[pkg-lxc-devel] Bug#887953: lxc-download drops stderr from external commands whose failure can be fatal
Josip Rodin
joy at debbugs.entuzijast.net
Mon Jan 22 00:21:12 UTC 2018
Package: lxc
Version: 1:2.0.7-2+deb9u1
Hi,
I tried following the https://wiki.debian.org/LXC#Unprivileged_container
guide on a new machine, but got stuck on:
% sudo lxc-create -o lxc-create.log -l DEBUG --name test1 -t download
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver.
lxc-create: lxccontainer.c: create_run_template: 1297 container creation template for test1 failed
lxc-create: tools/lxc_create.c: main: 318 Error creating container test1
So something went wrong, but what? Even with the most detailed level of
logging, it doesn't say:
lxc-create 20170121234841.963 INFO lxc_confile - confile.c:config_idmap:1531 - read uid map: type u nsid 0 hostid 100000 range 65536
lxc-create 20170121234841.963 INFO lxc_confile - confile.c:config_idmap:1531 - read uid map: type g nsid 0 hostid 100000 range 65536
lxc-create 20170121234841.964 INFO lxc_confile - confile.c:config_idmap:1531 - read uid map: type u nsid 0 hostid 100000 range 65536
lxc-create 20170121234841.964 INFO lxc_confile - confile.c:config_idmap:1531 - read uid map: type g nsid 0 hostid 100000 range 65536
lxc-create 20170121234842.593 ERROR lxc_container - lxccontainer.c:create_run_template:1297 - container creation template for test1 failed
lxc-create 20170121234842.596 INFO lxc_container - lxccontainer.c:container_destroy:2398 - Destroyed rootfs for test1
lxc-create 20170121234842.598 INFO lxc_container - lxccontainer.c:container_destroy:2414 - Destroyed directory for test1
lxc-create 20170121234842.598 ERROR lxc_create_ui - tools/lxc_create.c:main:318 - Error creating container test1
(Why is the timestamp in 2017? date(1) on the machine says 2018.)
A peek into the source revealed the culprit - actual effort appears to have
been put into making the relevant fetch command never log any errors.
And then some:
% grep 'null 2>&1' /usr/share/lxc/templates/lxc-download
if ! wget_wrapper -T 30 -q https://${DOWNLOAD_SERVER}/$1 -O $2 >/dev/null 2>&1; then
if ! wget_wrapper -T 30 -q http://${DOWNLOAD_SERVER}/$1 -O $2 >/dev/null 2>&1; then
--recv-keys ${DOWNLOAD_KEYID} >/dev/null 2>&1; then
if ! type $bin >/dev/null 2>&1; then
if ! type gpg >/dev/null 2>&1; then
if ! type mktemp >/dev/null 2>&1; then
chown -R $LXC_MAPPED_UID $LXC_CACHE_BASE >/dev/null 2>&1 || true
chgrp -R $LXC_MAPPED_GID $LXC_CACHE_BASE >/dev/null 2>&1 || true
chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
chgrp $LXC_MAPPED_GID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
Once I removed that from the gpg invocation, I got the answer:
gpg: keybox '/tmp/tmp.sxyjecGTyC/gpg/pubring.kbx' created
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/tmp/tmp.sxyjecGTyC/gpg/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/tmp/tmp.sxyjecGTyC/gpg/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/tmp/tmp.sxyjecGTyC/gpg/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr
Adding a check for the existence of dirmngr prior to executing
gpg --keyserver would be superfluous if all this stderr wasn't
explicitly hidden.
I see what might have prompted it - if it's shown by default, in case
where everything works, one still gets the following line printed:
gpg: keybox '/tmp/tmp.<randomstring>/gpg/pubring.kbx' created
But if that needs to be captured, then that is what should be done -
which is quite possible without discarding all of stderr.
Please fix it. TIA.
--
2. That which causes joy or happiness.
More information about the Pkg-lxc-devel
mailing list