Creating saved projects and install images on different machines causes problems.
Bug #203561 reported by
Michael Frey
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Moblin Image Creator |
Fix Released
|
Low
|
Praj | ||
moblin-image-creator (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Creating saved MIC projects on one machine then importing them into MIC on another machine, then creating an install USB image causes some runtime problems.
There is an issue with some user GUID's not matching on the two machines that causes some PolicyKit plicies to fail.
The test case is the following.
1 Create a saved project file on a server machine.
2 Load that project file into MIC on a different machine.
3 Create an install USB image.
4 Load onto target device
5 Boot device
6 Run network-admin
This will present you with a PolicyKit error.
This error does not occur if both the saved project and install image are created on the same machine.
Related branches
Changed in moblin-image-creator: | |
assignee: | nobody → prajwal-linux |
importance: | Undecided → Low |
status: | New → In Progress |
tags: | added: oem-services |
To post a comment you must log in.
We install the policykit package. Files in /usr/lib/policykit are owned by the polkituser group. The group on some files owned by policykit are being mangled by the MIC load/save project mechanism.
The problem:
Tarballs contain both group id (gid) and group name (gname) for each file. When the project tarball is created, the gname record for each file is based on the mapping of the gid to group name on the host, rather than in the chroot.
When a file is unpacked from a tarball, tar looks at the gname field to determine the group name. It then looks up the corresponding gid from the destination system's /etc/group, and assigns that gid to the file. Tar ignores the gid that's stored in the tarfile. The result is that tar silently changes the gid on the file.
The solution:
tar needs to be called with the --numeric-owner flag when creating the tarball. This will ensure that tar doesn't change the gid of any files in the chroot.
I don't see a way to do this in the Python tarfile module, so it's possible MIC will need to fork/exec tar rather than using the tarfile module.
More info: policykit/ polkit- grant-helper.
I added the policykit package to my target. policykit installs the file /usr/lib/
In the chroot, the file /usr/lib/ policykit/ polkit- grant-helper is owned by the polkituser group. In the chroot, polkituser is gid=109.
When MIC creates the saved project tarball, tar looks up the group name for gid=109 on the host. In my case, gid=109 corresponds to the ssh group on the host. Tar creates a record in the tarball for polkit-grant-helper with gid=109 and gname=ssh.
I transfer the saved project to another system and unpack it. On the destination system, tar sees that gname=ssh for polkit- grant-helper, so it looks up the gid for the ssh group using the destination system's /etc/group. In my case, the gid for the ssh group on the destination system is 111. Tar then assigns gid=111 to polkit-grant-helper on the destination system.
The gid for /usr/lib/ policykit/ polkit- grant-helper in the chroot has now changed from 109 to 111. This is incorrect.