How does /etc/{passwd,group} relate to /usr/lib/{passwd,group} in Silverblue?

Just trying to understand, when an rpm gets installed in it’s pre/post script steps it appears that it’s looking at a version of /usr/lib/{passwd,group} buried somewhere in the ostree.

Where can I go read to understand this install process?

How does this relate to this spec? (as it relates to Silverblue/Fedora CoreOS)

And to cross post, this is the reason I’m asking:

Thanks for any pointers!

I can provide some info, but I’m by no means an expert. Silverblue has two different passwd files - one in /lib/passwd and another at /etc/passwd. The former being the one that is maintained by the OS, and is immutable once the system is running, and the latter the one that is meant for user-modifications. The system uses nss-altfiles to reconcile them during operation.

That being said, I am unable to replicate that error on my VM system:

$ rpm-ostree install --apply-live --allow-inactive --idempotent openvswitch
Checking out tree dd4ac38... done
Enabled rpm-md repositories: fedora-cisco-openh264 fedora-modular updates-modular updates fedora rpmfusion-free-updates rpmfusion-free rpmfusion-nonfree-updates rpmfusion-nonfree updates-archive
Importing rpm-md... done
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2022-04-07T16:52:38Z solvables: 4
rpm-md repo 'fedora-modular' (cached); generated: 2022-05-04T21:12:01Z solvables: 825
rpm-md repo 'updates-modular' (cached); generated: 2022-05-16T00:18:23Z solvables: 1129
rpm-md repo 'updates' (cached); generated: 2022-05-18T01:04:16Z solvables: 8927
rpm-md repo 'fedora' (cached); generated: 2022-05-04T21:16:11Z solvables: 67992
rpm-md repo 'rpmfusion-free-updates' (cached); generated: 2022-05-13T10:06:59Z solvables: 1
rpm-md repo 'rpmfusion-free' (cached); generated: 2022-05-04T04:48:11Z solvables: 506
rpm-md repo 'rpmfusion-nonfree-updates' (cached); generated: 2022-05-13T10:33:29Z solvables: 2
rpm-md repo 'rpmfusion-nonfree' (cached); generated: 2022-05-04T05:11:55Z solvables: 225
rpm-md repo 'updates-archive' (cached); generated: 2022-05-18T01:24:11Z solvables: 8080
Resolving dependencies... done
Applying 1 override and 9 overlays
Processing packages... done
Running pre scripts... done
Running post scripts... done
Running posttrans scripts... done
Writing rpmdb... done
Writing OSTree commit... done
Staging deployment... done
Computing /etc diff to preserve... done
Updating /usr... done
Updating /etc... done
Running systemd-tmpfiles for /run and /var... done
Successfully updated running filesystem tree.

$ grep openvswitch /lib/passwd
openvswitch:x:973:968:Open vSwitch Daemons:/:/sbin/nologin

There is no usage of this in Silverblue (yet).

1 Like

Thanks Yosuke for the pointers!

I don’t know how my system got into a funky state, but I was able to workaround this problem by booting a usb drive, mounting the read only btrfs partion read/write, grep for the “/usr/lib/passwd” file in the ostree/ directory and add the missing entry. Booting back into Silverblue after adding the missing user, I was able to install openvswitch successfully.

It’d be a “nice to have” to have logging for the packages that modify things like system users/groups so at least there’d be a forensic trail to see what package clobbered it.

Upvote for less magic re: the github issue #49, but seeing that it was created in 2014, it looks like a tricky issue.