Leap 15.6: SFTP share error - library paths changed #2856

[phillxnet]

Move to dynamic discovery of bash & rsync libraries when populating ssh / sftp share chroot. Incidental dropping of the redundant chroot bin dir, we now use only /usr/bin for both the bash, and rsync binaries.

Fixes #2856

---

Associated development draft PR: #2857

[phillxnet]

Testing

As per documented setup: "Secure File Transport Protocol (SFTP)" https://rockstor.com/docs/interface/storage/file_sharing/sftp.html

1. create sftp-user
2. create sftp-share
3. Edit sftp-share Access control to owner=sftp-user
4. Add SFTP Share sftp-share

CLI client SFTP access

Indicating chroot with sftp-share mount point:

Leap 15.4

sftp sftp://sftp-user@rleap15-4.lan
Password: 
Connected to rleap15-4.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              36 Jun 28 10:38 .
drwxr-xr-x    1 0        0              36 Jun 28 10:38 ..
drwxr-xr-x    1 0        0             230 Jun 28 10:38 lib64
drwxr-xr-x    1 1012     0               0 Jun 28 10:37 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:38 usr
sftp> pwd
Remote working directory: /

Leap 15.5

sftp sftp://sftp-user@rleap15-5.lan
Password: 
Connected to rleap15-5.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              36 Jun 28 10:23 .
drwxr-xr-x    1 0        0              36 Jun 28 10:23 ..
drwxr-xr-x    1 0        0             212 Jun 28 10:23 lib64
drwxr-xr-x    1 1005     0               0 Jun 28 10:19 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:23 usr
sftp> pwd
Remote working directory: /

Leap 15.6

sftp sftp://sftp-user@rleap15-6.lan
Password: 
Connected to rleap15-6.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              36 Jun 28 10:23 .
drwxr-xr-x    1 0        0              36 Jun 28 10:23 ..
drwxr-xr-x    1 0        0             182 Jun 28 10:23 lib64
drwxr-xr-x    1 1006     0               0 Jun 28 10:19 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:23 usr
sftp> pwd
Remote working directory: /

Tumbleweed

sftp sftp://sftp-user@rtumbleweed.lan
Password: 
Connected to rtumbleweed.lan.
sftp> ls -la
drwxr-xr-x    1 root     root           36 Jun 28 10:23 .
drwxr-xr-x    1 root     root           36 Jun 28 10:23 ..
drwxr-xr-x    1 root     root          282 Jun 28 10:23 lib64
drwxr-xr-x    1 1002     root            0 Jun 28 10:19 sftp-share
drwxr-xr-x    1 root     root           16 Jun 28 10:23 usr
sftp> 
sftp> pwd
Remote working directory: /

[phillxnet]

Tree of Chroot

Leap 15.4

rleap15-4:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libpthread.so.0
│   ├── libreadline.so.7
│   ├── libtinfo.so.6
│   └── libz.so.1
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.1.1
        ├── libjitterentropy.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        └── libzstd.so.1

5 directories, 17 files

Leap 15.5

rleap15-5:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libpthread.so.0
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.1.1
        ├── libjitterentropy.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

5 directories, 17 files

Leap 15.6

rleap15-6:~ #  tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

5 directories, 15 files

Tumbleweed

rtumbleweed:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libc.so.6
│   ├── libcrypto.so.3
│   ├── liblz4.so.1
│   ├── libpopt.so.0
│   ├── libreadline.so.8
│   ├── libtinfo.so.6
│   ├── libxxhash.so.0
│   ├── libz.so.1
│   └── libzstd.so.1
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64

6 directories, 13 files

[phillxnet]

Testing aarch64

Leap 15.5, 15.6, Tumbleweed

At (4.) we have a failure re ld-linux-aarch64.so.1 N.B. test differences in systems

• x86_64 systems used dedicated data pool for sftp-share.

• aarch64 systems used ROOT pool for sftp-share.

  [Errno 2] No such file or directory: '/mnt3/sftp-user/lib/ld-linux-aarch64.so.1'
  
          Traceback (most recent call last):
  File "/opt/rockstor/src/rockstor/rest_framework_custom/generic_view.py", line 41, in _handle_exception
  yield
  File "/opt/rockstor/src/rockstor/storageadmin/views/sftp.py", line 82, in post
  rsync_for_sftp(chroot_loc)
  File "/opt/rockstor/src/rockstor/system/ssh.py", line 251, in rsync_for_sftp
  copy(lib, f"{chroot_loc}{lib}")
  File "/usr/lib64/python3.11/shutil.py", line 431, in copy
  copyfile(src, dst, follow_symlinks=follow_symlinks)
  File "/usr/lib64/python3.11/shutil.py", line 258, in copyfile
  with open(dst, 'wb') as fdst:
       ^^^^^^^^^^^^^^^
  FileNotFoundError: [Errno 2] No such file or directory: '/mnt3/sftp-user/lib/ld-linux-aarch64.so.1'

Chroot status post above error: Leap 15.6 aarch64

rleap15-6aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib64
│   ├── libacl.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

And ldd as per test data:

rleap15-6aarch64:~ # ldd /usr/bin/bash
        linux-vdso.so.1 (0x0000ffffa5c8f000)
        libreadline.so.7 => /lib64/libreadline.so.7 (0x0000ffffa5ac0000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffa5a90000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffa58d0000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffa5c52000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffffa5880000)
rleap15-6aarch64:~ # ldd /usr/bin/rsync
        linux-vdso.so.1 (0x0000ffffbf3a4000)
        libacl.so.1 => /lib64/libacl.so.1 (0x0000ffffbf280000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x0000ffffbf240000)
        libpopt.so.0 => /usr/lib64/libpopt.so.0 (0x0000ffffbf210000)
        liblz4.so.1 => /usr/lib64/liblz4.so.1 (0x0000ffffbf1c0000)
        libzstd.so.1 => /usr/lib64/libzstd.so.1 (0x0000ffffbf0f0000)
        libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x0000ffffbecb0000)
        libslp.so.1 => /usr/lib64/libslp.so.1 (0x0000ffffbec70000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffbeab0000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffbf367000)
        libattr.so.1 => /lib64/libattr.so.1 (0x0000ffffbea80000)

and we have:

rleap15-6aarch64:~ # ls -la /lib/ld-linux-aarch64.so.1 
-rwxr-xr-x 1 root root 232920 Jun  4 14:38 /lib/ld-linux-aarch64.so.1

[phillxnet]

We may just be failing on the /lib dir availability for aarch64 in the current PR form.

rleap15-6:~ # ldd /usr/bin/bash
        linux-vdso.so.1 (0x00007ffce9d6f000)
        libreadline.so.7 => /lib64/libreadline.so.7 (0x00007fe8fa200000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007fe8fa932000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fe8f9e00000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x00007fe8fa5d1000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fe8fa93f000)

I.e. we create /lib64:

run_command([MKDIR, "-p", f"{chroot_loc}/lib64"], log=True)

but no lib.

[phillxnet]

To investigate the last Leap version in aarch64 that used our previously hard-coded /lib64 for ld-linux-aarch64.so.1 an install using a leap 15.3 aarch64 installer was created (Rockstor-Leap15.3-ARM64EFI.aarch64-4.1.0-0.raw.xz).

installerARM64EFI-raw:~ # ldd /usr/bin/bash
    linux-vdso.so.1 (0x0000ffffbca4e000)
    libreadline.so.7 => /lib64/libreadline.so.7 (0x0000ffffbc89c000)
    libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffbc87b000)
    libc.so.6 => /lib64/libc.so.6 (0x0000ffffbc6f5000)
    /lib/ld-linux-aarch64.so.1 (0x0000ffffbca10000)
    libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffffbc6ac000)

But we have an accompanying:

installerARM64EFI-raw:~ # ls -la /lib64/ld-linux-aarch64.so.1
lrwxrwxrwx 1 root root 10 Nov 24  2021 /lib64/ld-linux-aarch64.so.1 -> ld-2.31.so

installerARM64EFI-raw:~ # ls -la /lib/ld-linux-aarch64.so.1
lrwxrwxrwx 1 root root 17 Nov 24  2021 /lib/ld-linux-aarch64.so.1 -> /lib64/ld-2
.31.so

15.4 aarch64

rleap15-4aarch64:~ # ldd /usr/bin/bash
        linux-vdso.so.1 (0x0000ffffb1267000)
        libreadline.so.7 => /lib64/libreadline.so.7 (0x0000ffffb1090000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffb1060000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffb0ed0000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffb1229000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffffb0e80000)

also with an accompanying:

rleap15-4aarch64:~ # ls -la /lib64/ld-linux-aarch64.so.1 
lrwxrwxrwx 1 root root 10 Oct  5  2023 /lib64/ld-linux-aarch64.so.1 -> ld-2.31.so

rleap15-4aarch64:~ # ls -la /lib/ld-linux-aarch64.so.1 
lrwxrwxrwx 1 root root 17 Oct  5  2023 /lib/ld-linux-aarch64.so.1 -> /lib64/ld-2.31.so

15.5 aarch64

rleap15-5aarch64:~ #  ldd /usr/bin/bash
        linux-vdso.so.1 (0x0000ffffa8fcd000)
        libreadline.so.7 => /lib64/libreadline.so.7 (0x0000ffffa8e00000)
        libdl.so.2 => /lib64/libdl.so.2 (0x0000ffffa8dd0000)
        libc.so.6 => /lib64/libc.so.6 (0x0000ffffa8c40000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffffa8f8f000)
        libtinfo.so.6 => /lib64/libtinfo.so.6 (0x0000ffffa8bf0000)

Similarly:

rleap15-5aarch64:~ # ls -la /lib64/ld-linux-aarch64.so.1 
lrwxrwxrwx 1 root root 10 May 16 12:38 /lib64/ld-linux-aarch64.so.1 -> ld-2.31.so

rleap15-5aarch64:~ # ls -la /lib/ld-linux-aarch64.so.1 
lrwxrwxrwx 1 root root 17 May 16 12:41 /lib/ld-linux-aarch64.so.1 -> /lib64/ld-2.31.so

So it seems our prior aarch64 hard coding to /lib64 worked by virtue of sourcing a link, and using that links path. Where-as ldd reports this file, which our new setup copies the path for, and tries to re-create in the same location it is found & reported by ldd, but the parent /lib location is not created.

[phillxnet]

Following on from the last patch commit here, where we now create a /lib dir in our chroot - prior to lib coping, we have a successful aarch64 result:

Testing aarch64 post patch

Leap 15.4

sftp sftp://sftp-user@rleap15-4aarch64.lan
Password: 
Connected to rleap15-4aarch64.lan.
sftp> ls -la
drwxr-xr-x    1 root     root           42 Jun 28 16:07 .
drwxr-xr-x    1 root     root           42 Jun 28 16:07 ..
drwxr-xr-x    1 root     root           42 Jun 28 16:07 lib
drwxr-xr-x    1 root     root          190 Jun 28 16:07 lib64
drwxr-xr-x    1 sftp-user root            0 Jun 28 16:06 sftp-share
drwxr-xr-x    1 root     root           16 Jun 28 16:07 usr

tree:

rleap15-4aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
│   └── ld-linux-aarch64.so.1
├── lib64
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libpthread.so.0
│   ├── libreadline.so.7
│   ├── libtinfo.so.6
│   └── libz.so.1
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.1.1
        ├── libjitterentropy.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        └── libzstd.so.1

6 directories, 17 files

Leap 15.5

sftp sftp://sftp-user@rleap15-5aarch64.lan
Password: 
Connected to rleap15-5aarch64.lan.
sftp> ls -la
drwxr-xr-x    1 root     root           42 Jun 28 16:12 .
drwxr-xr-x    1 root     root           42 Jun 28 16:12 ..
drwxr-xr-x    1 root     root           42 Jun 28 16:12 lib
drwxr-xr-x    1 root     root          172 Jun 28 16:12 lib64
drwxr-xr-x    1 sftp-user root            0 Jun 28 11:08 sftp-share
drwxr-xr-x    1 root     root           16 Jun 28 11:11 usr

tree

rleap15-5aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
│   └── ld-linux-aarch64.so.1
├── lib64
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libpthread.so.0
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.1.1
        ├── libjitterentropy.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

6 directories, 17 files

Leap 15.6

sftp sftp://sftp-user@rleap15-6aarch64.lan
Password: 
Connected to rleap15-6aarch64.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              42 Jun 28 15:23 .
drwxr-xr-x    1 0        0              42 Jun 28 15:23 ..
drwxr-xr-x    1 0        0              42 Jun 28 15:23 lib
drwxr-xr-x    1 0        0             142 Jun 28 15:23 lib64
drwxr-xr-x    1 1002     0               0 Jun 28 11:09 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 11:16 usr

with the following files:

rleap15-6aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
│   └── ld-linux-aarch64.so.1
├── lib64
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

6 directories, 15 files

Tumbleweed

sftp sftp://sftp-user@rtumbleweed-aarch64.lan
Password: 
Connected to rtumbleweed-aarch64.lan.
sftp> ls -la
drwxr-xr-x    1 root     root           42 Jun 28 16:56 .
drwxr-xr-x    1 root     root           42 Jun 28 16:56 ..
drwxr-xr-x    1 root     root           42 Jun 28 16:56 lib
drwxr-xr-x    1 root     root          242 Jun 28 16:56 lib64
drwxr-xr-x    1 sftp-user root            0 Jun 28 11:09 sftp-share
drwxr-xr-x    1 root     root           16 Jun 28 11:18 usr

Tree:

rtumbleweed-aarch64:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
│   └── ld-linux-aarch64.so.1
├── lib64
│   ├── libacl.so.1
│   ├── libc.so.6
│   ├── libcrypto.so.3
│   ├── liblz4.so.1
│   ├── libpopt.so.0
│   ├── libreadline.so.8
│   ├── libtinfo.so.6
│   ├── libxxhash.so.0
│   ├── libz.so.1
│   └── libzstd.so.1
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64

7 directories, 13 files

[phillxnet]

Post /lib patch for aarch64

A x86_64 Leap 15.6 instance was retested with the expected empty /lib directory but all sftp access working as per pre-patch.

sftp sftp://sftp-user@rleap15-6.lan
Password: 
Connected to rleap15-6.lan.
sftp> ls -la
drwxr-xr-x    1 0        0              42 Jun 28 17:01 .
drwxr-xr-x    1 0        0              42 Jun 28 17:01 ..
drwxr-xr-x    1 0        0               0 Jun 28 17:01 lib
drwxr-xr-x    1 0        0             182 Jun 28 10:23 lib64
drwxr-xr-x    1 1006     0               0 Jun 28 10:19 sftp-share
drwxr-xr-x    1 0        0              16 Jun 28 10:23 usr

Tree:

rleap15-6:~ # tree /mnt3/sftp-user/
/mnt3/sftp-user/
├── lib
├── lib64
│   ├── ld-linux-x86-64.so.2
│   ├── libacl.so.1
│   ├── libattr.so.1
│   ├── libc.so.6
│   ├── libdl.so.2
│   ├── libreadline.so.7
│   └── libtinfo.so.6
├── sftp-share
└── usr
    ├── bin
    │   ├── bash
    │   └── rsync
    └── lib64
        ├── libcrypto.so.3
        ├── liblz4.so.1
        ├── libpopt.so.0
        ├── libslp.so.1
        ├── libz.so.1
        └── libzstd.so.1

6 directories, 15 files

[phillxnet]

@FroggyFlox & @Hooverdan96 Ready or review - I'm proposing we leave the two commits here give the make-work alternative and that we have a potential hack of sorts here . But hopefully far less so than what it replaces (hard-wired libs) :). This may-well need us to re-visit, re rsync function or other binary hosting in chroot etc. But for now, with this PR, we have a return of the main function of SFTP setup & access on all currently serviced rpm targets (15.4 - 15.6 & TW) in both x86_64 & aarch64. We can address rsync functionality as and when an issue arises.

[FroggyFlox]

Thank you so much @phillxnet for taking the time and effort in fixing this the right way. I should have done last time I adjusted those hard coded libs; my apologies for thinking it would be sustainable.

Given your extensive (and very tedious) and thorough testing, I'm very confident it's ready to be merged in my opinion. I'm not sure when I'll be able to actually test it but after looking at the changes, it looks good to me.