Hi Andrea,
Quoting Andrea Pappacoda (2022-12-31 12:54:35)
> Hi, for some reason I'm unable to get the unshare backend working on one of
> my machines.
>
> When I try to create an unstable-amd64 tarball to use with sbuild I get this
> strange error:
>
> mmdebstrap --variant=apt --include=build-essential unstable unstable-
> amd64.tar
> I: automatically chosen mode: unshare
> I: chroot architecture amd64 is equal to the host's architecture
> I: automatically chosen format: tar
> I: using /tmp/mmdebstrap.panqVhWsFm as tempdir
> W: /etc/subuid is empty
> E: invalid idmap
Do you have a valid /etc/subuid? Mine says (josch is my username):
josch:100000:65536
How could the error message be improved?
> If I force the creation of the above tarball with root mode
A tarball created in root mode will be bit-by-bit identical to one created in
unshare mode (if SOURCE_DATE_EPOCH was set to the same value).
> and I then try to
> use it in sbuild, I get this even bigger error:
>
> Package: yuzu
> Version: 0-1284+ds-1
> Source Version: 0-1284+ds-1
> Distribution: unstable
> Machine Architecture: amd64
> Host Architecture: amd64
> Build Architecture: amd64
> Build Type: binary
>
> Use of uninitialized value $nsid in concatenation (.) or string at
> /usr/share/perl5/Sbuild/Utility.pm line 401.
> Use of uninitialized value $range in concatenation (.) or string at
> /usr/share/perl5/Sbuild/Utility.pm line 401.
> Use of uninitialized value $nsid in concatenation (.) or string at
> /usr/share/perl5/Sbuild/Utility.pm line 404.
> Use of uninitialized value $range in concatenation (.) or string at
> /usr/share/perl5/Sbuild/Utility.pm line 404.
> Use of uninitialized value $nsid in concatenation (.) or string at
> /usr/share/perl5/Sbuild/Utility.pm line 401.
> Use of uninitialized value $nsid in concatenation (.) or string at
> /usr/share/perl5/Sbuild/Utility.pm line 404.
> ranges: 2 argc: 5
> newuidmap: Not enough arguments to form 2 mappings
> usage: newuidmap <pid> <uid> <loweruid> <count> [ <uid> <loweruid> <count>
> ] ...
> newuidmap failed: at -e line 1.
> child had a non-zero exit status: 256 at -e line 1.
> bad exit status (29): perl -e require 'syscall.ph';pipe my $rfh, my
> $wfh;my
> $ppid = $$;my $cpid = fork() // die "fork() failed: $!";if ($cpid == 0) {close
> $wfh;0 == sysread $rfh, my $c, 1 or die "read() did not receive EOF";0 ==
> system "newuidmap $ppid 0 60092 1 1 1" or die "newuidmap failed: $!";0 ==
> system "newgidmap $ppid 0 60092 1 1 1" or die "newgidmap failed: $!";exit
> 0;}0 == syscall &SYS_unshare, 268435456 or die "unshare() failed: $!";close
> $wfh;$cpid == waitpid $cpid, 0 or die "waitpid() failed: $!";if ($? != 0) {die
> "child had a non-zero exit status: $?";}0 == syscall &SYS_setgid, 0 or die
> "setgid failed: $!";0 == syscall &SYS_setuid, 0 or die "setuid failed: $!";0
> ==
> syscall &SYS_setgroups, 0, 0 or die "setgroups failed: $!";exec { $ARGV[0] }
> @ARGV or die "exec() failed: $!"; chown 1:1 /tmp/tmp.sbuild.LKlB9A2jh_
> E: Error creating chroot session: skipping yuzu
>
> I've installed this system fairly recently (after the bullseye release), and I
> don't have messed with it that much. One thing that comes to my mind that
> could
> be messing with UIDs and GIDs is that I'm using systemd-homed to manage my
> user
> and home directory.
>
> Under systemd-homed, users aren't saved to /etc/passwd, but are retrievable
> with glibc's NSS API, i.e. with getent(1) and the various getpwuid(3) C
> functions. For instance,
>
> $ diff /etc/passwd <(getent passwd)
> 42a43
> > tachi:x:60092:60092:Andrea Pappacoda:/home/tachi:/usr/bin/zsh
>
> How could I debug and/or solve this issue? I'm a bit lost.
The error message in sbuild could certainly be improved. Could you try out the
following patch:
diff --git a/lib/Sbuild/ChrootUnshare.pm b/lib/Sbuild/ChrootUnshare.pm
index 9734293a..d48de32d 100644
--- a/lib/Sbuild/ChrootUnshare.pm
+++ b/lib/Sbuild/ChrootUnshare.pm
@@ -105,9 +105,16 @@ sub begin_session {
my @idmap = read_subuid_subgid;
# sanity check
- if (scalar(@idmap) != 2 || $idmap[0][0] ne 'u' || $idmap[1][0] ne 'g') {
- printf STDERR "invalid idmap\n";
- return 0;
+ if ( scalar(@idmap) != 2
+ || $idmap[0][0] ne 'u'
+ || $idmap[1][0] ne 'g'
+ || length $idmap[0][1] == 0
+ || length $idmap[0][2] == 0
+ || length $idmap[1][1] == 0
+ || length $idmap[1][2] == 0)
+ {
+ printf STDERR "invalid idmap\n";
+ return 0;
}
$self->set('Uid Gid Map', \@idmap);
diff --git a/lib/Sbuild/Utility.pm b/lib/Sbuild/Utility.pm
index 7405055e..5a59b28a 100644
--- a/lib/Sbuild/Utility.pm
+++ b/lib/Sbuild/Utility.pm
@@ -546,34 +546,28 @@ sub read_subuid_subgid() {
last if ($n eq $username);
}
close $fh;
+
+ if ($n ne $username) {
+ printf STDERR "No entry for $username in /etc/subuid";
+ return;
+ }
+
push @result, ["u", 0, $subid, $num_subid];
- if (scalar(@result) < 1) {
- printf STDERR "/etc/subuid does not contain an entry for $username\n";
- return;
- }
- if (scalar(@result) > 1) {
- printf STDERR "/etc/subuid contains multiple entries for $username\n";
- return;
- }
-
open $fh, "<", "/etc/subgid" or die "cannot open /etc/subgid for reading:
$!";
while (my $line = <$fh>) {
($n, $subid, $num_subid) = split(/:/, $line, 3);
last if ($n eq $username);
}
close $fh;
+
+ if ($n ne $username) {
+ printf STDERR "No entry for $username in /etc/subgid";
+ return;
+ }
+
push @result, ["g", 0, $subid, $num_subid];
- if (scalar(@result) < 2) {
- printf STDERR "/etc/subgid does not contain an entry for $username\n";
- return;
- }
- if (scalar(@result) > 2) {
- printf STDERR "/etc/subgid contains multiple entries for $username\n";
- return;
- }
-
return @result;
}
Thanks!
cheers, josch
