apt upgrading Kolibri tricks operator into changing KOLIBRI_USER (accidentally) damaging Kolibri installations

[holta]

1. Can Kolibri please consider changing this behavior (to preserve the prior Kolibri installation's KOLIBRI_USER, as the default) during apt upgrades? Thank you for please considering !!!

2. The problem is that Kolibri accidentally damages itself during upgrades.

   The operator who is apt upgrading Kolibri is unintentionally tricked into changing KOLIBRIUSER — to a new Linux username which then pre-populates the interactive screen below: (with a username like pi in the example below, which very problematically clobbers the prior KOLIBRIUSER)

   ┌────────────────────────┤ Kolibri configuration ├────────────────────────┐
   │ The default is to choose your preferred desktop user account, for       │
   │ instance to ensure access to importing data from external USB devices.  │
   │                                                                         │
   │ Entering a username that doesn't exist will create a new system user    │
   │ with home directory /var/<username>.                                    │
   │                                                                         │
   │ Which user account should own the Kolibri server?                       │
   │                                                                         │
   │ pi_____________________________________________________________________ │
   │                                                                         │
   │                                 <Ok>                                    │
   │                                                                         │
   └─────────────────────────────────────────────────────────────────────────┘

   System operators who choose the defaults (that's almost everybody!) then damage their Kolibri installation :cry:

   This is especially a problem when the original Kolibri install used a specially chosen Linux username, e.g. when Kolibri was installed as a part of http://internet-in-a-box.org or similar.

3. A Massive Thank You to @jredrejo for very patiently explaining this use of debconf here:

   https://github.com/learningequality/kolibri-installer-debian/blob/5f01725423f0bc5d93a8e57fb65e25c3edc46b13/debian/kolibri.scripts-common#L352-L357

4. Line 356 above overwrites the existing installation's kolibri/user (KOLIBRI_USER) which appears to be the root cause of this serious problem (hopefully @jredrejo can confirm!) Just FYI this exact same code appears in {kolibri.config, kolibri.postinst, kolibri.postrm, kolibri.preinst, kolibri.prerm} all 5 of which are in /var/lib/dpkg/info/

   Can Kolibri please consider generating a new KOLIBRI_USER default only as a last resort?

   Specifically: can Kolibri consider first checking for any/all existing KOLIBRI_USER settings (e.g. the contents of /etc/kolibri/username AND/OR all other places KOLIBRI_USER is properly stored, e.g. in /etc/kolibri/daemon.conf AND/OR /etc/kolibri/conf.d/* AND/OR $KOLIBRI_HOME/options.ini etc) — before accidentally tricking the (unknowing!) operator into unintentionally overwriting their existing Kolibri settings and installation?

   And then "fall back" to generating a new KOLIBRI_USER default from /etc/passwd account/uid 1000-9999 — if/when that proves truly necessary?

   (ASIDE: Avoiding the interactive prompt[s] altogether during apt upgrades might in fact be an even far better solution, once the default is hopefully corrected to be sensible, but admittedly that's a separate + more ambitious question ;-)

5. Interestingly, any prior apt install of Kolibri appears to save the correct value of KOLIBRIUSER into the Default: Line of /var/cache/debconf/templates.dat ! Or perhaps that's hard-coded as Default: kolibri — in any case here's an actual example, from an actual Internet-in-a-Box (IIAB): (regrettably this correct value is unfortunately then/later ignored during Kolibri apt upgrades)_

   Name: kolibri/user
   Default: kolibri
   Description: Which user account should own the Kolibri server?
   Description-es.utf-8: ¿Qué usuario ejecutará Kolibri?
   Extended_description: The default is to choose your preferred desktop user account, for instance to ensure access to importing data from external USB devices.\n\nEntering a username that doesn't exist will create a new system user with home directory /var/<username>.
   Extended_description-es.utf-8: La opción habitual es elegir la cuenta de usuario de escritorio que prefiera, de esa manera funcionará correctamente la opción de importar datos desde un dispositivo USB.\n\nSi teclea un nombre de usuario que no exista se creará un nuevo usuario del sistema con su directorio home en /var/<username>
   Type: string
   Owners: kolibri/user

6. Related Question: Line 35 of /etc/default/kolibri also ignores and overwrites (clobbers) any pre-existing KOLIBRI_HOME setting, in much the same way. This might be less serious (if it's not known to damage any existing Kolibri installations ?) But still might be addressed if it can possibly cause exactly the same kind of problems elsewhere / down the road?

   https://github.com/learningequality/kolibri-installer-debian/blob/5f01725423f0bc5d93a8e57fb65e25c3edc46b13/debian/startup/kolibri.default#L35

7. Can the broken URL in /etc/kolibri/README (also below) be fixed, if possible, so Kolibri's documentation on this topic[*] is more clear?

   https://github.com/learningequality/kolibri-installer-debian/blob/5f01725423f0bc5d93a8e57fb65e25c3edc46b13/debian/README.etc#L15-L19

   [*] Where should KOLIBRI_HOME and KOLIBRI_USER properly be set & stored — among all the many choices — to install a relatively future-proof + resilient/robust Kolibri?

Background:

• iiab/iiab#3357

Related:

• learningequality/kolibri-installer-debian#85

cc: @radinamatic

[holta]

@jredrejo @rtibbles can this fix perhaps be considered for Kolibri 0.16?

e.g. before end-of-year possibly?

cc: @radinamatic

[jredrejo]

hello @holta I haven't had a chance to answer properly all your questions, but in a first and shallow view, the only real issue I see is point 6 (and 7 , that's a minor change of https://kolibri.readthedocs.io/en/latest/advanced.html by https://kolibri.readthedocs.io/en/latest/manage/advanced.html). For the rest of the things you list, they seem to be either the way Debian packages work or things that were already fixed.

Anyway, I'll take a deeper look to all the points and, before EOY, I'll give a complete response. For point 6, I'll change it, if possible, so you can use it in your setup. I am not sure yet if that can be done, it depends on the method you use to set the ENV vars because it could be they are not visible from a script running from a service. It would be great if you can comment the way you set a pre-existing KOLIBRI_HOME). In any case, the purpose of the /etc/default/xxx files is to configure services. With the current package, without any changes on our side, you can just add a line with KOLIBRI_HOME=whatever at the end of the file and you'll have what you need for your setup.

[holta]

I'll take a deeper look to all the points

When you find time. Thanks @jredrejo.

Line 352 is the core of the failure: (that sends the train onto the wrong track!)

https://github.com/learningequality/kolibri-installer-debian/blob/5f01725423f0bc5d93a8e57fb65e25c3edc46b13/debian/kolibri.scripts-common#L352-L357

...as it leads to overriding/clobbering Kolibri's pre-existing KOLIBRI_USER (during essentially all apt upgrades).

[can you comment on] the way you set a pre-existing KOLIBRI_HOME

@benjaoming suggested Internet-in-a-Box set KOLIBRI_HOME into /etc/kolibri/daemon.conf as you can see here: https://github.com/iiab/iiab/blob/7bb5e1bfdab83eb3cc86b46f5adfdd129cf8cbfe/roles/kolibri/tasks/install.yml#L35-L38

Whereas he suggested Internet-in-a-Box set KOLIBRI_USER in /etc/kolibri/username as you can see here: https://github.com/iiab/iiab/blob/7bb5e1bfdab83eb3cc86b46f5adfdd129cf8cbfe/roles/kolibri/tasks/install.yml#L30-L33

Internet-in-a-Box would like to follow Kolibri's official/written documentation — to avoid surprises over many years to come! Can Kolibri restore access to this doc link mentioned in /etc/kolibri/README below (and Point 7.) helping to make that possible?

The local kolibri instance can be configured using the options.ini config file, located at $KOLIBRI_HOME/options.ini. By default, $KOLIBRI_HOME is ~/.kolibri. For more information, see:

https://kolibri.readthedocs.io/en/latest/advanced.html

[holta]

I'll take a deeper look to all the points

When you find time. Thanks @jredrejo.

@jredrejo will you have time to look into this as you mentioned above?

The doc in question https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#id2 is pasted in here:

(The problem is that in practice apt update and then upgrading accidentally tricks school sysadmin's into damaging their Kolibri installation — by changing KOLIBRI_USER from user kolibri to some other Linux username.)

[benjaoming]

@holta a configuration value for a Debian package will only be requested if it isn't already defined. AFAICT, this has never been a general issue and it would be quite prominent if it was.

For @jredrejo to have a reasonable possibility of working on it, you should probably reproduce the issue in an isolated and minimal case and write a very short, concise issue.

[holta]

The problem happens very often.

The reason is quite simple: Kolibri's Debian package does not honor /etc/kolibri/username during upgrades.

(So if there is a better place to set KOLIBRI_USER ~5 years after @benjaoming advised us to do that, that's the information we need 🙏 )

[benjaoming]

But can you write that in an accurate summary @holta ?

1. Install old kolibri.deb, make [x, y , z] choices
2. ???
3. Add PPA, run apt upgrade

[holta]

On Sept 26, 2022 @jredrejo wrote:

before EOY, I'll give a complete response.

Thank you @jredrejo for intending to help:

Can you explain why Kolibri's Debian package is quite simply ignoring /etc/kolibri/username during upgrades?

Should KOLIBRI_USER be encoded in a different place, if Kolibri recommendations have changed since 4-5 years ago?

[holta]

@jredrejo we all know @benjaoming is an angel doing his best. And extremely thankful for his countless contributions!

But 4-5 years have now passed, since he advised us to install Kolibri with KOLIBRI_USER and KOLIBRI_HOME as follows:

# cat /etc/kolibri/username
kolibri

# cat /etc/kolibri/daemon.conf
KOLIBRI_HOME="/library/kolibri"

So if there's a better place in 2023 to set both above, do please just let everyone know 🙇

[jredrejo]

@holta before the new kolibri release I've finally found time to work on these problems you're having. In order to set things clear after so many comments here, as a starting point. This is the list of issues I think are real or need work:

• https://kolibri.readthedocs.io/en/latest/advanced.html bad link in /etc/README (point 7 in this issue description) :
  • It's a acknowledge issue, easy to be fixed
  • /etc/default/kolibri (point 6) overriding KOLIBRI_HOME env var:
  • /etc/default files are intended to run daemons (using SysV init scripts or systemd nowadays, but should be deprecated in the latest case except for compatibility with previous versions). If you run kolibri without using the init script, kolibri will runs correctly using the env variables, which is good for sysadmins or cloud servers. If you use the init script you're responsible to set /etc/default/kolibri to the right values, and they'll override this variable.
• apt upgrade ignores existing /etc/kolibri/username(point 4):
  • I understand the circumstances under this might be happening, the PR associated with this issue is fine for me. I prefer the recommendation @benjaoming does to put all the flags in one place, so my intention is merging the PR as it is, The I'll do that small change in a follow up PR to polish all these points.

I think this must summarize all the points. I know some other things have been brought in the iiab repository but that's out of our scope in Learning Equality, any problem related to kolibri or its installation should be discussed in LE repositories to be tracked. The way other platforms use these products is out of LE control.

[holta]

Thanks @jredrejo!

Nobody wants to say this out loud 🤭 but the larger issue is that instructions to install Kolibri onto Debian/Ubuntu are rather stale[*] here: https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html

But thankfully @benjaoming and you have heroically helped Internet-in-a-Box communities fundamentally keep the train on the tracks, towards navigating this lack of clear recommendations, most recently in August 2022 here:

• PR iiab/iiab#3356

Thank You

[*] I don't know if Kolibri has a specific documentation point person, but if so here are a few other stale docs they should also consider fixing:

• https://github.com/iiab/iiab/pull/3514#issuecomment-1490258463

[jredrejo]

@holta a PR to try to update the package documentation is available at #118 . Glad to hear your comments. Just bear in mind that Debian package or installer documentation is just for this type of distribution.. General kolibri documentation that applies to every OS should be done or fixed in the kolibri repository.