Web lists-archives.com

Re: DPKG install fails with read only filesystem on non read-only filesystem




Hello again,

this is a wonderful case where rubberduck-debugging might have made
sense. Right after submitting this mail I found the error.

The webserver that runs the install script has a systemd unit with
ProtectSystem=full
set.

This prevents writes to /usr even though its not specifically read only.
Since with sudo its a subprocess of the parent this restriction also
applies to the install script.

Sorry for the spam, I hope this entry might help future people with a
similar problem,
Felix

On 26/03/2017 17:46, Felix Winterhalter wrote:
> Hello,
> 
> for various reasons I am currently writing a script to install packages
> by calling dpkg -i package.deb.
> 
> This mechanism has worked fine for a while. Now I need to call said
> script using sudo noninteractively from a webserver.
> 
> This leads me to my error:
> 
> Mar 26 11:36:42 debbuilder package-updater[32246]: (Reading database ...
> 124404 files and directories currently installed.)
> Mar 26 11:36:42 debbuilder package-updater[32246]: Preparing to unpack
> .../package_0.2_all.deb ...
> Mar 26 11:36:42 debbuilder package-updater[32246]: Unpacking package
> (0.2) over (0.2) ...
> Mar 26 11:36:42 debbuilder package-updater[32246]: dpkg: error
> processing archive /tmp/package-update-unpack/unpack/package_0.2_all.deb
> (--install):
> Mar 26 11:36:42 debbuilder package-updater[32246]: unable to clean up
> mess surrounding `./usr/share/doc/package' before installing another
> version: Read-only file system
> Mar 26 11:36:42 debbuilder package-updater[32246]: Errors were
> encountered while processing:
> Mar 26 11:36:42 debbuilder package-updater[32246]:
> /tmp/package-update-unpack/unpack/package_0.2_all.deb
> 
> Neither /tmp nor /usr is non writeable.
> 
> Calling the package install script manually via sudo from a normal user
> runs everything as normal without any error. So the package itself is
> not a problem ( apparently ).
> 
> I've been trying to find the source of this error since a couple of
> hours now. I haven't been able to make any real progress and was
> wondering whether anyone here would have an idea whats going wrong.
> 
> This error is happening on two independent debian systems.
> 
> / is mounted
> 
> /dev/sda1 on / type ext4 (rw,relatime,data=ordered)
> 
> tmp is a normal folder not another mountpoint
> 
> The packages are uploaded via a python webserver. However the package
> integrity is checked before applying the install. The packages
> themselves are intact.
> 
> Best regards,
> Felix
>