On Di, 15.04.25 10:55, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> Hi folks,
>
> [I'm writing this on Colin's suggestion, to introduce more people to
> the discussion and hopefully get some new ideas how to solve the
> problem. Apologies for the length.]
>
> The problem: when packages have files owned by a user or group that
> are part of the package contents ("owned files" for short), and the
> uid/gid is allocated dynamically [1], the uid/gid can change between
> builds of an image from that package ("uid/gid drift") and then in a
> deployment, after an upgrade, the numeric uid/gid that is stored in
> the local system database might be different then the numer used in
> the image, causing files to be owned by the wrong user/group.
>
> This was a known problem for rpm-ostree systems, and was handled
> ad-hoc when problems were reported, but is becoming a bigger problem
> for bootc systems.
>
> There are a few options possible: avoid using any "owned files" in
> packages, use tmpfiles.d to adjust ownership dynamically, switch back
> to soft-static uid/gid assignments, completely change how we do
> deployments, stop upgrading image-based deployments… We need to do
> _something_, but it's not clear at this point what the best course of
> action is.
>
> ** Details of the problem **
>
> I know the summary above is dense. Let's go through an example:
>
> - Package opencryptoki defines group pkcs11. This group uses "dynamic
> allocation", i.e. the specific numeric gid is selected when the
> package is installed, taking the first unused number.
>
> - The package has a file in the %files payload owned by the group:
> %attr(,,pkcs11) /etc/opencryptoki/strength.conf
>
> - When an rpm-ostree or bootc image is built with this package, the
> accounts are created in the local user/group database and some
> numeric uids/gids are selected, for example 999. The filesystem
> stores ownership as numbers, so that gid is used for
> /etc/opencryptoki/strength.conf in the filesystem.
>
> - The user makes a deployment using this image; in the local
> installation the gid is used for /etc/opencryptoki/strength.conf.
>
> - A new version of the rpm-ostree or bootc image is built, but this
> time numeric uids/gids are different, e.g. we get 998 for pkcs11.
I don't follow? The UID assignments are stored in /etc/passwd,
i.e. your example config file and the UID assignment are stored at the
same place, so how can they get out of sync?
> - The user upgrades, and the file in the image is owned by a gid that
> maps to a different group in the local database or to no group and
> is listed as unowned.
How does this bootc thing update? it deletes /etc/passwd? Why would it
do that? seems, humm, weird?
I don't follow at all?
Lennart
--
Lennart Poettering, Berlin
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
