#34115: review the impact of usrmerge -------------------------------------------------+------------------------- Reporter: anarcat | Owner: anarcat Type: defect | Status: closed Priority: High | Milestone: Component: Internal Services/Tor Sysadmin Team | Version: Severity: Major | Resolution: fixed Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+------------------------- Changes (by anarcat):
* status: accepted => closed * resolution: => fixed Old description: > Debian buster shipped with a "merged `/usr`", which means that `/bin`, > `/lib` and `/sbin` are now symlinks to their counterparts in `/usr`. > There are concerns that this behavior is buggy and triggers problems in > all sorts of places. In particular, the `dpkg` maintainers are quite > unhappy about the change and do not support it as a configuration: > > https://wiki.debian.org/Teams/Dpkg/MergedUsr > > ... which is disturbing, considering the `dpkg` is such a core component > of a Debian system. > > That wiki page provides a hackish script to "migrate away" from usrmerge > but no one, as far as I know, has done that in production. It definitely > looks nasty. > > We should consider : > > * [ ] whether this is a real problem (probably?) > * [x] which machines have usrmerge (20 machines or 27%, detailed below) > * [x] whether new machines should have it (probably not? not having > usrmerge is *not* a problem, and having it has risks, so let's not risk > it?) > * [ ] whether we need to fix old machines > > There are two ways of fixing the installers: > > * pass `--no-merged-usr` to deboostrap > * use `mmdebstrap` > > The latter has the advantage of being faster, at the cost of being > possibly less reliable and compatible. > > Next steps: > > 1. [x] fix cloud installer - fixed in the wiki and tsa-misc > 2. [x] fix robot installer - fixed in the wiki and tsa-misc > 3. [ ] fix ganeti installer - reported as [https://bugs.debian.org/cgi- > bin/bugreport.cgi?bug=959745 bug 959745], mentioned in the wiki, reported > [https://gitlab.com/shared-puppet-modules-group/puppet-ganeti/-/issues/7 > in the puppet module] New description: Debian buster shipped with a "merged `/usr`", which means that `/bin`, `/lib` and `/sbin` are now symlinks to their counterparts in `/usr`. There are concerns that this behavior is buggy and triggers problems in all sorts of places. In particular, the `dpkg` maintainers are quite unhappy about the change and do not support it as a configuration: https://wiki.debian.org/Teams/Dpkg/MergedUsr ... which is disturbing, considering the `dpkg` is such a core component of a Debian system. That wiki page provides a hackish script to "migrate away" from usrmerge but no one, as far as I know, has done that in production. It definitely looks nasty. We should consider : * [ ] whether this is a real problem (probably?) * [x] which machines have usrmerge (20 machines or 27%, detailed below) * [x] whether new machines should have it (probably not? not having usrmerge is *not* a problem, and having it has risks, so let's not risk it?) * [ ] whether we need to fix old machines There are two ways of fixing the installers: * pass `--no-merged-usr` to deboostrap * use `mmdebstrap` The latter has the advantage of being faster, at the cost of being possibly less reliable and compatible. Next steps: 1. [x] fix cloud installer - fixed in the wiki and tsa-misc 2. [x] fix robot installer - fixed in the wiki and tsa-misc 3. [x] fix ganeti installer - reported as [https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=959745 bug 959745], mentioned in the wiki, reported [https://gitlab.com/shared-puppet-modules-group/puppet-ganeti/-/issues/7 in the puppet module] -- Comment: fixed deboostrap in ganeti installs to use --no-merged-usr as well. we can revisit this later for existing installs, but for now this should keep us somewhat safe in the future. worst case, we at least have knobs on how to switch that off everywhere as well. just grep for `--no-merged- usr`. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34115#comment:6> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs