Comments (8)
Awesome! I'm glad that fixed it for you.
The current dance with shadow-utils and subids is the gnarly thing I referred to before. I've long been a fan of IPA, and I was really excited when they decided they would start providing subid support in it. But quite a lot of userland utilities assume that the only way that can be implemented is through /etc/sub{g,u}id files. I've spent a lot of my "spare" time in software development trying to help patch that kind of thing out.
Unfortunately, some of the "normal" benefits of nss* utilities are not available with subids, for reasons that I don't fully understand (libc internals?). This makes it (as I understand) currently impossible to do "switch" subid providers - it either must be files or it must be sss.
It gets a little sticky to start parsing the host files, and there may come a point at which some of this stuff isn't as...icky...as it is right now.
FWIW, we are working upstream on better solutions in shadow-utils. Progress is not as rapid on all fronts as one might wish for, though.
from mock.
Thank you for the report. Is this related to https://bugzilla.redhat.com/show_bug.cgi?id=2242018 ?
If yes, please consider using the use_host_shadow_utils
contributed by @mhjacks in #1283.
from mock.
It seems like it might be related, but after setting use_host_shadow_utils
to True
in /etc/mock/site-defaults.cfg
the userdel
command still fails with the same message (userdel: cannot remove entry 1673000001 from /var/lib/mock/rhel-8-x86_64/root//etc/subuid
) which causes the subsequent groupdel
and groupadd
commands to fail.
Full output of mock -v -r rhel-8-x86_64 --shell
:
mock-shell-with-host-shadow-utils-2.txt
from mock.
What do your root/etc/sub{u,g}id files have (inside the mock chroot)?
from mock.
They're both empty:
$ ls -l /var/lib/mock/rhel-8-x86_64/root/etc/sub*
-rw-r--r--. 1 root root 0 Sep 10 2018 /var/lib/mock/rhel-8-x86_64/root/etc/subgid
-rw-r--r--. 1 root root 0 Sep 10 2018 /var/lib/mock/rhel-8-x86_64/root/etc/subuid
from mock.
Thanks for the further clarification.
I ran into something very much like your initial reporting of the case that led to me contributing the feature Pavel referenced. (It's the groupadd mock call failing). What's not clear here (to me at least) is why userdel is looking for a 1673000001
entry at all in the chroot. I was thinking one might have snuck into the sub* files somehow.
Now, to be clear, on my IPA-joined systems that I run mock on, I have this in /etc/mock/site-defaults.cfg:
config_opts['use_host_shadow_utils'] = False
If you have that, the other thing I might check would be root/etc/nsswitch.conf, to see if the subid: line snuck in there.
It might also matter that I my sudo builds via sudo mock ...
. I also have not used mock to build RHEL-8 packages, though I have used my config to build other EL8 packages, so I wouldn't think it's a problem with software versions in the chroot.
There's a gnarly history of subids and shadow-utils, but the whole point of this feature is to make it so you can use them with mock.
from mock.
Aha! I just realised that I was supposed to set use_host_shadow_utils
to False
. And now I see you've just added a comment saying the same thing. :)
Having configured that, mock --shell
works so I think that fixes my problem, thanks!
It might be worth adding some logic to try to detect a 'broken' or at least undesirable host configuration, for instance if subid
in /etc/nsswitch.conf
is present and set to anything other than files
, and display a warning message pointing the user to the use_host_shadow_utils
setting.
from mock.
What's not clear here (to me at least) is why userdel is looking for a 1673000001 entry at all in the chroot
I guess userdel
uses libsubid
to find out what entries my user has, which returns the values from FreeIPA. userdel
then tries to remove those entries from /etc/subuid
//etc/subgid
.
Maybe userdel
shouldn't fail if the entry it wants to remove /etc/subuid
//etc/subgid
is not present... or maybe there needs to be a way for userdel
to find out from libsubid that the range it looked up isn't from those files, so therefore userdel
shouldn't even try to remove the range from those files...
from mock.
Related Issues (20)
- Mock release
- Config parser error
- Broken bash completion HOT 2
- SSH Agent Forwarding HOT 2
- Reset icon name and window title when leaving shell HOT 4
- Mock hangs in 'Finish(bootstrap): installing dnf tooling' setting up F39 chroot HOT 10
- Could mock-core-configs use fedora-distro-aliases somehow? HOT 5
- openSUSE build fails in Fedora Copr HOT 14
- Use Fedora-based DNF5 capable bootstrap images HOT 1
- RFE: automatically import key for F(N+1) when building for rawhide HOT 5
- Mock build can produce two SRPM packages in the results directory HOT 3
- ERROR: type object 'FileDownloader' has no attribute 'backmap'
- oraclelinux+epel-7-x86_64 does not populate %rhel nor %oraclelinux macros HOT 2
- `--scrub=all` doesn't appear to remove files for anything but the current running Fedora version HOT 1
- `mock --init` occasinally fails with `ERROR: stat: path should be string, bytes, os.PathLike or integer, not NoneType` HOT 4
- RFE: download build artifacts after %install and before %check phase HOT 2
- Cannot use config_opts[f"{config_opts.package_manager}.conf"] HOT 10
- Calculate spec/srpm (dynamic) build requires as a separate build mode HOT 1
- Document Dynamic BuildRequires feature HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mock.