[6/6] shadow: Avoid nss warning/error with musl

From: Andrei Gherzan <andrei.gherzan@huawei.com>

The libnss configuration file is only installed when glibc is used. The
inexistence of it on a musl-based rootfs, will make shadow complain
about it:

Failed opening /etc/nsswitch.conf

This is because shadow will try to use nsswich when dealing with
subordinate IDs and the message is just a warning as the tool will still
generate them correctly in subuid/subgid files.

We drop this log message for class native to avoid an error when rootfs
logs are checked ('Failed' will match the regex bitbake is using to
check for rootfs generation errors).

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
 ...f-message-when-not-in-place-eg.-musl.patch | 27 +++++++++++++++++++
 meta/recipes-extended/shadow/shadow.inc       |  2 ++
 2 files changed, 29 insertions(+)
 create mode 100644 meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch

I do not think it is inappropriate, as it does highlight an issue
which we need to inform upstream about. Can you submit it upstream
anyway please?

Alex

On Wed, 24 Aug 2022 at 01:57, Andrei Gherzan <andrei@gherzan.com> wrote:
>
> From: Andrei Gherzan <andrei.gherzan@huawei.com>
>
> The libnss configuration file is only installed when glibc is used. The
> inexistence of it on a musl-based rootfs, will make shadow complain
> about it:
>
> Failed opening /etc/nsswitch.conf
>
> This is because shadow will try to use nsswich when dealing with
> subordinate IDs and the message is just a warning as the tool will still
> generate them correctly in subuid/subgid files.
>
> We drop this log message for class native to avoid an error when rootfs
> logs are checked ('Failed' will match the regex bitbake is using to
> check for rootfs generation errors).
>
> Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
> ---
>  ...f-message-when-not-in-place-eg.-musl.patch | 27 +++++++++++++++++++
>  meta/recipes-extended/shadow/shadow.inc       |  2 ++
>  2 files changed, 29 insertions(+)
>  create mode 100644 meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
>
> diff --git a/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch b/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
> new file mode 100644
> index 0000000000..aeb89ff6a0
> --- /dev/null
> +++ b/meta/recipes-extended/shadow/files/0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch
> @@ -0,0 +1,27 @@
> +From 11290e897a49adddee215833944a518443d9b0d6 Mon Sep 17 00:00:00 2001
> +From: Andrei Gherzan <andrei.gherzan@huawei.com>
> +Date: Wed, 24 Aug 2022 00:54:47 +0200
> +Subject: [PATCH] Drop nsswitch.conf message when not in place - eg. musl
> +
> +Upstream-Status: Inappropriate [OE specific]
> +Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
> +---
> + lib/nss.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/lib/nss.c b/lib/nss.c
> +index 06fa48e..44245da 100644
> +--- a/lib/nss.c
> ++++ b/lib/nss.c
> +@@ -59,7 +59,7 @@ void nss_init(const char *nsswitch_path) {
> +       //   subid:     files
> +       nssfp = fopen(nsswitch_path, "r");
> +       if (!nssfp) {
> +-              fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
> ++              //fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
> +               atomic_store(&nss_init_completed, true);
> +               return;
> +       }
> +--
> +2.25.1
> +
> diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
> index b2f82e9ac7..414bf467ba 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -25,12 +25,14 @@ SRC_URI:append:class-target = " \
>  SRC_URI:append:class-native = " \
>             file://0001-Disable-use-of-syslog-for-sysroot.patch \
>             file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
> +           file://0001-Drop-nsswitch.conf-message-when-not-in-place-eg.-musl.patch \
>             "
>  SRC_URI:append:class-nativesdk = " \
>             file://0001-Disable-use-of-syslog-for-sysroot.patch \
>             "
>  SRC_URI[sha256sum] = "9fdb73b5d2b44e8ba9fcee1b4493ac75dd5040bda35b9ac8b06570cd192e7ee3"
>
> +
>  # Additional Policy files for PAM
>  PAM_SRC_URI = "file://pam.d/chfn \
>                 file://pam.d/chpasswd \
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#169767): https://lists.openembedded.org/g/openembedded-core/message/169767
> Mute This Topic: https://lists.openembedded.org/mt/93217143/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

On Wed, 24 Aug 2022, at 08:36, Alexander Kanavin wrote:
> I do not think it is inappropriate, as it does highlight an issue
> which we need to inform upstream about. Can you submit it upstream
> anyway please?

Just to be sure we have the same understanding, could you detail the issue you are seeing?

Andrei

The issue is described by you in the commit message? I think this is
good enough for upstream submission as is, as long as you edit out the
yocto specific references.

Alex

On Wed, 24 Aug 2022 at 10:16, Andrei Gherzan <andrei@gherzan.com> wrote:
>
> On Wed, 24 Aug 2022, at 08:36, Alexander Kanavin wrote:
> > I do not think it is inappropriate, as it does highlight an issue
> > which we need to inform upstream about. Can you submit it upstream
> > anyway please?
>
> Just to be sure we have the same understanding, could you detail the issue you are seeing?
>
> Andrei

On Wed, 24 Aug 2022, at 09:21, Alexander Kanavin wrote:
> The issue is described by you in the commit message? I think this is
> good enough for upstream submission as is, as long as you edit out the
> yocto specific references.

RIght. I was more interested in how you see this issue per se. At the end of the day, it is not a bug, it is more of a warning/log message while the functionality is in place. What would you expect upstream to do?

Of course, there are a couple of options here. Compile macro for musl, change the log format for that specific message, etc. But it can also be treated as a dynamic check with an associated log message.

Andrei

I trust the upstream will figure this out. My goal is to avoid adding
more patches that are declared unsuitable for upstream, and so have to
be rebased until the end of time by (usually) me.

Alex

On Wed, 24 Aug 2022 at 10:28, Andrei Gherzan <andrei@gherzan.com> wrote:
>
> On Wed, 24 Aug 2022, at 09:21, Alexander Kanavin wrote:
> > The issue is described by you in the commit message? I think this is
> > good enough for upstream submission as is, as long as you edit out the
> > yocto specific references.
>
> RIght. I was more interested in how you see this issue per se. At the end of the day, it is not a bug, it is more of a warning/log message while the functionality is in place. What would you expect upstream to do?
>
> Of course, there are a couple of options here. Compile macro for musl, change the log format for that specific message, etc. But it can also be treated as a dynamic check with an associated log message.
>
> Andrei

On Wed, 24 Aug 2022, at 09:30, Alexander Kanavin wrote:
> I trust the upstream will figure this out. My goal is to avoid adding
> more patches that are declared unsuitable for upstream, and so have to
> be rebased until the end of time by (usually) me.

OK. I have created an upstream issue: https://github.com/shadow-maint/shadow/issues/557.

Andrei

Thanks, can you also resend the patch with the link to the ticket included?

Alex

On Wed, 24 Aug 2022 at 10:49, Andrei Gherzan <andrei@gherzan.com> wrote:
>
> On Wed, 24 Aug 2022, at 09:30, Alexander Kanavin wrote:
> > I trust the upstream will figure this out. My goal is to avoid adding
> > more patches that are declared unsuitable for upstream, and so have to
> > be rebased until the end of time by (usually) me.
>
> OK. I have created an upstream issue: https://github.com/shadow-maint/shadow/issues/557.
>
> Andrei

On Wed, 24 Aug 2022, at 09:56, Alexander Kanavin wrote:
> Thanks, can you also resend the patch with the link to the ticket included?

Sure. https://lists.openembedded.org/g/openembedded-core/message/169800

Andrei

Almost there :) As the patch was not actually submitted, the correct
metadata is:

Upstream-Status: Inappropriate [issue reported at
https://github.com/shadow-maint/shadow/issues/557]

Alex

On Wed, 24 Aug 2022 at 11:37, Andrei Gherzan <andrei@gherzan.com> wrote:
>
> On Wed, 24 Aug 2022, at 09:56, Alexander Kanavin wrote:
> > Thanks, can you also resend the patch with the link to the ticket included?
>
> Sure. https://lists.openembedded.org/g/openembedded-core/message/169800
>
> Andrei

On Wed, 24 Aug 2022, at 10:39, Alexander Kanavin wrote:
> Almost there :) As the patch was not actually submitted, the correct
> metadata is:
>
> Upstream-Status: Inappropriate [issue reported at
> https://github.com/shadow-maint/shadow/issues/557]

Now I know :)

https://lists.openembedded.org/g/openembedded-core/message/169804

Andrei