936442 – net-misc/tigervnc-1.13.90-r1 initscript incorrectly depends on user passwd file

Bug 936442 - net-misc/tigervnc-1.13.90-r1 initscript incorrectly depends on user passwd file

Summary: net-misc/tigervnc-1.13.90-r1 initscript incorrectly depends on user passwd file

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Viorel Munteanu

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-07-21 15:20 UTC by Robin Bankhead
Modified:	2024-07-27 19:57 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robin Bankhead 2024-07-21 15:20:59 UTC

In current tigervnc[server], /etc/init.d/tigervnc initscript tests for existence of ~/.vnc/passwd or ~/.config/tigervnc/passwd, and fails if neither is found.

From line 34:
                elif ! runuser -l "${user}" -s /bin/bash -c \
                    "[[ ( -d ${XDG_CONFIG_HOME:-~/.config}/tigervnc && -f ${XDG_CONFIG_HOME:-~/.config}/tigervnc/passwd ) || ( ! -d ${XDG_CONFIG_HOME:-~/.config}/tigervnc && -f ~/.vnc/passwd ) ]]"; then
                    eerror "There are no passwords defined for user ${user}."
                    return 1

In some configurations (e.g. globally-set SecurityTypes=none) this file may not exist, so this test is inappropriate.

In fact, it's not a given that the containing directory exists at run-time (a first-time user will not have it) so the test is doubly overbroad.

These files/folders aren't required to run a Xvnc session in all cases, so this test should not clobber the service. If it remains, a warning would suffice.


# emerge --info tigervnc
Portage 3.0.65 (python 3.12.4-final-0, default/linux/amd64/23.0/split-usr/desktop/plasma, gcc-13, glibc-2.39-r9, 6.9.1-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-6.9.1-gentoo-x86_64-Intel-R-_Core-TM-_i7-7600U_CPU_@_2.80GHz-with-glibc2.39
KiB Mem:    16117220 total,  12521816 free
KiB Swap:   18753532 total,  18753532 free
Timestamp of repository gentoo: Fri, 19 Jul 2024 20:00:00 +0000
Head commit of repository gentoo: c8ab09e6b5b5b9094c877cf2cc95599fe525393c
sh bash 5.2_p26-r6
ld GNU ld (Gentoo 2.42 p6) 2.42.0
ccache version 4.10.1 [disabled]
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.2_p26-r6::gentoo
dev-build/autoconf:        2.72-r1::gentoo
dev-build/automake:        1.16.5-r2::gentoo
dev-build/cmake:           3.29.3::gentoo
dev-build/libtool:         2.4.7-r4::gentoo
dev-build/make:            4.4.1-r1::gentoo
dev-build/meson:           1.4.1::gentoo
dev-java/java-config:      2.3.4::gentoo
dev-lang/perl:             5.40.0::gentoo
dev-lang/python:           3.12.4_p1::gentoo, 3.13.0_beta3::gentoo
dev-lang/rust-bin:         1.79.0::gentoo
dev-util/ccache:           4.10.1::gentoo
sys-apps/baselayout:       2.15::gentoo
sys-apps/openrc:           0.54.2::gentoo
sys-apps/sandbox:          2.39::gentoo
sys-devel/binutils:        2.42-r2::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/clang:           17.0.6::gentoo, 18.1.7::gentoo
sys-devel/gcc:             13.2.1_p20240503::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/llvm:            17.0.6::gentoo, 18.1.7::gentoo
sys-kernel/linux-headers:  6.9::gentoo (virtual/os-headers)
sys-libs/glibc:            2.39-r9::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://hazel/gentoo-portage
    priority: -1000
    volatile: True
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-metamanifest: no
    sync-rsync-verify-max-age: 3
    sync-rsync-extra-opts: 

x-portage
    location: /usr/local/portage
    masters: gentoo
    priority: 0
    volatile: True

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php8.1/ext-active/ /etc/php/apache2-php8.2/ext-active/ /etc/php/apache2-php8.3/ext-active/ /etc/php/cgi-php8.1/ext-active/ /etc/php/cgi-php8.2/ext-active/ /etc/php/cgi-php8.3/ext-active/ /etc/php/cli-php8.1/ext-active/ /etc/php/cli-php8.2/ext-active/ /etc/php/cli-php8.3/ext-active/ /etc/php/fpm-php8.1/ext-active/ /etc/php/fpm-php8.2/ext-active/ /etc/php/fpm-php8.3/ext-active/ /etc/php/phpdbg-php8.1/ext-active/ /etc/php/phpdbg-php8.2/ext-active/ /etc/php/phpdbg-php8.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner --verbose-conflicts --quiet-build=n"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live distlocks ebuild-locks fail-clean fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
GENTOO_MIRRORS="http://www.mirrorservice.org/sites/distfiles.gentoo.org/ http://mirrors.gethosted.online/gentoo http://mirrors.soeasyto.com/distfiles.gentoo.org/"
LANG="en_GB.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs"
LEX="flex"
LINGUAS="en_GB"
MAKEOPTS="-j5"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/tmp"
SHELL="/bin/bash"
USE="X a52 aac acl acpi activities alsa amd64 bash-completion bluetooth branding bzip2 cairo cdda cddb cdr cet crypt css cups dbus declarative dga djvu dri dri3 dts dvd dvdr egl elogind encode exif fam fbcon ffmpeg flac ftp gd gdbm geoip gif gimp gles gles2 gmp gnutls gphoto2 gpm graphviz gtk gui hddtemp iconv icu imagemagick imap inotify ipv6 java javascript jit jpeg kde kf6compat kwallet lame latex lcms libglvnd libkms libnotify libtirpc lm-sensors lto lzma lzo mad maildir matroska mbox mmap mng mp3 mp4 mpeg mplayer mtp multilib musicbrainz mysql ncurses networkmanager nls nptl nsplugin ocamlopt offensive ofx ogg opengl openmp pam pango pcre pda pdf perl php pipewire plasma png policykit posix postscript ppds pulseaudio qml qt5 quicktime radius raw readline rss rtc samba scanner screencast sdl seccomp session sharedmem smp snmp sockets socks5 sound spell split-usr sqlite sqlite3 ssl startup-notification subversion svg syslog tcpd test-rust theora threads tidy tiff tk tokenizer touchpad truetype udev udisks ukit unicode upnp upnp-av upower usb v4l vaapi vcd vhosts vnc vorbis vulkan wayland webp widgets wifi wmf wps wxwidgets x264 xattr xcb xcomposite xft xine xml xpm xscreensaver xv xvid xvmc zlib" ABI_X86="64" ADA_TARGET="gcc_12" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GRUB_PLATFORMS="efi-64 multiboot" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en-GB" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LLVM_TARGETS="X86 BPF" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" RUBY_TARGETS="ruby31 ruby32" SANE_BACKENDS="hp net" VIDEO_CARDS="intel i965 iris" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS

=================================================================
                        Package Settings
=================================================================

net-misc/tigervnc-1.13.90-r1::gentoo was built with the following:
USE="dri3 drm gnutls java nls opengl server viewer -xinerama" ABI_X86="(64)"

Comment 1 Viorel Munteanu gentoo-dev

2024-07-27 19:27:01 UTC

If a password is needed but it does not exist, the server crashes.  And since the warning goes to the boot screen, not many people will see it.

But since this is a valid case, I will change it to a warning and see how it goes.

Comment 2 Larry the Git Cow gentoo-dev

2024-07-27 19:36:36 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f4b28e562378215406f8481c84f1ad95062145c

commit 6f4b28e562378215406f8481c84f1ad95062145c
Author:     Viorel Munteanu <ceamac@gentoo.org>
AuthorDate: 2024-07-27 19:21:50 +0000
Commit:     Viorel Munteanu <ceamac@gentoo.org>
CommitDate: 2024-07-27 19:36:02 +0000

    net-misc/tigervnc: add 1.14.0
    
    Add 1.14.0.
    Small changes to configuration files.
    
    Closes: https://bugs.gentoo.org/936442
    Closes: https://bugs.gentoo.org/936475
    Signed-off-by: Viorel Munteanu <ceamac@gentoo.org>

 net-misc/tigervnc/Manifest                         |   1 +
 .../files/tigervnc-1.14.0-xsession-path.patch      |  28 +++
 net-misc/tigervnc/files/tigervnc-1.14.0.confd      |  13 ++
 net-misc/tigervnc/files/tigervnc-1.14.0.initd      |  90 ++++++++
 net-misc/tigervnc/tigervnc-1.14.0.ebuild           | 235 +++++++++++++++++++++
 5 files changed, 367 insertions(+)

Comment 3 Robin Bankhead 2024-07-27 19:57:16 UTC

Thanks. I can't speak to what is more common but I've always started my VNC server on-demand, and in fact am only now using the initscript because upstream no longer support launching it any other way (Gentoo still allows this but I who knows for how long). I'd think most people will start a service like this manually at least once before installing it and rebooting, in any case.

This particular issue (existence or not of passwd vs SecurityTypes setting) could be identified by examining the relevant global and user config files, but that probably goes beyond the scope of what the initscript should be expected to handle.