FS#55075 - [systemd] sysusers/tmpfiles hooks do not respect the local administrator configuration directory

Attached to Project: Arch Linux
Opened by Eli Schwartz (eschwartz) - Tuesday, 08 August 2017, 22:09 GMT
Last edited by Christian Hesse (eworm) - Thursday, 10 August 2017, 19:32 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Dave Reisner (falconindy)
Christian Hesse (eworm)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

The hooks systemd-tmpfiles.hook and systemd-sysusers.hook use NeedsTargets to accept a list of /usr/lib filenames to run the systemd-{sysusers,tmpfiles} commands. This causes them to ignore overrides that the local administrator has provided.

e.g. in my makechrootpkg build root, I symlinked etc/tmpfiles.d/systemd-nspawn.conf to /dev/null to prevent creating recursive btrfs subvolumes. This was later fixed by makechrootpkg learning to search for and delete those snapshots itself... but it's still a bit awkward to delete them by hand for whatever reason.
Except, it didn't work, they kept being recreated whenever a package installed systemd, and I eventually figured out it was because the pacman hooks were ignoring my override altogether.

I'm not sure what the original motivation was to call systemd-{sysusers,tmpfiles} with each filename, since by default they are supposed to do the right thing and update/reapply the entire configured system state as applicable.
This task depends upon

Closed by  Christian Hesse (eworm)
Thursday, 10 August 2017, 19:32 GMT
Reason for closing:  Fixed
Additional comments about closing:  systemd 234.11-7
Comment by Christian Hesse (eworm) - Wednesday, 09 August 2017, 10:08 GMT
Currently we call systemd-{sysusers,tmpfiles} with absolute paths to config files. Sadly we can not use shell parameter expansion (something like ${f##*/}) due to limitations in pacman/libalpm [0], fixed in git master [1].

So we can...

... wait for pacman 5.1.0 (or backport commit 5678298f) and use shell parameter expansion
... run systemd-{sysusers,tmpfiles} once without parameter
... use something like the attached patch

Dave, any opinion on that?

[0] https://bugs.archlinux.org/task/51916
[1] https://git.archlinux.org/pacman.git/commit/?id=5678298f7dc8e0d4394e477a1a64d734e65a3ef0
Comment by Christian Hesse (eworm) - Wednesday, 09 August 2017, 15:24 GMT Comment by Eli Schwartz (eschwartz) - Wednesday, 09 August 2017, 21:01 GMT
Nice... I somehow overlooked the fact that "If only the basename of a configuration file is specified, all configuration directories as specified in tmpfiles.d(5) are searched for a matching file."

There is no telling when pacman 5.1 will be released, and it doesn't appear to be on agregory's backports queue for a 5.0.3 release, so at the moment it probably makes sense to just use basename. Assuming you want to limit the effects of the hooks to only the files that pacman has just installed/upgraded, which sort of makes sense if it can be done properly. :D
Comment by Christian Hesse (eworm) - Thursday, 10 August 2017, 19:14 GMT
Eli, can you verify that system 234.11-7 fixes the issue for you, please?
Comment by Eli Schwartz (eschwartz) - Thursday, 10 August 2017, 19:26 GMT
Yes, thanks. :)

Loading...