PR#8: Fix %post scriptlet to not require the shell - rpms/setup

rpms / setup

#8 Fix %post scriptlet to not require the shell

Merged 2 years ago by mosvald. Opened 2 years ago by zbyszek.

rpms/ zbyszek/setup deshellify-the-scriptlet into rawhide

Fix %post scriptlet to not require the shell

Zbigniew Jędrzejewski-Szmek • 2 years ago

e72e5cf

setup.spec

file modified

+12 -3

		`@@ -1,7 +1,7 @@`
		`Summary: A set of system configuration and setup files`
		`Name: setup`
		`Version: 2.13.10`
		`- Release: 1%{?dist}`
		`+ Release: 2%{?dist}`
		`License: Public Domain`
		`Group: System Environment/Base`
		`URL: https://pagure.io/setup/`
		`@@ -68,10 +68,16 @@`
		`#handle it ( http://rpm.org/ticket/6 )`
		`%post -p <lua>`
		`for i, name in ipairs({"passwd", "shadow", "group", "gshadow"}) do`
		`- os.remove("/etc/"..name..".rpmnew")`
		`+ os.remove("/etc/"..name..".rpmnew")`
		`end`
		`if posix.access("/usr/bin/newaliases", "x") then`
		`- os.execute("/usr/bin/newaliases >/dev/null")`
		`+ local pid = posix.fork()`
		`+ if pid == 0 then`
		`+ posix.redirect2null(2)`
		`+ posix.exec("/usr/bin/newaliases")`
		`+ elseif pid > 0 then`
		`+ posix.wait(pid)`
		`+ end`
		`end`

		`%files`
		`@@ -114,6 +120,9 @@`
		`%{_tmpfilesdir}/%{name}.conf`

		`%changelog`
		`+ * Fri May 27 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.13.10-2`
		`+ - Fix %%post scriptlet to not require the shell`
		`+`
		`* Sat May 07 2022 Martin Osvald <mosvald@redhat.com> - 2.13.10-1`
		`- Move /var/log/lastlog ownership to systemd (#1798685)`
		`- tcsh sets variable p to /usr/sbin from /etc/csh.login (#2019874)`

zbyszek commented 2 years ago

os.execute uses /bin/sh, which to a large extent defeats the purpose of having
the scriptlet in lua ;)

$ strace -qq -ff -eexecve rpm -E "%{lua:os.execute('true')}"
execve("/usr/bin/rpm", ["rpm", "-E", "%{lua:os.execute('true')}"], 0x7ffd180ce638 / 60 vars /) = 0
[pid 849466] execve("/bin/sh", ["sh", "-c", "true"], 0x7fff73cfc9d8 / 60 vars /) = 0

Let's use posix.exec(). rpm.execute() would be nice, but it does not
support suppressing of stderr.

zuul commented 2 years ago

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

check-for-arches : SUCCESS in 1m 11s
rpm-scratch-build : SUCCESS in 7m 04s
rpm-scratch-build-s390x : SKIPPED (non-voting)
rpm-scratch-build-ppc64le : SKIPPED (non-voting)
rpm-scratch-build-i686 : SKIPPED (non-voting)
rpm-scratch-build-aarch64 : SKIPPED (non-voting)
rpm-linter : FAILURE in 2m 37s
rpm-rpminspect : SUCCESS in 3m 43s (non-voting)
check-for-tests : SUCCESS in 41s
check-for-sti-tests : SUCCESS in 40s
check-for-fmf-tests : SUCCESS in 42s
rpm-install-test : SUCCESS in 1m 42s
rpm-test : SKIPPED
rpm-tmt-test : SKIPPED
rpm-sti-test : SKIPPED

zbyszek commented 2 years ago

Ping!

mosvald commented 2 years ago

Hi,

Thanks for the patch! At first sight, looks good, but then I tried it and it failed with the below error:

error: No exec() called after fork() in lua scriptlet

Full output and steps:

# dnf install postfix -y # to get /usr/bin/newaliases
# dnf update setup-2.13.9.1-4.fc37.noarch.rpm
Last metadata expiration check: 0:11:32 ago on Thu 21 Apr 2022 12:08:44 PM EDT.
Dependencies resolved.
========================================================================================================================
 Package                Architecture            Version                             Repository                     Size
========================================================================================================================
Upgrading:
 setup                  noarch                  2.13.9.1-4.fc37                     @commandline                  143 k

Transaction Summary
========================================================================================================================
Upgrade  1 Package

Total size: 143 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                1/1 
  Upgrading        : setup-2.13.9.1-4.fc37.noarch                                                                   1/2 
warning: /etc/shadow created as /etc/shadow.rpmnew

  Running scriptlet: setup-2.13.9.1-4.fc37.noarch                                                                   1/2 
error: No exec() called after fork() in lua scriptlet

  Cleanup          : setup-2.13.9.1-3.fc36.noarch                                                                   2/2 
  Running scriptlet: setup-2.13.9.1-3.fc36.noarch                                                                   2/2 
  Verifying        : setup-2.13.9.1-4.fc37.noarch                                                                   1/2 
  Verifying        : setup-2.13.9.1-3.fc36.noarch                                                                   2/2 

Upgraded:
  setup-2.13.9.1-4.fc37.noarch                                                                                          

Complete!
#

Please, could you check/investigate further?

rebased onto e72e5cf

2 years ago

zbyszek commented 2 years ago

Oh, this took me much longer to figure out than I'm willing to admit.
There was a typo in the command: newliases. It should be fine now ;)

(Interestingly, when invoked directly with rpm, the message about "No exec()" does not appear. But when called via dnf, it does. And the message is from the rpm codebase… But the message was correct, the scriptlet wasn't doing it's thing.)

zuul commented 2 years ago

Build succeeded.