Debian Bug report logs - #963788
dpkg: run maintscripts in a deterministic order to make effects reproducible

version graph

Package: dpkg; Maintainer for dpkg is Dpkg Developers <debian-dpkg@lists.debian.org>; Source for dpkg is src:dpkg (PTS, buildd, popcon).

Affects: systemd

Reported by: Johannes 'josch' Schauer <josch@debian.org>

Date: Sat, 27 Jun 2020 05:57:02 UTC

Severity: normal

Found in version dpkg/1.20.3

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, josch@debian.org, reproducible-bugs@lists.alioth.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>:
Bug#963788; Package src:systemd. (Sat, 27 Jun 2020 05:57:04 GMT) (full text, mbox, link).

Acknowledgement sent to Johannes 'josch' Schauer <josch@debian.org>:
New Bug report received and forwarded. Copy sent to josch@debian.org, reproducible-bugs@lists.alioth.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>. (Sat, 27 Jun 2020 05:57:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Johannes 'josch' Schauer <josch@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: systemd: please make user order and ids of systemd and systemd-timesyncd reproducible
Date: Sat, 27 Jun 2020 07:54:53 +0200
Source: systemd
Severity: normal
User: reproducible-builds@lists.alioth.debian.org
Usertags: randomness

Hi,

the packages systemd and systemd-timesyncd depend on each other. This
means, that they form a dependency cycle and it is impossible to figure
out whether the postinst script of systemd or systemd-timesyncd should
be executed first. But depending on which postinst script is executed
first, the systemd-{journal,network,resolve} users from the systemd
postinst and the systemd-timesync user from the systemd-timesyncd
package will end up with differing user ids because they are chosen
sequentially, starting with 101. In addition to the user ids, the order
of users and their associated groups will differ in /etc/shadow,
/etc/passwd, /etc/group and associated files.

This is problem for reproducible installations because the exact same
package set, consisting of systemd and systemd-timesyncd can result in a
different system after installation.

Thanks!

cheers, josch

Information forwarded to debian-bugs-dist@lists.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>:
Bug#963788; Package src:systemd. (Mon, 29 Jun 2020 22:51:01 GMT) (full text, mbox, link).

Acknowledgement sent to "Chris Lamb" <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>. (Mon, 29 Jun 2020 22:51:01 GMT) (full text, mbox, link).

Message #10 received at 963788@bugs.debian.org (full text, mbox, reply):

From: "Chris Lamb" <lamby@debian.org>
To: "Johannes Schauer" <josch@debian.org>, 963788@bugs.debian.org, "Reproducible builds folks" <reproducible-builds@lists.alioth.debian.org>
Subject: Re: Bug#963788: systemd: please make user order and ids of systemd and systemd-timesyncd reproducible
Date: Mon, 29 Jun 2020 22:48:03 -0000
[adding reproducible-builds@lists.alioth.debian.org to CC]

Johannes 'josch' Schauer wrote:

> This is problem for reproducible installations because the exact same
> package set, consisting of systemd and systemd-timesyncd can result in a
> different system after installation.

I remember working on related issues in Tails which releases
bit-for-bit reproducible ISO images.

In the end, we went with a horrible post-build script that swapped
group IDs that were assigned non-deterministically due to the
arbitrary execution order of the postinst scripts.

I mention this here to encourage us exploring an archive-wide solution
rather than fixing every time it comes up.

This is a particularly good candidate for a general solution as, in my
hard-won experience:

 a) The non-determinism can happen infrequently and thus does not appear
    even in extensive testing.

 b) There was no way to flush out the problem in CI (compare using
    disorderfs to reverse your filesystem ordering to
    deterministically flush out non-deterministic behaviour or similar
    tricks.)

 c) Each test build run can take a significant amount of time.

 d) The packages could be entirely unrelated. As in, it could have
    been between entirely different packages that could not have been
    fixed by adding a relationship.

(Tails also has unrelated reasons for having persistent GIDs across
builds with different inputs. I would immediately concede that
these are out of scope for Debian itself to resolve.)

I'm not sure exactly where this change could be made (dpkg? apt?) as I
lack a confident understanding of the exact roles of those two tools,
but I am assuming that one of these is *eventually* deciding whether to
run the postinst for systemd or systemd-timesyncd first.


Regards,

--
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Information forwarded to debian-bugs-dist@lists.debian.org, Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>:
Bug#963788; Package src:systemd. (Tue, 30 Jun 2020 10:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Balint Reczey <balint.reczey@canonical.com>:
Extra info received and forwarded to list. Copy sent to Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>. (Tue, 30 Jun 2020 10:57:03 GMT) (full text, mbox, link).

Message #15 received at 963788@bugs.debian.org (full text, mbox, reply):

From: Balint Reczey <balint.reczey@canonical.com>
To: Chris Lamb <lamby@debian.org>, 963788@bugs.debian.org
Cc: Johannes Schauer <josch@debian.org>, Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>
Subject: Re: Bug#963788: systemd: please make user order and ids of systemd and systemd-timesyncd reproducible
Date: Tue, 30 Jun 2020 12:55:31 +0200
Control: reassign -1 dpkg 1.20.3
Control: affects -1 systemd

Hi All,

I agree with Chris, it would be better to find an archive-wide
solution than adding a hack to the two binary packages of systemd.
As I see the postinst scripts themselves are correct and the
nondeterminism comes from the order of executing them which is done by
dpkg, thus I'm reassigning this bug.

Cheers,
Balint

On Tue, Jun 30, 2020 at 12:51 AM Chris Lamb <lamby@debian.org> wrote:
>
> [adding reproducible-builds@lists.alioth.debian.org to CC]
>
> Johannes 'josch' Schauer wrote:
>
> > This is problem for reproducible installations because the exact same
> > package set, consisting of systemd and systemd-timesyncd can result in a
> > different system after installation.
>
> I remember working on related issues in Tails which releases
> bit-for-bit reproducible ISO images.
>
> In the end, we went with a horrible post-build script that swapped
> group IDs that were assigned non-deterministically due to the
> arbitrary execution order of the postinst scripts.
>
> I mention this here to encourage us exploring an archive-wide solution
> rather than fixing every time it comes up.
>
> This is a particularly good candidate for a general solution as, in my
> hard-won experience:
>
>  a) The non-determinism can happen infrequently and thus does not appear
>     even in extensive testing.
>
>  b) There was no way to flush out the problem in CI (compare using
>     disorderfs to reverse your filesystem ordering to
>     deterministically flush out non-deterministic behaviour or similar
>     tricks.)
>
>  c) Each test build run can take a significant amount of time.
>
>  d) The packages could be entirely unrelated. As in, it could have
>     been between entirely different packages that could not have been
>     fixed by adding a relationship.
>
> (Tails also has unrelated reasons for having persistent GIDs across
> builds with different inputs. I would immediately concede that
> these are out of scope for Debian itself to resolve.)
>
> I'm not sure exactly where this change could be made (dpkg? apt?) as I
> lack a confident understanding of the exact roles of those two tools,
> but I am assuming that one of these is *eventually* deciding whether to
> run the postinst for systemd or systemd-timesyncd first.
>
>
> Regards,
>
> --
>       ,''`.
>      : :'  :     Chris Lamb
>      `. `'`      lamby@debian.org chris-lamb.co.uk
>        `-
>


-- 
Balint Reczey
Ubuntu & Debian Developer

Bug reassigned from package 'src:systemd' to 'dpkg'. Request was from Balint Reczey <balint.reczey@canonical.com> to 963788-submit@bugs.debian.org. (Tue, 30 Jun 2020 10:57:03 GMT) (full text, mbox, link).

Marked as found in versions dpkg/1.20.3. Request was from Balint Reczey <balint.reczey@canonical.com> to 963788-submit@bugs.debian.org. (Tue, 30 Jun 2020 10:57:04 GMT) (full text, mbox, link).

Added indication that 963788 affects systemd Request was from Balint Reczey <balint.reczey@canonical.com> to 963788-submit@bugs.debian.org. (Tue, 30 Jun 2020 10:57:04 GMT) (full text, mbox, link).

Changed Bug title to 'dpkg: run maintscripts in a deterministic order to make effects reproducible' from 'systemd: please make user order and ids of systemd and systemd-timesyncd reproducible'. Request was from Gioele Barabucci <gioele@svario.it> to control@bugs.debian.org. (Sat, 13 Aug 2022 01:27:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 10:51:07 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.