Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 497288 - sys-boot/lilo - goes interactive during src_install() when mandatory and an "empty" password are set in lilo.conf
Summary: sys-boot/lilo - goes interactive during src_install() when mandatory and an "...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Tony Vroon (RETIRED)
URL:
Whiteboard:
Keywords: PATCH
Depends on:
Blocks:
 
Reported: 2014-01-06 17:03 UTC by Andrew Savchenko
Modified: 2015-01-22 10:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
emerge --info (emerge.info,9.01 KB, text/plain)
2014-01-06 17:03 UTC, Andrew Savchenko 		Details
lilo-24.0-r1.ebuild.patch (lilo-24.0-r1.ebuild.patch,901 bytes, patch)
2014-12-05 15:56 UTC, Andrew Savchenko 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Savchenko gentoo-dev 2014-01-06 17:03:06 UTC 
Hello,

If lilo uses boot password with mandatory policy and password is set empty in the config file (for security reasons in order not to save plain text password):
  password=""
  mandatory
then on sys-boot/lilo package update on install phase it requires password to be entered. No message is shown on the console, though if one enters password twice, install continues.

The problem is that such behaviour turns lilo into an interactive ebuild without proper emerge notice about interactive packages. This leads to quite a nasty issue when world update is left unattended (it may take days to complete on some mine setups) and just stops indefinitely until manual intervention.

This happens with all lilo versions (including the latest 24.0).
Suggested solutions:
1) Parse /etc/lilo.conf and mark package as interactive.
2) If interactive condition is detected, do not update boot sector automatically and issue ewarn/eerror to request manual update from the user. (This can be done after all packages are installed.)
Comment 1 Andrew Savchenko gentoo-dev 2014-01-06 17:03:47 UTC 
Created attachment 367202 [details]
emerge --info
Comment 2 Andrew Savchenko gentoo-dev 2014-11-03 11:02:42 UTC 
Ping. Problem is still here with 24.0-r1.
Comment 3 Tony Vroon (RETIRED) gentoo-dev 2014-11-03 11:09:26 UTC 
It is an incredibly unusual config, so I welcome a patch to address it.
Comment 4 Andrew Savchenko gentoo-dev 2014-12-05 15:56:23 UTC 
Created attachment 391020 [details, diff]
lilo-24.0-r1.ebuild.patch

And patch follows :)

What it does: it checks for empty password set it lilo.conf and omits dolilo run if this condition is met. Check for mandatory option is not needed, since this is default for lilo.

Patch is not perfect, because when password is empty it always asks user to run lilo -p manually, while not all dolilo runs will require it. I found two conditions when lilo will go interactive:

1) lilo.conf was updated, but lilo -p was not run; this is easy to check by comparing lilo.conf and lilo.conf.shs modification times.

2) lilo binary was updated itself. This is hard to check reliably, since update may or may not happen during both package update and reinstall.

Maybe there are more, I do not claim that conditions above form full set of possible reasons for lilo going interactive.

That's why in order to be on a safe side I enabled warning and disabled dolilo run for each setup where empty password is set in lilo.conf.
Comment 5 Tony Vroon (RETIRED) gentoo-dev 2015-01-22 10:45:34 UTC 
+*lilo-24.1 (22 Jan 2015)
+
+  22 Jan 2015; Tony Vroon <chainsaw@gentoo.org> +lilo-24.1.ebuild,
+  +files/lilo-24.1-novga.patch:
+  Avoid interactive password configurations, based on a report and initial
+  patch by Andrew Savchenko in bug #497288. New upstream release, closes bug
+  #536942 by Joshua Kinard.