[Bug 2083240] Re: buildd system user lacks homedir leading to issues with snaps[and more]

John Chittum 2083240 at bugs.launchpad.net
Mon Nov 18 16:10:06 UTC 2024 

Oracular SRU Testing (long and fiddly):

1. created package using livecd-rootfs source with change (NOTE: This is how livecd-rootfs is utilized in building buildd). utilizes a git build recipe in a private PPA in a restricted group (cloudware)
2. build the image on launchpad:
    * livefs-owner: cloudware
    * livefs-name: cpc-development
    * archive: cloudware/secret-sauce-jchittum
    * project: ubuntu-base
    * subproject: buildd
    * image-target: all
3. Build completed successfully (private link : https://launchpad.net/~cloudware/+livefs/ubuntu/oracular/cpc-development/+build/710527 )
4. downloaded latest buildd lxd metadata from https://cloud-images.ubuntu.com/buildd/daily/oracular
5. import *-disk1.img into lxc
    * lxc image import ./oracular-server-cloudimg-amd64-lxd.tar.xz ./public/oracular-server-cloudimg-amd64-disk1.img --alias oracular-buildd-sru-vm
6. launch vm
    * lxc launch oracular-buildd-sru-vm
7. lxc shell
8. check for buildd homedirectory
    * $ls -alh /home/buildd
        .
        ..
    * it's there.
9. check for snap install running (this takes further setup)
10. add buildd to sudoers
11. set buildd passwd
12. $ sudo snap install cpc-sbom --edge --classic
2024-11-15T15:56:48Z INFO Waiting for automatic snapd restart...
cpc-sbom (edge) 2024.09.17+gitb2edab3 from Canonical Public Clouds (canonical-cpc) installed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/2083240

Title:
  buildd system user lacks homedir leading to issues with snaps[and
  more]

Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in livecd-rootfs source package in Noble:
  Fix Committed
Status in livecd-rootfs source package in Oracular:
  Fix Committed
Status in livecd-rootfs source package in Plucky:
  Fix Released

Bug description:
  when running a Noble buildd image as a CI runner, the following error
  occurs

  ```
  Running job phase...
  Running test:0
  cmd_run.go:1129: WARNING: cannot create user data directory: cannot create snap home dir: mkdir /nonexistent: permission denied
  Sorry, home directories outside of /home needs configuration.
  See https://forum.snapcraft.io/t/11209 for details.
  ```

  the buildd user is created with the following code in livecd-
  rootfs/live-build/buildd/02-user.chroot

  ```
  # Create the buildd user and group.
  addgroup --gid 2501 buildd
  adduser --system --disabled-password --gecos 'Build Daemon user' \
      --ingroup buildd --uid 2001 --shell /bin/bash buildd
  mkdir -p /build/buildd
  chown buildd:buildd /build/buildd
  ```

  as of 24.04 (maybe earlier), adduser does not create a homedir for
  system users:

  > If no home directory is specified, the default home directory for a
  new system user is /nonexistent.  This directory should never exist on
  any Debian system, and adduser will never create it automatically.

  on jammy and earlier images, the following ends up the user conf

  ```
  buildd:x:2001:2501:Build Daemon user,,,:/home/buildd:/bin/bash
  ```

  and on 24.04

  ```
  buildd:x:2001:2501:Build Daemon user,,,:/nonexistent:/bin/bash
  ```

  this is fixed by adding an explicit `--home /home/buildd` to the user
  creation call

  [ Impact ]

  * Current buildd images are unable to use snaps (and likely other
  issues, since it has assumed an existing $HOME)

  * fix has no impact outside buildd, as the fix is only in a buildd
  hook

  [ Test Plan ]

  * basic testing:
      * build image locally
      * check the created buildd user does have a homedir
      * attempt to install and run a snap
  * expanded testing: 
      * NOTE: this may not be possible, depending on how launchpad is able to consume images. if not possible, do not consider blocking, and instead get sign off from the Launchpad team that the basic testing is acceptable
      * build image in launchpad using a PPA of livecd-rootfs
      * point launchpad team to build
      * consume buildd image from the launchpad build
      * execute a build in the qa environment that requires a snap

  [ Where problems could occur ]

  * if the call is incorrect, no homedir will be made and the fix will fail. 
  * it's livecd-rootfs, so layers and layers of bash. that can always go wrong. 

  [ Other Info ]

  * we'll need to expedite as this is causing issues in launchpad
  production now.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2083240/+subscriptions

More information about the foundations-bugs mailing list