Bug 1280029 - libguestfs can run commands with stdin not open (or worse still, connected to arbitrary guest-chosen random devices)
libguestfs can run commands with stdin not open (or worse still, connected to...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: libguestfs (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Richard W.M. Jones
Fedora Extras Quality Assurance
: Reopened
: 1280288 1280290 1286996 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-10 14:10 EST by Kashyap Chamarthy
Modified: 2016-02-11 08:32 EST (History)
10 users (show)

See Also:
Fixed In Version: libguestfs-1.30.5-2.fc23 libguestfs-1.30.5-2.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1280034 (view as bug list)
Environment:
Last Closed: 2015-12-05 20:22:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kashyap Chamarthy 2015-11-10 14:10:10 EST
Description of problem
----------------------

Attempting to build a Fedora 23 image and updating its packages results
in `dnf update -y` failing with an AttributeError[1].  

    [...]
      File "/usr/lib/python3.4/site-packages/dnf/cli/cli.py", line 251, in gpgsigcheck
        if not sys.stdin.isatty() and not ay:
    AttributeError: 'NoneType' object has no attribute 'isatty'
    [...]

This seems like a `dnf` bug.  I'm filing it here since I noticed it in
the context of `virt-builder` (and a regular `dnf update -y` on the host
system works just fine.)


Version
-------

    $ uname -r
    4.2.5-300.fc23.x86_64

    $ rpm -q libguestfs-tools-c qemu-system-x86 libvirt-daemon-kvm dnf 
    libguestfs-tools-c-1.30.4-1.fc23.x86_64
    qemu-system-x86-2.4.1-1.fc23.x86_64
    libvirt-daemon-kvm-1.2.18.1-2.fc23.x86_64
    dnf-1.1.3-1.fc23.noarch


How reproducible: Consistently.


Steps to reproduce
------------------

Just invoke this command.

    $ virt-builder fedora-23 -o f23vm1.qcow2
        --format qcow2 --update --selinux-relabel
        --size 40G


Actual Results
--------------


    $ virt-builder fedora-23 -o f23vm1.qcow2 
        --format qcow2 --update --selinux-relabel 
        --size 40G
    [   1.5] Downloading: http://libguestfs.org/download/builder/fedora-23.xz
    ######################################################################## 100.0%
    [ 494.9] Planning how to build this image
    [ 494.9] Uncompressing
    [ 500.0] Resizing (using virt-resize) to expand the disk to 40.0G
    [ 528.1] Opening the new disk
    [ 545.2] Setting a random seed
    [ 545.2] Updating core packages
    
    [. . .]
    Delta RPMs reduced 93.7 MB of updates to 54.7 MB (41.1% saved)
    warning: /var/cache/dnf/updates-e042e478e0621ea6/packages/kernel-4.2.5-300.fc23.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 34ec9cba: NOKEY
    The downloaded packages were saved in cache till the next successful transaction.
    You can remove cached packages by executing 'dnf clean packages'.
    Traceback (most recent call last):
      File "/bin/dnf", line 35, in <module>
        main.user_main(sys.argv[1:], exit_code=True)
      File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 198, in user_main
        errcode = main(args)
      File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 84, in main
        return _main(base, args)
      File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 144, in _main
        ret = resolving(cli, base)
      File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 173, in resolving
        base.do_transaction(display=displays)
      File "/usr/lib/python3.4/site-packages/dnf/cli/cli.py", line 220, in do_transaction
        self.gpgsigcheck(downloadpkgs)
      File "/usr/lib/python3.4/site-packages/dnf/cli/cli.py", line 251, in gpgsigcheck
        if not sys.stdin.isatty() and not ay:
    AttributeError: 'NoneType' object has no attribute 'isatty'
    virt-builder: no 'uri' entry for 'rhel' in /etc/xdg/virt-builder/repos.d/rhel.conf, skipping it
    virt-builder: error: dnf -y update: command exited with an error
    
    If reporting bugs, run virt-builder with debugging enabled and include the 
    complete output:
    
      virt-builder -v -x [...]


Expected results
----------------

`virt-builder --update [...]` should complete successfully.


Additional information
----------------------

- A regular `dnf update -y` on the host system itself works just fine.

- Simple image building (without '--update') works fine as well:

    $ virt-builder fedora-23 -o f23vm2.qcow2 --format qcow2


[1] https://docs.python.org/2/library/exceptions.html#exceptions.AttributeError
Comment 1 Richard W.M. Jones 2015-11-10 14:26:31 EST
The minimal reproducer is just:

  $ virt-builder fedora-23 --update

I can reproduce this with virt-builder 1.31.24.

I feel justified in saying this is a dnf bug.  It shouldn't use
sys.stdin.isatty without checking that sys.stdin != None.

https://bugzilla.redhat.com/show_bug.cgi?id=1280034

However there is also a bug in libguestfs!  It turns out when
running external commands, we do:

  chroot ("/sysroot");
  close (0);
  open ("/dev/null"); /* opens as stdin */
  execlp ("dnf", "dnf", "update", NULL);

Unfortunately if /dev/null doesn't exist inside the guest chroot,
this means that fd 0 will not be connected to anything.
Comment 2 Richard W.M. Jones 2015-11-10 14:30:18 EST
I was going to say this is a security hole, but since the 'dnf' command
is already under the control of the guest, it doesn't seem to be.
Comment 3 Pino Toscano 2015-11-11 07:28:18 EST
*** Bug 1280288 has been marked as a duplicate of this bug. ***
Comment 4 Pino Toscano 2015-11-11 07:28:32 EST
*** Bug 1280290 has been marked as a duplicate of this bug. ***
Comment 5 Pino Toscano 2015-11-19 11:38:53 EST
Patch posted:
https://www.redhat.com/archives/libguestfs/2015-November/msg00168.html
Comment 6 Pino Toscano 2015-11-20 09:07:52 EST
Fixed with
https://github.com/libguestfs/libguestfs/commit/fd2f175ee79d29df101d353e2f380db27b19553a
which is in libguestfs >= 1.31.28.
Comment 7 Adam Williamson 2015-11-26 17:46:11 EST
Can we please have the fix backported to stable releases too? We (QA) really need either this fix or the DNF fix in F23, it's screwing with our ability to produce images for openQA testing.
Comment 8 Richard W.M. Jones 2015-11-27 03:53:06 EST
(In reply to awilliam@redhat.com from comment #7)
> Can we please have the fix backported to stable releases too? We (QA) really
> need either this fix or the DNF fix in F23, it's screwing with our ability
> to produce images for openQA testing.

We had a screw-up with libguestfs 1.30.5 which is going to take a bit
of time to fix and go through testing (bug 1285847).  Can we fix
dnf instead?  It looks as if your patch for dnf was accepted upstream.
Comment 9 Adam Williamson 2015-11-27 11:40:09 EST
yeah, DNF sent an update out today - hopefully that one will work.
Comment 10 Adam Williamson 2015-11-27 12:43:50 EST
rwmj: won't you have to re-generate the virt-builder 'template' image to include the updated DNF?
Comment 11 Richard W.M. Jones 2015-11-27 12:54:59 EST
Hmm, that is indeed true.  Let's put reassign this bug to Fedora
to fix libguestfs instead.
Comment 12 Richard W.M. Jones 2015-11-27 13:20:14 EST
Couple of builds running here which, if they complete, should contain
this fix:

http://koji.fedoraproject.org/koji/taskinfo?taskID=11995814 (f23)
http://koji.fedoraproject.org/koji/taskinfo?taskID=11995817 (f22)
Comment 13 Adam Williamson 2015-11-27 16:19:08 EST
both failed on x86_64.
Comment 14 Richard W.M. Jones 2015-11-27 16:48:42 EST
Stupid patch program doesn't set the executable bit on new files.
Comment 15 Fedora Update System 2015-11-28 02:15:48 EST
libguestfs-1.30.5-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-943e9fb63b
Comment 16 Fedora Update System 2015-11-28 02:15:52 EST
libguestfs-1.30.5-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bf4cbf156
Comment 17 Fedora Update System 2015-11-28 19:54:19 EST
libguestfs-1.30.5-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update libguestfs'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-1bf4cbf156
Comment 18 Fedora Update System 2015-11-28 21:22:58 EST
libguestfs-1.30.5-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update libguestfs'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-943e9fb63b
Comment 19 Richard W.M. Jones 2015-12-01 07:17:01 EST
*** Bug 1286996 has been marked as a duplicate of this bug. ***
Comment 20 Richard W.M. Jones 2015-12-01 08:13:16 EST
A new virt-builder Fedora 23 image has been uploaded that
includes dnf-1.1.4-2.fc23.

https://github.com/libguestfs/libguestfs/commit/59ea51d358e4e4d8c8ef6535760fcfc9bfe0a3a3
Comment 21 Fedora Update System 2015-12-05 20:21:56 EST
libguestfs-1.30.5-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 22 Fedora Update System 2015-12-16 04:53:11 EST
libguestfs-1.30.5-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.