[X2Go-Dev] Bug#1458: Bug#1458: Bug#1458: Bug#1458: unattended Debian installations (using preseed) fail when x2gobroker-ssh is involved

Sun Apr 19 15:30:45 CEST 2020

Am 17.04.20 um 21:59 schrieb Ulrich Sibiller:
> On Fri, Apr 17, 2020 at 8:36 PM Stefan Baur <X2Go-ML-1 at baur-itcs.de> wrote:

>> Currently, all automated Debian installs for x2gobroker-ssh are failing
>> due to this faulty piece of code.
> 
> So, let's make this clear: Code, which should not be there at all ist
> now breaking installation. That's exactly my point... It should not be
> there.

Code that has been put there to solve an actual issue, but which has a
flaw in its detection routine as to when it should trigger.

> I have just checked on my Debian 10. Here's a snipped from /usr/sbin/groupadd:
> ...
>     printf (gtx("Adding group `%s' (GID %d)
> ...\n"),$new_name,$new_gid) if $verbose;
>     &invalidate_nscd("group");
>     my $groupadd = &which('groupadd');
>     &systemcall($groupadd, '-g', $new_gid, $new_name);
>     &invalidate_nscd("group");
>     print (gtx("Done.\n")) if $verbose;
> ...
> 
> So this is where this kind of code belongs to. Debian has everything in place.

And it seems to be broken, or this code in the postinst script wouldn't
be needed.  Or maybe it was only added to groupadd after the code in the
postinst file had already been written.  It would be interesting to know
when those "invalidate_nscd" calls were added.  Maybe an older Debian
version is still affected by this, while Buster is safe?

> So I agree that this should be fixed asap in x2gobroker-ssh, but it
> should be fixed by removing the nscd code altogether.
> 
>> So if we remove it, we're likely to get another bug report tagged
>> "severity: important", just coming from the other direction, begging us
>> to add this code again.
> 
> No, those people begging for it can be instructed to check their
> distro. And to run the flush manually. Or even to simply reboot.

The proper way to handle this, IMO, is a two-step process.

1. Apply my patch ASAP and release a fixed package, to un-break
   current preseeded installations.
2. Turn the blind execution if the condition is triggered into an
   interactive, preseedable question, and check for sssd as well.
   This is what Debian does e.g. when updating libc - you get a popup
   asking you if it is okay to restart affected services, or if you
   would like to do it manually at a later date.
   So in addition to

x2gobroker-ssh x2gobroker-ssh/group-x2gobroker-users string x2gobroker-users
x2gobroker-ssh x2gobroker-ssh/group-does-not-exist note
x2gobroker-ssh x2gobroker-ssh/use-existing-group boolean true|false
x2gobroker-ssh x2gobroker-ssh/create-group boolean true|false
x2gobroker-ssh x2gobroker-ssh/manual-setup-required boolean true|false
x2gobroker-ssh x2gobroker-ssh/del-last-group-x2gobroker-users boolean
true|false
x2gobroker-ssh x2gobroker-ssh/last-group-x2gobroker-users string
x2gobroker-users

   we'd have new preseedable entries like

x2gobroker-ssh x2gobroker-ssh/flush-nscd-groups boolean true|false
x2gobroker-ssh x2gobroker-ssh/flush-sssd-groups boolean true|false

  Whoever tries to run an unattended installation using preseeds can
  then choose whichever option suits them best.
  And if you're worried that the attempt to flush the cache has a
  negative impact, even with the triggering condition fixed, we can make
  those options default to "false" and add a notice like "this should
  not be neccessary unless your groupadd implementation is faulty" in
  the popup message.

-Stefan

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243