** Description changed: + [SRU] + [Impact] + + The "drivedb.h" file is the smartmontools drive database file used to + perform the scan actions. This file can be updated through update-smart- + drivedb command, but debsums may complain about drive.h in the form of a + false negative verification of the smartmontool packae being raised. In + addition, if the smartmontool package is upgraded, the "drivedb.h" file + is overwritten, therefore data will be lost. + + The worst scenario would be that a drive model is included in a + "drivedb.h" update at some point, and later the smartmontool package + update downgrades the drive.h version, making smartmontools scans + unavailable. It's true that it can be recovered through an update-smart- + drivedb action, but the user might not be aware of it. + + The fix applied here is picked up from upstream and it is present since + version 7.2-1, therefore Ubuntu series starting at Impish and later are + not affected. What this fix does is that it corrects the current + shipping system of "drivedb.h", as well as avoiding an unconditional + replacement of "drivedb.h". + + [Test Plan] + + This test plan is for Focal, but applies to Bionic in the same way. + + 0.Preparing the test environment: + + #Preparing the container + lxc launch images:ubuntu/focal focal + lxc shell focal + apt update -y + apt upgrade -y + + #Installing necessary tools + + apt install -y smartmontools gpg debsums wget + + 0.1 Preparing scenario: + + #At this point, debsums always gives all OK for the package: + + root@focal:~# debsums smartmontools + /lib/systemd/system/smartmontools.service OK + /usr/sbin/smartctl OK + /usr/sbin/smartd OK + /usr/sbin/update-smart-drivedb OK + /usr/share/bug/smartmontools/presubj OK + /usr/share/doc/smartmontools/AUTHORS OK + /usr/share/doc/smartmontools/ChangeLog-6.0-7.0.gz OK + /usr/share/doc/smartmontools/NEWS.Debian.gz OK + /usr/share/doc/smartmontools/NEWS.gz OK + /usr/share/doc/smartmontools/README OK + /usr/share/doc/smartmontools/README.Debian OK + /usr/share/doc/smartmontools/badblockhowto.html OK + /usr/share/doc/smartmontools/changelog.Debian.gz OK + /usr/share/doc/smartmontools/copyright OK + /usr/share/doc/smartmontools/examples/Example1 OK + /usr/share/doc/smartmontools/examples/Example2 OK + /usr/share/doc/smartmontools/examples/Example3 OK + /usr/share/doc/smartmontools/examples/Example4 OK + /usr/share/doc/smartmontools/examples/Example5 OK + /usr/share/doc/smartmontools/examples/Example6 OK + /usr/share/doc/smartmontools/examples/Example7 OK + /usr/share/doc/smartmontools/examples/Example8 OK + /usr/share/doc/smartmontools/examples/README OK + /usr/share/doc/smartmontools/smartd.conf.gz OK + /usr/share/lintian/overrides/smartmontools OK + /usr/share/man/man5/smartd.conf.5.gz OK + /usr/share/man/man8/smartctl.8.gz OK + /usr/share/man/man8/smartd.8.gz OK + /usr/share/man/man8/update-smart-drivedb.8.gz OK + /usr/share/smartmontools/smartd-runner OK + /usr/share/smartmontools/smartd_warning.sh OK + /var/lib/smartmontools/drivedb/drivedb.h OK + + #Perform an update of the drivedb.h: + + root@focal:~# update-smart-drivedb + /var/lib/smartmontools/drivedb/drivedb.h updated from branches/RELEASE_7_0_DRIVEDB + + 1. Bad cases: + + root@focal:~# debsums smartmontools | grep drivedb.h + /var/lib/smartmontools/drivedb/drivedb.h FAILED + + 2. Good cases: + + # special attention on the new location of the file + + root@focal:~# debsums smartmontools | grep drivedb.h + /usr/share/smartmontools/drivedb.h OK + + + [Where problems could occur] + + At the end, the file is still used from the /var/lib location, so the + logic of smartmontools for using the file remains the same. But, if the + user alters the file or it gets corrupted (bad upgrading), a new + installation wouldn't be a solution. + + [Other Info] + + The fix applied here is picked up from upstream + (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976696#30) available + since version 7.2-1 (https://bugs.debian.org/cgi- + bin/bugreport.cgi?bug=976696#30). + + + [Original Report] + + ------------------------------------------------------------------------- + The update-smart-drivedb command overwrites /var/lib/smartmontools/drivedb/drivedb.h which is a file installed by the package. This means that reinstalling or upgrading the package from a SRU may downgrade the drivedb. In general it's something packages shouldn't do. After running update-smart-drivedb on Groovy `debsums smartmontools` report that the package has a corrupted file: /var/lib/smartmontools/drivedb/drivedb.h FAILED The smartctl(8) manpage says that - If /var/lib/smartmontools/drivedb/drivedb.h is - present, the contents of this file is used instead - of the built in table. + If /var/lib/smartmontools/drivedb/drivedb.h is + present, the contents of this file is used instead + of the built in table. So I think we should: 1. Make sure the built-in table is up-to-date with drivedb.h. I suppose that file gets #included in the code when building, so this should be the case. 2. Stop installing /var/lib/smartmontools/drivedb/drivedb.h and leave it in full control of update-smart-drivedb.
** Description changed: [SRU] [Impact] The "drivedb.h" file is the smartmontools drive database file used to perform the scan actions. This file can be updated through update-smart- drivedb command, but debsums may complain about drive.h in the form of a false negative verification of the smartmontool packae being raised. In addition, if the smartmontool package is upgraded, the "drivedb.h" file is overwritten, therefore data will be lost. The worst scenario would be that a drive model is included in a "drivedb.h" update at some point, and later the smartmontool package update downgrades the drive.h version, making smartmontools scans unavailable. It's true that it can be recovered through an update-smart- drivedb action, but the user might not be aware of it. The fix applied here is picked up from upstream and it is present since version 7.2-1, therefore Ubuntu series starting at Impish and later are not affected. What this fix does is that it corrects the current shipping system of "drivedb.h", as well as avoiding an unconditional replacement of "drivedb.h". [Test Plan] This test plan is for Focal, but applies to Bionic in the same way. 0.Preparing the test environment: #Preparing the container - lxc launch images:ubuntu/focal focal + lxc launch images:ubuntu/focal focal lxc shell focal apt update -y apt upgrade -y #Installing necessary tools apt install -y smartmontools gpg debsums wget 0.1 Preparing scenario: #At this point, debsums always gives all OK for the package: root@focal:~# debsums smartmontools /lib/systemd/system/smartmontools.service OK /usr/sbin/smartctl OK /usr/sbin/smartd OK /usr/sbin/update-smart-drivedb OK /usr/share/bug/smartmontools/presubj OK /usr/share/doc/smartmontools/AUTHORS OK /usr/share/doc/smartmontools/ChangeLog-6.0-7.0.gz OK /usr/share/doc/smartmontools/NEWS.Debian.gz OK /usr/share/doc/smartmontools/NEWS.gz OK /usr/share/doc/smartmontools/README OK /usr/share/doc/smartmontools/README.Debian OK /usr/share/doc/smartmontools/badblockhowto.html OK /usr/share/doc/smartmontools/changelog.Debian.gz OK /usr/share/doc/smartmontools/copyright OK /usr/share/doc/smartmontools/examples/Example1 OK /usr/share/doc/smartmontools/examples/Example2 OK /usr/share/doc/smartmontools/examples/Example3 OK /usr/share/doc/smartmontools/examples/Example4 OK /usr/share/doc/smartmontools/examples/Example5 OK /usr/share/doc/smartmontools/examples/Example6 OK /usr/share/doc/smartmontools/examples/Example7 OK /usr/share/doc/smartmontools/examples/Example8 OK /usr/share/doc/smartmontools/examples/README OK /usr/share/doc/smartmontools/smartd.conf.gz OK /usr/share/lintian/overrides/smartmontools OK /usr/share/man/man5/smartd.conf.5.gz OK /usr/share/man/man8/smartctl.8.gz OK /usr/share/man/man8/smartd.8.gz OK /usr/share/man/man8/update-smart-drivedb.8.gz OK /usr/share/smartmontools/smartd-runner OK /usr/share/smartmontools/smartd_warning.sh OK /var/lib/smartmontools/drivedb/drivedb.h OK #Perform an update of the drivedb.h: root@focal:~# update-smart-drivedb /var/lib/smartmontools/drivedb/drivedb.h updated from branches/RELEASE_7_0_DRIVEDB 1. Bad cases: root@focal:~# debsums smartmontools | grep drivedb.h /var/lib/smartmontools/drivedb/drivedb.h FAILED 2. Good cases: # special attention on the new location of the file root@focal:~# debsums smartmontools | grep drivedb.h /usr/share/smartmontools/drivedb.h OK - [Where problems could occur] - At the end, the file is still used from the /var/lib location, so the - logic of smartmontools for using the file remains the same. But, if the - user alters the file or it gets corrupted (bad upgrading), a new + In the end, the file is still used from the /var/lib location, so the + smartmontools logic for using the file remains the same. But, if the + user alters the file or it gets corrupted (bad update), a new installation wouldn't be a solution. [Other Info] The fix applied here is picked up from upstream (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976696#30) available since version 7.2-1 (https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=976696#30). - [Original Report] ------------------------------------------------------------------------- The update-smart-drivedb command overwrites /var/lib/smartmontools/drivedb/drivedb.h which is a file installed by the package. This means that reinstalling or upgrading the package from a SRU may downgrade the drivedb. In general it's something packages shouldn't do. After running update-smart-drivedb on Groovy `debsums smartmontools` report that the package has a corrupted file: /var/lib/smartmontools/drivedb/drivedb.h FAILED The smartctl(8) manpage says that If /var/lib/smartmontools/drivedb/drivedb.h is present, the contents of this file is used instead of the built in table. So I think we should: 1. Make sure the built-in table is up-to-date with drivedb.h. I suppose that file gets #included in the code when building, so this should be the case. 2. Stop installing /var/lib/smartmontools/drivedb/drivedb.h and leave it in full control of update-smart-drivedb. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1893202 Title: update-smart-drivedb overwrites package installed file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/smartmontools/+bug/1893202/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
