Bug 196311 - installworld/kernel without updated passwd/group databases requires under-documented DB_FROM_SRC option
Summary: installworld/kernel without updated passwd/group databases requires under-doc...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: 9.3-RELEASE
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-27 23:40 UTC by Michelle Sullivan
Modified: 2019-09-09 17:27 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michelle Sullivan 2014-12-27 23:40:32 UTC

    
Comment 1 Michelle Sullivan 2014-12-27 23:43:59 UTC
Following: https://www.freebsd.org/doc/handbook/network-diskless.html to the letter is broken.

Fails at: 

# make installworld DESTDIR=${NFSROOTDIR}
ERROR: Required auditdistd user is missing, see /usr/src/UPDATING.
*** [installcheck_UGID] Error code 1

Stop in /usr/src.
*** [installworld] Error code 1

Stop in /usr/src.


Reading UPDATING it states:

20121218:
        With the addition of auditdistd(8), a new auditdistd user is now
        depended on during installworld.  "mergemaster -p" can be used to add
        the user prior to installworld, as documented in the handbook.

However:

# grep audit /etc/master.passwd 
auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin

So of course check the new DESTROOT... oh wait you can't because it's a new clean root that has no password files so there are no users at all...
Comment 2 Michelle Sullivan 2014-12-28 00:24:08 UTC
Bootstrapped using base.txz from 9.3-RELEASE into NFSROOTDIR (using tar -C $NFSROOTDIR -xvzf base.txz ) and it still doesn't work.
Comment 3 Michelle Sullivan 2014-12-28 00:28:34 UTC
Followed up with (after bootstrapping):

# mergemaster -p -D ${NFSROOTDIR}

*** Creating the temporary root environment in /var/tmp/temproot
 *** /var/tmp/temproot ready for use
 *** Creating and populating directory structure in /var/tmp/temproot



*** Beginning comparison

 *** Temp ./etc/group and installed have the same Id, deleting
 *** Temp ./etc/master.passwd and installed have the same Id, deleting

*** Comparison complete

*** /var/tmp/temproot is empty, deleting

and still get:

# make installworld DESTDIR=${NFSROOTDIR} && make installkernel DESTDIR=${NFSROOTDIR} && make distribution DESTDIR=${NFSROOTDIR}
ERROR: Required auditdistd user is missing, see /usr/src/UPDATING.
*** [installcheck_UGID] Error code 1

Stop in /usr/src.
*** [installworld] Error code 1

Stop in /usr/src.
Comment 4 Brooks Davis freebsd_committer 2015-01-05 21:32:18 UTC
You can avoid this problem with the DB_FROM_SRC make variable to use the passwd and group files in the source tree instead of the installed system.  For example:

# make installworld DESTDIR=${NFSROOTDIR} -DDB_FROM_SRC

This failure mode has been around forever.  Unfortunately, it is not entirely safe to enable DB_FROM_SRC by default as there may be different uid/gid values on the target system.
Comment 5 Michelle Sullivan 2015-01-06 01:04:05 UTC
Ok then it's probably not "closed".. ( I won't reopen, but I would appreciate if you would consider and re-open based on my feedback ) consider this...

The docs don't make mention.

The error says:

ERROR: Required auditdistd user is missing, see /usr/src/UPDATING.

Perhaps the error should be changed to give more information or a link to a page with the information... I've never heard of -DDB_FROM_SRC and I have done this more than once (though last time was around 6.1/6.2)...

A more user friendly error would seem appropriate... especially as a link where it can explain "Unfortunately, it is not entirely safe to enable DB_FROM_SRC by default as there may be different uid/gid values on the target system."

This is no longer an issue for me, but it will catch others, some will not ask/report.

Regards,

Michelle
Comment 6 Brooks Davis freebsd_committer 2015-01-06 20:24:15 UTC
Reopen at submitter's request and attempt to describe the documentation problem in the title.