[Bug 1191514] New: [busybox-static] Warewulf3 requires additional commands
https://bugzilla.suse.com/show_bug.cgi?id=1191514 Bug ID: 1191514 Summary: [busybox-static] Warewulf3 requires additional commands Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: ihno@suse.com Reporter: eich@suse.com QA Contact: qa-bugs@suse.de CC: kukuk@suse.com Found By: Development Blocker: --- Warewulf is a popular HPC deployment tool to set up compute nodes in a cluster. It creates its own initfs using busybox (static). To operate correctly, it requires at least: 1. cttyhack - to get a console for debugging purposes 2. switch_root - to switch to the main system 3. reboot - to smoothly reboot from the debugging console. Command 1. was removed with the commit: | Wed Jul 22 09:24:42 UTC 2020 - Thorsten Kukuk <kukuk@suse.com> [...] | - Disable cttyhack, we don't provide the calling tools [...] This is not true, we do have a tool that's calling it. Command 2. was removed with: | Fri Mar 13 20:04:25 UTC 2020 - Thorsten Kukuk <kukuk@suse.com> [...] | - Merge config of default, -container and -static to be able to | drop -container variant with no reason given. Command 3. has never been enabled - as far as I can tell. If there are strong objections to (re)adding these commands, I'm fine with creating another (static) flavor of busybox - just for warewulf. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191514 https://bugzilla.suse.com/show_bug.cgi?id=1191514#c1 --- Comment #1 from Egbert Eich <eich@suse.com> --- Created attachment 853053 --> https://bugzilla.suse.com/attachment.cgi?id=853053&action=edit Difference between busybox-static.config and busybox.config From kukuk on https://build.opensuse.org/request/show/924423: Comment: 1. The configs are in sync, don't bring them out of sync! 2. reboot conflicts with everything else and needs adjustments and new packages, since we make excessive usage of them in Factory and in the future in SLE15. Statement 1. is contradicted by the difference in configuration which is attached. A number of SELinux functions are enabled in the dynamic version which are not present in the static one. Here is a list of commands present in the dynamic version but not in the static one: chcon getenforce getsebool load_policy matchpathcon restorecon runcon selinuxenabled sestatus setenforce setfiles setsebool To a casual busybox bystander, it is not clear what the level of expected synchronization is between the static and dynamic variant of busybox. An explanation in the spec file would be in order. As for statement 2., this is the very reason this ticket exists. I've already made this suggestion. It seems much easier to discuss this here than in the comment section to a submission. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191514 https://bugzilla.suse.com/show_bug.cgi?id=1191514#c2 --- Comment #2 from Egbert Eich <eich@suse.com> --- Regarding 'reboot', I'm fine with creating another build of busybox - just for warewulf. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191514 https://bugzilla.suse.com/show_bug.cgi?id=1191514#c3 Egbert Eich <eich@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(kukuk@suse.com) --- Comment #3 from Egbert Eich <eich@suse.com> --- Ok, in the warewulf-specific version of busybox I will set CONFIG_REBOOT=y CONFIG_SWITCH_ROOT=y CONFIG_CTTYHACK=y and leave them undefined for the other flavors. What about * CONFIG_FEATURE_REMOTE_LOG * CONFIG_DEPMOD * CONFIG_TAC These have been set for warewulf in an earlier iteration. Should these be disabled for the other flavors as well? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191514 Ihno Krumreich <ihno@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191514 https://bugzilla.suse.com/show_bug.cgi?id=1191514#c4 Egbert Eich <eich@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #4 from Egbert Eich <eich@suse.com> --- Regarding keeping the static and dynamic build in sync - this is true for all commands, except those for SELinux as these do not build statically. A note explaining this has been added to the spec file. SR#924964 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191514 https://bugzilla.suse.com/show_bug.cgi?id=1191514#c6 Egbert Eich <eich@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED Flags|needinfo?(kukuk@suse.com) | --- Comment #6 from Egbert Eich <eich@suse.com> --- Resolved. SR accepted. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191514 https://bugzilla.suse.com/show_bug.cgi?id=1191514#c11 --- Comment #11 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2022:4253-1: An update that fixes 28 vulnerabilities is now available. Category: security (important) Bug References: 1029961,1064976,1064978,1069412,1099260,1099263,1102912,1121426,1121428,1184522,1191514,1192869,914660,951562,970662,970663,991940 CVE References: CVE-2011-5325,CVE-2014-9645,CVE-2015-9261,CVE-2016-2147,CVE-2016-2148,CVE-2016-6301,CVE-2017-15873,CVE-2017-15874,CVE-2017-16544,CVE-2018-1000500,CVE-2018-1000517,CVE-2018-20679,CVE-2019-5747,CVE-2021-28831,CVE-2021-42373,CVE-2021-42374,CVE-2021-42375,CVE-2021-42376,CVE-2021-42377,CVE-2021-42378,CVE-2021-42379,CVE-2021-42380,CVE-2021-42381,CVE-2021-42382,CVE-2021-42383,CVE-2021-42384,CVE-2021-42385,CVE-2021-42386 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): busybox-1.35.0-4.3.1 SUSE OpenStack Cloud 9 (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server 12-SP5 (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): busybox-1.35.0-4.3.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): busybox-1.35.0-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com