626726 – Binaries installed to /bin, /sbin and /lib* which rely on libraries beneath /usr (/usr move)

Bug 626726 - Binaries installed to /bin, /sbin and /lib* which rely on libraries beneath /usr (/usr move)

Summary: Binaries installed to /bin, /sbin and /lib* which rely on libraries beneath /...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:	Tracker

Depends on:
Blocks:

Reported:	2017-07-31 19:40 UTC by Stuart Shelton
Modified:	2019-11-29 02:43 UTC (History)
CC List:	5 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stuart Shelton 2017-07-31 19:40:46 UTC

(This is identical to Bug 27064 from waaaay back in 2003 ;)

I've just had to perform recovery on a system with a separate /usr partition which hit a fsck-on-boot problem, and noticed that several binaries - some really key ones - installed into /bin or /sbin are linked against libraries on /usr, and are therefore unusable until the system can successfully complete localmount:

$ for f in /bin/* /sbin/* $( sudo find /lib/ -type f -name \*.so\* ); do echo "$f"; sudo ldd $f 2>/dev/null | grep 'usr'; done | grep -B 1 'usr' 
/bin/arping
        libidn.so.11 => /usr/lib/libidn.so.11 (0xf7684000)
--
/bin/expr
        libgmp.so.10 => /usr/lib/libgmp.so.10 (0xf7701000)
--
/bin/login
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7512000)
--
/bin/mail
        liblockfile.so.1 => /usr/lib/liblockfile.so.1 (0xf76bb000)
--
/bin/nano
        libmagic.so.1 => /usr/lib/libmagic.so.1 (0xf76ea000)
--
/bin/passwd
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7558000)
--
/bin/ping
        libidn.so.11 => /usr/lib/libidn.so.11 (0xf76c2000)
/bin/ping6
        libidn.so.11 => /usr/lib/libidn.so.11 (0xf7707000)
        libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0xf74e9000)
--
/bin/rnano
        libmagic.so.1 => /usr/lib/libmagic.so.1 (0xf76e3000)
--
/bin/su
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf757c000)
--
/sbin/arptables-compat
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf75a1000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf7576000)
/sbin/audispd
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf757f000)
/sbin/audispd-zos-remote
        libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2 (0xf7743000)
        liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xf7732000)
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7710000)
        libsasl2.so.3 => /usr/lib/libsasl2.so.3 (0xf7529000)
        libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0xf74b4000)
        libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0xf72ad000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf71a6000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf7171000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf7145000)
/sbin/auditctl
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7506000)
/sbin/auditd
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74f5000)
--
/sbin/aureport
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75c5000)
/sbin/ausearch
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74f2000)
/sbin/autrace
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7526000)
--
/sbin/cfdisk
        libfdisk.so.1 => /usr/lib/libfdisk.so.1 (0xf7692000)
        libslang.so.2 => /usr/lib/libslang.so.2 (0xf74c2000)
--
/sbin/cryptsetup
        libcryptsetup.so.4 => /usr/lib/libcryptsetup.so.4 (0xf778a000)
        libpopt.so.0 => /usr/lib/libpopt.so.0 (0xf777c000)
        libgcrypt.so.20 => /usr/lib/libgcrypt.so.20 (0xf74b3000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xf749b000)
--
/sbin/ebtables-compat
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf751e000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf74f3000)
--
/sbin/fdisk
        libfdisk.so.1 => /usr/lib/libfdisk.so.1 (0xf7666000)
--
/sbin/ip6tables-compat
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf74cb000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf74a0000)
/sbin/ip6tables-compat-restore
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf7547000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf751c000)
/sbin/ip6tables-compat-save
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf750b000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf74e0000)
--
/sbin/iptables-compat
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf752e000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf7503000)
/sbin/iptables-compat-restore
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf7530000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf7505000)
/sbin/iptables-compat-save
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf74eb000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf74c0000)
--
/sbin/mkhomedir_helper
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7543000)
--
/sbin/mount.nfs
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xf7450000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf7373000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf733e000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf72ba000)
/sbin/mount.nfs4
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xf7470000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf7393000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf735e000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf72da000)
--
/sbin/nfbpf_compile
        libpcap.so.1 => /usr/lib/libpcap.so.1 (0xf767d000)
/sbin/nfnl_osf
        libnfnetlink.so.0 => /usr/lib/libnfnetlink.so.0 (0xf771a000)
/sbin/nfsdcltrack
        libsqlite3.so.0 => /usr/lib/libsqlite3.so.0 (0xf760f000)
        libicui18n.so.58 => /usr/lib/libicui18n.so.58 (0xf7159000)
        libicuuc.so.58 => /usr/lib/libicuuc.so.58 (0xf6fad000)
        libstdc++.so.6 => /usr/lib/gcc/i686-pc-linux-gnu/5.4.0/libstdc++.so.6 (0xf6db5000) (*)
        libicudata.so.58 => /usr/lib/libicudata.so.58 (0xf5497000)
/sbin/nfsynproxy
        libpcap.so.1 => /usr/lib/libpcap.so.1 (0xf7742000)
/sbin/nft
        libgmp.so.10 => /usr/lib/libgmp.so.10 (0xf75e1000)
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf7423000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf73f8000)
--
/sbin/pam_tally2
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74cf000)
/sbin/pam_timestamp_check
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75c4000)
--
/sbin/rpcbind
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xf748e000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf73b2000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf737d000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf736b000)
/sbin/rpcinfo
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xf7497000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf73ba000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf7385000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf7373000)
/sbin/rpc.statd
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xf7552000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf7476000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf7441000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf7412000)
--
/sbin/runuser
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf750a000)
--
/sbin/sfdisk
        libfdisk.so.1 => /usr/lib/libfdisk.so.1 (0xf76b7000)
--
/sbin/start-stop-daemon
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7494000)
--
/sbin/supervise-daemon
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf750b000)
--
/sbin/umount.nfs
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xf744e000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf7371000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf733c000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf72b8000)
/sbin/umount.nfs4
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xf74d1000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf73f4000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf73bf000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf733b000)
/sbin/unix_chkpwd
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf753b000)
--
/sbin/veritysetup
        libcryptsetup.so.4 => /usr/lib/libcryptsetup.so.4 (0xf7711000)
        libpopt.so.0 => /usr/lib/libpopt.so.0 (0xf7703000)
        libgcrypt.so.20 => /usr/lib/libgcrypt.so.20 (0xf743a000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xf7422000)
--
/sbin/xtables-compat-multi
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf7517000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf74ec000)
--
/lib/libnftnl.so.4.1.0
        libmxml.so.1 => /usr/lib/libmxml.so.1 (0xf7754000)
        libjansson.so.4 => /usr/lib/libjansson.so.4 (0xf7729000)
--
/lib/libauparse.so.0.0.0
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf752d000)
--
/lib/security/pam_securetty.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf754e000)
--
/lib/security/pam_namespace.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75ac000)
/lib/security/pam_ftp.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7539000)
/lib/security/pam_filter.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74d3000)
/lib/security/pam_time.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf755c000)
/lib/security/pam_warn.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf752c000)
/lib/security/pam_mail.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7563000)
/lib/security/pam_stress.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf751e000)
/lib/security/pam_keyinit.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75b2000)
/lib/security/pam_localuser.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74f3000)
/lib/security/pam_limits.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7558000)
/lib/security/pam_timestamp.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7540000)
/lib/security/pam_succeed_if.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75be000)
/lib/security/pam_issue.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf759c000)
/lib/security/pam_mobile_otp.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7506000)
/lib/security/pam_access.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7500000)
/lib/security/pam_shells.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75b9000)
/lib/security/pam_wheel.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf756e000)
/lib/security/pam_env.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74cc000)
/lib/security/pam_pwhistory.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf755d000)
/lib/security/pam_motd.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74d4000)
/lib/security/pam_rootok.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7548000)
/lib/security/pam_exec.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7570000)
/lib/security/pam_listfile.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7540000)
/lib/security/pam_group.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75a2000)
/lib/security/pam_tally.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74cd000)
/lib/security/pam_mkhomedir.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf753b000)
/lib/security/pam_krb5.so
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf768f000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf765a000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf7487000)
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf741c000)
/lib/security/pam_loginuid.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74d0000)
/lib/security/pam_xauth.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf758d000)
/lib/security/pam_faildelay.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf758a000)
/lib/security/pam_lastlog.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75a4000)
/lib/security/pam_unix.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7536000)
/lib/security/pam_tally2.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7502000)
/lib/security/pam_nologin.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf75aa000)
/lib/security/pam_cracklib.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7554000)
--
/lib/security/pam_permit.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7518000)
/lib/security/pam_echo.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf756d000)
/lib/security/pam_umask.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7570000)
/lib/security/pam_tty_audit.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7582000)
/lib/security/pam_debug.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf751b000)
/lib/security/pam_rhosts.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf74da000)
/lib/security/pam_yubikey.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7550000)
/lib/security/pam_mktemp.so
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7510000)
/lib/security/pam_userdb.so
        libdb-4.8.so => /usr/lib/libdb-4.8.so (0xf7609000)
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf73ca000)
--
/lib/libaudit.so.1.0.0
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf7777000)
--
/lib/libpam_misc.so.0.82.1
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf758b000)
--
/lib/libpam.so.0.84.1
        libcap-ng.so.0 => /usr/lib/libcap-ng.so.0 (0xf751e000)
--
/lib/libtirpc.so.3.0.0
        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xf771b000)
        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xf763f000)
        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xf760a000)
        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xf742c000)

... for a total of:

$ for f in /bin/* /sbin/* $( sudo find /lib/ -type f -name \*.so\* ); do echo "$f"; sudo ldd $f 2>/dev/null | grep 'usr'; done | grep -B 1 'usr' | grep ' => ' | cut -d'>' -f 2- | cut -d'(' -f 1 | sort | uniq -c | sort -nr
     66  /usr/lib/libcap-ng.so.0 
     11  /usr/lib/libmxml.so.1 
     11  /usr/lib/libjansson.so.4 
     10  /usr/lib/libkrb5support.so.0 
     10  /usr/lib/libkrb5.so.3 
     10  /usr/lib/libk5crypto.so.3 
      8  /usr/lib/libgssapi_krb5.so.2 
      3  /usr/lib/libidn.so.11 
      3  /usr/lib/libfdisk.so.1 
      2  /usr/lib/libpopt.so.0 
      2  /usr/lib/libpcap.so.1 
      2  /usr/lib/libmagic.so.1 
      2  /usr/lib/libgpg-error.so.0 
      2  /usr/lib/libgmp.so.10 
      2  /usr/lib/libgcrypt.so.20 
      2  /usr/lib/libcryptsetup.so.4 
      2  /usr/lib/libcrypto.so.1.0.0 
      1  /usr/lib/libssl.so.1.0.0 
      1  /usr/lib/libsqlite3.so.0 
      1  /usr/lib/libslang.so.2 
      1  /usr/lib/libsasl2.so.3 
      1  /usr/lib/libnfnetlink.so.0 
      1  /usr/lib/liblockfile.so.1 
      1  /usr/lib/libldap-2.4.so.2 
      1  /usr/lib/liblber-2.4.so.2 
      1  /usr/lib/libicuuc.so.58 
      1  /usr/lib/libicui18n.so.58 
      1  /usr/lib/libicudata.so.58 
      1  /usr/lib/libdb-4.8.so 
      1  /usr/lib/gcc/i686-pc-linux-gnu/5.4.0/libstdc++.so.6 (*)

.. caused by the following packages not installing to /lib*:

app-crypt/mit-krb5-1.14.2
dev-db/sqlite-3.17.0
dev-libs/cyrus-sasl-2.1.26-r9
dev-libs/gmp-6.1.0
dev-libs/icu-58.2-r1
dev-libs/jansson-2.9
dev-libs/libgcrypt-1.7.8
dev-libs/libgpg-error-1.27-r1
dev-libs/mini-xml-2.10
dev-libs/openssl-1.0.2k
dev-libs/popt-1.16-r2
net-dns/libidn-1.33
net-libs/liblockfile-1.09
net-libs/libnfnetlink-1.0.1
net-libs/libpcap-1.8.1
net-nds/openldap-2.4.44
sys-apps/file-5.30
sys-apps/util-linux-2.28.2
sys-devel/gcc-5.4.0-r3 (*)
sys-fs/cryptsetup-1.7.4
sys-libs/db-4.8.30-r2
sys-libs/libcap-ng-0.7.8
sys-libs/slang-2.3.0

(... noting that this list is unique to this system, and so a more thorough examination is likely warranted).

Here's a though - would a QA check that binaries/shared-objects installed don't link to cross-filesystem libraries on /usr be worth considering (either universally, or for separate-usr configurations only)?

(*) Not this one, though - caused by /sbin/nfsdcltrack.  Some binaries should just be moved from / to /usr and be done with it...

Comment 1 Stuart Shelton 2017-07-31 19:42:43 UTC

s/though/thought/

Comment 2 William Hubbs gentoo-dev

2017-08-25 19:04:14 UTC

IMO we should do the /usr merge, because once we do that the differences
between /{bin,sbin,lib*} and /usr/{bin,sbin,lib*) are irrelivent.

Comment 3 Jonas Stein gentoo-dev

2017-08-25 19:24:02 UTC

see also https://wiki.gentoo.org/wiki//usr_move

Comment 4 William Hubbs gentoo-dev

2017-08-25 22:11:29 UTC

That page is incorrect however because if we follow that many things
would break.
You need the symlinks from /bin->/usr/bin, /lib->/usr/lib,
/sbin->/usr/sbin etc.

Comment 5 Stuart Shelton 2017-08-29 11:47:07 UTC

Please note that this bug concerns the ability to maintain a fully-functional (albeit minimal) root partition capable of being used to repair a non-booting system - one where the /usr partition may be corrupt, for example.

Moving everything to /usr results in a vestigial root partition which can't for used for anything useful, and a reliance on a large and fully-functional /usr partition in order for the system to start.  My personal belief is that this would be a significantly sub-optimal retrograde step.

In any case, in the meantime I've fixed all of the problems listed above in my overlay, documented at https://github.com/srcshelton/gentoo-ebuilds/#fixes-for-binaries-and-libraries-which-are-installed-to-the-root-filesystem-but-link-to-libraries-originally-installed-to-usr

(Be warned that this overlay also does things which folks may not like or agree with - such as using the 'systemd' and 'udev' USE-flags to control whether service files and related objects or udev rules are installed, and reverts changes which caused packages to use '/run' instead of '/var/run' for cross-platform compatibility.  Yeah, I'm old-skool ;)  The aim, however, is to make these changes non-breaking so that any system could be switched to this overlay without breakage occurring... although that's an intention rather than a promise!)

Comment 6 Stuart Shelton 2017-08-29 11:49:00 UTC

* can't /be/ used for

Comment 7 Mike Gilbert gentoo-dev

2017-08-30 15:07:36 UTC

Copying maintainers of affected packages. I may have missed a couple. ;)

Comment 8 Stuart Shelton 2017-08-30 19:37:38 UTC

Awesome :)

The vast majority of the changes simply involve running 'gen_usr_ldscript' on the libraries which binaries or other libraries installed to the root partition link to.  In my repo's ebuilds, nothing changes unless the 'sep-usr' USE-flag is active, for maximum compatibility - this may or may not fit project expectations.

Some choices were needed - should libmagic be relocated to the root fs, or should nano be moved to /usr/bin?  We wouldn't want people to be left without an editor, though...

util-linux already relocates several libraries to the root fs - libfdisk appears to be an omission, as fdisk is quite an essential root utility.

There were a couple of items - nfsdcltrack from net-fs/nfs-utils and zos-remote from sys-process/audit - which would have required relocating a large number of libraries from /usr, which is against the objective of keeping the root fs as minimal as is practical.  In these cases, moving nfsdcltrack to /usr appears to be a good solution, whilst zos-remote is for a very specific use-case of having an IBM z/OS host running an SMF database accessible via a Tivoli Directory Server... given that anyone who has this setup is going to know that they need it, and that this plugin is controlled by a configure option in the upstream source in any case, making this binary available only when the 'zos' USE-flag is set seems justified (although note that this is using the flag to build a feature to interact with Z/OS, not a feature only available *on* z/OS - so this may want to be adjusted).

The only other edge-case is the reliance of /bin/mail on /usr/lib/liblockfile - but since /bin/mail is actually a symlink to /usr/bin/mail, this does not appear to be an issue.

Other modified ebuilds in my repo include sys-apps/coreutils and sys-apps/gawk, which relocate `uniq` and (`g`)`awk` respectively to /bin from /usr/bin, as some init scripts rely on these binaries being present (and may be invoked early-boot before localmount).

Hope this helps,

Stuart

Comment 9 David Zero 2017-08-30 23:02:06 UTC

Are any of the listed packages that depend on jansson "crucial to the system" or "needed for booting a basic system"?

Comment 10 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-08-31 07:19:54 UTC

It seems the direction of some of these moves would be for those depending on libraries in /usr to move correspondingly. If needed in early boot for e.g luks it should be part of the initramfs in any case.

Comment 11 Stuart Shelton 2017-08-31 14:09:50 UTC

They're dependencies of iptables/nftables, so I'd suggest that they're fairly placed, yes.

(You may need 'net access during recovery, and so having an operational firewall does not appear unreasonable)


(In reply to David Zero from comment #9)
> Are any of the listed packages that depend on jansson "crucial to the
> system" or "needed for booting a basic system"?

Comment 12 Stuart Shelton 2017-08-31 14:11:33 UTC

... but please bear in mind that an initramfs is not mandatory, and so the situation of booting directly from the root filesystem should also be considered.


(In reply to Kristian Fiskerstrand from comment #10)
> It seems the direction of some of these moves would be for those depending
> on libraries in /usr to move correspondingly. If needed in early boot for
> e.g luks it should be part of the initramfs in any case.

Comment 13 Alon Bar-Lev (RETIRED) gentoo-dev

2017-08-31 17:26:40 UTC

Hi,

For these requires crypto features as separate USE flag, the assumption so far was that basic package can live in / while if a user enables optional USE, he should also make these libraries available at boot (initramfs or rootfs).

Most of these packages also supports static USE, so that a user may have a fully functional rootfs without pulling dependencies.

Comment 14 Stuart Shelton 2017-08-31 21:54:34 UTC

(In reply to Alon Bar-Lev from comment #13)
> For these requires crypto features as separate USE flag, the assumption so
> far was that basic package can live in / while if a user enables optional
> USE, he should also make these libraries available at boot (initramfs or
> rootfs).

This is interesting - presumably we don't want to put the burden on the user of having to manually relocate libraries to make optional USE flags work?

I think that we likely already have this ability to only do something different with the 'sep-usr' flag I used, but this could equally well be combined with or replaced by additional logic around the optional flags (and/or `has_version` - although such an option may become a maintenance nightmare).


> Most of these packages also supports static USE, so that a user may have a
> fully functional rootfs without pulling dependencies.

Hmm - good point, I hadn't considered static builds... but this again appears to be putting the onus upon the user to know what packages deploy to the roofs and manually set the 'static' USE flag for them (assuming that each one does offer a static build as an option?), rather than them simply having set `sep-usr` (or other flag, if preferred) if appropriate and have the right thing happen automagically?

I suppose what I figured that the overall best for the majority of users would a way which makes no change by default, but allows for deployments that would benefit from relocated libraries to gain the necessary changes by the addition of a single global USE flag.

(The need for the flag or other chosen mechanism could be replaced with auto-detection, but this may be fragile or lead to false positives.  On the other hand, relocation could be applied unconditionally - but this seems a heavyweight response given that the majority of systems these days likely don't have a separate /usr partition in the first place!)

Also note that the above list of affected packages refers only to the issues found on the (headless, server) systems I maintain - there will almost certainly be other affected packages which I don't build...

Comment 15 Jeroen Roovers (RETIRED) gentoo-dev

2017-12-19 15:42:03 UTC

(In reply to Mike Gilbert from comment #7)
> Copying maintainers of affected packages. I may have missed a couple. ;)

You obviously want a tracker bug, not one huge mess of a bug that will sit for years waiting for all maintainers to un-CC.

Comment 16 Mike Gilbert gentoo-dev

2019-11-29 02:43:37 UTC

I can't see this bug going anywhere, so marking it as WONTFIX.