[buildd-tools-devel] Bug#586195: Bug#586195: 20nssdatabases checks for file equivalence
Roger Leigh
rleigh at codelibre.net
Sun Jun 27 11:10:24 UTC 2010
On Sun, Jun 27, 2010 at 12:01:12PM +0200, Bastian Blank wrote:
> On Sat, Jun 26, 2010 at 11:36:12PM +0100, Roger Leigh wrote:
> > On Thu, Jun 17, 2010 at 11:49:47AM +0200, Bastian Blank wrote:
> > > 20nssdatabases checks for file equivalence and don't does anything in
> > > thie case. However nss may include more modules then just "files" and
> > > will fail to produce a usefull result in this case.
> > However, we are checking the file device number and inode number, not
> > the file contents. These should never be the same both inside and
> > outside the chroot. If they are, something is very badly wrong:
>
> The problem is a completely different one: the result of getent passwd
> and the contents of /etc/passwd are not equivalent. So in case of a
> hardlinked file the result is a completely different (just it) then if
> the script creates a new one (the contents all nss databases).
I'm not sure I completely understand here. I agree the contents are
different, but why do we need to care about the content of /etc/passwd
if we aren't using it?
When you're mentioning hardlinked files, what is hardlinked to what,
and why?
> Okay, to be exact: getent passwd may not provide a complete view anyway
> (because of query limits or so in case of remote databases, like ldap).
Do you have any suggestions as to how to better cater for this
type of setup?
> > For example, 20nssdatabases does the equivalent of
> > getent passwd > $chroot/etc/passwd
>
> It have to replace the old file in this case anyway and not truncate it.
the '>' operator in the shell does an ftruncate prior to fork/exec
(to set up the pipes), so when /etc/passwd is your only NSS database,
it's gone completely before getent even runs.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20100627/74262ca4/attachment-0001.pgp>
More information about the Buildd-tools-devel
mailing list