Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2127118

Summary: Adjust location of aux-cache for image-based update systems
Product: Red Hat Enterprise Linux 9 Reporter: Colin Walters <walters>
Component: glibcAssignee: glibc team <glibc-bugzilla>
Status: CLOSED NOTABUG QA Contact: qe-baseos-tools-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: ashankar, codonell, dj, fweimer, mnewsome, pfrankli, sipoyare
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-15 19:56:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Colin Walters 2022-09-15 11:58:51 UTC 
For image based update systems (e.g. ostree and transitively rpm-ostree, used by RHEL for Edge and RHEL CoreOS today), one typically wants to define clear rules for which data is part of the read-only OS update stream and which is per-machine mutable state.  A bit on this in https://ostreedev.github.io/ostree/adapting-existing/#system-layout

The current glibc /var/cache/ldconfig/aux-cache is part of the former - it is a cache of data derived from /usr, and hence should live in /usr.  Having it be e.g. /usr/lib/ldconfig/aux-cache seems fine to me.

(I think it's possible for the ldconfig cache to also pick up entries from e.g. /usr/local - in that case, we want a separate cache at /usr/local/lib/ldconfig/aux-cache)


xref https://github.com/ostreedev/ostree-rs-ext/pull/367
Comment 1 Florian Weimer 2022-09-15 12:06:48 UTC 
It's not accurate that the cache file is derived from /usr. It is derived from the paths listed in /etc/ld.so.conf, which could point outside of /usr. At least it's a true cache, in the sense that it is optional (unlike /etc/ld.so.cache, which is not actually cache and thus misnamed).

As far as I can tell, glibc already complies with all FHS requirements around /var/cache (the main issue being that you can delete /var/cache/ldconfig at any time, and everything will still work), and as it's a true (optional) cache, it should indeed go under /var/cache. I'm not sure there is anything left to do for us here.
Comment 2 Colin Walters 2022-09-15 12:58:07 UTC 
>  It is derived from the paths listed in /etc/ld.so.conf, which could point outside of /usr.

Yes, though on a default install it doesn't.  

> As far as I can tell, glibc already complies with all FHS requirements around /var/cache (the main issue being that you can delete /var/cache/ldconfig at any time, and everything will still work), and as it's a true (optional) cache, it should indeed go under /var/cache. I'm not sure there is anything left to do for us here.

The FHS is an old document and was written before image-based update systems were popular (in some sense).  

Yes, it's a cache.  But what's crucial to note here is that because it's in /var, there's only *one copy* of it.  Whereas on an image-based system, there may be two (or more) copies of /usr.  Hence, having cache data not "lifecycle bound" with /usr can create atomicity problems.

What I'm suggesting is e.g. that we have one cache for /usr, and one for anything not in /usr.

I should be clear: This is not a critical problem today - today rpm-ostree just drops the file at build time, and I'm going to adjust the new container-native flow (https://fedoraproject.org/wiki/Changes/OstreeNativeContainer) to do so as well.  We can regenerate it per-machine on boot, or not do so.

But things would work better and be more elegant if data for /usr lived under /usr.

For another example of something that would work better if it was in /usr: OSTree supports IMA: https://ostreedev.github.io/ostree/ima/ - and a flow we want here is that the files under /usr are signed at build time.  There should not be mutated per-machine.  But a model where we regenerate /var/cache/ldconfig per-machine would inherently then not be signed.  And the data there is part of the critical "TCB" path, right?  If it's malicious data, then I could have glibc load a library I wrote (that's also not signed) in /usr/local/lib.  Whereas what we really want is to configure image-based RHEL systems (ostree, but also e.g. dm-verity and others) to *only execute signed code*, and to not allow code execution by writing to per-machine stateful partitions (/var).
Comment 3 Florian Weimer 2022-09-15 13:03:19 UTC 
(In reply to Colin Walters from comment #2)
> For another example of something that would work better if it was in /usr:
> OSTree supports IMA: https://ostreedev.github.io/ostree/ima/ - and a flow we
> want here is that the files under /usr are signed at build time.  There
> should not be mutated per-machine.  But a model where we regenerate
> /var/cache/ldconfig per-machine would inherently then not be signed.  And
> the data there is part of the critical "TCB" path, right?

No, it's only used by ldconfig, to speed up the generation of /etc/ld.so.cache. Maybe that's the core of the misunderstanding? You don't actually need it at all during normal operation, it's only purpose is to make ldconfig significantly faster (particularly on non-SSD storage).
Comment 4 Colin Walters 2022-09-15 19:56:25 UTC 
> No, it's only used by ldconfig, to speed up the generation of /etc/ld.so.cache. Maybe that's the core of the misunderstanding? You don't actually need it at all during normal operation, it's only purpose is to make ldconfig significantly faster (particularly on non-SSD storage).

Yes now that I look, I think you're right that I had confused this cache with /etc/ld.so.cache.
(Which would be nice to have in /usr potentially but it's not a big deal)

I did
https://github.com/ostreedev/ostree-rs-ext/pull/367
which will ensure we're consistently cleaning out /var/cache entirely (along with this cache file)
as part of OS container builds.

Thanks for the quick reply and discussion and pointing me in the right direction!