Monday, January 25, 2016

Cygwin: Mapping Windows SIDs to POSIX uid/gid values the new way

I wanted to update my Cygwin installation today. But no matter what I tried, the update process failed with the following error message (taken from /var/log/setup.log.full):

2016/01/25 15:00:07 running: C:\local\installed\cygwin64\system\bin\bash.exe --norc --noprofile "/etc/postinstall/ca-certificates.sh"
p11-kit: couldn't set file permissions: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt.iIow8G: Invalid argument
p11-kit: couldn't set file permissions: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem.WWZ1rp: Invalid argument
p11-kit: couldn't set file permissions: /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem.rfSq7Z: Invalid argument
p11-kit: couldn't set file permissions: /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem.uB4yTI: Invalid argument
p11-kit: couldn't set file permissions: /etc/pki/ca-trust/extracted/java/cacerts.yivGW4: Invalid argument
2016/01/25 15:00:08 abnormal exit: exit code=1
2016/01/25 15:00:08 Changing gid to Administrators

It turned out that the problem was, that the files which p11-kit tried to change permissions on, had an group ID set, which was unknown to the system. Trying to change the permissions using chown also lead to an invalid argument error message.

At first I tried to update the entries in /etc/passwd and /etc/group. At least that's what a lot of (primarily old) postings around the internet suggest. As it turns out this is not required anymore. Just delete your /etc/passwd and /etc/group.

Starting with version 1.7.34 Cygwin is now able to directly ask Windows for user and group IDs. See subsection "Mapping Windows SIDs to POSIX uid/gid values" in the section about Cygwin POSIX accounts, permission, and security.

By the way. When ever you encounter any problems when updating or installing Cygwin packages take a look at the /var/log/setup.log.full file.

No comments:

Post a Comment