Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GIDs should be consistent for common groups in OSTree commits #1222

Open
achilleas-k opened this issue Feb 11, 2021 · 2 comments
Open

GIDs should be consistent for common groups in OSTree commits #1222

achilleas-k opened this issue Feb 11, 2021 · 2 comments

Comments

@achilleas-k
Copy link
Member

achilleas-k commented Feb 11, 2021
edited

System groups that don't specify their gid will have different IDs under different package/system configurations. This becomes an issue when we generate ostree commits that might be used to upgrade existing systems. gids can change during upgrade, affecting the permissions/ownership of system files.

It's impossible to cover all cases but at least for common cases and base packages, we should have consistent gids to avoid creating commits that will affect existing systems.

We should also document this issue as a warning for users creating commits for use in this way.

If the user provides a parent commit, we should use the passwd and group files from the parent while building the commit to avoid gid conflicts.

Comment from @gicmo on PR where issue came up

I had a quick moment to think about that, and I think the missing piece is that osbuild does not do the equivalent of preserve-passwd and check-passwd from rpm-ostree (see its treefile doc). Need to have a look at the rpm-ostree code to see what needs to be done to replicate the behaviour.

Ok, I think I found the place in rpm-ostree: /src/app/rpmostree-compose-builtin-tree.cxx#L440

Group is created in rt-setup.spec

Polkit and ssh-keys groups are added without specifying any gids.

Originally posted by @gicmo in #1175 (comment)
@teg
Copy link
Member

teg commented Feb 11, 2021

Currently we don't pull in the parent commit, so this is going to be interesting.

@gicmo
Copy link
Contributor

gicmo commented Feb 11, 2021

Currently we don't pull in the parent commit, so this is going to be interesting.

We wanted access to the parent commit for the iso installer, no? So that is going in the same direction. The alternative is to provide the actual group, passwd files, like Fedora IoT/Silverblue/FOCS currently do.

@achilleas-k achilleas-k mentioned this issue Feb 15, 2021
Merged
2 tasks
henrywang added a commit to henrywang/osbuild-composer that referenced this issue Feb 21, 2021
@henrywang
test: Add 'kernel-rt' and kernel customization test
db21973 
Since kernel upgrading from 'default' to 'rt kernel' has SSH
connection issue, 'install' kernel and 'upgrade' kernel must
have 'kernel-rt' included.
osbuild#1222

Only RHEL 8.4 repo has 'rt kernel' repo, 'rt kernel' test will be
RHEL 8.4 only
henrywang added a commit to henrywang/osbuild-composer that referenced this issue Feb 21, 2021
@henrywang
test: Add 'kernel-rt' and kernel customization test
953e8db 
Since kernel upgrading from 'default' to 'rt kernel' has SSH
connection issue, 'install' kernel and 'upgrade' kernel must
have 'kernel-rt' included.
osbuild#1222

Only RHEL 8.4 repo has 'rt kernel' repo, 'rt kernel' test will be
RHEL 8.4 only
henrywang added a commit to henrywang/osbuild-composer that referenced this issue Feb 21, 2021
@henrywang
test: Add 'kernel-rt' and kernel customization test
08d1b3c 
Since kernel upgrading from 'default' to 'rt kernel' has SSH
connection issue, 'install' kernel and 'upgrade' kernel must
have 'kernel-rt' included.
osbuild#1222

Only RHEL 8.4 repo has 'rt kernel' repo, 'rt kernel' test will be
RHEL 8.4 only
@henrywang henrywang mentioned this issue Feb 21, 2021
Merged
teg pushed a commit to henrywang/osbuild-composer that referenced this issue Mar 9, 2021
@henrywang @teg
test: Add 'kernel-rt' and kernel customization test
9dc7915 
Since kernel upgrading from 'default' to 'rt kernel' has SSH
connection issue, 'install' kernel and 'upgrade' kernel must
have 'kernel-rt' included.
osbuild#1222

Only RHEL 8.4 repo has 'rt kernel' repo, 'rt kernel' test will be
RHEL 8.4 only
teg pushed a commit that referenced this issue Mar 9, 2021
@henrywang @teg
test: Add 'kernel-rt' and kernel customization test
0350768 
Since kernel upgrading from 'default' to 'rt kernel' has SSH
connection issue, 'install' kernel and 'upgrade' kernel must
have 'kernel-rt' included.
#1222

Only RHEL 8.4 repo has 'rt kernel' repo, 'rt kernel' test will be
RHEL 8.4 only
ondrejbudai pushed a commit to ondrejbudai/osbuild-composer that referenced this issue Mar 16, 2021
@henrywang @ondrejbudai
test: Add 'kernel-rt' and kernel customization test
48564c1 
Since kernel upgrading from 'default' to 'rt kernel' has SSH
connection issue, 'install' kernel and 'upgrade' kernel must
have 'kernel-rt' included.
osbuild#1222

Only RHEL 8.4 repo has 'rt kernel' repo, 'rt kernel' test will be
RHEL 8.4 only

(cherry picked from commit 0350768)
teg pushed a commit that referenced this issue Mar 17, 2021
@henrywang @teg
test: Add 'kernel-rt' and kernel customization test
a5c543f 
Since kernel upgrading from 'default' to 'rt kernel' has SSH
connection issue, 'install' kernel and 'upgrade' kernel must
have 'kernel-rt' included.
#1222

Only RHEL 8.4 repo has 'rt kernel' repo, 'rt kernel' test will be
RHEL 8.4 only

(cherry picked from commit 0350768)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gicmo @teg @achilleas-k