From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: core-updates warning: Not ready for GuixSD deployment Date: Wed, 10 Jan 2018 10:13:51 +0100 Message-ID: <87d12irs8g.fsf@gnu.org> References: <20180104173119.GA6465@jasmine.lan> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47166) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eZCSK-0003NN-Dt for guix-devel@gnu.org; Wed, 10 Jan 2018 04:13:57 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eZCSI-0003Tq-Ub for guix-devel@gnu.org; Wed, 10 Jan 2018 04:13:56 -0500 Received: from hera.aquilenet.fr ([2a0c:e300::1]:48034) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eZCSI-0003SY-Hm for guix-devel@gnu.org; Wed, 10 Jan 2018 04:13:54 -0500 In-Reply-To: <20180104173119.GA6465@jasmine.lan> (Leo Famulari's message of "Thu, 4 Jan 2018 12:31:19 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari skribis: > After rebooting, I found that my user's numerical ID had changed, so I > no longer owned any of my files. Not being able to read ~/.ssh means you > can't log in remotely. > > Additionally, several of root's "dotfiles" had been replaced with their > default versions, erasing my modifications. For example, > ~root/.bash_profile no longer contained my modifications. > > Finally, my users's password no longer worked. I fixed this as root > before I noticed that my user's files were inaccessible; I don't know if > I could have avoided the password reset by re-chowning my files. Long story short: this should be fixed by https://git.savannah.gnu.org/cgit/guix.git/commit/?h=3Dcore-updates&id=3D= 4610ab7c9a5327df0d475262817bc081a5891aa8 Below is the message I wrote as I was investigating, if you=E2=80=99re curi= ous. :-) Ludo=E2=80=99. Looking more closely, what (gnu build activation) does is this: --8<---------------cut here---------------start------------->8--- (define* (ensure-user name group #:key uid comment home create-home? shell password system? (supplementary-groups '()) (log-port (current-error-port)) #:rest rest) "Make sure user NAME exists and has the relevant settings." (if (false-if-exception (getpwnam name)) (apply modify-user name group rest) (apply add-user name group rest))) --8<---------------cut here---------------end--------------->8--- Presumably =E2=80=98getpwnam=E2=80=99 threw an exception in your case, so w= e went calling =E2=80=98add-user=E2=80=99. We first do that for the root user, an= d that ends up wiping /etc/passwd altogether (instead of invoking =E2=80=98useradd=E2= =80=99), which is why subsequent invocations of =E2=80=98useradd=E2=80=99 created new user= accounts, copied skeletons, etc. At boot time nscd is not running so libc should get the info directly from /etc/passwd. The new statically-linked Guile against glibc 2.26 fails getpwnam: --8<---------------cut here---------------start------------->8--- $ /gnu/store/6caisrnj208hpwklm5clsznzwrlbihw5-guile-static-stripped-2.2.3/b= in/guile -c '(pk (getpwnam "ludo"))' guile: warning: failed to install locale Backtrace: 6 (apply-smob/1 #) In ice-9/boot-9.scm: 705:2 5 (call-with-prompt ("prompt") # #) In ice-9/eval.scm: 619:8 4 (_ #(#(#))) In ice-9/command-line.scm: 181:18 3 (_ #) In unknown file: 2 (eval (pk (getpwnam "ludo")) #) In ice-9/eval.scm: 191:35 1 (_ #f) In unknown file: 0 (getpw "ludo") ERROR: In procedure getpw: In procedure getpw: entry not found --8<---------------cut here---------------end--------------->8--- =E2=80=A6 whereas the previous one (against glibc 2.25) works fine: --8<---------------cut here---------------start------------->8--- $ /gnu/store/3ir873f4dsdl3aaj48iqykn6437ilk0p-guile-static-stripped-2.2.2/b= in/guile -c '(pk (getpwnam "ludo"))' ;;; (#("ludo" "x" 1000 998 "Ludovic Court?s" "/home/ludo" "/gnu/store/ars9l= m9jk9hgdifg0gqvf1jrvz5mdg1j-bash-4.4.12/bin/bash")) --8<---------------cut here---------------end--------------->8--- Looking more closely, glibc 2.26 tries to dlopen NSS libs (whereas 2.25=E2=80=99s libc.a included libnss_files functionality): --8<---------------cut here---------------start------------->8--- openat(AT_FDCWD, "/gnu/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-glibc-2.26.10= 5-g0890d5379c/lib/tls//x86_64/libnss_compat.so.2", O_RDONLY|O_CLOEXEC) =3D = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/gnu/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-glibc-2.26.10= 5-g0890d5379c/lib/tls//libnss_compat.so.2", O_RDONLY|O_CLOEXEC) =3D -1 ENOE= NT (No such file or directory) --8<---------------cut here---------------end--------------->8--- Indeed, while linking guile statically we now have this message: --8<---------------cut here---------------start------------->8--- /tmp/guix-build-guile-static-2.2.3.drv-0/guile-2.2.3/libguile/posix.c:363: = warning: Using 'getpwnam' in statically linked applications requires at run= time the shared libraries from the glibc version used for linking --8<---------------cut here---------------end--------------->8--- Why we didn=E2=80=99t have this problem before is unclear to me because =E2=80=98nss_interface_function=E2=80=99 in nss/nsswitch.h uses =E2=80=98st= atic_link_warning=E2=80=99, which produces the warning above, since 2012. Wait, we lack the static NSS modules. Hey, =E2=80=98glibc-for-bootstrap=E2= =80=99 in (gnu packages make-bootstrap) produces them in the =E2=80=9Cstatic=E2=80=9D= output but we lack that afterwards!