Installing fai-server makes Trisquel become Ubuntu by changing /etc/apt/sources.list

Project:Trisquel
Version:9.0
Component:Packages
Category:bug report
Priority:normal
Assigned:Unassigned
Status:patch (ready)
Description

Hi,

I've installed fai-server on a production Trisquel 9 VM as it can apparently create images, and that at home I only had LXC installation which didn't have loop support.

When installing it it shows the following postinstall message:

Setting up fai-server (5.3.6ubuntu1) ...
You might want to check fai.conf and nfsroot.conf in /etc/fai if you
like to go with the defaults. You should edit /etc/fai/apt/sources.list
/etc/fai/apt/sources.list is part of the fai-server package:
# dpkg -L fai-server  |grep /etc/fai/apt/sources.list
/etc/fai/apt/sources.list
After installing it, in /etc/fai/apt/sources.list we have:
# These lines should work for many sites

deb http://archive.ubuntu.com/ubuntu artful main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu artful-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu artful-updates main restricted universe multiverse

# repository that may contain newer fai packages for stretch
#deb [trusted=yes] http://fai-project.org/download stretch koeln
And maybe 1 day or more after having installed it, I found the content above being in /etc/apt/sources.list

Since I've auto-updates enabled (it's a production VM that needs to keep being secure), it then did the upgrades with Ubuntu sources.list.

Keeping fai-server and just replacing that /etc/fai/apt/sources.list will probably fix that.

I've also looked a bit in /etc/fai/ and I didn't find other problematic files.

Sat, 06/05/2021 - 21:39

Bill Auger in #trisquel pointed me to the following: https://github.com/faiproject/fai/blob/master/conf/sources.list

So it seems that Ubuntu is already changing the sources.list

Denis.

Mon, 06/14/2021 - 16:54

This is indeed a problem. Ubuntu's changelog for etiona's upstream says:

fai (5.3.6ubuntu1) artful; urgency=medium

 * Merge from Debian unstable. Remaining changes:
  - bin/fai-cd:
   + Add missing grub-common package.
  - conf/NFSROOT
   + Replace debian linux-image-* with linux-image-server.
  - conf/{sources.list, nfsroot.conf}:
   + Adjust to Ubuntu sources.
  - conf/nfsroot.conf:
   + Add "dhcp-client" to "--exclude" to FAI_DEBOOTSTRAP_OPTS.
  - examples/simple/scripts/GRUB_PC/10-setup:
   + Add command to regenerate grub.cfg.

So I believe you also should need to edit nfsroot.conf. I would not have the time to take care of this now, but I can make sure that you get the changes merged if you can contribute a fix. It should be a nice first issue to get started writing helpers :)

Tue, 08/24/2021 - 02:33

The issue is that for some reasons creating the configuration fails.

Here I'm using LXC with libvirt, so maybe lxc VMs with libvirt can't create dev nodes.

Here's the error I have:
~# BUILDDIST=etiona BUILDARCH=amd64 pbuilder create
W: /root/.pbuilderrc does not exist
I: Distribution is etiona.
I: Current time: Tue Aug 24 00:30:34 UTC 2021
I: pbuilder-time-stamp: 1629765034
I: Building the build environment
I: running debootstrap
/usr/sbin/debootstrap
mknod: /var/cache/pbuilder/build/19342/test-dev-null: Operation not permitted
E: Cannot install into target '/var/cache/pbuilder/build/19342' mounted with noexec or nodev
E: debootstrap failed
E: Tail of debootstrap.log:
tail: cannot open '/var/cache/pbuilder/build/19342/debootstrap/debootstrap.log' for reading: No such file or directory
W: Aborting with an error

Is there some tricks to do with the libvirt XML configuration to enable it to work?

Here I'm not concerned with security between the VM and the host (Parabola x86_64) at all since both are FSDG distributions and on that machine everything is free software but the GPU video BIOS and the SMU firmware in Coreboot.

Tue, 08/24/2021 - 03:20

I've managed to find a way around: https://libvirt.org/drvlxc.html#capabilities

We can simply add mknod by adding the following in features:

<capabilities policy='default'>
   <mknod state='on'/>
 </capabilities>
Mon, 09/20/2021 - 17:55
Status:active» patch (ready)