From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#35996: User account password got locked when booting old generation Date: Wed, 05 Jun 2019 23:13:34 +0200 Message-ID: <87a7evwxa9.fsf@gnu.org> References: <20190603060301.2nu2zqi5j3v3j5ki@pelzflorian.localdomain> <87tvd6erbo.fsf@gnu.org> <20190603145209.ub7663zp7yh7n7i4@pelzflorian.localdomain> <87d0jtemca.fsf@gnu.org> <20190604121710.uqni7cwp5jo4pwmq@pelzflorian.localdomain> <20190604141217.7tq33idseebne5v2@pelzflorian.localdomain> <20190604171715.gvwr54wiek4xs24e@pelzflorian.localdomain> <87o93d6o8u.fsf@gnu.org> <20190605061611.py3v3msydbfn2eoe@pelzflorian.localdomain> <87imtk73xs.fsf@gnu.org> <20190605110658.7metilrqike4juml@pelzflorian.localdomain> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:53246) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYdEc-0002Lb-Lq for bug-guix@gnu.org; Wed, 05 Jun 2019 17:14:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hYdEW-0007Iq-S9 for bug-guix@gnu.org; Wed, 05 Jun 2019 17:14:12 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:34774) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hYdEQ-00078R-7l for bug-guix@gnu.org; Wed, 05 Jun 2019 17:14:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hYdEQ-0006Mr-04 for bug-guix@gnu.org; Wed, 05 Jun 2019 17:14:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20190605110658.7metilrqike4juml@pelzflorian.localdomain> (pelzflorian@pelzflorian.de's message of "Wed, 5 Jun 2019 13:06:58 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: "pelzflorian (Florian Pelz)" Cc: 35996@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable "pelzflorian (Florian Pelz)" skribis: > It appears your patch fixes the issue. I admire the speed at which > you write patches. :) Thank you! Awesome! I must say that I=E2=80=99m really glad you=E2=80=99re putting th= is much energy into reproducing issues and investigating=E2=80=94it=E2=80=99s rare = for people who report bug to dig this deep, but it=E2=80=99s super helpful and motivat= ing! I=E2=80=99ve pushed the whole series: d088d5c484 accounts: Call 'fdatasync' when writing databases. ed8570dce3 accounts: Close database before renaming it. 70a7a1b5dc nar: Really lock store files. d497b6ab39 activation: Lock /etc/.pwd.lock before accessing databases. 5f0cf1df71 syscalls: 'with-lock-file' catches ENOSYS. 89ceb86ad4 syscalls: 'with-file-lock' expands to a call to 'call-with-fil= e-lock'. b7178c22bf syscalls: Add 'with-file-lock' macro. The actual fix is ed8570dce3, AIUI. > I created a new working generation and then a new unbootable > generation with broken udevd args, both with all your patches. I > rebooted the broken and then the working generation repeatedly twelve > times. I waited varying amounts of time before doing Ctrl+Alt+Del in > the broken generation. /etc/shadow is still in good health. Good. > On Tue, Jun 04, 2019 at 11:21:05PM +0200, Ludovic Court=C3=A8s wrote: >> Indeed, =E2=80=98shepherd=E2=80=99 calls =E2=80=98disable-reboot-on-ctrl= -alt-del=E2=80=99 (which >> disables =E2=80=9Chard=E2=80=9D reboots upon ctrl-alt-del and instead no= tifies it) after >> it has loaded its config file. > > Is there a good reason shepherd calls disable-reboot-on-ctrl-alt-del > at the end? I get recovering journal messages unless on the previous > boot I waited for the whole GDM to start (I can login on the TTY > before GDM has fully started), which takes a long time during which > users could change their mind and decide they do not want to boot. > (The Macbook is not fast anyway and Guix is even slower when booting > compared to Debian.) I agree. The attached patch for Shepherd moves everything before loading the config file. I think it will have the desired effect, though I=E2=80=99m n= ot entirely sure the signal handler would run at the right time etc. You can test it on the metal if you want (you need to add the patch to the =E2=80=98shepherd=E2=80=99 package), but I=E2=80=99ll see if I can test= in a VM. Thank you! Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/modules/shepherd.scm b/modules/shepherd.scm index 8b2cc1d..769085a 100644 --- a/modules/shepherd.scm +++ b/modules/shepherd.scm @@ -198,34 +198,6 @@ socket file at FILE-NAME upon exit of PROC. Return the values of PROC." ;; Start the 'root' service. (start root-service) - ;; This _must_ succeed. (We could also put the `catch' around - ;; `main', but it is often useful to get the backtrace, and - ;; `caught-error' does not do this yet.) - (catch #t - (lambda () - (load-in-user-module (or config-file (default-config-file)))) - (lambda (key . args) - (caught-error key args) - (quit 1))) - ;; Start what was started last time. - (and persistency - (catch 'system-error - (lambda () - (start-in-order (read (open-input-file - persistency-state-file)))) - (lambda (key . args) - (apply format #f (gettext (cadr args)) (caddr args)) - (quit 1)))) - - (when (provided? 'threads) - ;; XXX: This terrible hack allows us to make sure that signal handlers - ;; get a chance to run in a timely fashion. Without it, after an EINTR, - ;; we could restart the accept(2) call below before the corresponding - ;; async has been queued. See the thread at - ;; . - (sigaction SIGALRM (lambda _ (alarm 1))) - (alarm 1)) - (when (= 1 (getpid)) ;; When running as PID 1, disable hard reboots upon ctrl-alt-del. ;; Instead, the kernel will send us SIGINT so that we can gracefully @@ -259,6 +231,34 @@ socket file at FILE-NAME upon exit of PROC. Return the values of PROC." (lambda _ (stop root-service))) + ;; This _must_ succeed. (We could also put the `catch' around + ;; `main', but it is often useful to get the backtrace, and + ;; `caught-error' does not do this yet.) + (catch #t + (lambda () + (load-in-user-module (or config-file (default-config-file)))) + (lambda (key . args) + (caught-error key args) + (quit 1))) + ;; Start what was started last time. + (and persistency + (catch 'system-error + (lambda () + (start-in-order (read (open-input-file + persistency-state-file)))) + (lambda (key . args) + (apply format #f (gettext (cadr args)) (caddr args)) + (quit 1)))) + + (when (provided? 'threads) + ;; XXX: This terrible hack allows us to make sure that signal handlers + ;; get a chance to run in a timely fashion. Without it, after an EINTR, + ;; we could restart the accept(2) call below before the corresponding + ;; async has been queued. See the thread at + ;; . + (sigaction SIGALRM (lambda _ (alarm 1))) + (alarm 1)) + ;; Ignore SIGPIPE so that we don't die if a client closes the connection ;; prematurely. (sigaction SIGPIPE SIG_IGN) --=-=-=--