Failed changing permissions of directory "/usr/lib64/netopeer2-server" (Read-only file system)

[marvinthepa]

Hey,

I encountered a problem with netopeer2-server-2.1.71-1.el8.x86_64

I don't know if this is an issue with this repo or someone elses build configuration, as I have a hard time finding out who built this package and what the configuration was (see SERVER_DIR below).
But maybe you can enlighten me.

When using a request that changes the candidate target and then commits:

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
  <edit-config>
    <target>
      <candidate/>
    </target>
    <config>
      <system xmlns="urn:ietf:params:xml:ns:yang:ietf-system">
        <hostname>foobar</hostname>
      </system>
    </config>
  </edit-config>
</rpc>

<rpc  xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="102">
  <commit>
    <confirmed/>
  </commit>
</rpc>

The following error is logged:

Failed changing permissions of directory "/usr/lib64/netopeer2-server" (Read-only file system)

I managed to track down the error to the following line in the systemd unit file:

netopeer2/distro/pkg/rpm/netopeer2-server.service

Line 11 in 1e639fe

ProtectSystem=yes

which mounts /usr read only:

$ man systemd.exec
...
       ProtectSystem=
           Takes a boolean argument or the special values "full" or "strict". If true, mounts the /usr and /boot directories read-only 
           processes invoked by this unit.

in combination with SERVER_DIR being /usr/lib64/netopeer2-server in that build (I don't know if that comes from your repo or the distro build config), the directory cannot be written/created/chmodded.

This:

netopeer2/CMakeLists.txt

Line 117 in 1e639fe

set(SERVER_DIR "/var/netopeer2")

looks like it should be set to /var/netopeer2 instead, but it seems like it is not..

I guess

netopeer2/distro/pkg/rpm/netopeer2.spec

Line 68 in 1e639fe

-DSERVER_DIR=%{_libdir}/netopeer2-server

is the culprit, maybe this should not use _libdir, but some /var-like directory, like in the debian build:

netopeer2/distro/pkg/deb/rules

Line 21 in 1e639fe

dh_auto_configure --builddir=build -- -DCMAKE_BUILD_TYPE="Release" -DENABLE_TESTS=OFF -DBUILD_CLI=ON -DSYSREPO_SETUP=OFF -DPIDFILE_PREFIX=/run -DSERVER_DIR=/var/lib/netopeer2

Changing server_dir via the -f option (or, less safe, changing ProtectSystem from yes to no) is a usable workaround for now.

[jktjkt]

Nice work debugging this, and the .spec file looks very broken to me. There's no point in a NETCONF server writing to /usr.

I agree that _libdir is a wrong macro to use, this belong to /var or even /run, based on your platform's preferences and conventions. IIRC these spec files are there just on a best-effort basis to aid the real packagers. The maintainer of this repo is not building these packages AFAIK, but maybe someone will correct me.

I have a hard time finding out who built this package

That looks like a root cause of your problem, and you'll need to track that person down and point them to this issue. Even if we change this in the repo, you'll need "someone" to push you an updated package obviously. Many tools like dnf and what not will tell you what repo a package comes from, and hopefully that repo has a web interface or a documentation somewhere.

[marvinthepa]

I have a hard time finding out who built this package
That looks like a root cause of your problem

Actually, the team that I am visiting were building the package themselves using your "example" spec.. 😀

So fixing it in your repo would actually fix it for us. Pull request attached, would be very much appreciated if you would consider it.