From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: bug#32478: pcscd service activation causes boot failure Date: Mon, 20 Aug 2018 00:26:38 -0700 Message-ID: <87pnyd8pn5.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47439) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1frepC-0003Cb-25 for bug-guix@gnu.org; Mon, 20 Aug 2018 03:42:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1frep9-0005UE-7e for bug-guix@gnu.org; Mon, 20 Aug 2018 03:42:04 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:49989) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1frep8-0005Tl-Lb for bug-guix@gnu.org; Mon, 20 Aug 2018 03:42:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1frep8-0006oI-GE for bug-guix@gnu.org; Mon, 20 Aug 2018 03:42:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46955) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1frenx-00025q-SJ for bug-guix@gnu.org; Mon, 20 Aug 2018 03:40:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1freaK-0007ii-0F for bug-guix@gnu.org; Mon, 20 Aug 2018 03:26:46 -0400 Received: from mail-pl0-x22c.google.com ([2607:f8b0:400e:c01::22c]:44572) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1freaJ-0007iK-7T for bug-guix@gnu.org; Mon, 20 Aug 2018 03:26:43 -0400 Received: by mail-pl0-x22c.google.com with SMTP id ba4-v6so6649409plb.11 for ; Mon, 20 Aug 2018 00:26:42 -0700 (PDT) List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 32478@debbugs.gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Commit de30205ba0f63eb987097a9f47b6e4fd38cd9044 added a pcscd service (hooray!). However, its activation procedure doesn't always work. The system test passes, and the activation procedure works the first time you boot, but if you reboot, it will fail because the symlink it creates already exists. The attached patch fixes the problem. To reproduce the bug, use the attached operating system configuration file (bare-bones.scm), and run: guix system vm-image bare-bones.scm This takes a long time to finish (up to a few hours, depending on your system). Once it's done, copy the image out of the store: cp $the_store_path /tmp/qemu-image Then run it: sudo qemu-system-x86_64 -smp cpus=3D1 -net user -net nic,model=3Dvirtio -= enable-kvm -m 2048 /tmp/qemu-image=20 Observe how the VM boots successfully. Now log in as root (no password) and reboot. Observe that the boot process fails now because the symlink created by the pcscd activation service already exists. The attached patch fixes the issue by using an idempotent procedure to create the symlink. If there are no objections, I'll push the patch to master about 24 hours from now. There is a fairly long comment in my patch because although I wanted to re-use the switch-symlinks procedure from (guix utils), I couldn't figure out how to do it. Ideas regarding this are welcome! To be specific, I tried to use (guix utils), but then I got the following error message at boot time (see my comment for more information): =2D-8<---------------cut here---------------start------------->8--- loading '/gnu/store/f4ng1dlpm7q74vssbb049vpf2gvw3n3r-system/boot'... [ 2.175072] random: fast init done making '/gnu/store/f4ng1dlpm7q74vssbb049vpf2gvw3n3r-system' the current sys= tem.. . setting up setuid programs in '/run/setuid-programs'... populating /etc from /gnu/store/n6cwz1hlmjylva2xrv61njl68g6c8k5l-etc... usermod: no changes usermod: no changes usermod: no changes ERROR: In procedure dynamic-func: In procedure dynamic-pointer: Symbol not found: strverscmp Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue. GNU Guile 2.2.3 Copyright (C) 1995-2017 Free Software Foundation, Inc. Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'. This program is free software, and you are welcome to redistribute it under certain conditions; type `,show c' for details. Enter `,help' for help. scheme@(guix utils)> ,bt In gnu/build/linux-boot.scm: 530:13 22 (_) In unknown file: 21 (primitive-load "/gnu/store/f4ng1dlpm7q74vssbb049vpf2gv=C2=B7") In ice-9/eval.scm: 619:8 20 (_ #f) In unknown file: 19 (primitive-load "/gnu/store/b6yg0pkp835a3zky9sj53yyjxac=C2=B7") In ice-9/boot-9.scm: 260:13 18 (for-each # _) In unknown file: 17 (primitive-load "/gnu/store/v42zaw2hjwxy5wnd0dwa6j245nr=C2=B7") In ice-9/eval.scm: 721:20 16 (primitive-eval (begin (use-modules (guix build #) #) =C2=B7)) In ice-9/psyntax.scm: 1235:36 15 (expand-top-sequence ((begin (use-modules (# # =C2=B7) =C2=B7)= =C2=B7)) =C2=B7) 1182:24 14 (parse _ (("placeholder" placeholder)) ((top) #(# # =C2=B7)) = =C2=B7) 1182:24 13 (parse _ (("placeholder" placeholder)) ((top) #(# # =C2=B7)) = =C2=B7) 285:10 12 (parse _ (("placeholder" placeholder)) (()) _ c&e (eval) =C2= =B7) In ice-9/boot-9.scm: 3365:20 11 (process-use-modules _) 222:29 10 (map1 (((guix build utils)) ((guix utils)))) 222:17 9 (map1 (((guix utils)))) 3366:31 8 (_ ((guix utils))) 2788:17 7 (resolve-interface (guix utils) #:select _ #:hide _ # _ =C2=B7) 2714:10 6 (_ (guix utils) _ _ #:ensure _) 2982:16 5 (try-module-autoload _ _) 2312:4 4 (save-module-excursion #) 3002:22 3 (_) In unknown file: 2 (primitive-load-path "guix/utils" #) In guix/utils.scm: 485:24 1 (_) In unknown file: 0 (dynamic-func "strverscmp" #) scheme@(guix utils)> [ 53.048203] random: crng init done =2D-8<---------------cut here---------------end--------------->8--- To be clear, the above stack trace is NOT related to the bug I am reporting. It's just a different problem that made it difficult to re-use switch-symlinks from (guix utils), which is why in my fix I decided to just copy the switch-symlinks definition verbatim. =2D-=20 Chris --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=bare-bones.scm Content-Transfer-Encoding: base64 OzsgVGhpcyBpcyBhbiBvcGVyYXRpbmcgc3lzdGVtIGNvbmZpZ3VyYXRpb24gdGVtcGxhdGUKOzsg Zm9yIGEgImJhcmUgYm9uZXMiIHNldHVwLCB3aXRoIG5vIFgxMSBkaXNwbGF5IHNlcnZlci4KCih1 c2UtbW9kdWxlcyAoZ251KSkKKHVzZS1zZXJ2aWNlLW1vZHVsZXMgbmV0d29ya2luZyBzc2ggc2Vj dXJpdHktdG9rZW4pCih1c2UtcGFja2FnZS1tb2R1bGVzIHNjcmVlbiBzc2gpCgoob3BlcmF0aW5n LXN5c3RlbQogIChob3N0LW5hbWUgImtvbXB1dGlsbyIpCiAgKHRpbWV6b25lICJFdXJvcGUvQmVy bGluIikKICAobG9jYWxlICJlbl9VUy51dGY4IikKCiAgOzsgQm9vdCBpbiAibGVnYWN5IiBCSU9T IG1vZGUsIGFzc3VtaW5nIC9kZXYvc2RYIGlzIHRoZQogIDs7IHRhcmdldCBoYXJkIGRpc2ssIGFu ZCAibXktcm9vdCIgaXMgdGhlIGxhYmVsIG9mIHRoZSB0YXJnZXQKICA7OyByb290IGZpbGUgc3lz dGVtLgogIChib290bG9hZGVyIChib290bG9hZGVyLWNvbmZpZ3VyYXRpb24KICAgICAgICAgICAg ICAgIChib290bG9hZGVyIGdydWItYm9vdGxvYWRlcikKICAgICAgICAgICAgICAgICh0YXJnZXQg Ii9kZXYvc2RYIikpKQogIChmaWxlLXN5c3RlbXMgKGNvbnMgKGZpbGUtc3lzdGVtCiAgICAgICAg ICAgICAgICAgICAgICAgIChkZXZpY2UgKGZpbGUtc3lzdGVtLWxhYmVsICJteS1yb290IikpCiAg ICAgICAgICAgICAgICAgICAgICAgIChtb3VudC1wb2ludCAiLyIpCiAgICAgICAgICAgICAgICAg ICAgICAgICh0eXBlICJleHQ0IikpCiAgICAgICAgICAgICAgICAgICAgICAlYmFzZS1maWxlLXN5 c3RlbXMpKQoKICA7OyBUaGlzIGlzIHdoZXJlIHVzZXIgYWNjb3VudHMgYXJlIHNwZWNpZmllZC4g IFRoZSAicm9vdCIKICA7OyBhY2NvdW50IGlzIGltcGxpY2l0LCBhbmQgaXMgaW5pdGlhbGx5IGNy ZWF0ZWQgd2l0aCB0aGUKICA7OyBlbXB0eSBwYXNzd29yZC4KICAodXNlcnMgKGNvbnMgKHVzZXIt YWNjb3VudAogICAgICAgICAgICAgICAgKG5hbWUgImFsaWNlIikKICAgICAgICAgICAgICAgIChj b21tZW50ICJCb2IncyBzaXN0ZXIiKQogICAgICAgICAgICAgICAgKGdyb3VwICJ1c2VycyIpCgog ICAgICAgICAgICAgICAgOzsgQWRkaW5nIHRoZSBhY2NvdW50IHRvIHRoZSAid2hlZWwiIGdyb3Vw CiAgICAgICAgICAgICAgICA7OyBtYWtlcyBpdCBhIHN1ZG9lci4gIEFkZGluZyBpdCB0byAiYXVk aW8iCiAgICAgICAgICAgICAgICA7OyBhbmQgInZpZGVvIiBhbGxvd3MgdGhlIHVzZXIgdG8gcGxh eSBzb3VuZAogICAgICAgICAgICAgICAgOzsgYW5kIGFjY2VzcyB0aGUgd2ViY2FtLgogICAgICAg ICAgICAgICAgKHN1cHBsZW1lbnRhcnktZ3JvdXBzICcoIndoZWVsIgogICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgImF1ZGlvIiAidmlkZW8iKSkKICAgICAgICAgICAgICAg IChob21lLWRpcmVjdG9yeSAiL2hvbWUvYWxpY2UiKSkKICAgICAgICAgICAgICAgJWJhc2UtdXNl ci1hY2NvdW50cykpCgogIDs7IEdsb2JhbGx5LWluc3RhbGxlZCBwYWNrYWdlcy4KICAocGFja2Fn ZXMgKGNvbnMqIHNjcmVlbiBvcGVuc3NoICViYXNlLXBhY2thZ2VzKSkKCiAgOzsgQWRkIHNlcnZp Y2VzIHRvIHRoZSBiYXNlbGluZTogYSBESENQIGNsaWVudCBhbmQKICA7OyBhbiBTU0ggc2VydmVy LgogIChzZXJ2aWNlcyAoY29ucyogKHNlcnZpY2UgcGNzY2Qtc2VydmljZS10eXBlKQogICAgICAg ICAgICAgICAgICAgJWJhc2Utc2VydmljZXMpKSkK --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-gnu-services-Fix-pcscd-activation-bug.patch Content-Transfer-Encoding: quoted-printable From=203fa1e930b827aebca2dbbfe84c36cf203f15afda Mon Sep 17 00:00:00 2001 From: Chris Marusich Date: Mon, 20 Aug 2018 00:16:06 -0700 Subject: [PATCH] gnu: services: Fix pcscd activation bug. * gnu/services/security-token.scm (pcscd-activation): Idempotently create t= he /var/lib/pcsc symlink so that it does not fail when it already exists. =2D-- gnu/services/security-token.scm | 36 +++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/gnu/services/security-token.scm b/gnu/services/security-token.= scm index 7e7ea54a5..8bea49538 100644 =2D-- a/gnu/services/security-token.scm +++ b/gnu/services/security-token.scm @@ -20,6 +20,7 @@ #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu packages admin) + #:use-module (gnu packages base) #:use-module (gnu packages security-token) #:use-module (gnu system shadow) #:use-module (guix gexp) @@ -62,14 +63,33 @@ (define pcscd-activation (match-lambda (($ pcsc-lite usb-drivers) =2D #~(begin =2D (use-modules (guix build utils)) =2D (mkdir-p "/var/lib") =2D (symlink #$(directory-union =2D "pcsc" =2D (map (cut file-append <> "/pcsc") =2D usb-drivers)) =2D "/var/lib/pcsc"))))) + (with-imported-modules (source-module-closure + '((guix build utils))) + #~(begin + (use-modules (guix build utils)) + ;; This switch-symlinks procedure was copied from (guix utils).= It + ;; would be nice to re-use the procedure from that module, but = if + ;; we add that module to this gexp's imported modules and try to + ;; use it, then this activation gexp can fail when it runs. To= be + ;; specific, if you try to use (guix utils) and then build a VM + ;; with a pcscd-service-type using "guix system vm-image", then + ;; when you boot the VM, it will fail. It fails because (guix + ;; utils) dynamically links glibc's strverscmp function when + ;; defining the version-compare procedure, and for some reason + ;; strverscmp can't be found. Perhaps there's a way to fix or + ;; avoid this, but since we don't need the version-compare + ;; procedure here, anyway, it's simpler to just define our own + ;; switch-symlinks procedure instead. + (define (switch-symlinks link target) + (let ((pivot (string-append link ".new"))) + (symlink target pivot) + (rename-file pivot link))) + (mkdir-p "/var/lib") + (switch-symlinks "/var/lib/pcsc" + #$(directory-union + "pcsc" + (map (cut file-append <> "/pcsc") + usb-drivers)))))))) =20 (define pcscd-service-type (service-type =2D-=20 2.18.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlt6bS8ACgkQ3UCaFdgi Rp1TDhAAtOXQSrGlwYGbLY9mqlnyZ4CIhuI62WL0KiOBbF2SzV5oyqWW4415vjM3 cFIGkWMaEi+8Nf/8yI9w45MiO/wc6TXGYdpntwEAQOE3cLdPZftYkOhxpcaqWQaj 2X/SbF4/QHFw4lCQZfOiSX+y8RIUwAil2nYl7N08Do6yBXvJ/0/u/++mRuRSWni2 4uWLH39kg2vA2kFEY8QfvkHbITUkpmYR++eiY+Qux+scKYmigfhqacCyNL0Mkp8r +JpMvt7UxlDSxRyV6smxpHwFuumffs8+tuuoso2xZ5rVMrc3M9yFhZm51vnYg0kp eUBXZ5Xlk/BNMQw64BaVjvoC7v0NiRedBmyPJbSc/mwv5kdYPbHERry6d9dl8zFB n0iTiVd2x7uWlal+NcrLKN+pozQHrJPd5snPV4A4OhzCIopKLrIjWFqkrb3r3O3C e8/zKlNKgxsN3NMyXPrCog+sZx1pHULRSY+StLQEIMrtE6qujy/e+L/XrCFcuNAo bcxu11XWLNqd/PlvXJPTdiZ52xCu1+A3I+ULFq+s6mLjelVNNiGzK9Ek9huagw8z T1WlEgfif//aCZP+DCYYkQK8JvUlNXM1awgt4V7HVAE7C9A4nVmiAzsgBl23+G8o lZRCELPaY3fZwBCNrRT8rA9C4t57gvKuGybWziPN6N2QZAFbU6s= =ReTZ -----END PGP SIGNATURE----- --==-=-=--