[tor-bugs] #34115 [Internal Services/Tor Sysadmin Team]: review the impact of usrmerge
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 4 19:57:45 UTC 2020
#34115: review the impact of usrmerge
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: anarcat
Type: defect | Status:
| accepted
Priority: High | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):
* status: assigned => accepted
Old description:
> Debian buster shipped with a "merged `/usr`", which means that `/bin`,
> `/lib` and `/sbin` are now symlinks to their counterparts in `/usr`.
> There are concerns that this behavior is buggy and triggers problems in
> all sorts of places. In particular, the `dpkg` maintainers are quite
> unhappy about the change and do not support it as a configuration:
>
> https://wiki.debian.org/Teams/Dpkg/MergedUsr
>
> ... which is disturbing, considering the `dpkg` is such a core component
> of a Debian system.
>
> That wiki page provides a hackish script to "migrate away" from usrmerge
> but no one, as far as I know, has done that in production. It definitely
> looks nasty.
>
> We should consider :
>
> * [ ] whether this is a real problem (probably?)
> * [x] which machines have usrmerge (20 machines or 27%, detailed below)
> * [x] whether new machines should have it (probably not? not having
> usrmerge is *not* a problem, and having it has risks, so let's not risk
> it?)
> * [ ] whether we need to fix old machines
>
> There are two ways of fixing the installers:
>
> * pass `--no-merged-usr` to deboostrap
> * use `mmdebstrap`
>
> The latter has the advantage of being faster, at the cost of being
> possibly less reliable and compatible.
>
> Next steps:
>
> 1. [ ] fix cloud installer
> 2. [ ] fix robot installer
> 3. [ ] fix ganeti installer - reported as [https://bugs.debian.org/cgi-
> bin/bugreport.cgi?bug=959745 bug 959745]
New description:
Debian buster shipped with a "merged `/usr`", which means that `/bin`,
`/lib` and `/sbin` are now symlinks to their counterparts in `/usr`. There
are concerns that this behavior is buggy and triggers problems in all
sorts of places. In particular, the `dpkg` maintainers are quite unhappy
about the change and do not support it as a configuration:
https://wiki.debian.org/Teams/Dpkg/MergedUsr
... which is disturbing, considering the `dpkg` is such a core component
of a Debian system.
That wiki page provides a hackish script to "migrate away" from usrmerge
but no one, as far as I know, has done that in production. It definitely
looks nasty.
We should consider :
* [ ] whether this is a real problem (probably?)
* [x] which machines have usrmerge (20 machines or 27%, detailed below)
* [x] whether new machines should have it (probably not? not having
usrmerge is *not* a problem, and having it has risks, so let's not risk
it?)
* [ ] whether we need to fix old machines
There are two ways of fixing the installers:
* pass `--no-merged-usr` to deboostrap
* use `mmdebstrap`
The latter has the advantage of being faster, at the cost of being
possibly less reliable and compatible.
Next steps:
1. [x] fix cloud installer - fixed in the wiki and tsa-misc
2. [x] fix robot installer - fixed in the wiki and tsa-misc
3. [ ] fix ganeti installer - reported as [https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=959745 bug 959745], mentioned in the wiki, should
test the hack next
--
Comment:
fixed the cloud and robot installer, need to consider the ganeti hack
next.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34115#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list