1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1060661: netplan-generator: ineffective Replaces for /usr/lib/syste

    From Helmut Grohne@21:1/5 to All on Fri Jan 12 11:10:01 2024
    Package: netplan-generator
    Version: 0.107.1-1
    Severity: serious
    Justification: file loss in package upgrade
    User: helmutg@debian.org
    Usertags: dep17p1
    Control: affects -1 + netplan.io

    Hi Lukas,

    netplan was on my radar for /usr-merge for a while, but unfortunately I
    didn't get down to it before bad things happened.

    I think this is your first upload since we changed systemd.pc to point
    to /usr. Earlier, netplan-generator would install /lib/systemd/system-generators/netplan and since this upload it installs
    to the same location below /usr. This wouldn't be a problem if that file weren't installed in netplan.io in bookworm. Now upgrading from bookworm
    to unstable would both move this file from / to /usr and from netplan.io
    to netplan-generator. Normally, the Replaces that you declare are
    sufficient, but the aliasing added by /usr-merge changes this and makes
    the file subject to loss in an upgrade. For more information refer to
    DEP17 P1.

    You have two possible mitigations for this. The simple mitigation (DEP17
    M7) is upgrading those Breaks+Replaces for netplan.io to Conflicts. This
    still can cause file loss if netplan.io is being removed in an upgrade
    where netplan-generator is being installed and the upgrade is being
    performed with dpkg. I'd consider that relatively unlikely.

    If you want to handle this case correctly, the recommended way is using "protective diversions" (DEP17 M8). You keep Breaks+Replaces as is and
    extend maintainer scripts.

    netplan-generator.preinst:

    dpkg-divert --no-rename --divert /lib/systemd/system-generators/netplan.usr-is-merged --add /lib/systemd/system-generators/netplan

    netplan-generator.postinst:

    dpkg-divert --no-rename --divert /lib/systemd/system-generators/netplan.usr-is-merged --remove /lib/systemd/system-generators/netplan

    This diversion redirects the deletion of the file being replaced to a
    location that does not exist and hence prevents the loss.

    Beyond this, there also is an issue with /usr/lib/netplan. It is an
    empty directory and since netplan.io formerly installed files to
    /lib/netplan, removing netplan.io can make dpkg think that /lib/netplan
    can be deleted. When it does so, it actually deletes /usr/lib/netplan
    (DEP17 P6). Your options are:
    * Do not install /usr/lib/netplan and make the generator work in the
    absence of that directory.
    * Ship a placeholder file inside.
    * Have a postinst script that recreates it after loss. For this to
    work, you have to install a trigger interest in /lib/netplan to make
    dpkg rerun your postinst after the loss.

    On top of this, none of the moves nor mitigations are applicable to
    bookworm. If you plan to support backports for bookworm, you need to
    ensure that such backports do not move files to /usr. It also means that
    your possible M8 mitigation has to add protective diversions on every
    upgrade without a version check as it could be upgrading from bookworm-backports. Can you handle these issues?

    In case you want a stop-gap measure, for now, I suggest temporarily
    moving back the generator to /lib/systemd in unstable. Doing so unbreaks
    the upgrade from bookworm and makes this bug non-rc, but is not a
    long-term solution.

    I'm happy to review a patch. Let me know if you cannot handle this and
    I'll look in to preparing a NMU. If you have questions, don't hesitate
    to ask.

    Helmut

    DEP1: https://subdivi.de/~helmut/dep17.html

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lukas =?UTF-8?Q?M=C3=A4rdian?=@21:1/5 to All on Tue Jan 16 11:20:02 2024
    Hi Helmut,

    thank you very much for the detailed bugreport and your sepcific hints!

    Am 12.01.24 um 11:00 schrieb Helmut Grohne:
    Package: netplan-generator
    Version: 0.107.1-1
    Severity: serious
    Justification: file loss in package upgrade
    User: helmutg@debian.org
    Usertags: dep17p1
    Control: affects -1 + netplan.io

    Hi Lukas,

    netplan was on my radar for /usr-merge for a while, but unfortunately I didn't get down to it before bad things happened.

    I think this is your first upload since we changed systemd.pc to point
    to /usr. Earlier, netplan-generator would install /lib/systemd/system-generators/netplan and since this upload it installs
    to the same location below /usr. This wouldn't be a problem if that file weren't installed in netplan.io in bookworm. Now upgrading from bookworm
    to unstable would both move this file from / to /usr and from netplan.io
    to netplan-generator. Normally, the Replaces that you declare are
    sufficient, but the aliasing added by /usr-merge changes this and makes
    the file subject to loss in an upgrade. For more information refer to
    DEP17 P1.

    Indeed, systemd's pkgconfig variables changed, which made Netplan's generator to be installed into /usr/lib/

    You have two possible mitigations for this. The simple mitigation (DEP17
    M7) is upgrading those Breaks+Replaces for netplan.io to Conflicts. This still can cause file loss if netplan.io is being removed in an upgrade
    where netplan-generator is being installed and the upgrade is being
    performed with dpkg. I'd consider that relatively unlikely.

    If you want to handle this case correctly, the recommended way is using "protective diversions" (DEP17 M8). You keep Breaks+Replaces as is and
    extend maintainer scripts.

    netplan-generator.preinst:

    dpkg-divert --no-rename --divert /lib/systemd/system-generators/netplan.usr-is-merged --add /lib/systemd/system-generators/netplan

    netplan-generator.postinst:

    dpkg-divert --no-rename --divert /lib/systemd/system-generators/netplan.usr-is-merged --remove /lib/systemd/system-generators/netplan

    This diversion redirects the deletion of the file being replaced to a location that does not exist and hence prevents the loss.

    Let's try to handle it the correct way!
    I took your input and prepared a Salsa MR around it.
    I'd like to ask for your review and comments on this [1].

    Beyond this, there also is an issue with /usr/lib/netplan. It is an
    empty directory and since netplan.io formerly installed files to /lib/netplan, removing netplan.io can make dpkg think that /lib/netplan
    can be deleted. When it does so, it actually deletes /usr/lib/netplan
    (DEP17 P6). Your options are:
    * Do not install /usr/lib/netplan and make the generator work in the
    absence of that directory.
    * Ship a placeholder file inside.
    * Have a postinst script that recreates it after loss. For this to
    work, you have to install a trigger interest in /lib/netplan to make
    dpkg rerun your postinst after the loss.

    On top of this, none of the moves nor mitigations are applicable to
    bookworm. If you plan to support backports for bookworm, you need to
    ensure that such backports do not move files to /usr. It also means that
    your possible M8 mitigation has to add protective diversions on every
    upgrade without a version check as it could be upgrading from bookworm-backports. Can you handle these issues?

    This will also be addressed in the above mentioned MR.
    For now I'll go with the placeholder file, but longer term I want to avoid installing that directory all together.
    The latter would have some side-effects on Ubuntu's NetworkManager package (integrated with Netplan), due to some systemd hardening flags in use: "ProtectSystem=true" & "ReadWritePaths=/usr/lib/netplan"

    Thanks!
    Lukas

    [1] https://salsa.debian.org/debian/netplan.io/-/merge_requests/11

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Tue Jan 16 17:40:01 2024
    This is a multi-part message in MIME format...

    Your message dated Tue, 16 Jan 2024 16:34:35 +0000
    with message-id <E1rPmOZ-00BPu7-GV@fasolo.debian.org>
    and subject line Bug#1060661: fixed in netplan.io 0.107.1-2
    has caused the Debian Bug report #1060661,
    regarding netplan-generator: ineffective Replaces for /usr/lib/systemd/system-generators/netplan due to /usr-move
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1060661: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060661
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 12 Jan 2024 10:02:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-12.0 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_PACKAGE,HAS_PACKAGE,SPF_HELO_NONE,SPF_NONE,
    T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 12; hammy, 150; neutral, 157; spammy,
    0. spammytokens: hammytokens:0.000-+--bookworm, 0.000-+--H*F:U*helmut,
    0.000-+--H*F:D*subdivi.de, 0.000-+--H*RU:sk:helmut@,
    0.000-+--H*rp:U*helmut
    Return-path: <helmut@subdivi.de>
    Received: from isilmar-4.linta.de ([136.243.71.142]:55966)
    by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
    (Exim 4.94.2)
    (envelope-from <helm