From mboxrd@z Thu Jan  1 00:00:00 1970
From: Oleg Pykhalov <go.wigust@gmail.com>
Subject: bug#28772: guix system reconfigure after kernel panic user or group
	not created
Date: Wed, 11 Oct 2017 20:19:36 +0300
Message-ID: <87r2u9fvpz.fsf@gmail.com>
References: <8760bnh7os.fsf@gmail.com> <87d15vm2t8.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42941)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e2Kfv-0005UU-J8
	for bug-guix@gnu.org; Wed, 11 Oct 2017 13:20:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e2Kfq-0001sZ-VW
	for bug-guix@gnu.org; Wed, 11 Oct 2017 13:20:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:53982)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1e2Kfq-0001sQ-QB
	for bug-guix@gnu.org; Wed, 11 Oct 2017 13:20:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e2Kfq-0000Nn-ED
	for bug-guix@gnu.org; Wed, 11 Oct 2017 13:20:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.28772.B28772.15077423971453@debbugs.gnu.org>
In-Reply-To: <87d15vm2t8.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Tue, 10 Oct 2017 17:37:39 +0200")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 28772@debbugs.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello Ludovic,

apologies for not adding logs before.  It's hard to do when I do guix
commands from Xterm and not from Emacs.  Emacs *shell* or *compilation*
buffers will eat all memory if they get too much text.

Probably need to redirect STDOUT STDERR in file when Xterm do guix.

I heard Guix folks work on implementing tiny log output to console and
redirect everything else to a log file.  This will be my life saver.

ludo@gnu.org (Ludovic Court=C3=A8s) writes:

> Hello,
>
> Oleg Pykhalov <go.wigust@gmail.com> skribis:
>
>> During 'guix system reconfigure' I got a kernel panic.
>
> Can you show the exact command and its output?

Sorry, as I said this is not a topic and I don't want to do it again and
I caution to make it on my current system.

I will setup a specific Guix VM for this, where I could make a 'system
reconfigure'.  Then I'll create a new bug report with full log.

Neverless I'll leave a how-to reproduce it below for at least for myself
TODO list.

The problem
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

The bigger problem from my view are files like /etc/group.lock and
/etc/passwd.lock.  For example:

    sudo touch /etc/group.lock

/etc/config.scm

    (operating-system
      ;; =E2=80=A6
      (groups (cons
         (user-group (name "test"))
         %base-groups)))

reconfigure log

=20=20=20=20
--=-=-=
Content-Type: text/plain
Content-Disposition: attachment; filename=report.send
Content-Description: $ guix system reconfigure
 $HOME/dotfiles/guix/system-magnolia.scm

$ guix system reconfigure $HOME/dotfiles/guix/system-magnolia.scm

substitute: updating list of substitutes from 'https://berlin.guixsd.org'... 100.0%
The following derivations will be built:
   /gnu/store/v9dp6193rpxrx1rqfdw59s5ss4wlrfdh-system.drv
   /gnu/store/carkycnf6zcarbmnk5745pgsx1nv478y-grub.cfg.drv
   /gnu/store/r5p953fx3dl18aav1ggwmiy2bqnv991s-activate-service.drv
   /gnu/store/pjjm6595562ysk40zjrznhmsfsid1k8r-activate.drv
   /gnu/store/l41adszqk24sb200dwm8sj6ky71ivwpi-boot.drv
/gnu/store/qqhzapsv5w8mrbz3s8hgy7w42r3dbyv9-system
/gnu/store/b4i4drp7lpxmgpcfkbvgmrig2hlszl3j-grub.cfg
/gnu/store/0b459jxdmyz5vf22avav9sm8ig03173k-grub-efi-2.02
/gnu/store/ijw065yljn1np4x0p5l1qkx9w4z9ikcl-bootloader-installer
activating system...
making '/gnu/store/qqhzapsv5w8mrbz3s8hgy7w42r3dbyv9-system' the current system...
setting up setuid programs in '/run/setuid-programs'...
populating /etc from /gnu/store/iyr9ji3idg3iphi3fskh2hqjlmg4h5w0-etc...
usermod: no changes
adding group 'test'...
groupadd: existing lock file /etc/group.lock without a PID
groupadd: cannot lock /etc/group; try again later.
usermod: no changes
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: no changes
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: existing lock file /etc/group.lock without a PID
usermod: cannot lock /etc/group; try again later.
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
usermod: no changes
creating nginx log directory '/var/log/nginx'
creating nginx run directory '/var/run/nginx'
creating nginx temp directories '/var/run/nginx/{client_body,proxy,fastcgi,uwsgi,scgi}_temp'
nginx: [alert] could not open error log file: open() "/gnu/store/vyj2vkmdmlpxn3mnj71vz8zc8j30ahkf-nginx-1.12.1/logs/error.log" failed (2: No such file or directory)
nginx: the configuration file /gnu/store/xms1g2z62rcj2h9i9d6fbqyl65a4yycm-nginx.conf syntax is ok
nginx: configuration file /gnu/store/xms1g2z62rcj2h9i9d6fbqyl65a4yycm-nginx.conf test is successful
guix system: unloading service 'user-homes'...
shepherd: Removing service 'user-homes'...
shepherd: Done.
guix system: loading new services: user-homes...
shepherd: Evaluating user expression (register-services (primitive-load "/gnu/sto?")).
shepherd: Service user-homes could not be started.
Installing for x86_64-efi platform.
Installation finished. No error reported.

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


The new system generation was produced without "test" group, so you
could reboot into it.  And it could lead to problems if we will have a
tiny output to console and big output to a log file, I guess.

> A user-land program is not supposed to be able to cause a kernel panic;
> if it does, that=E2=80=99s a kernel bug.

                       How to make a kernel panic

The problem will be No defined variable IPTABLES-SSH after 'guix system
reconfigure' and kernel crash after.

$HOME/src/iptables/iptables/ru.scm

    (define-module (iptables ru)
      ;; =E2=80=A6
      )

    (define %iptables-ssh
       "-A INPUT -p tcp --dport 22 \
    -m state --state NEW -m recent --set --name SSH -j ACCEPT")

/etc/config.scm

    (use-modules ;; =E2=80=A6
                 (iptables ru))

    (define start-firewall
      #~(let ((iptables
               (lambda (str)
                 (zero? (system (string-join `(,#$(file-append iptables
                                                               "/sbin/iptab=
les")
                                               ,str) " "))))))
          (format #t "Install iptables rules.~%")
          (and
           ;; =E2=80=A6
           (iptables %iptables-ssh))))

    (define firewall-service
      (simple-service 'firewall shepherd-root-service-type
                      (list
                       (shepherd-service
                        (provision '(firewall))
                        (requirement '())
                        (start #~(lambda _
                                   #$start-firewall))
                        (respawn? #f)
                        (stop #~(lambda _
                                  (zero?
                                   (system* #$(file-append iptables
                                                           "/sbin/iptables")
                                            "-F"))))))))

    (operating-system
      ;; =E2=80=A6
        (services (cons* ;; =E2=80=A6
                         firewall-service)))


Make a kernel panic

    sudo GUILE_LOAD_PATH=3D\"$HOME/src/iptables\
    :$GUILE_LOAD_PATH\" guix system reconfigure \
    $HOME/dotfiles/guix/system-magnolia.scm

    # Run above again and kernel will panic.

> But perhaps you got the kernel panic *after* rebooting in the
> reconfigured system?  That could well be a GuixSD bug, indeed.

No, it happens after second 'guix system reconfigure' with howto above.

[...]

Thanks,
Oleg.

--=-=-=--