bug with dpkg-native and sstate-cache mirrors

bug with dpkg-native and sstate-cache mirrors

[Anders Oleson]

I originally posted this here:
https://lists.yoctoproject.org/pipermail/yocto/2016-December/033542.html.
Apologies, I did not know to report OE core issues here.

Also, following Jussi's advice I started reading the submission
guidelines and I posted the patch to dpkg itself to their list to see
if it was something that could be upstreamed. Led to a good discussion
here: https://lists.debian.org/debian-dpkg/2016/12/msg00013.html.
While this was an expedient way to fix my problem, it probably isn't
the best way forward as a real change to dpkg. They have offered to
look at submissions to fix what I think is the true root cause - the
non-override-able, hard-coded CONFIGDIR.

Problem description:
1. user "joe" clones the build repo, ex. poky from Yocto and builds
everything, ex. core-system-minimal completely clean build from
scratch. The local.conf is set to use package_deb for our system.
2. "joe" is the build master and then publishes the resultant
"sstate-cache" in a shared directory to be used as a mirror for the
other users. Makes the sstate-cache-mirror directory read-only, etc.
3. "joe" deletes the build directory creates a new one and tests the
build in a new directory which works fine and runs quickly using the
sstate-cache-mirror.
3. user "bob" clones a similar revision and builds using the
SSTATE_MIRROR pointing at the mirror.
4. During "do_rootfs" dpkg (dpkg-native) fails with the message:
dpkg: error: error opening configuration directory
'/home/net/joe/work/sysgen-mrp/build/tmp/sysroots/x86_64-linux/etc/dpkg/dpkg.cfg.d':
Permission denied
E: Sub-process dpkg returned an error code (2)

What happened is that in dpkg-native, the CONFIGDIR is compiled in and
hard-coded to the failing path. dpkg does not currently have a way to
override this at runtime in the same way as --instdir and --admindir.
So dpkg is still looking for config files user "joes" directory which
may:
- have wrong permissions
- be missing or parent dirs missing
- contain malicious garbage because "joe" wants to screw with "bob" :)
- any/all of the above (we had a combination)

Normally /etc/dpkg/dpkg.d is empty for the native sysroot, so our
quick fix was to modify dpkg to just ignore ANY error reading that
directory and pretend it was empty (which for Yocto builds it was
anyway). This was preferable to removing the whole package from the
SSTATE_MIRROR to force rebuilds in each work directory. See the patch
I posted to the Yocto list linked above. Debian dpkg developers don't
want to remove those checks and that seems advisable.

So that leaves two options that I can see (is there an easier/better fix?):
- we can carry a patch to dpkg-native similar to what I posted. For
Yocto/OE it probably is good enough, at least if we limit it to
dpkg-native
- add something like a --configdir command line switch to dpkg so that
we can point it toward the proper sysroot rather than use the compiled
in default

I'd actually prefer the second option because, for one thing, it would
eliminate the baked in paths that contain user names, etc. I'd suggest
that if we pass in --configdir we should configure/compile dpkg-native
with the default paths pointing to neutral, constant, invalid paths to
avoid leaking build specific information into sstate and to catch
errors.

Does this sound like I'm on the right track or like something that
could be included? I'd like to fix this so that it doesn't sneak up on
someone else.

I'm willing to take a hack at it and test it in the scenario where
this bit us. It would involve steps:
1. develop a patch to dpkg to add the option
2. develop a patch for OE to change the configure for dpkg-native
3. a patch for OE to pass --configdir to dpkg in all the right places.
I could use help to insure I find them all.

Thanks,

Anders

error log below:
----------------------
ERROR: system-image-1.0-r0 do_rootfs: Unable to install packages.
Command '/home/local/MrProductName/mrp-system/build/tmp/sysroots/x86_64-linux/usr/bin/apt-get
 install --force-yes --allow-unauthenticated bash run-postinsts
packagegroup-core-eclipse-debug mrp-ofp dosfstools apt e2fsprogs dpkg
packagegroup-core-boot' returned 100:
Reading package lists...
Building dependency tree...
The following extra packages will be installed:
  base-files base-passwd busybox busybox-hwclock busybox-syslog busybox-udhcpc
  ca-certificates debianutils debianutils-run-parts e2fsprogs-badblocks
  e2fsprogs-e2fsck e2fsprogs-mke2fs eudev gdbserver init-ifupdown initscripts
  initscripts-functions kernel-4.4.26-yocto-standard kernel-module-uvesafb
  libblkid1 libbz2-1 libc6 libc6-thread-db libcom-err2 libcrypto1.0.0 libcurl4
  libe2p2 libext2fs2 libgcc1 libgmp10 libgnutls30 libidn11 libkmod2 liblzma5
  libperl5 libss2 libssl1.0.0 libstdc++6 libtinfo5 libuuid1 libz1
  modutils-initscripts ncurses-terminfo-base netbase nettle
  openssh-sftp-server openssl-conf perl sysvinit sysvinit-inittab
  sysvinit-pidof tcf-agent udev-cache update-alternatives-opkg update-rc.d
  v86d xz
Suggested packages:
  ncurses-terminfo
The following NEW packages will be installed:
  apt mrp-ofp base-files base-passwd bash busybox busybox-hwclock
  busybox-syslog busybox-udhcpc ca-certificates debianutils
  debianutils-run-parts dosfstools dpkg e2fsprogs e2fsprogs-badblocks
  e2fsprogs-e2fsck e2fsprogs-mke2fs eudev gdbserver init-ifupdown initscripts
  initscripts-functions kernel-4.4.26-yocto-standard kernel-module-uvesafb
  libblkid1 libbz2-1 libc6 libc6-thread-db libcom-err2 libcrypto1.0.0 libcurl4
  libe2p2 libext2fs2 libgcc1 libgmp10 libgnutls30 libidn11 libkmod2 liblzma5
  libperl5 libss2 libssl1.0.0 libstdc++6 libtinfo5 libuuid1 libz1
  modutils-initscripts ncurses-terminfo-base netbase nettle
  openssh-sftp-server openssl-conf packagegroup-core-boot
  packagegroup-core-eclipse-debug perl run-postinsts sysvinit sysvinit-inittab
  sysvinit-pidof tcf-agent udev-cache update-alternatives-opkg update-rc.d
  v86d xz
0 upgraded, 66 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/7850 kB of archives.
After this operation, 0 B of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  libc6 libgcc1 libstdc++6 liblzma5 libz1 libgmp10 nettle libidn11 libgnutls30
  libcurl4 update-alternatives-opkg libtinfo5 base-files bash run-postinsts
  libperl5 perl xz libbz2-1 dpkg debianutils-run-parts debianutils apt mrp-ofp
  base-passwd busybox busybox-hwclock busybox-syslog busybox-udhcpc
  ca-certificates dosfstools libcom-err2 libss2 libuuid1 libblkid1 libe2p2
  libext2fs2 e2fsprogs-badblocks e2fsprogs e2fsprogs-e2fsck e2fsprogs-mke2fs
  libkmod2 eudev gdbserver netbase init-ifupdown initscripts-functions
  initscripts kernel-4.4.26-yocto-standard kernel-module-uvesafb
  libc6-thread-db libcrypto1.0.0 libssl1.0.0 modutils-initscripts
  ncurses-terminfo-base openssh-sftp-server openssl-conf v86d sysvinit-pidof
  sysvinit-inittab sysvinit packagegroup-core-boot tcf-agent
  packagegroup-core-eclipse-debug udev-cache update-rc.d
Authentication warning overridden.
dpkg: error: error opening configuration directory
'/home/net/joe/work/sysgen-mrp/build/tmp/sysroots/x86_64-linux/etc/dpkg/dpkg.cfg.d':
Permission denied
E: Sub-process dpkg returned an error code (2)

ERROR: system-image-1.0-r0 do_rootfs: Function failed: do_rootfs
ERROR: Logfile of failure stored in:
/home/local/MrProductName/mrp-system/build/tmp/work/qemux86-hbdc-linux/system-image/1.0-r0/temp/log.do_rootfs.31848
ERROR: Task 9 (/home/local/MrProductName/mrp-system/poky/../meta-system/recipes-core/images/system-image.bb,
do_rootfs) failed with exit code '1'

Re: bug with dpkg-native and sstate-cache mirrors

[Anders Oleson]

Should I open a bug report for this?
Does this make sense and does it sound like a problem?
Are you interested in a patch or fixes? I see some activity with dpkg,
so I know there's a maintainer out there?

On Fri, Dec 16, 2016 at 11:31 AM, Anders Oleson <anders@openpuma.org> wrote:
> I originally posted this here:
> https://lists.yoctoproject.org/pipermail/yocto/2016-December/033542.html.
> Apologies, I did not know to report OE core issues here.
>
> Also, following Jussi's advice I started reading the submission
> guidelines and I posted the patch to dpkg itself to their list to see
> if it was something that could be upstreamed. Led to a good discussion
> here: https://lists.debian.org/debian-dpkg/2016/12/msg00013.html.
> While this was an expedient way to fix my problem, it probably isn't
> the best way forward as a real change to dpkg. They have offered to
> look at submissions to fix what I think is the true root cause - the
> non-override-able, hard-coded CONFIGDIR.
>
> Problem description:
> 1. user "joe" clones the build repo, ex. poky from Yocto and builds
> everything, ex. core-system-minimal completely clean build from
> scratch. The local.conf is set to use package_deb for our system.
> 2. "joe" is the build master and then publishes the resultant
> "sstate-cache" in a shared directory to be used as a mirror for the
> other users. Makes the sstate-cache-mirror directory read-only, etc.
> 3. "joe" deletes the build directory creates a new one and tests the
> build in a new directory which works fine and runs quickly using the
> sstate-cache-mirror.
> 3. user "bob" clones a similar revision and builds using the
> SSTATE_MIRROR pointing at the mirror.
> 4. During "do_rootfs" dpkg (dpkg-native) fails with the message:
> dpkg: error: error opening configuration directory
> '/home/net/joe/work/sysgen-mrp/build/tmp/sysroots/x86_64-linux/etc/dpkg/dpkg.cfg.d':
> Permission denied
> E: Sub-process dpkg returned an error code (2)
>
> What happened is that in dpkg-native, the CONFIGDIR is compiled in and
> hard-coded to the failing path. dpkg does not currently have a way to
> override this at runtime in the same way as --instdir and --admindir.
> So dpkg is still looking for config files user "joes" directory which
> may:
> - have wrong permissions
> - be missing or parent dirs missing
> - contain malicious garbage because "joe" wants to screw with "bob" :)
> - any/all of the above (we had a combination)
>
> Normally /etc/dpkg/dpkg.d is empty for the native sysroot, so our
> quick fix was to modify dpkg to just ignore ANY error reading that
> directory and pretend it was empty (which for Yocto builds it was
> anyway). This was preferable to removing the whole package from the
> SSTATE_MIRROR to force rebuilds in each work directory. See the patch
> I posted to the Yocto list linked above. Debian dpkg developers don't
> want to remove those checks and that seems advisable.
>
> So that leaves two options that I can see (is there an easier/better fix?):
> - we can carry a patch to dpkg-native similar to what I posted. For
> Yocto/OE it probably is good enough, at least if we limit it to
> dpkg-native
> - add something like a --configdir command line switch to dpkg so that
> we can point it toward the proper sysroot rather than use the compiled
> in default
>
> I'd actually prefer the second option because, for one thing, it would
> eliminate the baked in paths that contain user names, etc. I'd suggest
> that if we pass in --configdir we should configure/compile dpkg-native
> with the default paths pointing to neutral, constant, invalid paths to
> avoid leaking build specific information into sstate and to catch
> errors.
>
> Does this sound like I'm on the right track or like something that
> could be included? I'd like to fix this so that it doesn't sneak up on
> someone else.
>
> I'm willing to take a hack at it and test it in the scenario where
> this bit us. It would involve steps:
> 1. develop a patch to dpkg to add the option
> 2. develop a patch for OE to change the configure for dpkg-native
> 3. a patch for OE to pass --configdir to dpkg in all the right places.
> I could use help to insure I find them all.
>
> Thanks,
>
> Anders
>
> error log below:
> ----------------------
> ERROR: system-image-1.0-r0 do_rootfs: Unable to install packages.
> Command '/home/local/MrProductName/mrp-system/build/tmp/sysroots/x86_64-linux/usr/bin/apt-get
>  install --force-yes --allow-unauthenticated bash run-postinsts
> packagegroup-core-eclipse-debug mrp-ofp dosfstools apt e2fsprogs dpkg
> packagegroup-core-boot' returned 100:
> Reading package lists...
> Building dependency tree...
> The following extra packages will be installed:
>   base-files base-passwd busybox busybox-hwclock busybox-syslog busybox-udhcpc
>   ca-certificates debianutils debianutils-run-parts e2fsprogs-badblocks
>   e2fsprogs-e2fsck e2fsprogs-mke2fs eudev gdbserver init-ifupdown initscripts
>   initscripts-functions kernel-4.4.26-yocto-standard kernel-module-uvesafb
>   libblkid1 libbz2-1 libc6 libc6-thread-db libcom-err2 libcrypto1.0.0 libcurl4
>   libe2p2 libext2fs2 libgcc1 libgmp10 libgnutls30 libidn11 libkmod2 liblzma5
>   libperl5 libss2 libssl1.0.0 libstdc++6 libtinfo5 libuuid1 libz1
>   modutils-initscripts ncurses-terminfo-base netbase nettle
>   openssh-sftp-server openssl-conf perl sysvinit sysvinit-inittab
>   sysvinit-pidof tcf-agent udev-cache update-alternatives-opkg update-rc.d
>   v86d xz
> Suggested packages:
>   ncurses-terminfo
> The following NEW packages will be installed:
>   apt mrp-ofp base-files base-passwd bash busybox busybox-hwclock
>   busybox-syslog busybox-udhcpc ca-certificates debianutils
>   debianutils-run-parts dosfstools dpkg e2fsprogs e2fsprogs-badblocks
>   e2fsprogs-e2fsck e2fsprogs-mke2fs eudev gdbserver init-ifupdown initscripts
>   initscripts-functions kernel-4.4.26-yocto-standard kernel-module-uvesafb
>   libblkid1 libbz2-1 libc6 libc6-thread-db libcom-err2 libcrypto1.0.0 libcurl4
>   libe2p2 libext2fs2 libgcc1 libgmp10 libgnutls30 libidn11 libkmod2 liblzma5
>   libperl5 libss2 libssl1.0.0 libstdc++6 libtinfo5 libuuid1 libz1
>   modutils-initscripts ncurses-terminfo-base netbase nettle
>   openssh-sftp-server openssl-conf packagegroup-core-boot
>   packagegroup-core-eclipse-debug perl run-postinsts sysvinit sysvinit-inittab
>   sysvinit-pidof tcf-agent udev-cache update-alternatives-opkg update-rc.d
>   v86d xz
> 0 upgraded, 66 newly installed, 0 to remove and 0 not upgraded.
> Need to get 0 B/7850 kB of archives.
> After this operation, 0 B of additional disk space will be used.
> WARNING: The following packages cannot be authenticated!
>   libc6 libgcc1 libstdc++6 liblzma5 libz1 libgmp10 nettle libidn11 libgnutls30
>   libcurl4 update-alternatives-opkg libtinfo5 base-files bash run-postinsts
>   libperl5 perl xz libbz2-1 dpkg debianutils-run-parts debianutils apt mrp-ofp
>   base-passwd busybox busybox-hwclock busybox-syslog busybox-udhcpc
>   ca-certificates dosfstools libcom-err2 libss2 libuuid1 libblkid1 libe2p2
>   libext2fs2 e2fsprogs-badblocks e2fsprogs e2fsprogs-e2fsck e2fsprogs-mke2fs
>   libkmod2 eudev gdbserver netbase init-ifupdown initscripts-functions
>   initscripts kernel-4.4.26-yocto-standard kernel-module-uvesafb
>   libc6-thread-db libcrypto1.0.0 libssl1.0.0 modutils-initscripts
>   ncurses-terminfo-base openssh-sftp-server openssl-conf v86d sysvinit-pidof
>   sysvinit-inittab sysvinit packagegroup-core-boot tcf-agent
>   packagegroup-core-eclipse-debug udev-cache update-rc.d
> Authentication warning overridden.
> dpkg: error: error opening configuration directory
> '/home/net/joe/work/sysgen-mrp/build/tmp/sysroots/x86_64-linux/etc/dpkg/dpkg.cfg.d':
> Permission denied
> E: Sub-process dpkg returned an error code (2)
>
> ERROR: system-image-1.0-r0 do_rootfs: Function failed: do_rootfs
> ERROR: Logfile of failure stored in:
> /home/local/MrProductName/mrp-system/build/tmp/work/qemux86-hbdc-linux/system-image/1.0-r0/temp/log.do_rootfs.31848
> ERROR: Task 9 (/home/local/MrProductName/mrp-system/poky/../meta-system/recipes-core/images/system-image.bb,
> do_rootfs) failed with exit code '1'

Re: bug with dpkg-native and sstate-cache mirrors

[Anders Oleson]

Bump. Can anyone comment on this? Does this sound like a bug? Right forum?

On Tue, Dec 20, 2016 at 7:45 PM, Anders Oleson <anders@openpuma.org> wrote:
> Should I open a bug report for this?
> Does this make sense and does it sound like a problem?
> Are you interested in a patch or fixes? I see some activity with dpkg,
> so I know there's a maintainer out there?
>
> On Fri, Dec 16, 2016 at 11:31 AM, Anders Oleson <anders@openpuma.org> wrote:
>> I originally posted this here:
>> https://lists.yoctoproject.org/pipermail/yocto/2016-December/033542.html.
>> Apologies, I did not know to report OE core issues here.
>>
>> Also, following Jussi's advice I started reading the submission
>> guidelines and I posted the patch to dpkg itself to their list to see
>> if it was something that could be upstreamed. Led to a good discussion
>> here: https://lists.debian.org/debian-dpkg/2016/12/msg00013.html.
>> While this was an expedient way to fix my problem, it probably isn't
>> the best way forward as a real change to dpkg. They have offered to
>> look at submissions to fix what I think is the true root cause - the
>> non-override-able, hard-coded CONFIGDIR.
>>
>> Problem description:
>> 1. user "joe" clones the build repo, ex. poky from Yocto and builds
>> everything, ex. core-system-minimal completely clean build from
>> scratch. The local.conf is set to use package_deb for our system.
>> 2. "joe" is the build master and then publishes the resultant
>> "sstate-cache" in a shared directory to be used as a mirror for the
>> other users. Makes the sstate-cache-mirror directory read-only, etc.
>> 3. "joe" deletes the build directory creates a new one and tests the
>> build in a new directory which works fine and runs quickly using the
>> sstate-cache-mirror.
>> 3. user "bob" clones a similar revision and builds using the
>> SSTATE_MIRROR pointing at the mirror.
>> 4. During "do_rootfs" dpkg (dpkg-native) fails with the message:
>> dpkg: error: error opening configuration directory
>> '/home/net/joe/work/sysgen-mrp/build/tmp/sysroots/x86_64-linux/etc/dpkg/dpkg.cfg.d':
>> Permission denied
>> E: Sub-process dpkg returned an error code (2)
>>
>> What happened is that in dpkg-native, the CONFIGDIR is compiled in and
>> hard-coded to the failing path. dpkg does not currently have a way to
>> override this at runtime in the same way as --instdir and --admindir.
>> So dpkg is still looking for config files user "joes" directory which
>> may:
>> - have wrong permissions
>> - be missing or parent dirs missing
>> - contain malicious garbage because "joe" wants to screw with "bob" :)
>> - any/all of the above (we had a combination)
>>
>> Normally /etc/dpkg/dpkg.d is empty for the native sysroot, so our
>> quick fix was to modify dpkg to just ignore ANY error reading that
>> directory and pretend it was empty (which for Yocto builds it was
>> anyway). This was preferable to removing the whole package from the
>> SSTATE_MIRROR to force rebuilds in each work directory. See the patch
>> I posted to the Yocto list linked above. Debian dpkg developers don't
>> want to remove those checks and that seems advisable.
>>
>> So that leaves two options that I can see (is there an easier/better fix?):
>> - we can carry a patch to dpkg-native similar to what I posted. For
>> Yocto/OE it probably is good enough, at least if we limit it to
>> dpkg-native
>> - add something like a --configdir command line switch to dpkg so that
>> we can point it toward the proper sysroot rather than use the compiled
>> in default
>>
>> I'd actually prefer the second option because, for one thing, it would
>> eliminate the baked in paths that contain user names, etc. I'd suggest
>> that if we pass in --configdir we should configure/compile dpkg-native
>> with the default paths pointing to neutral, constant, invalid paths to
>> avoid leaking build specific information into sstate and to catch
>> errors.
>>
>> Does this sound like I'm on the right track or like something that
>> could be included? I'd like to fix this so that it doesn't sneak up on
>> someone else.
>>
>> I'm willing to take a hack at it and test it in the scenario where
>> this bit us. It would involve steps:
>> 1. develop a patch to dpkg to add the option
>> 2. develop a patch for OE to change the configure for dpkg-native
>> 3. a patch for OE to pass --configdir to dpkg in all the right places.
>> I could use help to insure I find them all.
>>
>> Thanks,
>>
>> Anders
>>
>> error log below:
>> ----------------------
>> ERROR: system-image-1.0-r0 do_rootfs: Unable to install packages.
>> Command '/home/local/MrProductName/mrp-system/build/tmp/sysroots/x86_64-linux/usr/bin/apt-get
>>  install --force-yes --allow-unauthenticated bash run-postinsts
>> packagegroup-core-eclipse-debug mrp-ofp dosfstools apt e2fsprogs dpkg
>> packagegroup-core-boot' returned 100:
>> Reading package lists...
>> Building dependency tree...
>> The following extra packages will be installed:
>>   base-files base-passwd busybox busybox-hwclock busybox-syslog busybox-udhcpc
>>   ca-certificates debianutils debianutils-run-parts e2fsprogs-badblocks
>>   e2fsprogs-e2fsck e2fsprogs-mke2fs eudev gdbserver init-ifupdown initscripts
>>   initscripts-functions kernel-4.4.26-yocto-standard kernel-module-uvesafb
>>   libblkid1 libbz2-1 libc6 libc6-thread-db libcom-err2 libcrypto1.0.0 libcurl4
>>   libe2p2 libext2fs2 libgcc1 libgmp10 libgnutls30 libidn11 libkmod2 liblzma5
>>   libperl5 libss2 libssl1.0.0 libstdc++6 libtinfo5 libuuid1 libz1
>>   modutils-initscripts ncurses-terminfo-base netbase nettle
>>   openssh-sftp-server openssl-conf perl sysvinit sysvinit-inittab
>>   sysvinit-pidof tcf-agent udev-cache update-alternatives-opkg update-rc.d
>>   v86d xz
>> Suggested packages:
>>   ncurses-terminfo
>> The following NEW packages will be installed:
>>   apt mrp-ofp base-files base-passwd bash busybox busybox-hwclock
>>   busybox-syslog busybox-udhcpc ca-certificates debianutils
>>   debianutils-run-parts dosfstools dpkg e2fsprogs e2fsprogs-badblocks
>>   e2fsprogs-e2fsck e2fsprogs-mke2fs eudev gdbserver init-ifupdown initscripts
>>   initscripts-functions kernel-4.4.26-yocto-standard kernel-module-uvesafb
>>   libblkid1 libbz2-1 libc6 libc6-thread-db libcom-err2 libcrypto1.0.0 libcurl4
>>   libe2p2 libext2fs2 libgcc1 libgmp10 libgnutls30 libidn11 libkmod2 liblzma5
>>   libperl5 libss2 libssl1.0.0 libstdc++6 libtinfo5 libuuid1 libz1
>>   modutils-initscripts ncurses-terminfo-base netbase nettle
>>   openssh-sftp-server openssl-conf packagegroup-core-boot
>>   packagegroup-core-eclipse-debug perl run-postinsts sysvinit sysvinit-inittab
>>   sysvinit-pidof tcf-agent udev-cache update-alternatives-opkg update-rc.d
>>   v86d xz
>> 0 upgraded, 66 newly installed, 0 to remove and 0 not upgraded.
>> Need to get 0 B/7850 kB of archives.
>> After this operation, 0 B of additional disk space will be used.
>> WARNING: The following packages cannot be authenticated!
>>   libc6 libgcc1 libstdc++6 liblzma5 libz1 libgmp10 nettle libidn11 libgnutls30
>>   libcurl4 update-alternatives-opkg libtinfo5 base-files bash run-postinsts
>>   libperl5 perl xz libbz2-1 dpkg debianutils-run-parts debianutils apt mrp-ofp
>>   base-passwd busybox busybox-hwclock busybox-syslog busybox-udhcpc
>>   ca-certificates dosfstools libcom-err2 libss2 libuuid1 libblkid1 libe2p2
>>   libext2fs2 e2fsprogs-badblocks e2fsprogs e2fsprogs-e2fsck e2fsprogs-mke2fs
>>   libkmod2 eudev gdbserver netbase init-ifupdown initscripts-functions
>>   initscripts kernel-4.4.26-yocto-standard kernel-module-uvesafb
>>   libc6-thread-db libcrypto1.0.0 libssl1.0.0 modutils-initscripts
>>   ncurses-terminfo-base openssh-sftp-server openssl-conf v86d sysvinit-pidof
>>   sysvinit-inittab sysvinit packagegroup-core-boot tcf-agent
>>   packagegroup-core-eclipse-debug udev-cache update-rc.d
>> Authentication warning overridden.
>> dpkg: error: error opening configuration directory
>> '/home/net/joe/work/sysgen-mrp/build/tmp/sysroots/x86_64-linux/etc/dpkg/dpkg.cfg.d':
>> Permission denied
>> E: Sub-process dpkg returned an error code (2)
>>
>> ERROR: system-image-1.0-r0 do_rootfs: Function failed: do_rootfs
>> ERROR: Logfile of failure stored in:
>> /home/local/MrProductName/mrp-system/build/tmp/work/qemux86-hbdc-linux/system-image/1.0-r0/temp/log.do_rootfs.31848
>> ERROR: Task 9 (/home/local/MrProductName/mrp-system/poky/../meta-system/recipes-core/images/system-image.bb,
>> do_rootfs) failed with exit code '1'

Re: bug with dpkg-native and sstate-cache mirrors

[Richard Purdie]

On Fri, 2016-12-16 at 11:31 -0800, Anders Oleson wrote:
> Does this sound like I'm on the right track or like something that
> could be included? I'd like to fix this so that it doesn't sneak up
> on someone else.
> 
> I'm willing to take a hack at it and test it in the scenario where
> this bit us. It would involve steps:
> 1. develop a patch to dpkg to add the option
> 2. develop a patch for OE to change the configure for dpkg-native
> 3. a patch for OE to pass --configdir to dpkg in all the right
> places.
> I could use help to insure I find them all.

This does sound like a genuine bug and something we need to fix. You do
sound like you're on the right track with it. Adding a workaround patch
to dpkg-native only would be one way to move forward but fixing it
properly as you describe is much more desirable if upstream will take
such a patch. I appreciate you taking the time to do that!

The lack of response isn't lack of interest but partly the holidays and
partly that you're on the right check so replies would mainly be "yes,
sounds good" which people tend not to post against everything they
agree with.

Cheers,

Richard

Re: bug with dpkg-native and sstate-cache mirrors

[Richard Purdie]

On Tue, 2016-12-20 at 19:45 -0800, Anders Oleson wrote:
> Should I open a bug report for this?

If you were not going to work on it anymore then yes, we would like to
keep track of a problem like this.

> Does this make sense and does it sound like a problem?

Yes it makes sense and yes its the kind of problem we should fix.

> Are you interested in a patch or fixes? I see some activity with
> dpkg, so I know there's a maintainer out there?

We are interested, there are people using the deb backend. We don't
have a specific deb maintainer as such but there are a few people with
varying levels of experience and interest.

Cheers,

Richard

[PATCH] dpkg: workaround for sstate contamination

[Anders Oleson]

The dpkg binary contains a hard-coded CONFIGDIR path which normally points to
/etc/dpkg. If /etc/dpkg/dpkg.cfg.d cannot be accessed and scandir returns
EACCESS, or any error other than ENOTDIR, it is treated as a fatal error.

Normally this is not an issue for dpkg, and indeed has been confirmed to be
the developers' design intent. But when dpkg-native is built for OpenEmbedded,
the hard-coded CONFIGDIR "leaks" the build specific location information into
the sstate-cache. Later on, if another user or machine picks up and reuses the
dpkg-native binary, it will fail if the original sysroot does not exist, is
not a directory, or is otherwise inaccessible.

The dpkg utility does not currently allow a command line or environment
override of CONFIGDIR, so this is a workaround that patches dpkg such that any
failure to access CONFIGDIR is tolerated and treated the same as if the
directory were empty. In OpenEmbedded, dpkg-native is always passed command
line arguments and the CONFIGDIR is empty, so this does not cause an issue for
the way OpenEmbedded uses dpkg-native.

This is a workaround that can be removed when dpkg grows the ability to
override the CONFIGDIR at runtime, which has been discussed.

Signed-off-by: Anders Oleson <anders@openpuma.org>
---
 .../dpkg/dpkg/allow-inaccessible-config-dir.patch  | 26 ++++++++++++++++++++++
 meta/recipes-devtools/dpkg/dpkg_1.18.7.bb          |  4 +++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/dpkg/dpkg/allow-inaccessible-config-dir.patch

diff --git a/meta/recipes-devtools/dpkg/dpkg/allow-inaccessible-config-dir.patch b/meta/recipes-devtools/dpkg/dpkg/allow-inaccessible-config-dir.patch
new file mode 100644
index 0000000..fca0c16
--- /dev/null
+++ b/meta/recipes-devtools/dpkg/dpkg/allow-inaccessible-config-dir.patch
@@ -0,0 +1,26 @@
+continue rather than fail if unable to access CONFIGDIR
+
+Signed-off-by: Anders Oleson <anders@openpuma.org>
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Note: a more comprehensive fix to dpkg will be to add a feature that allows a
+command line override of the hard-coded CONFIGDIR (/etc/dpkg/dpkg.cfg.d).
+Once that happens, this patch should be removed.
+
+Index: dpkg-1.18.7/lib/dpkg/options.c
+===================================================================
+--- dpkg-1.18.7.orig/lib/dpkg/options.c
++++ dpkg-1.18.7/lib/dpkg/options.c
+@@ -172,11 +172,8 @@ dpkg_options_load_dir(const char *prog,
+ 
+   dlist_n = scandir(dirname, &dlist, valid_config_filename, alphasort);
+   if (dlist_n < 0) {
+-    if (errno == ENOENT) {
+       free(dirname);
+       return;
+-    } else
+-      ohshite(_("error opening configuration directory '%s'"), dirname);
+   }
+ 
+   for (i = 0; i < dlist_n; i++) {
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.18.7.bb b/meta/recipes-devtools/dpkg/dpkg_1.18.7.bb
index 28fdc13..73d1064 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.18.7.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.18.7.bb
@@ -13,7 +13,9 @@ SRC_URI = "http://snapshot.debian.org/archive/debian/20160509T100042Z/pool/main/
            file://0005-dpkg-compiler.m4-remove-Wvla.patch \
            file://0006-add-musleabi-to-known-target-tripets.patch \
            "
-SRC_URI_append_class-native = " file://glibc2.5-sync_file_range.patch "
+SRC_URI_append_class-native = " file://glibc2.5-sync_file_range.patch \
+           file://allow-inaccessible-config-dir.patch \
+           "
 
 SRC_URI[md5sum] = "073dbf2129a54b0fc627464bf8af4a1b"
 SRC_URI[sha256sum] = "ace36d3a6dc750a42baf797f9e75ec580a21f92bb9ff96b482100755d6d9b87b"
-- 
1.9.1