Re: mpgrafic - mpirun test program as root in automatic build

2017-01-19 Thread Sean Whitton 
On Thu, Jan 19, 2017 at 08:21:36AM +0800, Paul Wise wrote:
> On Thu, Jan 19, 2017 at 7:44 AM, Sean Whitton wrote:
> 
> > This is temporarily false: #852071
> 
> Is there a typo in that bug? I get a 404

#851071, sorry!

-- 
Sean Whitton


signature.asc
Description: PGP signature

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-18 Thread Paul Wise 
On Thu, Jan 19, 2017 at 7:44 AM, Sean Whitton wrote:

> This is temporarily false: #852071

Is there a typo in that bug? I get a 404

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-18 Thread Sean Whitton 
Hello,

On Wed, Jan 18, 2017 at 02:25:41PM +0800, Paul Wise wrote:
> On Wed, Jan 18, 2017 at 5:13 AM, Boud Roukema wrote:
> 
> > I've looked a bit at buildd.debian.org, but it's not completely
> > trivial to decide which is correct - do the buildd builds on the
> > debian build machines run dh_auto_tests as (i) root, as (ii) an unprivileged
> > user running fakeroot, or as (iii) an unprivileged user?
> 
> (iii) an unprivileged user
> 
> fakeroot is only used at `debian/rules install` time.

This is temporarily false: #852071

-- 
Sean Whitton


signature.asc
Description: PGP signature

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-18 Thread Ole Streicher 
Paul Wise  writes:
> On Wed, Jan 18, 2017 at 3:58 PM, Ole Streicher wrote:
>
>> Also when using cowbuilder? At least I see the whole build done by root
>> when running in my cowbuilder chroot. That was the point that lead to
>> the trouble here...
>
> Yep. I tested this with id and override_dh_auto_* in cowbuilder:
>
>  fakeroot debian/rules clean
>debian/rules override_dh_auto_clean
> uid=0(root) gid=0(root) groups=0(root),1234(pbuilder)
>  debian/rules build
>debian/rules override_dh_auto_configure
> uid=1234(pbuilder) gid=1234(pbuilder) groups=1234(pbuilder)
>debian/rules override_dh_auto_build
> uid=1234(pbuilder) gid=1234(pbuilder) groups=1234(pbuilder)
>debian/rules override_dh_auto_test
> uid=1234(pbuilder) gid=1234(pbuilder) groups=1234(pbuilder)
>  fakeroot debian/rules binary
>debian/rules override_dh_auto_install
> uid=0(root) gid=0(root) groups=0(root),1234(pbuilder)

OK, I finally found it: I had a line 

BUILDUSERNAME=

in my .pbuilderrc, which was obviously interpreted as root.

Thanks

Ole

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-18 Thread Paul Wise 
On Wed, Jan 18, 2017 at 3:58 PM, Ole Streicher wrote:

> Also when using cowbuilder? At least I see the whole build done by root
> when running in my cowbuilder chroot. That was the point that lead to
> the trouble here...

Yep. I tested this with id and override_dh_auto_* in cowbuilder:

 fakeroot debian/rules clean
   debian/rules override_dh_auto_clean
uid=0(root) gid=0(root) groups=0(root),1234(pbuilder)
 debian/rules build
   debian/rules override_dh_auto_configure
uid=1234(pbuilder) gid=1234(pbuilder) groups=1234(pbuilder)
   debian/rules override_dh_auto_build
uid=1234(pbuilder) gid=1234(pbuilder) groups=1234(pbuilder)
   debian/rules override_dh_auto_test
uid=1234(pbuilder) gid=1234(pbuilder) groups=1234(pbuilder)
 fakeroot debian/rules binary
   debian/rules override_dh_auto_install
uid=0(root) gid=0(root) groups=0(root),1234(pbuilder)

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-18 Thread Ole Streicher 
Paul Wise  writes:
> On Wed, Jan 18, 2017 at 3:37 PM, Boud Roukema wrote:
>
>> I guess by "both of these" you mean "most of the build steps (apart from
>> the 'debian/rules install' step)"?
>
> What I wrote wasn't clear and wasn't strictly true, sorry!
>
> When manually building from source:
>
> You always build/test as a normal user.
> You install as either root or normal user, depending on the install
> prefix.
>
> When doing Debian package builds:
>
> You always build/test as a normal user.
> You always install using fakeroot.

Also when using cowbuilder? At least I see the whole build done by root
when running in my cowbuilder chroot. That was the point that lead to
the trouble here...

Best

Ole

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-18 Thread Boud Roukema 

On Wed, 18 Jan 2017, Paul Wise wrote:


When manually building from source:

You always build/test as a normal user.
You install as either root or normal user, depending on the install prefix.

When doing Debian package builds:

You always build/test as a normal user.
You always install using fakeroot.


Thanks for the clarification :). That's consistent
with my experience, and seems like reasonable policy.

Cheers
Boud

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-17 Thread Paul Wise 
On Wed, Jan 18, 2017 at 3:37 PM, Boud Roukema wrote:

> I guess by "both of these" you mean "most of the build steps (apart from
> the 'debian/rules install' step)"?

What I wrote wasn't clear and wasn't strictly true, sorry!

When manually building from source:

You always build/test as a normal user.
You install as either root or normal user, depending on the install prefix.

When doing Debian package builds:

You always build/test as a normal user.
You always install using fakeroot.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-17 Thread Boud Roukema 

On Wed, 18 Jan 2017, Paul Wise wrote:


On Wed, Jan 18, 2017 at 5:13 AM, Boud Roukema wrote:


I've looked a bit at buildd.debian.org, but it's not completely
trivial to decide which is correct - do the buildd builds on the
debian build machines run dh_auto_tests as (i) root, as (ii) an unprivileged
user running fakeroot, or as (iii) an unprivileged user?


(iii) an unprivileged user

fakeroot is only used at `debian/rules install` time.

Both of these are the same as if you were building manually from source.


I guess by "both of these" you mean "most of the build steps (apart from
the 'debian/rules install' step)"?

cheers
boud

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-17 Thread Paul Wise 
On Wed, Jan 18, 2017 at 5:13 AM, Boud Roukema wrote:

> I've looked a bit at buildd.debian.org, but it's not completely
> trivial to decide which is correct - do the buildd builds on the
> debian build machines run dh_auto_tests as (i) root, as (ii) an unprivileged
> user running fakeroot, or as (iii) an unprivileged user?

(iii) an unprivileged user

fakeroot is only used at `debian/rules install` time.

Both of these are the same as if you were building manually from source.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-17 Thread Boud Roukema 

On Tue, 17 Jan 2017, James Cowgill wrote:


I'm not sure I follow. Debhelper runs the testsuite during the build
target so it shouldn't be run as root anyway. I don't think you need any
workarounds at all for this.


I agree in terms of principles :), but I don't know what actually happens
on the buildd machines.

I've looked a bit at buildd.debian.org, but it's not completely
trivial to decide which is correct - do the buildd builds on the
debian build machines run dh_auto_tests as (i) root, as (ii) an unprivileged
user running fakeroot, or as (iii) an unprivileged user?

Looking at git://git.debian.org/buildd-tools/sbuild.git it looks like
the user is "buildd" - but this is just a guess.

The mpirun exit-if-root mechanism is in

openmpi-2.0.2~git.20161225/orte/orted/orted_submit.c

Isolating this to lines 319-335, this is easy to test as a standalone
main program (see snippet.c below) - the exit-if-root test is triggered either 
(i) using
root directly, or (ii) as ordinary user running fakeroot.

Even as fakeroot, both geteuid() and getuid() in the snippet below
report an identity of 0.

My own pbuilder setup - closely following the maint-guide.en.txt advice -
appears *not* to run "make check" as fakeroot or root, since I
do not see the error and exit due to running as root.

The snippet below can be tested:

user$ ./snippet
user$ fakeroot ./snippet
root# ./snippet

Cheers
Boud

--

/* inspired by openmpi-2.0.2~git.20161225/orte/orted/orted_submit.c root 
detection */

/* (C) 2017 GPL-3+ B. Roukema if copyright is needed */

#include 
#include 
#include 

int main(void)
{
  int uid = 77 , euid = ;
  euid = geteuid();
  uid = getuid();
  if (0 == euid){
printf("WARNING: You are effectively root.\n");
  };
  if (0 == uid){
printf("WARNING: You are really root.\n");
  };
  if (0 != uid && 0 != euid){
printf("You are not running as root :).\n");
  }
  return 0;
}

--

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-17 Thread Ole Streicher 
James Cowgill  writes:
> On 16/01/17 23:58, Boud Roukema wrote:
>> Since, in general, there is no reason for mpirun to run as root,
>> the sid version of mpirun (from openmpi) apparently refuses to run as root.
>> (I have not reproduced this behaviour myself - Ole Streicher
>> has warned me about it.) The openmpi developers provide an option
>> --allow-run-as-root.
>
> I'm not sure I follow. Debhelper runs the testsuite during the build
> target so it shouldn't be run as root anyway. I don't think you need any
> workarounds at all for this.

I (as Bouds sponsor) have the problem that in my cowbuilder the build is
done as root, leading to the questioned error message and a failure of
the test and the build. Maybe in my setup something is wrong?

Best regards

Ole

Re: mpgrafic - mpirun test program as root in automatic build

2017-01-17 Thread James Cowgill 
Hi,

On 16/01/17 23:58, Boud Roukema wrote:
> hi Debian-mentors,
> 
> Is it reasonable to override the mpirun (openmpi_2.0.2~git.20161225-8)
> default preference of refusing to run as root?
> 
> I've started packaging mpgrafic for debian - this is my first
> debianisation, apart from minor private hacks after extracting debian
> source packages:
> 
> https://anonscm.debian.org/cgit/debian-astro/packages/mpgrafic.git/
> 
> I've added regression-test-0.3.7.sh to the upstream version of
> mpgrafic. This is a "reproducible run" test. The test runs the main
> binary, mpgrafic, with a frontend "mpirun", which, in general, allows
> a program to run on many different machines, without shared memory.
> This test runs explicitly on exactly one processor, for reproducibility.
> 
> Since, in general, there is no reason for mpirun to run as root,
> the sid version of mpirun (from openmpi) apparently refuses to run as root.
> (I have not reproduced this behaviour myself - Ole Streicher
> has warned me about it.) The openmpi developers provide an option
> --allow-run-as-root.
> 
> In version 0.3.7.4-1, the debian-only, openmpi-only use of this option in
> debian/rules + regression-test-0.3.7.sh
> 
> https://anonscm.debian.org/cgit/debian-astro/packages/mpgrafic.git/tree/debian/rules
> 
> https://anonscm.debian.org/cgit/debian-astro/packages/mpgrafic.git/tree/regression-test-0.3.7.sh
> 
> 
> should presumably allow debian automatic builds to pass "make check".

I'm not sure I follow. Debhelper runs the testsuite during the build
target so it shouldn't be run as root anyway. I don't think you need any
workarounds at all for this.

James



signature.asc
Description: OpenPGP digital signature

mpgrafic - mpirun test program as root in automatic build

2017-01-16 Thread Boud Roukema 

hi Debian-mentors,

Is it reasonable to override the mpirun (openmpi_2.0.2~git.20161225-8)
default preference of refusing to run as root?

I've started packaging mpgrafic for debian - this is my first
debianisation, apart from minor private hacks after extracting debian
source packages:

https://anonscm.debian.org/cgit/debian-astro/packages/mpgrafic.git/

I've added regression-test-0.3.7.sh to the upstream version of
mpgrafic. This is a "reproducible run" test. The test runs the main
binary, mpgrafic, with a frontend "mpirun", which, in general, allows
a program to run on many different machines, without shared memory.
This test runs explicitly on exactly one processor, for reproducibility.

Since, in general, there is no reason for mpirun to run as root,
the sid version of mpirun (from openmpi) apparently refuses to run as root.
(I have not reproduced this behaviour myself - Ole Streicher
has warned me about it.) The openmpi developers provide an option
--allow-run-as-root.

In version 0.3.7.4-1, the debian-only, openmpi-only use of this option in
debian/rules + regression-test-0.3.7.sh

https://anonscm.debian.org/cgit/debian-astro/packages/mpgrafic.git/tree/debian/rules
https://anonscm.debian.org/cgit/debian-astro/packages/mpgrafic.git/tree/regression-test-0.3.7.sh

should presumably allow debian automatic builds to pass "make check".

Is the choice to use the option --allow-run-as-root safe from a general
system security point of view?

My arguments against (i.e. it would be unsafe):

* A newbie might download/extract the debian source as root,
unintentionally modify the fortran source to do some dangerous things
with files and directories, change the -n 1 option to -n 32 for a cluster
of 4 machines each with 8 processors, and then try "make check".
Since the --allow-run-as-root option is enabled in regression-test-0.3.7.sh,
the newbie does some dangerous root operations.

Counterarguments (i.e. it would be safe):

** If the newbie has ignored the recommendation of building
debian packets from source with fakeroot debian/rules binary, then s/he
is already taking superuser risks, and we can't do much to help him/her;

** Introducing system-dangerous operations in fortran is possible, but unlikely
for someone just wishing to make a cosmology calculation;

** If the newbie modifies the -n 1 option, then s/he would see
the much more obvious --allow-run-as-root option and should learn
enough to realise that running as root is unlikely to be needed when
compiling/running the package as an ordiner user.

An alternative I see to enabling --allow-run-as-root would be e.g.

adduser --no-create-home --disabled-password mpgrafic
mpirun -n 1 ... ;
deluser mpgrafic

but that would unnecessarily require build dependence on adduser, and
creating/removing users is itself a security-related issue that
automated checkers (e.g. lintian) might (or should?) be concerned
about.

I'd like to rename mpgrafic-0.3.7.4 to 0.3.8 upstream, along with the
debian versions 0.3.7.4-1 and 0.3.8-1, but first it would be
good to hear some opinions on this.

tracker: https://tracker.debian.org/pkg/mpgrafic

Cheers
Boud