Bug#794723: [Pkg-utopia-maintainers] Bug#794723: Policykit crashes systemd

2015-10-21 Thread Michael Biebl 
Am 21.10.2015 um 08:33 schrieb Martin Pitt:
> Hello Michael,
> 
> Michael Biebl [2015-10-21  1:45 +0200]:
>> any particular reason why you didn't just use
>> systemctl (un)mask --runtime
> 
> No particular one, but that looks a bit nicer indeed, and the code
> paths are already guarded with [ -d /run/systemd/system ]. Changed
> this to systemctl now and uploaded to unstable and experimental.
> 
> The single clean fix for this is now
> 
>   
> http://anonscm.debian.org/cgit/pkg-utopia/policykit.git/commit/?h=experimental=44b7a8f9326
> 

I thought about this a bit more as I'm generally a bit concerned about
special-case solutions/workarounds.
Maybe a cleaner solution would be to have the D-Bus service file use an
alias like
SystemdService=dbus-org.freedesktop.PolicyKit1.service

and add an [Install] section to polkit(d).service which creates that Alias=.

So the service could only be activated after having been enabled in
postinst. It would have the additional benefit, that one could disable
PolicyKit and this is a patch which could go upstream.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#794723: [Pkg-utopia-maintainers] Bug#794723: Policykit crashes systemd

2015-10-21 Thread Martin Pitt 
Hello Michael,

Michael Biebl [2015-10-21  1:45 +0200]:
> any particular reason why you didn't just use
> systemctl (un)mask --runtime

No particular one, but that looks a bit nicer indeed, and the code
paths are already guarded with [ -d /run/systemd/system ]. Changed
this to systemctl now and uploaded to unstable and experimental.

The single clean fix for this is now

  
http://anonscm.debian.org/cgit/pkg-utopia/policykit.git/commit/?h=experimental=44b7a8f9326

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)


signature.asc
Description: Digital signature

Bug#794723: Policykit crashes systemd

2015-10-20 Thread Simon McVittie 
On 20/10/15 04:56, Martin Pitt wrote:
> Martin Pitt [2015-10-20  5:27 +0200]:
>> For now I propose that the preinst temporarily masks polkitd.service
>> (ln -s /dev/null /run/systemd/system/polkitd.service), and the
>> postinst removes that symlink again, as then the conffiles are all in
>> place. I just tested this in a scenario that previously hung, and it
>> works smoothly.

It works in my test-case too (installing task-xfce-desktop).

> Committed this:
> 
>   http://anonscm.debian.org/cgit/pkg-utopia/policykit.git/commit/?id=5f7dd5

Looks good, please go ahead (unless Michael has some objection).

S

Bug#794723: [Pkg-utopia-maintainers] Bug#794723: Policykit crashes systemd

2015-10-20 Thread Michael Biebl 
Hi,

Am 20.10.2015 um 05:56 schrieb Martin Pitt:
> Control: tag -1 pending
> 
> Martin Pitt [2015-10-20  5:27 +0200]:
>> For now I propose that the preinst temporarily masks polkitd.service
>> (ln -s /dev/null /run/systemd/system/polkitd.service), and the
>> postinst removes that symlink again, as then the conffiles are all in
>> place. I just tested this in a scenario that previously hung, and it
>> works smoothly.
> 
> Committed this:
> 
>   http://anonscm.debian.org/cgit/pkg-utopia/policykit.git/commit/?id=5f7dd5
> 
> I don't upload it yet as I'd like to give Simon and Michael a chance
> to weigh in. If you are okay with this, I'll upload this and also
> apply it to the experimental branch.

any particular reason why you didn't just use
systemctl (un)mask --runtime
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#794723: Policykit crashes systemd

2015-10-19 Thread Martin Pitt 
Hello all,

I was just investigating the corresponding Ubuntu bug
https://launchpad.net/bugs/1447654 as this just got new duplicates.

I finally realized what was going on here, but of course Simon figured
it all out well before me :-)

Simon McVittie [2015-10-11 14:28 +0100]:
> The reason that polkit can't have its bus name is that the D-Bus
> configuration that would allow it to do so has not been installed yet.
> policykit-1.deb has been unpacked, which installed a static file each in
> /usr/share/dbus-1/system-services and /lib/systemd/system that
> declared it as available; so systemctl will attempt to use it.
> However, because policykit-1.deb has not yet been configured,
> the D-Bus configuration in /etc/dbus-1/system.d/ to allow it to
> own its name is still named org.freedesktop.PolicyKit1.conf.dpkg-new,
> and dbus-daemon won't read that file. So polkit is not yet runnable.
> 
> I think this means we need to modify policykit-1 so that whatever
> features make systemd/systemctl want to use it are not detected until
> policykit-1 has been configured, i.e. until policykit-1.postinst
> has run. That would break what is effectively a circular dependency.

For now I propose that the preinst temporarily masks polkitd.service
(ln -s /dev/null /run/systemd/system/polkitd.service), and the
postinst removes that symlink again, as then the conffiles are all in
place. I just tested this in a scenario that previously hung, and it
works smoothly.

What do you think about this?

> With dbus 1.10, we would be able to install the bus setup to allow
> claiming polkit's bus name in /usr/share instead of in /etc, as a
> non-conffile; but that wouldn't work during upgrades from jessie,
> since dbus 1.8 didn't look in /usr/share.

Right, this will be a lot simpler, more robust, and fix this problem
for other D-Bus services as well. It isn't so apparent for others
though, as systemd directly talks to polkit, but not to e. g. udisks.

Thanks,

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

Processed: Re: Bug#794723: Policykit crashes systemd

2015-10-19 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 pending
Bug #794723 [policykit-1] Policykit crashes systemd
Added tag(s) pending.

-- 
794723: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794723
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#794723: Policykit crashes systemd

2015-10-19 Thread Martin Pitt 
Control: tag -1 pending

Martin Pitt [2015-10-20  5:27 +0200]:
> For now I propose that the preinst temporarily masks polkitd.service
> (ln -s /dev/null /run/systemd/system/polkitd.service), and the
> postinst removes that symlink again, as then the conffiles are all in
> place. I just tested this in a scenario that previously hung, and it
> works smoothly.

Committed this:

  http://anonscm.debian.org/cgit/pkg-utopia/policykit.git/commit/?id=5f7dd5

I don't upload it yet as I'd like to give Simon and Michael a chance
to weigh in. If you are okay with this, I'll upload this and also
apply it to the experimental branch.

Thanks,

Martin
-- 
Martin Pitt| http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)


signature.asc
Description: Digital signature

Bug#794723: Policykit crashes systemd

2015-10-18 Thread Simon McVittie 
On Sun, 11 Oct 2015 at 14:28:41 +0100, Simon McVittie wrote:
> I can reproduce something very like this in a smaller stretch VM

After upgrading to current stretch package versions and rebooting
(to rule out #801354), I can still reproduce the "Connection timed
out" messages (apparently reliably) by installing task-xfce-desktop.
I haven't found a smaller package set that does the same (at least not
reliably). If this is anything like #801354 then it might be a
race condition, so perhaps it's just less likely with smaller sets.

However, after waiting for the install to finish, systemctl still works
(I can restart avahi-daemon, for instance), rebooting also works (without
delay), and lightdm starts successfully after the reboot...  so the
worst of the symptoms do seem to be fixed, perhaps by fixing #801354.
I don't think this is necessarily release-critical.

S

Bug#794723: Policykit crashes systemd

2015-10-11 Thread Simon McVittie 
On Wed, 05 Aug 2015 at 19:37:47 -0400, Carlos Kosloff wrote:
> I am installing a fresh version of testing, no desktop, just standard system
> utilities in a VM, the underlying software is virtualbox (from Oracle)
> Version 5.0.0r101573.
> After a dist-upgrade I installed xserver-xorg and then proceeded to install
> e17, which completely crashed systemd, I could not even reboot or poweroff
> the VM.
> I went back to the initial snapshot, which wiped out the previous install,
> and tried with xfce4, obtaining same results.
> I am posting a link to a snapshot because I could not capture text in the
> VM. it might have been possible using only keyboard but I did not try.
> http://i.imgur.com/w5jD2Xw.png

Transcribing that image for reference, since it will probably expire:

8<
Error getting authority: Error initializing authority: Error calling 
StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached 
(g-io-error-quark, 24)
Failed to execute operation: Connection timed out
dpkg: error processing package systemd (--unpack):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 systemd
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@testing:/home/ckosloff# poweroff
Error getting authority: Error initializing authority: Error calling 
StartServiceByName for org.freedesktop.PolicyKit1: Timeout was reached 
(g-io-error-quark, 24)
Failed to start poweroff.target: Connection timed out

Broadcast message from ckosloff@testing on tty1 (Wed 2015-08-05 17:40:36 EDT):

The system is going down for power-off NOW!

root@testing:/home/ckosloff#
8<

I can reproduce something very like this in a smaller stretch VM, and
it's quite tangled. At this stage I'm not sure whether to blame dbus,
policykit-1 or systemd, which is why I'm cc'ing the other packages'
maintainers. This is potentially related to
 and
.

I'm currently on mobile Internet using an incompletely pre-populated
apt-cacher-ng, but luckily it's reproducible with a subset of the
XFCE packages (I installed xserver-xorg, policykit-1 and lightdm onto
a VM with a minimal d-i installation). I ran dbus-monitor --system
as root on tty1, using systemd-cat to redirect it to the Journal;
ran apt on tty2, using systemd-cat again; and watched the Journal on
tty3 to guess when I needed to switch back to tty2 and press Enter.

Unpacking all the packages goes fine, until apt starts processing
triggers:

Oct 11 12:25:45 debian apt[708]: Processing triggers for systemd (226-4) ...

This runs systemctl, which runs the polkit tty agent (:1.2 on the
system bus) to handle password prompting; you can see it do
some D-Bus method calls. You can tell it's the polkit agent and
not systemctl itself, because its error messages (as quoted above)
mention GIO error handling, and systemd doesn't use GIO.

One of its method calls prompts dbus-daemon to start polkit:

Oct 11 12:25:45 debian dbus[642]: [system] Activating via systemd: service 
name='org.freedesktop.PolicyKit1' unit='polkitd.service'
Oct 11 12:25:45 debian systemd[1]: Starting Authenticate and Authorize Users to 
Run Privileged Tasks...
Oct 11 12:25:45 debian dbus-monitor[664]: signal time=1444562745.547491 
sender=org.freedesktop.DBus -> destination=org.freedesktop.systemd1 serial=19 
path=/org/freedesktop/DBus; interface=org.freedesktop.systemd1.Activator; 
member=ActivationRequest
Oct 11 12:25:45 debian dbus-monitor[664]: string "polkitd.service"
Oct 11 12:25:45 debian dbus-monitor[664]: method call time=1444562745.547506 
sender=:1.2 -> destination=org.freedesktop.DBus serial=5 
path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; 
member=StartServiceByName
Oct 11 12:25:45 debian dbus-monitor[664]: string "org.freedesktop.PolicyKit1"
Oct 11 12:25:45 debian dbus-monitor[664]: uint32 0

systemd, which was the first thing on the bus (:1.0), adds a match
rule:

Oct 11 12:25:45 debian dbus-monitor[664]: method call time=1444562745.547634 
sender=:1.0 -> destination=org.freedesktop.DBus serial=17 
path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=AddMatch
Oct 11 12:25:45 debian dbus-monitor[664]: string 
"type='signal',sender='org.freedesktop.DBus',path='/org/freedesktop/DBus',interface='org.freedesktop.DBus',member='NameOwnerChanged',arg0='org.freedesktop.PolicyKit1'"
Oct 11 12:25:45 debian dbus-monitor[664]: method return time=1444562745.547644 
sender=org.freedesktop.DBus -> destination=:1.0 serial=20 reply_serial=17

then it starts polkit, which says hello:

Oct 11 12:25:45 debian dbus-monitor[664]: method call time=1444562745.576313 
sender=:1.3 -> destination=org.freedesktop.DBus serial=1 
path=/org/freedesktop/DBus; interface=org.freedesktop.DBus; member=Hello
Oct 11 12:25:45 debian dbus-monitor[664]: method return time=1444562745.576327 
sender=org.freedesktop.DBus -> destination=:1.3

Bug#794723: Policykit crashes systemd

2015-08-05 Thread Carlos Kosloff 

Package: policykit-1
Version: 0.105-11
Severity: critical
Tags: stretch

Konsole output
Debian Release: stretch/sid
 APT prefers testing
 APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages policykit-1 depends on:
ii  dbus   1.8.20-1
ii  libc6  2.19-19
ii  libglib2.0-0   2.44.1-1.1
ii  libpam-systemd 222-2
ii  libpam0g   1.1.8-3.1
ii  libpolkit-agent-1-00.105-11
ii  libpolkit-backend-1-0  0.105-11
ii  libpolkit-gobject-1-0  0.105-11

policykit-1 recommends no packages.

policykit-1 suggests no packages.


Dear Maintainer,

I am installing a fresh version of testing, no desktop, just standard 
system utilities in a VM, the underlying software is virtualbox (from 
Oracle) Version 5.0.0r101573.
After a dist-upgrade I installed xserver-xorg and then proceeded to 
install e17, which completely crashed systemd, I could not even reboot 
or poweroff the VM.
I went back to the initial snapshot, which wiped out the previous 
install, and tried with xfce4, obtaining same results.
I am posting a link to a snapshot because I could not capture text in 
the VM. it might have been possible using only keyboard but I did not try.

http://i.imgur.com/w5jD2Xw.png
This VM is useless, does not work properly, I will keep it to see if a 
dist-upgrade fixes the problem.

Thank you.
.
--
*Carlos Kosloff*