Your message dated Fri, 19 Mar 2021 21:19:02 +0000
with message-id <e1lnmwm-0002xd...@fasolo.debian.org>
and subject line Bug#984539: fixed in debian-security-support 1:11+2021.03.19
has caused the Debian Bug report #984539,
regarding debian-security-support: dpkg hook should never fail
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
984539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984539
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
package: debian-security-support
severity: serious
Hi,
In https://bugs.debian.org/974552 dpkg runs the debian-security-support hook
in a situation where perl is broken. This makes the hook fail, and aborts dpkg
and apt, leaving the system in a very bad state. More on the exact situation
below. Even though debian-security-support clearly isn't at fault here, the
debian-security-support should never cause dpkg/apt to fail.
Based on that, I think it might be good if debian-security-support would make
2 changes:
- in /etc/dpkg/dpkg.cfg.d/debian-security-support, make sure the hook can
never fail (eg by adding '|| /bin/true' in the appropriate place)
- in /usr/share/debian-security-support/check-support-status.hook check if
perl is functional before trying to do anything. If perl is not functional,
just do nothing (and exit successfully). This would be somewhat similar to
what glibc is doing here:
https://salsa.debian.org/glibc-team/glibc/commit/04373a4e6df6b3c61fa4bbf78f8409aadc7d2753
Longer term, it might be useful to investigate whether is might make more
sense to use an apt hook instead of a dpkg hook. Ideally this would allow the
user to abort the installation before the unsupported package is installed,
instead of getting a notice afterwards. Obviously this should be done in a way
that doesn't cause apt to abort in the middle of an upgrade. I don't know if
apt currently provides an appropriate hook to do this.
Some background on the issue in #974552:
In buster, libcrypt.so is shipped by libc6. In bullseye, it is shipped by
libcrypt1. During the upgrade from buster to bullseye, it seems a situation
can occur that causes the new libc6 (without libcrypt.so) to be unpacked
before the new libcrypt. At that point, libcrypt.so is missing, so anything
that needs it (like perl) is broken. Fixing this issue is what #974552 is
about.
However, it seems that in some upgrades, the debian-security-support hook is
started in such a situation where libcrypt.so is missing. The standard
assumption that perl should be functional at all times is broken by this.
Clearly, this is not caused by debian-security-support and this should be
fixed. Furthermore, there is the risk that maintainer scripts might hit the
same issue, even if debian-security-support doesn't. However, it's unclear if
the situation can be avoided in all scenarios.
If a situation occurs where the debian-security-support hook runs on a broken
system, there's no point in trying to do something useful and failing. The
best that can be done is making sure dpkg/apt can continue, hoping that the
breakage will be fixed later on.
Thanks,
Ivo
--- End Message ---
--- Begin Message ---
Source: debian-security-support
Source-Version: 1:11+2021.03.19
Done: Holger Levsen <hol...@debian.org>
We believe that the bug you reported is fixed in the latest version of
debian-security-support, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 984...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <hol...@debian.org> (supplier of updated debian-security-support
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Mar 2021 21:58:42 +0100
Source: debian-security-support
Architecture: source
Version: 1:11+2021.03.19
Distribution: unstable
Urgency: medium
Maintainer: Holger Levsen <hol...@debian.org>
Changed-By: Holger Levsen <hol...@debian.org>
Closes: 984539
Changes:
debian-security-support (1:11+2021.03.19) unstable; urgency=medium
.
[ Utkarsh Gupta ]
* check-support-status.hook and postinst: deal with broken perl.
* /etc/dpkg/dpkg.cfg.d/debian-security-support: never fail. Closes: #984539.
Checksums-Sha1:
2d71a1ff0bca847e0aa458c006a9eeedf52f9899 1871
debian-security-support_11+2021.03.19.dsc
4c90b1e3c92a5677fb8c7e4943f1dfec679def72 30584
debian-security-support_11+2021.03.19.tar.xz
6caf2b4f0865f72b18580b242e15bd3423ce0929 6563
debian-security-support_11+2021.03.19_source.buildinfo
Checksums-Sha256:
0e31a51579361bf3097d0f33dc79b7428b52ca63bc187e6b38bed93dc304fbfb 1871
debian-security-support_11+2021.03.19.dsc
19b3eec1b57aff15201bb547e85d7f2d195d0fc4d78c3b3fa77566185fbfad76 30584
debian-security-support_11+2021.03.19.tar.xz
e1982c0379fe91cf8ddd08e49202c84050228cede2e1825d53e05a03acd5a20f 6563
debian-security-support_11+2021.03.19_source.buildinfo
Files:
614a651353a05dfcf8d836575325e070 1871 admin optional
debian-security-support_11+2021.03.19.dsc
d4c59cb7193cb645d095c7b152752a8b 30584 admin optional
debian-security-support_11+2021.03.19.tar.xz
eec18be26200d082211ceed1151d232d 6563 admin optional
debian-security-support_11+2021.03.19_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmBVEW4ACgkQCRq4Vgaa
qhw60w//aM/UAtYEfUuRdFExxGYhdZqgAKBXlVGdmqCEXvb0iWhP5S7oRuP02SN7
xWr2gApKbo5Ftr91KBAPy+YvwtWmjDIOjoFLSNjVZCzeiHehk+G+N69rm4AZx4z0
TePH/JInXnfJvjsczs7R/ROZT00dYiu+5/yYGFJ027LNpFWCY/JHJytAp9GrvTr2
em3rQuChG2mkGpm2QEMqIm7ivEoUsLeqpsO5EelJ7e6SFDHs+rzx62VsDikVJE0n
D6025yTy2o/XEYfbNa47ci9ByCK09rN/l4ApssQynhPEPA1kl2JO52x/FwUJ/kXh
AidU5dU8urFXmSIk7SyqtogYSle+TotBShixQlNUaLxkqDc9rMdljvHi/Cp4JKME
A+mRpCzblzeYZAwwz074wY/l4GxBsrlDQwzZIS4R6kktaYP4SX1ALS7gjpfOnyGc
LuEgU/5cqDjWTSN+uXJKsDCdMaf0ozpX/acC5NdKQkDNNSDMVi7zMjr4gkDTAgX2
S7Rh/gKnSxCxZlakbSoQL7T/5ZuKLqcxCOjgNypleYirzqevmbo5ezR/z9ign6Mu
+U/2fbVTGzYTAouPmdob+8FF3yIK7JEFmdelO5CtsD8krOucNqMh0eIt3WwUdx/M
qT5HCq+kPApMTebe/4GEYqwXMiPnf1N3wasBcGhIKDHMNUHMXYc=
=SQSp
-----END PGP SIGNATURE-----
--- End Message ---
