From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#35996: User account password got locked when booting old generation Date: Sun, 02 Jun 2019 11:38:36 +0200 Message-ID: <87sgss9vj7.fsf@gnu.org> References: <20190529204517.mqn5xrw23xib4i3u@pelzflorian.localdomain> <877ea6l1on.fsf@gnu.org> <20190601055238.jkhefpupavz7aipi@pelzflorian.localdomain> <20190601145834.f4wgm4oqmdyej7n5@pelzflorian.localdomain> <87r28dc7gw.fsf@gnu.org> <20190602070545.xp2pqlnzsthpjtbw@pelzflorian.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:52336) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hXMxD-0007X9-S5 for bug-guix@gnu.org; Sun, 02 Jun 2019 05:39:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hXMxC-0005H6-OK for bug-guix@gnu.org; Sun, 02 Jun 2019 05:39:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54155) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hXMxC-0005Gs-LC for bug-guix@gnu.org; Sun, 02 Jun 2019 05:39:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hXMxC-0008BT-Gz for bug-guix@gnu.org; Sun, 02 Jun 2019 05:39:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20190602070545.xp2pqlnzsthpjtbw@pelzflorian.localdomain> (pelzflorian@pelzflorian.de's message of "Sun, 2 Jun 2019 09:05:45 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: "pelzflorian (Florian Pelz)" Cc: 35996@debbugs.gnu.org Hi Florian, "pelzflorian (Florian Pelz)" skribis: > On Sat, Jun 01, 2019 at 11:37:51PM +0200, Ludovic Court=C3=A8s wrote: >> This is definitely not a problem when booting. It could be a problem if >> you=E2=80=99re concurrently running =E2=80=98guix system reconfigure=E2= =80=99 (which runs >> activation snippets, including the account updating code) and some other >> program, such as =E2=80=98passwd=E2=80=99, that assumes it holds an excl= usive lock on >> the file. Though in that case, the worst that could happen is that the >> changes made by Guix would be undoed by that other program. Actually, another thing that could happen is that Guix reads an incomplete /etc/shadow because some other program is writing to it. In that case, suppose Guix reads a partial /etc/shadow where user =E2=80=9Cflorian=E2=80=9D is missing. It would then create a new /etc/shad= ow where the password for =E2=80=9Cflorian=E2=80=9D is uninitialized (or set to the init= ial value that appears in config.scm.) Could it be what happened to you? You=E2=80=99d have to be running =E2=80= =98passwd=E2=80=99 or =E2=80=98usermod=E2=80=99 or whatever at exactly the same time as =E2=80=98= guix system reconfigure=E2=80=99 (and you=E2=80=99d have to be =E2=80=9Clucky=E2=80=9D). > I also tried running this script: > > #!/run/current-system/profile/bin/bash > MD5=3D$(sudo md5sum /etc/shadow) > echo "Current /etc/shadow has md5sum: $MD5" > until [ "$(sudo md5sum /etc/shadow)" !=3D "$MD5" ]; do > sudo guix system roll-back > sudo guix system reconfigure /etc/config.scm > done > notify-send "/etc/shadow changed!" "Maybe I reproduced the issue." The code in (gnu build accounts) is purely functional and deterministic, so you have no chance of getting a different /etc/shadow with this script, unless perhaps you concurrently run =E2=80=98passwd=E2=80=99 or sim= ilar. > error: '/gnu/store/h5bi85lgnpqcjx2avy126lwiss01idsj-grub-efi-2.02/sbin/gr= ub-install --boot-directory //boot --bootloader-id=3DGuix --efi-directory /= /boot/efi' exited with status 1; output follows: > > Installing for x86_64-efi platform. > Could not prepare Boot variable: No such file or directory > /gnu/store/h5bi85lgnpqcjx2avy126lwiss01idsj-grub-efi-2.02/sbin/grub-ins= tall: error: efibootmgr failed to register the boot entry: Input/output err= or. Maybe you=E2=80=99ve exhausted the room for those EFI =E2=80=9Cvariables=E2= =80=9D or something? Thanks for your debugging work! Ludo=E2=80=99.