I've installed sys-apps/opentmpfiles-0.3.1 which solve the bug number #741216 https://bugs.gentoo.org/741216 but now when launch: # /etc/init.d/opentmpfiles-setup start * Setting up tmpfiles.d entries ... Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ... Try `setfacl --help' for more information. Usage: setfacl [-bkndRLP] { -m|-M|-x|-X ... } file ... Try `setfacl --help' for more information. [ !! ] * ERROR: opentmpfiles-setup failed to start I cannot immagin which log to analyse to identify the problem. Reproducible: Always
can you provide output of > tmpfiles --verbose --dry-run --create this should echo commands it tries to run but will not do anything.
Sure: # tmpfiles --verbose --dry-run --create _d /run/cryptsetup 0700 root root 0 chown root /run/cryptsetup chgrp root /run/cryptsetup chmod 0700 /run/cryptsetup _d /run/saslauthd 0755 root root 0 chown root /run/saslauthd chgrp root /run/saslauthd chmod 0755 /run/saslauthd _d /var/cache/eix 0775 portage portage 0 chown portage /var/cache/eix chgrp portage /var/cache/eix chmod 0775 /var/cache/eix _d /dev/net 0755 0 0 0 chown 0 /dev/net chgrp 0 /dev/net chmod 0755 /dev/net _d /dev/snd 0755 0 0 0 chown 0 /dev/snd chgrp 0 /dev/snd chmod 0755 /dev/snd _d /dev/snd 0755 0 0 0 chown 0 /dev/snd chgrp 0 /dev/snd chmod 0755 /dev/snd _d /run/lock/lvm 0700 root root 0 chown root /run/lock/lvm chgrp root /run/lock/lvm chmod 0700 /run/lock/lvm _d /run/lvm 0700 root root 0 chown root /run/lvm chgrp root /run/lvm chmod 0700 /run/lvm _d /var/cache/man 0755 man man 1w chown man /var/cache/man chgrp man /var/cache/man chmod 0755 /var/cache/man _d /var/run/mysqld 0755 mysql mysql 0 chown mysql /var/run/mysqld chgrp mysql /var/run/mysqld chmod 0755 /var/run/mysqld _x /var/tmp/ccache 0 0 0 _d /run/redis 0755 redis root 0 chown redis /run/redis chgrp root /run/redis chmod 0755 /run/redis _d /var/cache/revdep-rebuild 0700 0 0 0 chown 0 /var/cache/revdep-rebuild chgrp 0 /var/cache/revdep-rebuild chmod 0700 /var/cache/revdep-rebuild _d /tmp/screen 0775 root utmp 0 chown root /tmp/screen chgrp utmp /tmp/screen chmod 0775 /tmp/screen _d /run/sudo 0711 root root 0 chown root /run/sudo chgrp root /run/sudo chmod 0711 /run/sudo _D /run/sudo/ts 0700 root root 0 chown root /run/sudo/ts chgrp root /run/sudo/ts chmod 0700 /run/sudo/ts _d /run/faillock 0755 root root 0 chown root /run/faillock chgrp root /run/faillock chmod 0755 /run/faillock _d /var/lib/tpm2-tss/system/keystore 2775 tss tss 0 chown tss /var/lib/tpm2-tss/system/keystore chgrp tss /var/lib/tpm2-tss/system/keystore chmod 2775 /var/lib/tpm2-tss/system/keystore _a /var/lib/tpm2-tss/system/keystore - 0 0 0 default:group:tss:rwx setfacl -P --modify default:group:tss:rwx -- /var/lib/tpm2-tss/system/keystore _d /run/tpm2-tss/eventlog 2775 tss tss 0 chown tss /run/tpm2-tss/eventlog chgrp tss /run/tpm2-tss/eventlog chmod 2775 /run/tpm2-tss/eventlog _a /run/tpm2-tss/eventlog - 0 0 0 default:group:tss:rwx setfacl -P --modify default:group:tss:rwx -- /run/tpm2-tss/eventlog _d /run/media 0755 root root 0 chown root /run/media chgrp root /run/media chmod 0755 /run/media _d /dev/vboxusb 0750 root vboxusers 0 chown root /dev/vboxusb chgrp vboxusers /dev/vboxusb chmod 0750 /dev/vboxusb
I'm I suppose to run all that commands? Is it sure? If yes I can remove --dry-run. Let me know.
I look for a manual of tmpfiles but it is hard to find. I didn't understand what prefixes: _a _d _D _x means at the beginning of each block.
so it trips on tpm2-tss package here's the contents of it's tmpfile > cat dist/tmpfiles.d/tpm2-tss-fapi.conf.in > #Type Path Mode User Group Age Argument > d @localstatedir@/lib/tpm2-tss/system/keystore 2775 tss tss - - > a+ @localstatedir@/lib/tpm2-tss/system/keystore - - - - default:group:tss:rwx > d @runstatedir@/tpm2-tss/eventlog 2775 tss tss - - > a+ @runstatedir@/tpm2-tss/eventlog - - - - default:group:tss:rwx path is irrelevant, what's relevant is Argument column with default prefix. I'll do some testing and will get back, thanks, that output is enough to start digging.
so here's what it really calls setfacl -P '' --modify default:group:tss:rwx -- /var/lib/tpm2-tss/system/keystore note the empty '' in the opentmpfiles code it defines handling a entries like this _a() { ... _setfacl '' "$ACTION" "$6" "$1" but _setfacl already quotes the parameters, so 1 parameter ends up being "''" and that trips setfacl.
original implementation submitted in https://github.com/OpenRC/opentmpfiles/commit/1b2350db59cabf62348d0f4f91c017b6ce9946df did not quote it, because it completely controls what's passed as 1st argument in all subsequent function calls. it was left unquoted on purpose. commit https://github.com/OpenRC/opentmpfiles/commit/f0f304c11f904bd2f2fe4f0006bab562123c1263 broke it no satisfy shellcheck. so @Silvio you have 2 options here: 1) open /bin/tmpfiles and change > setfacl() { > dryrun_or_real setfacl -P "$1" "$2" "$3" -- "$4" > } to > _setfacl() { > dryrun_or_real setfacl -P $1 $2 "$3" -- $4 > } around line 60. basically you need to unquote $1 and $4. I see chattr calls also got quoted and maybe broken as well. but I haven't looked further. --- 2) or, as alternative, just install sys-apps/systemd-tmpfiles. I recently added it to gentoo. it's a drop in replacement for opentmpfiles. it's part of systemd, but does not require it and very very minimal, does not depend on dbus or logind or journald any other systemd craziness. --- I leave the rest to maintainers to decide.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b4408fdf598965cb3d49152c11427487821a93b commit 5b4408fdf598965cb3d49152c11427487821a93b Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2020-10-30 08:24:58 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2020-10-30 08:26:42 +0000 profiles/package.mask: mask latest opentmpfiles for more testing Bug: https://bugs.gentoo.org/751739 Bug: https://bugs.gentoo.org/741216 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+)
(In reply to Georgy Yakovlev from comment #7) > original implementation submitted in > https://github.com/OpenRC/opentmpfiles/commit/ > 1b2350db59cabf62348d0f4f91c017b6ce9946df > > did not quote it, because it completely controls what's passed as 1st > argument in all subsequent function calls. it was left unquoted on purpose. > > > > commit > https://github.com/OpenRC/opentmpfiles/commit/ > f0f304c11f904bd2f2fe4f0006bab562123c1263 > > broke it no satisfy shellcheck. > > > so @Silvio you have 2 options here: > > > 1) > open /bin/tmpfiles > > and change > > > setfacl() { > > dryrun_or_real setfacl -P "$1" "$2" "$3" -- "$4" > > } > > > to > > > _setfacl() { > > dryrun_or_real setfacl -P $1 $2 "$3" -- $4 > > } > > > around line 60. > > basically you need to unquote $1 and $4. > > > > I see chattr calls also got quoted and maybe broken as well. > but I haven't looked further. > --- > > 2) or, as alternative, just install sys-apps/systemd-tmpfiles. I recently > added it to gentoo. > > it's a drop in replacement for opentmpfiles. > it's part of systemd, but does not require it and very very minimal, does > not depend on dbus or logind or journald any other systemd craziness. > --- > > > I leave the rest to maintainers to decide. I'm trying solution 1 but you says to unquote $1 and $4 whether in the example you unquoted $2 too. So have I to unquote even $2?
(In reply to Silvio from comment #9) > (In reply to Georgy Yakovlev from comment #7) > > original implementation submitted in > > https://github.com/OpenRC/opentmpfiles/commit/ > > 1b2350db59cabf62348d0f4f91c017b6ce9946df > > > > did not quote it, because it completely controls what's passed as 1st > > argument in all subsequent function calls. it was left unquoted on purpose. > > > > > > > > commit > > https://github.com/OpenRC/opentmpfiles/commit/ > > f0f304c11f904bd2f2fe4f0006bab562123c1263 > > > > broke it no satisfy shellcheck. > > > > > > so @Silvio you have 2 options here: > > > > > > 1) > > open /bin/tmpfiles > > > > and change > > > > > setfacl() { > > > dryrun_or_real setfacl -P "$1" "$2" "$3" -- "$4" > > > } > > > > > > to > > > > > _setfacl() { > > > dryrun_or_real setfacl -P $1 $2 "$3" -- $4 > > > } > > > > > > around line 60. > > > > basically you need to unquote $1 and $4. > > > > > > > > I see chattr calls also got quoted and maybe broken as well. > > but I haven't looked further. > > --- > > > > 2) or, as alternative, just install sys-apps/systemd-tmpfiles. I recently > > added it to gentoo. > > > > it's a drop in replacement for opentmpfiles. > > it's part of systemd, but does not require it and very very minimal, does > > not depend on dbus or logind or journald any other systemd craziness. > > --- > > > > > > I leave the rest to maintainers to decide. > > I'm trying solution 1 but you says to unquote $1 and $4 whether in the > example you unquoted $2 too. So have I to unquote even $2? In the meantime I unquoted $2 too and it seems to work. Thank you! I leave the bug opened because it needs the solution in portage I think.
yes sorry I did not mention $2 but pasted it correctly. I masked broken version, it needs more testing as other arguments also got quoted, it is unknown what else is broken. I do not maintain opentmpfiles, just volunteered to help with debugging here =)
Masking package 0.3 it has appeared again the old problem: # /etc/init.d/opentmpfiles-setup start * Setting up tmpfiles.d entries ... tmpfiles: ignoring invalid entry on line 3 of `/usr/lib/tmpfiles.d/tpm2-tss-fapi.conf' tmpfiles: ignoring invalid entry on line 5 of `/usr/lib/tmpfiles.d/tpm2-tss-fapi.conf' [ !! ] * ERROR: opentmpfiles-setup failed to start perhaps it is better to keep 0.3 I've unmusked 0.3 in the meantime.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c819870ebb9ff2cf25e276527fbcd6affe74c297 commit c819870ebb9ff2cf25e276527fbcd6affe74c297 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2021-07-09 04:17:36 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2021-07-09 04:18:53 +0000 sys-apps/opentmpfiles: remove 0.3.1 and live ebuild Bug: https://bugs.gentoo.org/751739 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: William Hubbs <williamh@gentoo.org> sys-apps/opentmpfiles/Manifest | 1 - sys-apps/opentmpfiles/opentmpfiles-0.3.1.ebuild | 54 ------------------------- sys-apps/opentmpfiles/opentmpfiles-9999.ebuild | 54 ------------------------- 3 files changed, 109 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5b5348822d750534a09b5e112cfc04ff0088235 commit c5b5348822d750534a09b5e112cfc04ff0088235 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-07-09 04:26:56 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-07-09 04:27:37 +0000 profiles: drop obsolete opentmpfiles mask for specific version The problematic version requiring a separate mask is gone at least (unrelated to the security bug). See: c819870ebb9ff2cf25e276527fbcd6affe74c297 Bug: https://bugs.gentoo.org/751739 Signed-off-by: Sam James <sam@gentoo.org> profiles/package.mask | 6 ------ 1 file changed, 6 deletions(-)
