[Dev] dbscripts 2018425 / winston.parabola.nu upgrade

Luke Shumaker lukeshu at lukeshu.com
Thu Apr 26 15:34:07 GMT 2018 

On Wed, 25 Apr 2018 17:57:42 -0400,
Luke Shumaker wrote:
>     $ sudo pacman -Su --ignore={python-pyspf,libxfont,xorgproto} config-mgmt-nshd-local
>     $ # accept default answer to all questions

This updated /etc/ssh/sshd_config to include a new cipher that the old
sshd didn't know about.  So then the running sshd stopped accepting
new connections.  Even to emergency@ (good thing this happened on
winston, not proton!).  Thanks to Megver83 for alerting me that
something was amiss.

Restarting sshd.service fixed this.  (While doing so, I noticed that
systemd-timesyncd had failed, which will come up later).  However,
after verifying that it worked, I decided to do a reboot, in case
there were any other similar issues.

That was a mistake; it failed to come back up correctly.  At least I
could get in to emergency@ this time.

 1. nshd was failing to start, which meant user accounts were
    unavailable.
 2. systemd-timesyncd was failing to start, which blocked
    time-sync.target, which blocked quite a bit of the system.

I decided to address nshd first.  It was complaining that the 'groups'
field for several (all?) users was not an array.  I realized that it
was a bug I'd fixed before[1], but had apparently not done a release
after.

[1]: https://git.parabola.nu/packages/parabola-hackers.git/commit/?id=1a64603645e894fd2c886a02876762bee0b208a7

So I tried to do a new release of parabola-hackers, but ended up
spending a whole bunch of time fighting with subtle issues related to
building it with go 1.10.  Also, it wouldn't build on i686, which I'll
eventually have to deal with.

So, having access to lukeshu@ again, I moved on to look in to
systemd-timesyncd.  It seems that systemd-timesyncd-wrap (running as
the systemd-timesync user) needed write permission to /run/timesyncd,
which was owned by root.  IDK what changed to break it, yet.  I
chowned the directory, and restarted the service.  So this fix is only
until next reboot.

-- 
Happy hacking,
~ Luke Shumaker

More information about the Dev mailing list