Bug 2256326 - Samba-winbind recommends "group(wbpriv)" but nothing provides it
Summary: Samba-winbind recommends "group(wbpriv)" but nothing provides it
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: samba
Version: 39
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-12-31 11:13 UTC by Göran Uddeborg
Modified: 2024-01-11 01:16 UTC (History)
9 users (show)

Fixed In Version: samba-4.19.4-2.fc40 samba-4.19.4-2.fc39
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-01-09 14:09:25 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SSSD-7060 0 None None None 2024-01-02 12:49:19 UTC

Description Göran Uddeborg 2023-12-31 11:13:10 UTC
The package samba-winbind has a "recommends" on "group(wbpriv)", but from what I can tell there is no package in the distribution that provides that resource.



Reproducible: Always

Steps to Reproduce:
1. dnf5 repoquery --recommends samba-winbind
2. dnf5 repoquery --whatprovides 'group(wbpriv)'

Actual Results:  
The first command lists "group(wbpriv)" but the second gives no suggestion how to fulfill the recommendation.

Expected Results:  
There should be something providing whatever is recommended as long as you stay within the distribution.

Comment 1 Alexander Bokovoy 2023-12-31 11:50:55 UTC
git grep -n wbpriv

samba.spec:1596:/usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || :
samba.spec:3471:%attr(750,root,wbpriv) %dir /var/lib/samba/winbindd_privileged

It is provided by the samba-winbind package.

# rpm -q --scripts samba-winbind
preinstall scriptlet (using /bin/sh):
/usr/sbin/groupadd -g 88 wbpriv >/dev/null 2>&1 || :
...


The dependency 'group(wbpriv)' is autogenerated by RPM infrastructure. There is no explicit dependency in the spec file.

Are you using a Silverblue or a similar variant which does not run preinstall scriplets?

Comment 2 Göran Uddeborg 2023-12-31 12:27:38 UTC
I'm running a regular system, and the group does exist on the system. Nothing in the system itself is broken. This report is only about the RPM metadata, thus "low" severity.

Would the "provide" also be autogenerated if the newer "sysusers" mechanism would have been used (https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/)? I don't package anything that needs extra users or groups and haven't looked to closely on that feature.

Comment 3 Alexander Bokovoy 2023-12-31 12:55:00 UTC
If samba-winbind would provide a sysusers.d file, then /usr/lib/rpm/sysusers.generate-pre.sh would generate a %preinstall section with an equivalent script to what is already in the spec, so I'd think there will be the same "provides" entry.

We already have that for two other sysusers snippets, so %sysusers_create_compat :

$ git grep -n sysusers
samba.spec:231:Source16:       samba-systemd-sysusers.conf
samba.spec:232:Source17:       samba-usershares-systemd-sysusers.conf
samba.spec:1401:install -d -m 0755 %{buildroot}%{_sysusersdir}
samba.spec:1402:install -m 0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/samba.conf
samba.spec:1403:install -m 0644 %{SOURCE17} %{buildroot}%{_sysusersdir}/samba-usershares.conf
samba.spec:1516:%sysusers_create_compat %{SOURCE16}
samba.spec:1590:%sysusers_create_compat %{SOURCE17}
samba.spec:1976:%{_sysusersdir}/samba.conf
samba.spec:3462:%{_sysusersdir}/samba-usershares.conf
samba.spec:4621:- Move group creation logic to sysusers.d fragment

# rpm -q --provides samba-common|grep group
group(printadmin) = ZyBwcmludGFkbWluIC0A

This is actually coming from /usr/lib/rpm/fileattrs/sysusers.attr, e.g. file attribute processor that takes sysusers.d file and generates provides:

# Create user(name) and group(name) provides for sysusers.
# For the primary item, encode the whole sysusers entry in base64, to be
# fed into systemd-sysusers or something else that can handle it.
# For groups created as a side-effect, only provide the group.

I guess if we switch wbpriv group to the same way, it will get the provides.

Comment 4 Fedora Update System 2024-01-09 12:37:14 UTC
FEDORA-2024-6c0f5c1351 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-6c0f5c1351

Comment 5 Fedora Update System 2024-01-09 13:02:37 UTC
FEDORA-2024-578e97f22f has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-578e97f22f

Comment 6 Fedora Update System 2024-01-09 14:09:25 UTC
FEDORA-2024-6c0f5c1351 has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 7 Fedora Update System 2024-01-10 01:48:15 UTC
FEDORA-2024-578e97f22f has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-578e97f22f`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-578e97f22f

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2024-01-11 01:16:39 UTC
FEDORA-2024-578e97f22f has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.