Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leap 15.6: SFTP share error - library paths changed #2856 #2858

Merged
merged 2 commits into from
Jul 3, 2024
Merged

Leap 15.6: SFTP share error - library paths changed #2856 #2858

merged 2 commits into from
Jul 3, 2024

Conversation

phillxnet
Copy link
Member

@phillxnet phillxnet commented Jun 26, 2024
edited
Loading

Move to dynamic discovery of bash & rsync libraries when populating ssh / sftp share chroot. Incidental dropping of the redundant chroot bin dir, we now use only /usr/bin for both the bash, and rsync binaries.

Fixes #2856

Associated development draft PR: #2857

@phillxnet
Leap 15.6: SFTP share error - library paths changed rockstor#2856
f47e708 
Move to dynamic discovery of bash & rsync libraries when
populating ssh / sftp share chroot. Incidental dropping
of the redundant chroot `bin` dir, we now use only
`/usr/bin` for both the `bash`, and `rsync` binaries.
@FroggyFlox FroggyFlox linked an issue Jun 27, 2024 that may be closed by this pull request
Leap 15.6: SFTP share error - library paths changed #2856
Closed
@phillxnet
Copy link
Member Author

phillxnet commented Jun 28, 2024
edited
Loading

Testing

As per documented setup:
"Secure File Transport Protocol (SFTP)"
https://rockstor.com/docs/interface/storage/file_sharing/sftp.html

  1. create sftp-user
  2. create sftp-share
  3. Edit sftp-share Access control to owner=sftp-user
  4. Add SFTP Share sftp-share

CLI client SFTP access

Indicating chroot with sftp-share mount point:

Leap 15.4

sftp sftp://sftp-user@rleap15-4.lan
Password: 
Connected to rleap15-4.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              36 Jun 28 10:38 .
drwxr-xr-x    1 0        0              36 Jun 28 10:38 ..
drwxr-xr-x    1 0        0             230 Jun 28 10:38 lib64
drwxr-xr-x    1 1012     0               0 Jun 28 10:37 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:38 usr
sftp> pwd
Remote working directory: /

Leap 15.5

sftp sftp://sftp-user@rleap15-5.lan
Password: 
Connected to rleap15-5.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              36 Jun 28 10:23 .
drwxr-xr-x    1 0        0              36 Jun 28 10:23 ..
drwxr-xr-x    1 0        0             212 Jun 28 10:23 lib64
drwxr-xr-x    1 1005     0               0 Jun 28 10:19 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:23 usr
sftp> pwd
Remote working directory: /

Leap 15.6

sftp sftp://sftp-user@rleap15-6.lan
Password: 
Connected to rleap15-6.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              36 Jun 28 10:23 .
drwxr-xr-x    1 0        0              36 Jun 28 10:23 ..
drwxr-xr-x    1 0        0             182 Jun 28 10:23 lib64
drwxr-xr-x    1 1006     0               0 Jun 28 10:19 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:23 usr
sftp> pwd
Remote working directory: /

Tumbleweed

sftp sftp://sftp-user@rtumbleweed.lan
Password: 
Connected to rtumbleweed.lan.
sftp> ls -la
drwxr-xr-x    1 root     root           36 Jun 28 10:23 .
drwxr-xr-x    1 root     root           36 Jun 28 10:23 ..
drwxr-xr-x    1 root     root          282 Jun 28 10:23 lib64
drwxr-xr-x    1 1002     root            0 Jun 28 10:19 sftp-share
drwxr-xr-x    1 root     root           16 Jun 28 10:23 usr
sftp> 
sftp> pwd
Remote working directory: /

@phillxnet
Copy link
Member Author

Tree of Chroot

Leap 15.4

rleap15-4:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libpthread.so.0
│   ├── libreadline.so.7
│   ├── libtinfo.so.6
│   └── libz.so.1
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.1.1
        ├── libjitterentropy.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        └── libzstd.so.1

5 directories, 17 files

Leap 15.5

rleap15-5:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libpthread.so.0
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.1.1
        ├── libjitterentropy.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

5 directories, 17 files

Leap 15.6

rleap15-6:~ #  tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

5 directories, 15 files

Tumbleweed

rtumbleweed:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libc.so.6
│   ├── libcrypto.so.3
│   ├── liblz4.so.1
│   ├── libpopt.so.0
│   ├── libreadline.so.8
│   ├── libtinfo.so.6
│   ├── libxxhash.so.0
│   ├── libz.so.1
│   └── libzstd.so.1
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64

6 directories, 13 files

@phillxnet
Copy link
Member Author

phillxnet commented Jun 28, 2024
edited
Loading

Testing aarch64

Leap 15.5, 15.6, Tumbleweed

At (4.) we have a failure re ld-linux-aarch64.so.1
N.B. test differences in systems

  • x86_64 systems used dedicated data pool for sftp-share.
  • aarch64 systems used ROOT pool for sftp-share.
 [Errno 2] No such file or directory: '/mnt3/sftp-user/lib/ld-linux-aarch64.so.1'

            Traceback (most recent call last):
  File "/opt/rockstor/src/rockstor/rest_framework_custom/generic_view.py", line 41, in _handle_exception
    yield
  File "/opt/rockstor/src/rockstor/storageadmin/views/sftp.py", line 82, in post
    rsync_for_sftp(chroot_loc)
  File "/opt/rockstor/src/rockstor/system/ssh.py", line 251, in rsync_for_sftp
    copy(lib, f"{chroot_loc}{lib}")
  File "/usr/lib64/python3.11/shutil.py", line 431, in copy
    copyfile(src, dst, follow_symlinks=follow_symlinks)
  File "/usr/lib64/python3.11/shutil.py", line 258, in copyfile
    with open(dst, 'wb') as fdst:
         ^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/mnt3/sftp-user/lib/ld-linux-aarch64.so.1'

Chroot status post above error:
Leap 15.6 aarch64

rleap15-6aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── libacl.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

And ldd as per test data:

rleap15-6aarch64:~ # ldd /usr/bin/bash
        linux-vdso.so.1 (0x0000ffffa5c8f000)
        libreadline.so.7 => /lib64/libreadline.so.7 (0x0000ffffa5ac0000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffa5a90000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffa58d0000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffa5c52000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffffa5880000)
rleap15-6aarch64:~ # ldd /usr/bin/rsync
        linux-vdso.so.1 (0x0000ffffbf3a4000)
        libacl.so.1 => /lib64/libacl.so.1 (0x0000ffffbf280000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x0000ffffbf240000)
        libpopt.so.0 => /usr/lib64/libpopt.so.0 (0x0000ffffbf210000)
        liblz4.so.1 => /usr/lib64/liblz4.so.1 (0x0000ffffbf1c0000)
        libzstd.so.1 => /usr/lib64/libzstd.so.1 (0x0000ffffbf0f0000)
        libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x0000ffffbecb0000)
        libslp.so.1 => /usr/lib64/libslp.so.1 (0x0000ffffbec70000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffbeab0000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffbf367000)
        libattr.so.1 => /lib64/libattr.so.1 (0x0000ffffbea80000)

and we have:

rleap15-6aarch64:~ # ls -la /lib/ld-linux-aarch64.so.1 
-rwxr-xr-x 1 root root 232920 Jun  4 14:38 /lib/ld-linux-aarch64.so.1

@phillxnet
Copy link
Member Author

We may just be failing on the /lib dir availability for aarch64 in the current PR form.

rleap15-6:~ # ldd /usr/bin/bash
        linux-vdso.so.1 (0x00007ffce9d6f000)
        libreadline.so.7 => /lib64/libreadline.so.7 (0x00007fe8fa200000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fe8fa932000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fe8f9e00000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x00007fe8fa5d1000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fe8fa93f000)

I.e. we create /lib64:

run_command([MKDIR, "-p", f"{chroot_loc}/lib64"], log=True)

but no lib.

@phillxnet
Copy link
Member Author

To investigate the last Leap version in aarch64 that used our previously hard-coded /lib64 for ld-linux-aarch64.so.1 an install using a leap 15.3 aarch64 installer was created (Rockstor-Leap15.3-ARM64EFI.aarch64-4.1.0-0.raw.xz).

installerARM64EFI-raw:~ # ldd /usr/bin/bash
	linux-vdso.so.1 (0x0000ffffbca4e000)
	libreadline.so.7 => /lib64/libreadline.so.7 (0x0000ffffbc89c000)
	libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffbc87b000)
	libc.so.6 => /lib64/libc.so.6 (0x0000ffffbc6f5000)
	/lib/ld-linux-aarch64.so.1 (0x0000ffffbca10000)
	libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffffbc6ac000)

But we have an accompanying:

installerARM64EFI-raw:~ # ls -la /lib64/ld-linux-aarch64.so.1
lrwxrwxrwx 1 root root 10 Nov 24  2021 /lib64/ld-linux-aarch64.so.1 -> ld-2.31.so

installerARM64EFI-raw:~ # ls -la /lib/ld-linux-aarch64.so.1
lrwxrwxrwx 1 root root 17 Nov 24  2021 /lib/ld-linux-aarch64.so.1 -> /lib64/ld-2
.31.so

15.4 aarch64

rleap15-4aarch64:~ # ldd /usr/bin/bash
        linux-vdso.so.1 (0x0000ffffb1267000)
        libreadline.so.7 => /lib64/libreadline.so.7 (0x0000ffffb1090000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffb1060000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffb0ed0000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffb1229000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffffb0e80000)

also with an accompanying:

rleap15-4aarch64:~ # ls -la /lib64/ld-linux-aarch64.so.1 
lrwxrwxrwx 1 root root 10 Oct  5  2023 /lib64/ld-linux-aarch64.so.1 -> ld-2.31.so

rleap15-4aarch64:~ # ls -la /lib/ld-linux-aarch64.so.1 
lrwxrwxrwx 1 root root 17 Oct  5  2023 /lib/ld-linux-aarch64.so.1 -> /lib64/ld-2.31.so

15.5 aarch64

rleap15-5aarch64:~ #  ldd /usr/bin/bash
        linux-vdso.so.1 (0x0000ffffa8fcd000)
        libreadline.so.7 => /lib64/libreadline.so.7 (0x0000ffffa8e00000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffa8dd0000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffa8c40000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffa8f8f000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffffa8bf0000)

Similarly:

rleap15-5aarch64:~ # ls -la /lib64/ld-linux-aarch64.so.1 
lrwxrwxrwx 1 root root 10 May 16 12:38 /lib64/ld-linux-aarch64.so.1 -> ld-2.31.so

rleap15-5aarch64:~ # ls -la /lib/ld-linux-aarch64.so.1 
lrwxrwxrwx 1 root root 17 May 16 12:41 /lib/ld-linux-aarch64.so.1 -> /lib64/ld-2.31.so

So it seems our prior aarch64 hard coding to /lib64 worked by virtue of sourcing a link, and using that links path. Where-as ldd reports this file, which our new setup copies the path for, and tries to re-create in the same location it is found & reported by ldd, but the parent /lib location is not created.

@phillxnet
Fix aarch64 sftp chroot path failure re ldd sourcing rockstor#2856
cd313e8 
Ldd reports /lib for ld-linux-aarch64.so.1, this needs
to exist for our chroot copy to work. Previously we sourced
a link from /lib64 which we do already create.
@phillxnet
Copy link
Member Author

phillxnet commented Jun 28, 2024
edited
Loading

Following on from the last patch commit here, where we now create a /lib dir in our chroot - prior to lib coping, we have a successful aarch64 result:

Testing aarch64 post patch

Leap 15.4

sftp sftp://sftp-user@rleap15-4aarch64.lan
Password: 
Connected to rleap15-4aarch64.lan.
sftp> ls -la
drwxr-xr-x    1 root     root           42 Jun 28 16:07 .
drwxr-xr-x    1 root     root           42 Jun 28 16:07 ..
drwxr-xr-x    1 root     root           42 Jun 28 16:07 lib
drwxr-xr-x    1 root     root          190 Jun 28 16:07 lib64
drwxr-xr-x    1 sftp-user root            0 Jun 28 16:06 sftp-share
drwxr-xr-x    1 root     root           16 Jun 28 16:07 usr

tree:

rleap15-4aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
│   └── ld-linux-aarch64.so.1
├── lib64
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libpthread.so.0
│   ├── libreadline.so.7
│   ├── libtinfo.so.6
│   └── libz.so.1
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.1.1
        ├── libjitterentropy.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        └── libzstd.so.1

6 directories, 17 files

Leap 15.5

sftp sftp://sftp-user@rleap15-5aarch64.lan
Password: 
Connected to rleap15-5aarch64.lan.
sftp> ls -la
drwxr-xr-x    1 root     root           42 Jun 28 16:12 .
drwxr-xr-x    1 root     root           42 Jun 28 16:12 ..
drwxr-xr-x    1 root     root           42 Jun 28 16:12 lib
drwxr-xr-x    1 root     root          172 Jun 28 16:12 lib64
drwxr-xr-x    1 sftp-user root            0 Jun 28 11:08 sftp-share
drwxr-xr-x    1 root     root           16 Jun 28 11:11 usr

tree

rleap15-5aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
│   └── ld-linux-aarch64.so.1
├── lib64
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libpthread.so.0
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.1.1
        ├── libjitterentropy.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

6 directories, 17 files

Leap 15.6

sftp sftp://sftp-user@rleap15-6aarch64.lan
Password: 
Connected to rleap15-6aarch64.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              42 Jun 28 15:23 .
drwxr-xr-x    1 0        0              42 Jun 28 15:23 ..
drwxr-xr-x    1 0        0              42 Jun 28 15:23 lib
drwxr-xr-x    1 0        0             142 Jun 28 15:23 lib64
drwxr-xr-x    1 1002     0               0 Jun 28 11:09 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 11:16 usr

with the following files:

rleap15-6aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
│   └── ld-linux-aarch64.so.1
├── lib64
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

6 directories, 15 files

Tumbleweed

sftp sftp://sftp-user@rtumbleweed-aarch64.lan
Password: 
Connected to rtumbleweed-aarch64.lan.
sftp> ls -la
drwxr-xr-x    1 root     root           42 Jun 28 16:56 .
drwxr-xr-x    1 root     root           42 Jun 28 16:56 ..
drwxr-xr-x    1 root     root           42 Jun 28 16:56 lib
drwxr-xr-x    1 root     root          242 Jun 28 16:56 lib64
drwxr-xr-x    1 sftp-user root            0 Jun 28 11:09 sftp-share
drwxr-xr-x    1 root     root           16 Jun 28 11:18 usr

Tree:

rtumbleweed-aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
│   └── ld-linux-aarch64.so.1
├── lib64
│   ├── libacl.so.1
│   ├── libc.so.6
│   ├── libcrypto.so.3
│   ├── liblz4.so.1
│   ├── libpopt.so.0
│   ├── libreadline.so.8
│   ├── libtinfo.so.6
│   ├── libxxhash.so.0
│   ├── libz.so.1
│   └── libzstd.so.1
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64

7 directories, 13 files

@phillxnet
Copy link
Member Author

phillxnet commented Jun 28, 2024
edited
Loading

Post /lib patch for aarch64

A x86_64 Leap 15.6 instance was retested with the expected empty /lib directory but all sftp access working as per pre-patch.

sftp sftp://sftp-user@rleap15-6.lan
Password: 
Connected to rleap15-6.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              42 Jun 28 17:01 .
drwxr-xr-x    1 0        0              42 Jun 28 17:01 ..
drwxr-xr-x    1 0        0               0 Jun 28 17:01 lib
drwxr-xr-x    1 0        0             182 Jun 28 10:23 lib64
drwxr-xr-x    1 1006     0               0 Jun 28 10:19 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:23 usr

Tree:

rleap15-6:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

6 directories, 15 files

@phillxnet
Copy link
Member Author

@FroggyFlox & @Hooverdan96
Ready or review - I'm proposing we leave the two commits here give the make-work alternative and that we have a potential hack of sorts here . But hopefully far less so than what it replaces (hard-wired libs) :). This may-well need us to re-visit, re rsync function or other binary hosting in chroot etc. But for now, with this PR, we have a return of the main function of SFTP setup & access on all currently serviced rpm targets (15.4 - 15.6 & TW) in both x86_64 & aarch64. We can address rsync functionality as and when an issue arises.

@FroggyFlox
Copy link
Member

Thank you so much @phillxnet for taking the time and effort in fixing this the right way. I should have done last time I adjusted those hard coded libs; my apologies for thinking it would be sustainable.

Given your extensive (and very tedious) and thorough testing, I'm very confident it's ready to be merged in my opinion. I'm not sure when I'll be able to actually test it but after looking at the changes, it looks good to me.

@phillxnet phillxnet merged commit 1270061 into rockstor:testing Jul 3, 2024
@phillxnet phillxnet deleted the 2856-Leap-15.6-SFTP-share-error---library-paths-changed branch July 3, 2024 10:05
This was referenced Jul 3, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Leap 15.6: SFTP share error - library paths changed
2 participants
@phillxnet @FroggyFlox