Bug#1008202: usrmerge: conversion fails in Docker container (due to overlayfs)

Discussion:

(too old to reply)

Ansgar

2022-03-24 10:20:01 UTC

Package: usrmerge
Version: 25
Severity: normal

The usrmerge conversion fails in a Docker container:

+---
| Setting up usrmerge (25+nmu1) ...
| ionice: ioprio_set failed: Operation not permitted
| chrt: failed to set pid 594's policy: Operation not permitted
|
| FATAL ERROR:
| Can't rename /bin: Invalid cross-device link at /usr/lib/usrmerge/convert-usrmerge line 242.
|
| You can try correcting the errors reported and running again
| /usr/lib/usrmerge/convert-usrmerge until it will complete without errors.
| Do not install or update other Debian packages until the program
| has been run successfully.
+---

This should be the same as #945173.

I think we need to deal with this in some way. A possible solution
might also be to skip conversion in containers for now (as Docker
containers should probably not be upgraded from one Debian release to
a newer).

Ansgar

Ansgar

2022-03-24 17:50:01 UTC

Permalink

Post by Ansgar
| Can't rename /bin: Invalid cross-device link
I think we need to deal with this in some way. A possible solution
might also be to skip conversion in containers for now (as Docker
containers should probably not be upgraded from one Debian release to
a newer).

OpenSUSE seems to have chosen this solution as well. Quoting from [1]:

+---
| Upgrading layers of containers does not work (Bug 1187027).
| This is due to overlayfs. There is no workaround. Please re-deploy
| the base image instead.
+---[ https://en.opensuse.org/openSUSE:Usr_merge#State_in_openSUSE ]

The relevant change in their conversion program:

+---
| 45 +if [ "$(stat -f -c %T "${ROOT:-/}")" = "overlayfs" ]; then
| 46 + echo "UsrMerge conversion does not work on overlayfs"
| 47 + exit 1
| 48 +fi
+---[ https://build.opensuse.org/request/show/898435 ]

For Debian, I think usrmerge.postinst should skip conversion in case
overlayfs is used (without error, but possibly a warning message). With
this bookworm containers should be usable, but an upgrade of
containers[1] that still use the old filesystem layout from bookworm to
trixie would not be supported / would require the admin to handle
conversion to merged-/usr in some other way.

Ansgar

[1]: Or other environments that might use overlayfs.

Marco d'Itri

2022-03-24 18:10:01 UTC

Permalink

Post by Ansgar
For Debian, I think usrmerge.postinst should skip conversion in case
overlayfs is used (without error, but possibly a warning message). With

I agree. The base image can be trivially converted anyway by unpacking
it, using chroot, installing usrmerge and then repacking the image.

--
ciao,
Marco

Luca Boccassi

2022-03-29 23:10:01 UTC

Permalink

Control: tags -1 patch

Post by Marco d'Itri

Post by Ansgar
For Debian, I think usrmerge.postinst should skip conversion in case
overlayfs is used (without error, but possibly a warning message). With

I agree. The base image can be trivially converted anyway by

unpacking

Post by Marco d'Itri
it, using chroot, installing usrmerge and then repacking the image.
--
ciao,
Marco

Here's a MR that does that and a few bits of housekeeping:

https://salsa.debian.org/md/usrmerge/-/merge_requests/2

Tested with an unconverted chroot, opened with systemd-nspawn --
volatile=overlay --directory

--
Kind regards,
Luca Boccassi

Ansgar

2022-04-09 15:10:01 UTC

Permalink

Post by Marco d'Itri

Post by Ansgar
For Debian, I think usrmerge.postinst should skip conversion in case
overlayfs is used (without error, but possibly a warning message). With

I agree. The base image can be trivially converted anyway by unpacking
it, using chroot, installing usrmerge and then repacking the image.

I also wrote a patch for this some time ago, so you can choose between
mine and Luca's ;-)

Ansgar

Tom Levy

2023-08-10 20:30:01 UTC

Permalink

For people that have to convert a container but can't use the
unpacking method suggested by Marco, here is a simple workaround.

WARNING: This worked for me, but I don't know if it's safe. If
something goes wrong it can be *very* difficult to recover, so before
converting, I strongly recommend as a bare minimum to download/install
the package busybox-static and copy the busybox executable to a safe
location (and confirm using ldd that it's not a dynamic executable).

The idea of this workaround is to use mv from coreutils instead of
Perl's rename() function, since mv supports moving directories across
filesystems (by copying then removing the original). Unfortunately,
this is slower, so there will be a longer period of time where /bin
etc. won't exist.

Steps:

1. Change line 237 of /usr/lib/usrmerge/convert-usrmerge from

if (not rename($dir, "$dir~~delete~usrmerge~~")) { # XXX race

to

mv($dir, "$dir~~delete~usrmerge~~"); if (0) { # XXX race

2. Run /usr/lib/usrmerge/convert-usrmerge

I also attached a patch for convenience.

Cheers,
Tom