as you requested: krb5-config depends on bind9-host; however: Package bind9-host is not installed. Setting up krb5-config (2.7) ... debconf: unable to initialize frontend: Dialog debconf: (TERM is not set, so the dialog frontend is not usable.) debconf: falling back to frontend: Readline debconf: unable to initialize frontend: Readline debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 /usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 /usr/share/perl/5.36 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.) debconf: falling back to frontend: Teletype Unable to rename file: Device or resource busy, stopped at /var/lib/dpkg/info/krb5-config.postinst line 79, line 22. dpkg: error processing package krb5-config (--install): installed krb5-config package post-installation script subprocess returned error exit status 16 Errors were encountered while processing: krb5-config Based on my investigation it appears that /var/lib/dpkg/info/krb5-config.postinst will always try to replace /etc/krb5.conf even if it would be unable to. I suggest that a check be added before attempting to replace to ensure that it will be able to do so. If it is unable to replace it should exit successfully, but potentially log a warning. I'm not too familiar with the script, but potentially using a "test -w /etc/krb5.conf" before trying to replace the file would work here. "test -w /etc/krb5.conf" does properly detect that the file is read only, so it's more of a question of whether it is usable in the install script. Installing Kerberos on other distributions with a similar setup does not result in this type of error. Which is why I'm opening this bug report. I am running on Debian GNU/Linux 12 (bookworm), Linux 25bb0bdce857 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64 GNU/Linux Thanks, Ben
Bug#1041126: krb5-config install doesn't gracefully handle read-only /etc/krb5.conf file and errors out
Apologies, this email got really mangled when sending, I will resubmit with corrected formatting.
Bug#1041126: krb5-config install doesn't gracefully handle read-only /etc/krb5.conf file and errors out
Package: krb5-configVersion: 2.7 When attempting to install krb5-config, if there is a pre-existing /etc/krb5.conf file that is part of a read-only filesystem,example: mounted through something like a container Docker/Kubernetes,the install process will error and fail. Here are reproducible steps: 1. Start a Debain instance with a read-only copy of /etc/krb5.conf.2. Run$ apt-get update && apt-get -y install krb5-config Unpacking krb5-config (2.7) ...dpkg: krb5-config: dependency problems, but configuring anyway as you requested: krb5-config depends on bind9-host; however: Package bind9-host is not installed.Setting up krb5-config (2.7) ...debconf: unable to initialize frontend: Dialogdebconf: (TERM is not set, so the dialog frontend is not usable.)debconf: falling back to frontend: Readlinedebconf: unable to initialize frontend: Readlinedebconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 /usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 /usr/share/perl/5.36 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)debconf: falling back to frontend: TeletypeUnable to rename file: Device or resource busy, stopped at /var/lib/dpkg/info/krb5-config.postinst line 79, line 22.dpkg: error processing package krb5-config (--install): installed krb5-config package post-installation script subprocess returned error exit status 16Errors were encountered while processing: krb5-config Based on my investigation it appears that /var/lib/dpkg/info/krb5-config.postinst will always try to replace /etc/krb5.conf even if it would be unable to.I suggest that a check be added before attempting to replace to ensure that it will be able to do so. If it is unable to replace it should exit successfully, but potentially log a warning. I'm not too familiar with the script, but potentially using a "test -w" before trying to replace the file would work here. (test -w does properly detect that the file is read only, so it's more of a question of whether it is usable in the install script. Installing Kerberos on other distributions with a similar setup does not result in this type of error. Which is why I'm opening this bug report. I am running on Debian GNU/Linux 12 (bookworm), Linux 25bb0bdce857 3.10.0-1160.92.1.el7.x86_64 #1 SMP Tue Jun 20 11:48:01 UTC 2023 x86_64 GNU/Linux
