Re: Scriptlet errors during manual installation of Fedora 23

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



    error: %prein(selinux-policy-targeted-3.13.1-157.fc23.noarch) scriptlet failed, exit status 126
    Error in PREIN scriptlet in rpm package selinux-policy-targeted

How can I diagnose this? Where can I dig out the exact reason why the scriptlets are failing?

Once you know a specific package that fails like that, you could query its
scriptlets section and try to reproduce manually:

   rpm -q --scripts selinux-policy-targeted

At the top find the %prein section. It doesn't do much, but it may run some
external commands.

Thanks a lot for the hint. So I tried looking at the very first package that had any failure at all (albeit nonfatal), during the initial filesystem installation. That was glibc. :-( It was a POSTIN failure.

"rpm -q --scripts glibc" tells me that "postinstall program" is set to /usr/sbin/glibc_post_upgrade.x86_64. This binary is both in the installation environment and in the sysimage (even twice, perhaps hardlinked, in /sbin and /usr/sbin).

When I chroot into the sysimage, I can run the glibc_post_upgrade.x86_64 binary just fine and its exit code is 0. Yet upon glibc (re)installation, I'm getting that non-fatal error message saying that its exit code was 126.

So the question is why glibc_post_upgrade.x86_64 can't be run by/from rpm. Does rpm try to execute the postinstall oneliner using a shell that could be missing? Executing simply "sh" in the sysimage chroot works fine though...

Could someone please point me to the sources of rpm/dnf/whatever where the "postinstall program" command gets executed? It seems that I can't reproduce the failure manually. And it's probably not worth looking into all the subsequent failures until I know more about the very first one.

OK, I think solved this. It was partially a human error and partially a tiny glitch in the blogpost linked from my original post. But I'll post the answer nonetheless, hoping that it could once help someone.

Short answer: First, you must "mount -o bind /sys/fs/selinux /mnt/sysimage/sys/fs/selinux". Second, also mount /mnt/sysimage/proc *before* attempting to install 'filesystem'. That's it. That's all.

How I found out where the problem was:
	1) I installed 'strace' into the installation environment (pretty straightforward). Not sure if you need network access for that, but I did have it, so I think I got it from updates or the like.
	2) I took the very first package with non-fatal errors, 'glibc', and reinstalled it under strace: "strace -f dnf install -y --releasever=23 --installroot=/mnt/sysimage glibc 2>/tmp/strace"
	3) In /tmp/strace, I grep'd for whatever could be related to a child exiting with code 126. And indeed, I found 2 messages saying that a process exited with code 126 (corresponding to 2 benign errors).
	4) In the strace messages of the failing child process, there were ~3 unsuccessful file accesses. Two were unsuccessful /proc accesses and the third one failed to open /sys/fs/selinux/enforce.
	5) And bingo! Indeed, /sys/fs/selinux/enforce (or anything else in /sys/fs/selinux) was simply not there, because "mount -o bind /sys ..." doesn't apply to mountpoints nested deeper in the directory.

So I wiped out the new root, recreated my complex structure of subvolumes, creating and mounting /sys, /sys/fs/selinux and /proc manually *before* the initial 'filesystem' package installation. Otherwise things seemed to start breaking from that point on.

The 'filesystem' package errors were non-fatal and therefore it could well be the case that the missing /sys/fs/selinux mount was the only culprit that caused my first installation attempt to fail. But to be on the safe side, next time I'll set up /proc, /sys, and /sys/fs/selinux manually.

OK, this is it. Bypassing Anaconda and doing a custom partition layout is perfectly feasible. :-) It just doesn't have a sufficient coverage in the documentation.

Cheers,
Andrej
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux