Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Error] Fedora's shadow-utils passwd implementation needs '--stdin' #1209

Closed
nathanchance opened this issue Feb 15, 2024 · 3 comments · Fixed by #1221
Closed

[Error] Fedora's shadow-utils passwd implementation needs '--stdin' #1209

nathanchance opened this issue Feb 15, 2024 · 3 comments · Fixed by #1221
Labels
bug Something isn't working

Comments

@nathanchance
Copy link
Contributor

Describe the bug

After Fedora switched their passwd implementation away from its own package and into shadow-utils (https://src.fedoraproject.org/rpms/shadow-utils/c/91360f25a8c8b810d59bec2803a2477a2647c775?branch=rawhide), I am unable to start a container that includes it.

To Reproduce

$ git show -s --format=%H
5201a2d2e547bf1fe6a89cfdbe29274096b95be8

$ ./distrobox create -i ghcr.io/nathanchance/dev/fedora:latest -n dev-fedora
Creating 'dev-fedora' using image ghcr.io/nathanchance/dev/fedora        [ OK ]
Distrobox 'dev-fedora' successfully created.
To enter, run:

distrobox enter dev-fedora

$ ./distrobox enter dev-fedora
Starting container...                            [ OK ]
Installing basic packages...                     [ OK ]
Setting up devpts mounts...                      [ OK ]
Setting up read-only mounts...                   [ OK ]
Setting up read-write mounts...                  [ OK ]
Setting up host's sockets integration...         [ OK ]
Integrating host's themes, icons, fonts...       [ OK ]
Setting up package manager exceptions...         [ OK ]
Setting up rpm exceptions...                     [ OK ]
Setting up dpkg exceptions...                    [ OK ]
Setting up distrobox profile...                  [ OK ]
Setting up sudo...                               [ OK ]
Setting up groups...                             [ OK ]
Setting up users...                              Error: An error occurred

Expected behavior

I expect to be able to start my container :)

Logs

$ podman logs dev-fedora
...
+ '[' /home/nathan '!=' /home/nathan ']'
+ '[' '!' -e /etc/passwd.done ']'
++ cat /proc/sys/kernel/random/uuid
+ temporary_password=7867745a-41ea-4493-8b7b-83d8fd18924a
+ printf %s:%s nathan 7867745a-41ea-4493-8b7b-83d8fd18924a
+ chpasswd -e
+ printf %s: nathan
+ chpasswd -e
+ '[' 0 -eq 0 ']'
+ printf '%s\n%s\n' 7867745a-41ea-4493-8b7b-83d8fd18924a 7867745a-41ea-4493-8b7b-83d8fd18924a
+ passwd root
The password for root is unchanged.
Changing password for root
Enter the new password (minimum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
+ '[' 1 -ne 0 ']'
+ printf 'Error: An error occurred\n'
Error: An error occurred

Desktop (please complete the following information):

  • Are you using podman, docker or lilipod? podman
  • Which version or podman, docker or lilipod? 4.9.2
  • Which version of distrobox? 5201a2d
  • Which host distribution? Arch Linux
  • How did you install distrobox? From git.

Additional context

The following diff allows the container to start but I am not sure if there are implications for other passwd implementations so I am not submitting it.

diff --git a/distrobox-init b/distrobox-init
index fa444e0..f434766 100755
--- a/distrobox-init
+++ b/distrobox-init
@@ -1983,7 +1983,7 @@ if [ ! -e /etc/passwd.done ]; then

        if [ "${rootful}" -eq 0 ]; then
                # We're rootless so we don't care about account password, so we remove it
-               printf "%s\n%s\n" "${temporary_password}" "${temporary_password}" | passwd root
+               printf "%s\n%s\n" "${temporary_password}" "${temporary_password}" | passwd -s root
                printf "%s:" "root" | chpasswd -e
        else
                # We're rootful, so we don't want passwordless accounts, so we lock them
@nathanchance nathanchance added the bug Something isn't working label Feb 15, 2024
@nathanchance
Copy link
Contributor Author

I have been testing this patch and it seems to resolve the issue for me. If there is a prettier or more acceptable way to workaround this, please ignore this suggestion.

diff --git a/distrobox-init b/distrobox-init
index 8f5bf8d..19287ad 100755
--- a/distrobox-init
+++ b/distrobox-init
@@ -1983,7 +1983,11 @@ if [ ! -e /etc/passwd.done ]; then

        if [ "${rootful}" -eq 0 ]; then
                # We're rootless so we don't care about account password, so we remove it
-               printf "%s\n%s\n" "${temporary_password}" "${temporary_password}" | passwd root
+               passwd_cmd=passwd
+               if [ -n "$(passwd --help 2>&1 | grep -- --stdin)" ]; then
+                       passwd_cmd="passwd --stdin"
+               fi
+               printf "%s\n%s\n" "${temporary_password}" "${temporary_password}" | ${passwd_cmd} root
                printf "%s:" "root" | chpasswd -e
        else
                # We're rootful, so we don't want passwordless accounts, so we lock them

@89luca89
Copy link
Owner

@nathanchance I think that's the only way, I'm doing something similar for the su command also, so I think it's acceptable 👍

@nathanchance nathanchance mentioned this issue Feb 20, 2024
Merged
nathanchance added a commit to nathanchance/distrobox that referenced this issue Feb 20, 2024
@nathanchance
init: Add '--stdin' flag to 'passwd root' call if supported
ef9447f 
Fedora recently changed their passwd implementation from its own package
to the implementation in shadow-utils, adding '--stdin' in the process
(which has been subsequently accepted upstream).  Without that flag,
entering up a Fedora container for the first time fails with

  + printf '%s\n%s\n' 7867745a-41ea-4493-8b7b-83d8fd18924a 7867745a-41ea-4493-8b7b-83d8fd18924a
  + passwd root
  The password for root is unchanged.
  Changing password for root
  Enter the new password (minimum of 8 characters)
  Please use a combination of upper and lower case letters and numbers.
  + '[' 1 -ne 0 ']'
  + printf 'Error: An error occurred\n'
  Error: An error occurred

Look for '--stdin' in the help output of 'passwd' and use it if it is
supported so the root password is properly changed.

Closes: 89luca89#1209
Link: shadow-maint/shadow@49001ca
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
@nathanchance
Copy link
Contributor Author

@nathanchance I think that's the only way, I'm doing something similar for the su command also, so I think it's acceptable 👍

Thanks for the input :) I have sent #1221 for this.

89luca89 pushed a commit that referenced this issue Feb 20, 2024
@nathanchance
init: Add '--stdin' flag to 'passwd root' call if supported (#1221)
f9c6e77 
Fedora recently changed their passwd implementation from its own package
to the implementation in shadow-utils, adding '--stdin' in the process
(which has been subsequently accepted upstream).  Without that flag,
entering up a Fedora container for the first time fails with

  + printf '%s\n%s\n' 7867745a-41ea-4493-8b7b-83d8fd18924a 7867745a-41ea-4493-8b7b-83d8fd18924a
  + passwd root
  The password for root is unchanged.
  Changing password for root
  Enter the new password (minimum of 8 characters)
  Please use a combination of upper and lower case letters and numbers.
  + '[' 1 -ne 0 ']'
  + printf 'Error: An error occurred\n'
  Error: An error occurred

Look for '--stdin' in the help output of 'passwd' and use it if it is
supported so the root password is properly changed.

Closes: #1209
Link: shadow-maint/shadow@49001ca

Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

init: Add '--stdin' flag to 'passwd root' call if supported nathanchance/distrobox
2 participants
@89luca89 @nathanchance