[tor-bugs] #34115 [Internal Services/Tor Sysadmin Team]: review the impact of usrmerge

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 3 20:06:32 UTC 2020 

#34115: review the impact of usrmerge
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  anarcat
     Type:  defect                               |         Status:  closed
 Priority:  High                                 |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Major                                |     Resolution:  fixed
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):

 * status:  accepted => closed
 * resolution:   => fixed


Old description:

> Debian buster shipped with a "merged `/usr`", which means that `/bin`,
> `/lib` and `/sbin` are now symlinks to their counterparts in `/usr`.
> There are concerns that this behavior is buggy and triggers problems in
> all sorts of places. In particular, the `dpkg` maintainers are quite
> unhappy about the change and do not support it as a configuration:
>
> https://wiki.debian.org/Teams/Dpkg/MergedUsr
>
> ... which is disturbing, considering the `dpkg` is such a core component
> of a Debian system.
>
> That wiki page provides a hackish script to "migrate away" from usrmerge
> but no one, as far as I know, has done that in production. It definitely
> looks nasty.
>
> We should consider :
>
>  * [ ] whether this is a real problem (probably?)
>  * [x] which machines have usrmerge (20 machines or 27%, detailed below)
>  * [x] whether new machines should have it (probably not? not having
> usrmerge is *not* a problem, and having it has risks, so let's not risk
> it?)
>  * [ ] whether we need to fix old machines
>
> There are two ways of fixing the installers:
>
>  * pass `--no-merged-usr` to deboostrap
>  * use `mmdebstrap`
>
> The latter has the advantage of being faster, at the cost of being
> possibly less reliable and compatible.
>
> Next steps:
>
>  1. [x] fix cloud installer - fixed in the wiki and tsa-misc
>  2. [x] fix robot installer - fixed in the wiki and tsa-misc
>  3. [ ] fix ganeti installer - reported as [https://bugs.debian.org/cgi-
> bin/bugreport.cgi?bug=959745 bug 959745], mentioned in the wiki, reported
> [https://gitlab.com/shared-puppet-modules-group/puppet-ganeti/-/issues/7
> in the puppet module]

New description:

 Debian buster shipped with a "merged `/usr`", which means that `/bin`,
 `/lib` and `/sbin` are now symlinks to their counterparts in `/usr`. There
 are concerns that this behavior is buggy and triggers problems in all
 sorts of places. In particular, the `dpkg` maintainers are quite unhappy
 about the change and do not support it as a configuration:

 https://wiki.debian.org/Teams/Dpkg/MergedUsr

 ... which is disturbing, considering the `dpkg` is such a core component
 of a Debian system.

 That wiki page provides a hackish script to "migrate away" from usrmerge
 but no one, as far as I know, has done that in production. It definitely
 looks nasty.

 We should consider :

  * [ ] whether this is a real problem (probably?)
  * [x] which machines have usrmerge (20 machines or 27%, detailed below)
  * [x] whether new machines should have it (probably not? not having
 usrmerge is *not* a problem, and having it has risks, so let's not risk
 it?)
  * [ ] whether we need to fix old machines

 There are two ways of fixing the installers:

  * pass `--no-merged-usr` to deboostrap
  * use `mmdebstrap`

 The latter has the advantage of being faster, at the cost of being
 possibly less reliable and compatible.

 Next steps:

  1. [x] fix cloud installer - fixed in the wiki and tsa-misc
  2. [x] fix robot installer - fixed in the wiki and tsa-misc
  3. [x] fix ganeti installer - reported as [https://bugs.debian.org/cgi-
 bin/bugreport.cgi?bug=959745 bug 959745], mentioned in the wiki, reported
 [https://gitlab.com/shared-puppet-modules-group/puppet-ganeti/-/issues/7
 in the puppet module]

--

Comment:

 fixed deboostrap in ganeti installs to use --no-merged-usr as well.

 we can revisit this later for existing installs, but for now this should
 keep us somewhat safe in the future. worst case, we at least have knobs on
 how to switch that off everywhere as well. just grep for `--no-merged-
 usr`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34115#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list