Bug#822671: initramfs-tools: preserves unmodified /etc/initramfs-tools/initramfs.conf on upgrades from jessie

[Andrew Worsley]

On 2 October 2016 at 07:15, Ben Hutchings  wrote:
> On Fri, 2016-09-30 at 09:57 +1000, Andrew Worsley wrote:
>> Hi, I am a newbie (have a mentor account and looking to help)
>> I just looked into this bug and tried to apply the patch - but it
>> appears the files are missing - perhaps way out of date?
> [...]
>
> The patch applies for me with 'patch -p1'.  But I haven't yet taken the
> time to try it out.
>
> Ben.

  Sorry I got confused and was apply to an older (0.120 version) it applies
 perfectly for me against 0.125 the latest version. I believe version
looks ok to
a basic piuparts but I am having troubles testing a distribution
upgrade with piuparts
but that might be a  limitation of piuparts or my knowledge on how to run it.

Help on how to proceed would be appreciated.

It may well be that the unpatched version is fine now - I did most of
my testing with the patched
package.

* I checked it with a basic piuparts :
  piuparts initramfs-tools_0.125_all.deb

  * and got a complaint:

4m20.9s ERROR: FAIL: Package purging left files on system:
  /var/log/apt/eipp.log.xz   not owned


  I got this on the unpatched *and* the patched version of the package.
It turns out this is a piupart bug - fixed in version 0.72
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830527

I upgraded to backports version of piuparts:
  apt-get install piuparts/jessie-backports

vagrant(0)% piuparts --version
piuparts 0.72~bpo8+1

and it is much happier:
  * piuparts -s piuparts-base.tgz initramfs-tools-core_0.125+nmu1_all.deb

4m55.5s DEBUG: Removed directory tree at /tmp/tmpJyGQJ8
4m55.5s INFO: PASS: All tests.
4m55.5s INFO: piuparts run ends.

  * Running the .changes file into a log and grep-ing the info entries
all looks good.
   piuparts -b piuparts-base.tgz -l piuparts-log.txt
initramfs-tools_0.125+nmu1_amd64.changes

0m24.5s INFO: Installation of
['tmp/initramfs-tools-core_0.125+nmu1_all.deb',
'tmp/initramfs-tools_0.125+nmu1_all.deb'] ok
0m25.8s INFO: Running adequate version 0.12.1 now.
0m27.7s INFO: PASS: Installation, upgrade and purging tests.
0m28.0s INFO: PASS: All tests.
0m28.0s INFO: piuparts run ends.

  * Trying to run an upgrade test fails:
piuparts -b piuparts-base.tgz -l piuparts-log2.txt -d jessie -d
stretch initramfs-tools_0.125+nmu1_amd64.changes

1m12.5s DEBUG: Starting command: ['chroot', '/tmp/tmpcZJKsf',
'eatmydata', 'apt-get', '-y', 'install', 'initramfs-tools']
1m12.8s DUMP:
  Reading package lists...
  Building dependency tree...
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:

  The following packages have unmet dependencies:
   initramfs-tools : Depends: udev but it is not going to be installed
  E: Unable to correct problems, you have held broken packages.
1m12.8s ERROR: Command failed (status=100): ['chroot',
'/tmp/tmpcZJKsf', 'eatmydata', 'apt-get', '-y', 'install',
'initramfs-tools']
  Reading package lists...
  Building dependency tree...
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:

  The following packages have unmet dependencies:
   initramfs-tools : Depends: udev but it is not going to be installed
  E: Unable to correct problems, you have held broken packages.



Is there a way to do this with piuparts or  do I have to figure out
some way to testing this by actually physically upgrading my vagrant
box to stretch and checking if there are files left behind?

Finally if the patched version is worth applying what other functional
tests should be considered to validate the patched version?

Thanks

Andrew

Bug#822671: initramfs-tools: preserves unmodified /etc/initramfs-tools/initramfs.conf on upgrades from jessie

[Ben Hutchings]

On Fri, 2016-09-30 at 09:57 +1000, Andrew Worsley wrote:
> Hi, I am a newbie (have a mentor account and looking to help)
> I just looked into this bug and tried to apply the patch - but it
> appears the files are missing - perhaps way out of date?
[...]

The patch applies for me with 'patch -p1'.  But I haven't yet taken the
time to try it out.

Ben.

-- 
Ben Hutchings
Klipstein's 4th Law of Prototyping and Production:
A fail-safe circuit will destroy
others.


signature.asc
Description: This is a digitally signed message part

Bug#822671: initramfs-tools: preserves unmodified /etc/initramfs-tools/initramfs.conf on upgrades from jessie

[Andrew Worsley]

Hi, I am a newbie (have a mentor account and looking to help)
I just looked into this bug and tried to apply the patch - but it
appears the files are missing - perhaps way out of date?

Perhaps still has errors as piuparts that I ran reported a problem
with the latest package I built.

If it is welcome I am willing to investigate and try to fix this.

If I am way off track let me know so I don't waste people's time
(including mine :-)

I also just tried to run piuparts in a (vagrant box in case it messed
up my own initramfs ?) and still getting an error:

...
6m17.1s DEBUG: No broken symlinks as far as we can find.
6m17.1s DEBUG: Starting command: ['chroot', '/tmp/tmpJWYJRD',
'eatmydata', 'dpkg-divert', '--list']
6m17.1s DUMP:
  diversion of /usr/share/man/man1/sh.1.gz to
/usr/share/man/man1/sh.distrib.1.gz by dash
  diversion of /bin/sh to /bin/sh.distrib by dash
6m17.1s DEBUG: Command ok: ['chroot', '/tmp/tmpJWYJRD', 'eatmydata',
'dpkg-divert', '--list']
6m17.1s DEBUG: Starting command: ['chroot', '/tmp/tmpJWYJRD',
'eatmydata', 'apt-get', 'clean']
6m17.1s DEBUG: Command ok: ['chroot', '/tmp/tmpJWYJRD', 'eatmydata',
'apt-get', 'clean']
6m17.4s ERROR: FAIL: Package purging left files on system:
  /etc/bash_completion.d/not owned
  /etc/bash_completion.d/initramfs-tools.dpkg-newnot owned
  /var/log/apt/eipp.log.xz   not owned

6m17.4s ERROR: FAIL: Installation and purging test.
...

Andrew Worsley

Bug#822671: initramfs-tools: preserves unmodified /etc/initramfs-tools/initramfs.conf on upgrades from jessie

[Andreas Beckmann]

Followup-For: Bug #822671
Control: tag -1 patch

Hi Ben,

attached is a patch that improves the handling of initramfs.conf
That's a lot of code - but most of it was stolen from
dpkg-maintscript-helper :-) (preinst/postrm from rm_conffile, postinst
from from mv_conffile with slight modifications)
It's currently set to be very verbose: mvverbose=-v
that should be changed to mvverbose=#-v for production.

There is also a 1-line .maintscript file being added that takes care of
/etc/bash_completion.d/initramfs-tools conffile removal

This passed a piuparts jessie -> stretch upgrade (unmodified conffile)
and a manual jessie -> stretch upgrade with a modified conffile.


Andreas
diff -Nru initramfs-tools-0.125/debian/initramfs-tools-core.postinst initramfs-tools-0.125+nmu1/debian/initramfs-tools-core.postinst
--- initramfs-tools-0.125/debian/initramfs-tools-core.postinst	2016-04-17 21:39:22.0 +0200
+++ initramfs-tools-0.125+nmu1/debian/initramfs-tools-core.postinst	2016-04-30 20:41:44.0 +0200
@@ -7,15 +7,57 @@
 		> /etc/initramfs-tools/modules
 fi
 
+mvverbose=-v
+
+# from dpkg-maintscript-helper
+ensure_package_owns_file() {
+	local PACKAGE="$1"
+	local FILE="$2"
+
+	if ! dpkg-query -L "$PACKAGE" | grep -q -x "$FILE"; then
+		debug "File '$FILE' not owned by package " \
+		  "'$PACKAGE', skipping $command"
+		return 1
+	fi
+	return 0
+}
+
+# from dpkg-maintscript-helper
+debug() {
+	if [ -n "$DPKG_DEBUG" ]; then
+		echo "DEBUG: $PROGNAME: $*" >&2
+	fi
+}
+
+# from dpkg-maintscript-helper, modified
+finish_mv_conffile() {
+	local OLDCONFFILE="$1"
+	local NEWCONFFILE="$2"
+	local PACKAGE="$3"
+
+	rm $mvverbose -f $NEWCONFFILE.dpkg-remove
+
+	[ -e "$OLDCONFFILE" ] || return 0
+	#ensure_package_owns_file "$PACKAGE" "$OLDCONFFILE" || return 0
+	ensure_package_owns_file "$PACKAGE" "$NEWCONFFILE" || return 0
+
+	echo "Preserving user changes to $NEWCONFFILE (renamed from $OLDCONFFILE)..."
+	if [ -e "$NEWCONFFILE" ]; then
+		mv $mvverbose -f "$NEWCONFFILE" "$NEWCONFFILE.dpkg-new"
+	fi
+	mv $mvverbose -f "$OLDCONFFILE" "$NEWCONFFILE"
+}
+
 # When installing as a new dependency of initramfs-tools, or upgrading
 # from <0.123, we need to move initramfs.conf back into place.
-if [ "$1" = configure ] && dpkg --compare-versions "$2" lt 0.123~ && \
-   [ -f /etc/initramfs-tools/initramfs.conf.dpkg-backup ]; then
-	# On fresh installation ($2 is empty), overwrite the shipped
-	# initramfs.conf.  Otherwise use -n to avoid overwriting user
-	# configuration if somehow both files exist.
-	mv ${2:+-n} /etc/initramfs-tools/initramfs.conf.dpkg-backup \
-		/etc/initramfs-tools/initramfs.conf
+LASTVERSION=0.123~
+CONFFILE=/etc/initramfs-tools/initramfs.conf
+PACKAGE=initramfs-tools-core
+OLDCONFFILE="$CONFFILE.dpkg-backup"
+NEWCONFFILE="$CONFFILE"
+if [ "$1" = "configure" ] &&
+   dpkg --compare-versions "$2" le "$LASTVERSION"; then
+	finish_mv_conffile "$OLDCONFFILE" "$NEWCONFFILE" "$PACKAGE"
 fi
 
 #DEBHELPER#
diff -Nru initramfs-tools-0.125/debian/initramfs-tools.maintscript initramfs-tools-0.125+nmu1/debian/initramfs-tools.maintscript
--- initramfs-tools-0.125/debian/initramfs-tools.maintscript	1970-01-01 01:00:00.0 +0100
+++ initramfs-tools-0.125+nmu1/debian/initramfs-tools.maintscript	2016-04-30 20:41:44.0 +0200
@@ -0,0 +1 @@
+rm_conffile /etc/bash_completion.d/initramfs-tools 0.126~
diff -Nru initramfs-tools-0.125/debian/initramfs-tools.postinst initramfs-tools-0.125+nmu1/debian/initramfs-tools.postinst
--- initramfs-tools-0.125/debian/initramfs-tools.postinst	2016-04-17 21:39:22.0 +0200
+++ initramfs-tools-0.125+nmu1/debian/initramfs-tools.postinst	2016-04-30 20:41:44.0 +0200
@@ -2,12 +2,57 @@
 
 set -e
 
+mvverbose=-v
+
+# from dpkg-maintscript-helper
+ensure_package_owns_file() {
+	local PACKAGE="$1"
+	local FILE="$2"
+
+	if ! dpkg-query -L "$PACKAGE" | grep -q -x "$FILE"; then
+		debug "File '$FILE' not owned by package " \
+		  "'$PACKAGE', skipping $command"
+		return 1
+	fi
+	return 0
+}
+
+# from dpkg-maintscript-helper
+debug() {
+	if [ -n "$DPKG_DEBUG" ]; then
+		echo "DEBUG: $PROGNAME: $*" >&2
+	fi
+}
+
+# from dpkg-maintscript-helper, modified
+finish_mv_conffile() {
+	local OLDCONFFILE="$1"
+	local NEWCONFFILE="$2"
+	local PACKAGE="$3"
+
+	rm $mvverbose -f $NEWCONFFILE.dpkg-remove
+
+	[ -e "$OLDCONFFILE" ] || return 0
+	#ensure_package_owns_file "$PACKAGE" "$OLDCONFFILE" || return 0
+	ensure_package_owns_file "$PACKAGE" "$NEWCONFFILE" || return 0
+
+	echo "Preserving user changes to $NEWCONFFILE (renamed from $OLDCONFFILE)..."
+	if [ -e "$NEWCONFFILE" ]; then
+		mv $mvverbose -f "$NEWCONFFILE" "$NEWCONFFILE.dpkg-new"
+	fi
+	mv $mvverbose -f "$OLDCONFFILE" "$NEWCONFFILE"
+}
+
 # If initramfs-tools-core was fully upgraded to 0.123 before our
 # preinst ran, we need to move initramfs.conf back into place.
-if [ "$1" = configure ] && [ -n "$2" ] && dpkg --compare-versions "$2" lt 0.123~ && \
-   [ -f /etc/initramfs-tools/initramfs.conf.dpkg-backup ]; then
-	mv -n 

Bug#822671: initramfs-tools: preserves unmodified /etc/initramfs-tools/initramfs.conf on upgrades from jessie

[Ben Hutchings]

Control: tag -1 help

I've already implemented a fix for this; I don't know why it didn't
work for your test case.

I've already spent more time than I'd like fighting the conffile mess;
patches welcome.

Ben.

-- 
Ben Hutchings
The generation of random numbers is too important to be left to chance.
- Robert Coveyou


signature.asc
Description: This is a digitally signed message part

Bug#822671: initramfs-tools: preserves unmodified /etc/initramfs-tools/initramfs.conf on upgrades from jessie

[Andreas Beckmann]

Package: initramfs-tools
Version: 0.125
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed your package causes some trouble
with /etc/initramfs-tools/initramfs.conf upon upgrades from jessie:

1m18.3s ERROR: FAIL: debsums reports modifications inside the chroot:
  /etc/initramfs-tools/initramfs.conf

Rerunning the test manually and analyzing the situation lead to this
conclusion:

The initramfs.conf from jessie is always preserved, regardless of whether
it contained user modifications.

This will cause a dpkg modified-conffile prompt the next time an upgrade
to initramfs-tools-core with an updated version of that conffile is
performed. (This is a policy violation if the conffile was not modified
by the admin.)

Taking over conffiles (and modifying them at the same time) is not an
easy task :-) You probably need to do something even more resembling
dpkg-maintscript-helper mv_conffile in your maintainer scripts, quoting
from the manpage:

  Current  implementation:  the preinst checks if the conffile has been
  modified, if yes it's left on place otherwise it's renamed to
  old-conffile.dpkg-remove. On configuration, the postinst removes old-
  conffile.dpkg-remove and renames old-conffile to new-conffile if
  old-conffile is still available. On abort-upgrade/abort-install, the
  postrm renames old-conffile.dpkg-remove  back  to  old-conffile  if
  required.

You currently use .dpkg-backup for the old conffile, but you should
probably use .dpkg-remove instead *if the old conffile was unmodified*.
The postinst should then probably move .dpkg-backup back (as done now),
delete .dpkg-remove. And in the abort-upgrade case, you have two choices
to restore (but only one will exist).

There is probably no easy way to recover systems that have upgraded from
jessie (with pristine initramfs.conf) to stretch. (To avoid unneccessary
future dpkg prompting.)
(Maybe: compare md5sum againt the version shipped in jessie, restore the
conffile from /usr/share/initramfsfoo in case that matches ...)


Andreas