Project

General

Profile

Bug #15407

Feature #15281: Stack one single SquashFS diff when upgrading

Prevent system user uid:s and gid:s from changing between releases

Added by anonym about 1 year ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Build system
Target version:
Start date:
06/28/2018
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
kibi:bugfix/15695-avoid-breaking-automatic-upgrades-to-tails-3-9
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

In Tails 3.6 the uid and gid are different compared to previous releases, making incremental upgrades impossible. I.e. it is #13426 all over again (see discussion there for details on why it breaks incremental upgrades). Let's fix this for good this time!

The automatic upgrade bug this will fix was identified in aufs. Assuming overlayfs hasn't this bug:

  • either #15281 is done strictly before #8415, and then we need to implement this ticket as part of #15281;
  • or #8415 is done before #15281 (or simultaneously), and then we can reject this ticket after confirming that overlayfs is not affected.

passwd-3.5 (2.34 KB) anonym, 03/14/2018 02:31 PM

passwd-3.6 (2.25 KB) anonym, 03/14/2018 02:31 PM

passwd-3.6-rc1 (2.3 KB) anonym, 03/14/2018 02:31 PM


Related issues

Related to Tails - Bug #13426: Tor does not start on Tails 3.0.1 automatically upgraded from 3.0 Resolved 07/05/2017
Related to Tails - Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades Resolved 06/28/2018
Related to Tails - Bug #15424: Use fixed UID and GID for debian-tor Rejected 03/16/2018
Related to Tails - Feature #8415: Migrate from aufs to overlayfs In Progress 12/18/2014
Related to Tails - Bug #15695: Avoid breaking automatic upgrades to Tails 3.9 Resolved 06/30/2018

Associated revisions

Revision a158c465
Added by intrigeri 9 months ago

Merge remote-tracking branch 'kibi/bugfix/15695-avoid-breaking-automatic-upgrades-to-tails-3-9' into devel (Fix-committed: #15695, #15407, #15419)

History

#1 Updated by anonym about 1 year ago

#2 Updated by anonym about 1 year ago

  • Related to Bug #13426: Tor does not start on Tails 3.0.1 automatically upgraded from 3.0 added

#3 Updated by anonym about 1 year ago

The real solution is #8415 (see #13426#note-10) but we probably want to solve it before that by hardcoding the uid:s and gid:s that the system users get, some how.

#4 Updated by anonym about 1 year ago

So in Tails 3.5 the debian-tor uid was 108 and in Tails 3.6 it is 107, which causes this new instance of #13426. The reason is simple: in Tails 3.5 we have the systemd-bus-proxy user, but it is not present in Tails 3.6 due to the systemd upgrade.

(Now you might wonder why we didn't catch this when testing Tails 3.6~rc1, since the systemd upgrade was in by then. Well, for some reason (I failed to find why) the Debian-exim user was added in Tails 3.6~rc1 only, which "took" systemd-bus-proxy's place so the uid for debian-tor was the same as in Tails 3.5. Talk about bad luck! :/)

#5 Updated by intrigeri about 1 year ago

  • Related to Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades added

#6 Updated by intrigeri about 1 year ago

  • Assignee deleted (intrigeri)
  • Target version changed from Tails_3.7 to Tails_4.0

Sadly, there won't be incremental upgrades to the first release that includes the proper fix suggested on this ticket (using fixed UID+GID for the debian-tor user and possibly a few others). So I think we should do this in 4.0. I'm thus postponing this ticket accordingly. In passing, another option would be to use systemd dynamic users but it's much more involved.

See #15419 and #15418 for the shorter-term workarounds.

#7 Updated by intrigeri about 1 year ago

  • Assignee set to segfault
  • Target version changed from Tails_4.0 to Tails_3.6.1

Actually there's an ugly way (config/chroot_local-hooks/04-change-gids-and-uids) to freeze UID:s/GID:s without breaking automatic upgrades. segfault is giving it a try.

#8 Updated by segfault about 1 year ago

  • Related to Bug #15424: Use fixed UID and GID for debian-tor added

#9 Updated by intrigeri about 1 year ago

  • Assignee deleted (segfault)
  • Target version changed from Tails_3.6.1 to Tails_4.0

What segfault has prepared (#15424) is a small subset of what this ticket is about.

#10 Updated by intrigeri about 1 year ago

  • Parent task set to #15281

#11 Updated by intrigeri about 1 year ago

  • Description updated (diff)

#12 Updated by intrigeri about 1 year ago

#13 Updated by intrigeri about 1 year ago

  • Target version changed from Tails_4.0 to Tails_3.8

#14 Updated by intrigeri about 1 year ago

  • Description updated (diff)

#15 Updated by intrigeri about 1 year ago

  • Assignee set to intrigeri

See #15424#note-12 for updates. During next cycle I want to make a decision wrt. the timing/relevance of this task (see ticket description) and then make sure the corresponding work is assigned to someone.

#16 Updated by intrigeri about 1 year ago

#17 Updated by intrigeri 11 months ago

  • Target version changed from Tails_3.8 to Tails_3.9

#18 Updated by intrigeri 11 months ago

#19 Updated by intrigeri 11 months ago

#20 Updated by intrigeri 11 months ago

  • Description updated (diff)

#21 Updated by intrigeri 11 months ago

#22 Updated by intrigeri 11 months ago

  • Blocked by Bug #15689: Test if overlayfs is affected by the DAC bug wrt. incremental upgrades changing UID/GID added

#23 Updated by intrigeri 11 months ago

  • Blocked by deleted (Bug #15689: Test if overlayfs is affected by the DAC bug wrt. incremental upgrades changing UID/GID)

#24 Updated by intrigeri 11 months ago

  • Assignee deleted (intrigeri)

#25 Updated by intrigeri 11 months ago

#26 Updated by intrigeri 11 months ago

  • Target version deleted (Tails_3.9)

#27 Updated by intrigeri 11 months ago

  • Related to Bug #15695: Avoid breaking automatic upgrades to Tails 3.9 added

#28 Updated by intrigeri 9 months ago

  • Status changed from Confirmed to In Progress
  • Assignee set to segfault
  • Target version set to Tails_3.9
  • QA Check set to Ready for QA

The branch for #15695 does this.

#29 Updated by intrigeri 9 months ago

  • Feature Branch set to bugfix/15695-avoid-breaking-automatic-upgrades-to-tails-3-9

#30 Updated by intrigeri 9 months ago

  • Assignee changed from segfault to CyrilBrulebois

#31 Updated by CyrilBrulebois 9 months ago

  • Assignee changed from CyrilBrulebois to intrigeri
  • QA Check changed from Ready for QA to Pass
  • Feature Branch changed from bugfix/15695-avoid-breaking-automatic-upgrades-to-tails-3-9 to kibi:bugfix/15695-avoid-breaking-automatic-upgrades-to-tails-3-9

The changes look good to me, even if there were quite a few merges and fixups needed.

I've pushed a branch with the same name to my repository, only with a few squashed commits. git diff against the branch on the main repository shows no differences.

We could probably compare sorted lists, but after discussion with intrigeri, that looks to be happening seldomly enough that it's not worth the cost.

#32 Updated by intrigeri 9 months ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (intrigeri)
  • % Done changed from 0 to 100

#33 Updated by intrigeri 9 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF