1560046 – authselect is missing dependency on dconf package

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1560046 - authselect is missing dependency on dconf package

Summary: authselect is missing dependency on dconf package

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	authselect
Sub Component:
Version:	28
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Pavel Březina
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	AcceptedFreezeException
Depends On:
Blocks:	F28BetaFreezeException 1537246
TreeView+	depends on / blocked

Reported:	2018-03-23 19:15 UTC by Christian Heimes
Modified:	2018-03-26 22:29 UTC (History)
CC List:	4 users (show)
Fixed In Version:	authselect-0.3.2-1.fc28
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-03-26 22:29:06 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Christian Heimes 2018-03-23 19:15:39 UTC

Description of problem:
The authselect package depends on bits and pieces from dconf package but doesn't declare dconf as a dependency. Amongst others it requires /etc/dconf/db/distro.d/locks, which is provided by dconf:

# rpm -qf /etc/dconf/db/distro.d/locks
dconf-0.28.0-1.fc28.x86_64

Version-Release number of selected component (if applicable):
authselect-0.3.2-1.fc28.x86_64

How reproducible:
always, when dconf was never installed before

Steps to Reproduce:
1. install a mininmal system without dconf but with authselect
2. run /usr/bin/authselect select sssd --force


Actual results:
# /usr/bin/authselect select sssd --force
[error] Directory [/etc/dconf/db/distro.d] does not exist, please create it!
[error] Directory [/etc/dconf/db/distro.d/locks] does not exist, please create it!
[error] Some directories are not accessible by authselect!
[error] Unable to activate profile [sssd] [1]: Operation not permitted
Unable to activate profile [1]: Operation not permitted


Expected results:
No errors

Additional info:
See PR https://github.com/freeipa/freeipa/pull/1603 and CI job https://travis-ci.org/freeipa/freeipa/jobs/357429769 for an example

The issue blocks FreeIPA's migration from authconfig to authselect for FreeIPA 4.7 and Fedora 28.

Comment 1 Christian Heimes 2018-03-23 19:19:39 UTC

PR: https://src.fedoraproject.org/rpms/authselect/pull-request/3

Comment 2 Pavel Březina 2018-03-26 08:39:10 UTC

dconf is not required on purpose, since it is not usually present on systems without gdm. However, it should not yield an error and it should be so since 0.3.2-1. I will look into it.

Comment 3 Pavel Březina 2018-03-26 09:40:43 UTC

It was fixed in 0.3 and 0.3.1 with:
https://github.com/pbrezina/authselect/commit/5d2bfb08a7b5bc86b67023ceaea069e7bc68b06d
https://github.com/pbrezina/authselect/commit/4b0f17ec0688237c9d59a66ff85a5189e83d7319

And I can't reproduce it with 0.32, it all works well on my system. If the dconf database directories are not present, authselect will create them and if dconf command is not present, authselect will not call dconf update. There are no errors.

[root@authconfig 28]# rpm -qa | grep dconf
[root@authconfig 28]# rpm -qa | grep authselect
authselect-libs-0.3.2-1.fc28.x86_64
authselect-debuginfo-0.3.2-1.fc28.x86_64
authselect-libs-debuginfo-0.3.2-1.fc28.x86_64
authselect-debugsource-0.3.2-1.fc28.x86_64
authselect-0.3.2-1.fc28.x86_64
authselect-devel-0.3.2-1.fc28.x86_64
authselect-compat-0.3.2-1.fc28.x86_64

[root@authconfig 28]# ll /etc/dconf
ls: cannot access '/etc/dconf': No such file or directory

[root@authconfig 28]# authselect select sssd --force --debug --trace --warn
[info] [authselect_activate] Trying to activate profile [sssd]
[info] [authselect_profile_open] Looking up profile [sssd]
[info] [authselect_profile_open] Profile [sssd] is a default profile
[info] [authselect_profile_open] Profile [sssd] found at [/usr/share/authselect/default/sssd]
[info] [authselect_profile_read_meta] Reading file [/usr/share/authselect/default/sssd/README]
[info] [authselect_system_read_templates] Reading file [/usr/share/authselect/default/sssd/system-auth]
[info] [authselect_system_read_templates] Reading file [/usr/share/authselect/default/sssd/password-auth]
[info] [authselect_system_read_templates] Reading file [/usr/share/authselect/default/sssd/smartcard-auth]
[info] [authselect_system_read_templates] Reading file [/usr/share/authselect/default/sssd/fingerprint-auth]
[info] [authselect_system_read_templates] Reading file [/usr/share/authselect/default/sssd/postlogin]
[info] [authselect_system_read_templates] Reading file [/usr/share/authselect/default/sssd/nsswitch.conf]
[info] [authselect_system_read_templates] Reading file [/usr/share/authselect/default/sssd/dconf-db]
[info] [authselect_system_read_templates] Reading file [/usr/share/authselect/default/sssd/dconf-locks]
[info] [authselect_activate] Enforcing activation!
[info] [authselect_config_locations_writable] Checking if all required directories are writable.
[info] [authselect_config_locations_writable] Creating path [/etc/dconf/db/distro.d]
[info] [authselect_config_locations_writable] Creating path [/etc/dconf/db/distro.d/locks]
[info] [authselect_symlinks_write] Creating symbolic link [/etc/pam.d/system-auth] to [/etc/authselect/system-auth]
[info] [authselect_symlinks_write] Creating symbolic link [/etc/pam.d/password-auth] to [/etc/authselect/password-auth]
[info] [authselect_symlinks_write] Creating symbolic link [/etc/pam.d/fingerprint-auth] to [/etc/authselect/fingerprint-auth]
[info] [authselect_symlinks_write] Creating symbolic link [/etc/pam.d/smartcard-auth] to [/etc/authselect/smartcard-auth]
[info] [authselect_symlinks_write] Creating symbolic link [/etc/pam.d/postlogin] to [/etc/authselect/postlogin]
[info] [authselect_symlinks_write] Creating symbolic link [/etc/nsswitch.conf] to [/etc/authselect/nsswitch.conf]
[info] [authselect_symlinks_write] Creating symbolic link [/etc/dconf/db/distro.d/20-authselect] to [/etc/authselect/dconf-db]
[info] [authselect_symlinks_write] Creating symbolic link [/etc/dconf/db/distro.d/locks/20-authselect] to [/etc/authselect/dconf-locks]
[info] [authselect_profile_activate] Dconf is not installed on your system

Comment 4 Christian Heimes 2018-03-26 10:08:48 UTC

Thanks for the feedback and fix, Pavel! Since the problem is fixed in authselect-0.3.2, I'm closing the bug and PR.

Comment 5 Fedora Update System 2018-03-26 15:39:13 UTC

authselect-0.3.2-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9853e65a1

Comment 6 Adam Williamson 2018-03-26 15:39:43 UTC

This bug was filed against F28. It is not yet 'fixed' wrt F28; it will only be fixed when the update goes stable.

Comment 7 Adam Williamson 2018-03-26 15:40:52 UTC

Proposing as a freeze exception issue for Beta, making the new tool work properly in a minimal install seems like a good idea, especially if it breaks FreeIPA upgrade on systems without dconf as Christian reports.

Comment 8 Geoffrey Marr 2018-03-26 18:46:04 UTC

Discussed during the 2018-03-26 blocker review meeting: [1]

The decision to classify this bug as an AcceptedFreezeException was made as there could be significant install/upgrade-time consequences from authselect not behaving as expected with dconf not present.

[1] https://meetbot.fedoraproject.org/fedora-blocker-review/2018-03-26/f28-blocker-review.2018-03-26-16.01.txt

Comment 9 Fedora Update System 2018-03-26 22:29:06 UTC

authselect-0.3.2-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.