From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2D0E25760 for ; Wed, 17 Apr 2024 19:12:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713381156; cv=none; b=AV3vQ0PDNsc+Oh6/6Jh6GIipxq+16R/DqMjPYRG0eKc7hTY72QGNppDiRXhG0ec5k2Z1cmnXwQ8PsAssbH5ULYydfqHV9Nr06OfaYAPM/PwAfWGpzzdlTNvgyB6JnEumYuA/7itcD6EovIQAh/1xvv247nygzxqKtPh4NrJy6hM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713381156; c=relaxed/simple; bh=K0imYlx25Bv37zpNWEFPqfXVwnavr+pH1yVPMFuh88Q=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=FVJMyOlZyD4xsCfrVuhSPdBRqq1KUZzhAYYwZ3f6USeXDwGuDWg+nWTOFej1AcmoQ1npWcY1fI4ZtcybLVLlL0sior3nlBDHrJyXobmzwl+TGKlE0XKiosB6vVTWUrddPNayqT+enVjtM8sYrmCWrdByelh34xU+Rv5eoi5PtP4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=oukHHRyS; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b=oukHHRyS; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="oukHHRyS"; dkim=pass (1024-bit key) header.d=suse.com header.i=@suse.com header.b="oukHHRyS" Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 8AEA821D74; Wed, 17 Apr 2024 19:12:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1713381152; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uilAOqnNygAMJEyOvoI1RdRISZi4suwQCku1zQPWLX8=; b=oukHHRySxAtQW50mv3BYcXFDDA2r5CyZKtcRUr9MUXcbq+nhMEe8YkWhOAl9M95nbCQW5D dYtFYf5XFM90XOMMShWnniFXYpjTmyQg4jb4Qw5cEsWa/KkxAmeLQbe4YLhzZ1IvCyIg87 hGcJ/dpCF0xjPY3Gm7L1nYNQGfM6dQM= Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.com header.s=susede1 header.b=oukHHRyS DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1713381152; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uilAOqnNygAMJEyOvoI1RdRISZi4suwQCku1zQPWLX8=; b=oukHHRySxAtQW50mv3BYcXFDDA2r5CyZKtcRUr9MUXcbq+nhMEe8YkWhOAl9M95nbCQW5D dYtFYf5XFM90XOMMShWnniFXYpjTmyQg4jb4Qw5cEsWa/KkxAmeLQbe4YLhzZ1IvCyIg87 hGcJ/dpCF0xjPY3Gm7L1nYNQGfM6dQM= Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 1873C1384C; Wed, 17 Apr 2024 19:12:32 +0000 (UTC) Received: from dovecot-director2.suse.de ([10.150.64.162]) by imap1.dmz-prg2.suse.org with ESMTPSA id X7lxAiAfIGbzMQAAD6G6ig (envelope-from ); Wed, 17 Apr 2024 19:12:32 +0000 Date: Wed, 17 Apr 2024 21:12:27 +0200 From: Anthony Iliopoulos To: Chuck Lever III Cc: Luis Chamberlain , Goldwyn Rodrigues , Chuck Lever , "kdevops@lists.linux.dev" Subject: Re: [RFC PATCH 00/22] Replace community.general.zypper Message-ID: References: <07EFB56F-77BC-4AA0-AACC-82BF29A1E702@oracle.com> <59DA8D9D-273B-4737-A4E8-0DC39E839145@oracle.com> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Flag: NO X-Spam-Score: -4.01 X-Rspamd-Action: no action X-Rspamd-Queue-Id: 8AEA821D74 X-Spam-Level: X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Spamd-Result: default: False [-4.01 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_RHS_NOT_FQDN(0.50)[]; R_DKIM_ALLOW(-0.20)[suse.com:s=susede1]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; MISSING_XM_UA(0.00)[]; TO_DN_SOME(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_TLS_ALL(0.00)[]; DKIM_SIGNED(0.00)[suse.com:s=susede1]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[oracle.com:email,suse.com:dkim,suse.com:email]; DKIM_TRACE(0.00)[suse.com:+] On Wed, Apr 17, 2024 at 06:48:01PM +0000, Chuck Lever III wrote: > > > > On Apr 17, 2024, at 2:39 PM, Anthony Iliopoulos wrote: > > > > On Wed, Apr 17, 2024 at 04:57:23PM +0000, Chuck Lever III wrote: > >> > >> > >>> On Apr 15, 2024, at 6:38 PM, Anthony Iliopoulos wrote: > >>> > >>> On Mon, Apr 15, 2024 at 09:41:38PM +0000, Chuck Lever III wrote: > >>>> > >>>> > >>>>> On Apr 15, 2024, at 5:35 PM, Goldwyn Rodrigues wrote: > >>>>> > >>>>> On Mon, Apr 15, 2024 at 4:11 PM Chuck Lever wrote: > >>>>>> > >>>>>> On Mon, Apr 15, 2024 at 03:32:59PM -0500, Goldwyn Rodrigues wrote: > >>>>>>> On Mon, Apr 15, 2024 at 9:39 AM Chuck Lever III wrote: > >>>>>>>> > >>>>>>>> I've been able to test some of this series with OpenSuSE 15.3. > >>>>>>>> Found and fixed one bug. I've pushed the result to: > >>>>>>>> > >>>>>>>> https://github.com/chucklever/kdevops/tree/replace-zypper-module > >>>>>>>> > >>>>>>>> However it looks like the fstests workflow hasn't been tested > >>>>>>>> on SuSE for quite some time. > >>>>>>>> > >>>>>>>> OpenSuSE doesn't like the group name "123456-fsgqa" (and probably > >>>>>>>> the user name is rejected too, but kdevops tries the group first, > >>>>>>>> and that's where the workflow fails). > >>>>>>> > >>>>>>> I am able to add users without any issue here. > >>>>>> > >>>>>> Is "here" on an OpenSuSE 15.3 system? I did log into the test system > >>>>>> and try "groupadd" directly, and it failed in the same way. > >>>>> > >>>>> openSUSE Tumbleweed, but I am sure nothing has changed since openSUSE 15.3 > >>>>> I am able to add the group 123456-fsgqa. However, if you have added a > >>>>> 123456-fsgqa *user* before it may fail. What is the error message you > >>>>> get? > >>>> > >>>> TASK [fstests : Add missing groups for fstests] ************************************************************************************************ > >>>> changed: [cel-tmpfs-default] => (item=Ensuring the group sys exists) > >>>> failed: [cel-tmpfs-default] (item=Ensuring the group 123456-fsgqa exists) => { > >>>> "ansible_loop_var": "item", > >>>> "changed": false, > >>>> "item": "123456-fsgqa", > >>>> "name": "123456-fsgqa" > >>>> } > >>>> > >>>> MSG: > >>>> > >>>> groupadd: '123456-fsgqa' is not a valid group name > >>>> > >>>> I logged in at the time, and tried by hand: > >>>> > >>>> cel-tmpfs-default:~ # groupadd 123456-fsgqa > >>>> groupadd: '123456-fsgqa' is not a valid group name > >>>> cel-tmpfs-default:~ # > >>> > >>> The issue is that SLE is using shadow v4.8, and it doesn't allow > >>> user/group names starting with digits. This was later on relaxed via > >>> shadow upstream commit cfc981df2afc ("shadow: use relaxed usernames") > >>> which was released in v4.13. This is why this works in TW. > >>> > >>> I had a local old kdevops patch that did "useradd --badnames -U" to > >>> bypass the check for SLE. > >> > >> Thanks for the suggestion! > >> > >> The current playbooks/roles/fstests/tasks/main.yml uses > >> the ansible.builtin.group and ansible.builtin.user > >> modules, neither of which have a "badname" parameter. > > > > Yes I don't think this was ever implemented in ansible, or at least I > > don't see anything from a quick look at [1]. > > > > The way I had fixed this for SLE was along the lines of: > > > > diff --git a/playbooks/roles/fstests/tasks/main.yml b/playbooks/roles/fstests/tasks/main.yml > > index 63531f618b4b..e4cc1fa9bfb6 100644 > > --- a/playbooks/roles/fstests/tasks/main.yml > > +++ b/playbooks/roles/fstests/tasks/main.yml > > @@ -872,6 +872,7 @@ > > group: > > name: "{{ item }}" > > state: present > > + command: "useradd --badnames -U {{ item }}" > > This task is supposed to add only the group. A subsequent > task adds the corresponding user. To make this work I think > we will need to combine these two tasks and then use the > command module you have here to run "useradd", which should > add both the user and group at the same time. No reason I > can think of to add them separately. Yes the above diff was just illustrative, in the original local fix I had this was indeed combined in one task (thus useradd -U), also because the --badname option was never available for groupadd. > > with_items: > > - sys > > - 123456-fsgqa > > > >> I also looked at Fedora's useradd, and it does not have > >> "--badname" either. > > > > Which fedora release is that? I can see it in f39 at least, and I think > > it has been available since f32 which ships shadow-utils v4.8.1 [2] (the > > --badname(s) option was introduced in shadow v4.8, commit a2cd3e9ef03a). > > I looked on Fedora 38 and now again on 39. groupadd does > not have a --badname, but I see that useradd does. > > I'll post a patch... if all OS-families do something > sensible, then this should be easy to do without any > family-specific processing. Sure, as long as useradd comes from the shadow-utils package (which is indeed the case for most of the distros), then this will be fine. Regards, Anthony