subject:"Bug#879662\:"

Bug#879662:

2017-10-27 Thread nicodache

Hello,

TL:DR ; nanosleep.

I've upgraded to apt 1.6~alpha2 (amd64)and I'm now getting the following
error message.

[21:02]  ~ $ sudo apt-get update
[sudo] Mot de passe de nicodache :
Réception de:1 http://ftp.belnet.be/debian sid InRelease [235 kB]
0% [1 InRelease 2.679 B/235 kB 1%] [Connexion à deb.opera.com
(185.26.183.130)]
 Seccomp prevented execution of syscall 35 on architecture
amd64 
Lecture des listes de paquets... Fait
E: Method http has died unexpectedly!
E: Le sous-processus http a renvoyé un code d'erreur (31)

I've had a look at files https://people.debian.org/~jak/syscalls-trapped.txt,
https://people.debian.org/~jak/syscalls-allowed.txt, and man syscalls, but
didn't find anything called 35 in there...

I've tried to add it into /etc/apt/apt.conf (I just added
APT::Sandbox::Seccomp::Allow { "35";};
to it).

This yields
0% [En cours]EE: : Cannot allow 35: Argument invalide -
aptMethod::Configuration (0: Succès)
Cannot allow 35: Argument invalide - aptMethod::Configuration (0:
Succès)
Lecture des listes de paquets... Fait
E: Method https has died unexpectedly!
E: Le sous-processus https a renvoyé un code d'erreur (100)

I foolishly looked at man 2 syscalls, and using dec/octal/hexa numbering,
tried all the relative syscalls I found in the list presented there, in the
order given by the man page (that is, chroot clone delete_module epoll_wait
fallocate fgetxattr).

Then I got smarter, and I found arch/x86/entry/syscalls/syscall_64.tbl,
which is in a format which made much more sense to me.

[21:44]  /tmp/linux-4.13.10 $ grep ^35
arch/x86/entry/syscalls/syscall_64.tbl
35  common  *nanosleep*   sys_nanosleep

And that now works as expected *\o/*

So you may want to add nanosleep, and maybe also clock_nanosleep to the
default APT seccomp config.

Cheers (and thanks for that ~alpha2 modifications).
-- N

Bug#879662: http and https as well

2017-10-25 Thread Julian Andres Klode

On Wed, Oct 25, 2017 at 08:55:11PM +0200, nicodache wrote:
> Hello,
> 
> I believe I'm facing the same issue after my yesterday's update, with
> method http.
> 
> [20:51]  ~ $ sudo apt-get update
> Réception de:1 http://ftp.belnet.be/debian sid InRelease [235 kB]
> Lecture des listes de paquets... Fait
> E: Method http has died unexpectedly!
> E: Le sous-processus http a reçu le signal 31
> 
> [20:51]  ~ $ apt --version
> apt 1.6~alpha1 (amd64)
> 
> Do you confirm the cause appears similar ?
> 
> I managed to update my Sid after modifying my source.list to point towards
> ftp://. It all went fine, but when reversing to http (for
> https://www.debian.org/News/2017/20170425), error is still present.

Don't do that.

> 
> FWIW, I've had the same error with method https (which I use for non-free
> Opera web browser).

Please read the NEWS file, it's what it exists for and it would have
told you how to revert the seccomp change. Do not run unstable without
apt-listchanges.

Please get a coredump and run gdb on it to figure out which syscall failed.
With systemd-coredump, it's just a matter of running coredumpctl gdb after
running a failed apt update.

Any special libnss modules installed?

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
 Ubuntu Core Developer

Bug#879662: http and https as well

2017-10-25 Thread David Kalnischkies

On Wed, Oct 25, 2017 at 08:55:11PM +0200, nicodache wrote:
> [20:51]  ~ $ sudo apt-get update
> Réception de:1 http://ftp.belnet.be/debian sid InRelease [235 kB]
> Lecture des listes de paquets... Fait
> E: Method http has died unexpectedly!
> E: Le sous-processus http a reçu le signal 31

Signal 31 is SIGSYS, so likely, althrough…

> [20:51]  ~ $ apt --version
> apt 1.6~alpha1 (amd64)

… that is an architecture Julian has likely tested extensively – and it
works for me on amd64, too, so a coredump would be handy for Julian to
look at as he already said as your problem is unreproducible for us.

> I managed to update my Sid after modifying my source.list to point towards
> ftp://. It all went fine, but when reversing to http (for
> https://www.debian.org/News/2017/20170425), error is still present.

Please don't do this. Julian already quoted the NEWS.Debian file with
details on how to disable seccomp, so if that is your problem, disable
it for the time being and be happy – don't change to ftp which will be
gone in a few days (at the very least, ftp uses seccomp, too, so its not
a generic problem like kernel not supporting it or something, but really
some syscall not whitelisted which should be).

Best regards

David Kalnischkies

signature.asc
Description: PGP signature

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

2017-10-25 Thread Julian Andres Klode

On Tue, Oct 24, 2017 at 07:48:52AM +0200, Cyril Brulebois wrote:
> Package: apt
> Version: 1.4.8
> Severity: serious
> Tags: d-i
> Justification: FTBFS
> 
> [ Please keep both debian-boot@ and me in copy. ]
> 
> It seems the “most secure file downloading on the planet” can no longer
> copy files around:
> | get-packages udeb  
> | make[5]: 'sources.list.udeb' is up to date.
> | Ign:1 copy:/home/kibi/debian-installer/installer/build localudebs/ InRelease
> | Ign:2 copy:/home/kibi/debian-installer/installer/build localudebs/ Release
> | Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
> | Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
> Translation-en
> | Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Get:8 http://localhost/debian unstable InRelease [235 kB]
> | Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
> | Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
> Translation-en
> | Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
> | Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
> Translation-en
> | Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Reading package lists...
> | E: Method copy has died unexpectedly!
> | E: Sub-process copy received signal 31.
> 
> Error reporting is a bit underwhelming. :(

This is caused by fakeroot using more syscalls than we have whitelisted, adding 
the
following to apt.conf makes it work again (or well, fail in non-seccomp ways 
for me
with signing issues).

APT::Sandbox::Seccomp::Allow {
"semop";
"semget";
"msgsnd";
"msgrcv";
"msgget";
"msgctl";
};

This is somewhat bad. I guess we should allow them when running under fakeroot, 
like this:

if (getenv("FAKED_MODE")) {
ALLOW(semop);
ALLOW(semget);
ALLOW(msgsnd);
ALLOW(msgrcv);
ALLOW(msgget);
ALLOW(msgctl);
}

rather than just turning them on in general. But please check if
it builds with the apt.conf options first, as I said, I get some
signing problems in my "dirty" environment.
-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
Ubuntu Core Developer

Bug#879662: http and https as well

2017-10-25 Thread nicodache

Hello,

I believe I'm facing the same issue after my yesterday's update, with
method http.

[20:51]  ~ $ sudo apt-get update
Réception de:1 http://ftp.belnet.be/debian sid InRelease [235 kB]
Lecture des listes de paquets... Fait
E: Method http has died unexpectedly!
E: Le sous-processus http a reçu le signal 31

[20:51]  ~ $ apt --version
apt 1.6~alpha1 (amd64)

Do you confirm the cause appears similar ?

I managed to update my Sid after modifying my source.list to point towards
ftp://. It all went fine, but when reversing to http (for
https://www.debian.org/News/2017/20170425), error is still present.

FWIW, I've had the same error with method https (which I use for non-free
Opera web browser).

Thanks

-- N

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

2017-10-24 Thread Philipp Kern


On 2017-10-24 10:34, Julian Andres Klode wrote:

It says SIGSYS, which means a system call trapped by seccomp. Can you
get a coredump
and run gdb on it and get me a backtrace :) Or guess from the lists:

https://people.debian.org/~jak/syscalls-allowed.txt
https://people.debian.org/~jak/syscalls-trapped.txt (all syscalls I
found - first list)

Or play with the settings in the NEWS file,
APT::Sandbox::Seccomp "false"; to disable it
APT::Sandbox::Seccomp::Allow { "syscall1"; "syscall2"; }; to allow
more syscalls by name

I was wondering if we could install a SIGSYS signal handler to print
which syscall was blocked, but did not find anything yet.


Does a seccomp kill land in dmesg?

Kind regards
Philipp Kern

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

2017-10-24 Thread Cyril Brulebois

Control: notfound -1 1.4.8
Control: found -1 1.6~alpha1

Hi,

Julian Andres Klode  (2017-10-24):
> On Tue, Oct 24, 2017 at 07:48:52AM +0200, Cyril Brulebois wrote:
> > Package: apt
> > Version: 1.4.8
> 
> I assume you mean 1.6~alpha1? Because that's what the error
> seems to indicate.

Certainly. Sorry, I filed this from my laptop, in a hurry, and forgot to
edit the Version field.

> It says SIGSYS, which means a system call trapped by seccomp. Can you get a 
> coredump
> and run gdb on it and get me a backtrace :) Or guess from the lists:
> 
> https://people.debian.org/~jak/syscalls-allowed.txt
> https://people.debian.org/~jak/syscalls-trapped.txt (all syscalls I found - 
> first list)
> 
> Or play with the settings in the NEWS file,
>   APT::Sandbox::Seccomp "false"; to disable it
>   APT::Sandbox::Seccomp::Allow { "syscall1"; "syscall2"; }; to allow more 
> syscalls by name
> 
> I was wondering if we could install a SIGSYS signal handler to print
> which syscall was blocked, but did not find anything yet.

Thanks for the pointers. I've really be meaning to file this to make
sure it's documented/known. I won't have much time until tomorrow,
that's why I was suggesting just debcheckout (or apt-get source)
debian-installer and cd build && ./daily-build build-only in the
meanwhile.

See you.


KiBi.


signature.asc
Description: PGP signature

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

2017-10-24 Thread Julian Andres Klode

On Tue, Oct 24, 2017 at 07:48:52AM +0200, Cyril Brulebois wrote:
> Package: apt
> Version: 1.4.8

I assume you mean 1.6~alpha1? Because that's what the error
seems to indicate.

> Severity: serious
> Tags: d-i
> Justification: FTBFS
> 
> [ Please keep both debian-boot@ and me in copy. ]
> 
> It seems the “most secure file downloading on the planet” can no longer
> copy files around:
> | get-packages udeb  
> | make[5]: 'sources.list.udeb' is up to date.
> | Ign:1 copy:/home/kibi/debian-installer/installer/build localudebs/ InRelease
> | Ign:2 copy:/home/kibi/debian-installer/installer/build localudebs/ Release
> | Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
> | Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
> Translation-en
> | Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Get:8 http://localhost/debian unstable InRelease [235 kB]
> | Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
> | Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
> Translation-en
> | Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
> | Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
> Translation-en
> | Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (deb)
> | Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
> (udeb)
> | Reading package lists...
> | E: Method copy has died unexpectedly!
> | E: Sub-process copy received signal 31.
> 
> Error reporting is a bit underwhelming. :(

It says SIGSYS, which means a system call trapped by seccomp. Can you get a 
coredump
and run gdb on it and get me a backtrace :) Or guess from the lists:

https://people.debian.org/~jak/syscalls-allowed.txt
https://people.debian.org/~jak/syscalls-trapped.txt (all syscalls I found - 
first list)

Or play with the settings in the NEWS file,
APT::Sandbox::Seccomp "false"; to disable it
APT::Sandbox::Seccomp::Allow { "syscall1"; "syscall2"; }; to allow more 
syscalls by name

I was wondering if we could install a SIGSYS signal handler to print
which syscall was blocked, but did not find anything yet.


-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

2017-10-23 Thread Cyril Brulebois

Package: apt
Version: 1.4.8
Severity: serious
Tags: d-i
Justification: FTBFS

[ Please keep both debian-boot@ and me in copy. ]

It seems the “most secure file downloading on the planet” can no longer
copy files around:
| get-packages udeb  
| make[5]: 'sources.list.udeb' is up to date.
| Ign:1 copy:/home/kibi/debian-installer/installer/build localudebs/ InRelease
| Ign:2 copy:/home/kibi/debian-installer/installer/build localudebs/ Release
| Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
| Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
Translation-en
| Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(deb)
| Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(deb)
| Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(udeb)
| Get:8 http://localhost/debian unstable InRelease [235 kB]
| Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(udeb)
| Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
| Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
Translation-en
| Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(deb)
| Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(deb)
| Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(udeb)
| Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(udeb)
| Ign:3 copy:/home/kibi/debian-installer/installer/build localudebs/ Packages
| Ign:4 copy:/home/kibi/debian-installer/installer/build localudebs/ 
Translation-en
| Ign:5 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(deb)
| Ign:6 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(deb)
| Ign:7 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(udeb)
| Ign:9 copy:/home/kibi/debian-installer/installer/build localudebs/ Contents 
(udeb)
| Reading package lists...
| E: Method copy has died unexpectedly!
| E: Sub-process copy received signal 31.

Error reporting is a bit underwhelming. :(

This happens with this sources.list file:
| (sid-amd64-devel)kibi@wodi:~/debian-installer/installer/build$ cat 
sources.list.udeb 
| # This file is automatically generated, edit sources.list.udeb.local instead.
| deb [trusted=yes] copy:/home/kibi/debian-installer/installer/build/ 
localudebs/
| deb http://localhost/debian unstable main/debian-installer

This can be reproduced on all archs by triggering a daily build in the
debian-installer directory, in a sid chroot:
| cd build && ./daily-build build-only


KiBi.

Bug#879662:

Bug#879662: http and https as well

Bug#879662: http and https as well

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

Bug#879662: http and https as well

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

Bug#879662: apt: debian-installer FTBFS: E: Method copy has died unexpectedly!

9 matches

Site Navigation

Mail list logo

Footer information