control: tag -1 - confirmed On 2021-09-04 15:08, Adam D. Barratt wrote: > Control: tags -1 + confirmed d-i > > On Sun, 2021-08-22 at 14:58 +0200, Aurelien Jarno wrote: > > During the upgrade from Buster to Bullseye, the SSH server is not > > restarted following the libc6 upgrade, causing new SSH connections to > > get rejected until the SSH server is restarted later in the upgrade. > > > > It could be considered as a regression as it didn't happen during the > > upgrade from Stretch to Buster. > > > > [ Impact ] > > Upgrade might fail or get stuck for remote upgrade using SSH if for > > some reason the SSH connection breaks. Using screen or tmux doesn't > > help here as it is not possible to connect again using SSH. > [...] > > The change consist in updating the regex getting the list of services > > in the "installed" state, to also consider openssh-server in > > 'unpacked' state. > > +glibc (2.31-13+deb11u1) unstable; urgency=medium > > The distribution there should be "bullseye". Indeed good catch. dch just reuse the one from the previous entry. > I realise that the changes don't affect the udeb, but for completeness > this wants a kibi-ack; CCed and tagging appropriately. Please feel free > to go ahead on that basis. In the meantime another issue that would need to be fixed in sid came as bug#994042. This time the issue is in the preinst. To summarize, in the case debconf is not usable to prompt the user about the upgrade, the preinst switches to text prompt. However as the debconf module has been loaded got control of the tty, which prevent any input from the user. For skilled users it still possible to kill the upgrade from another, but other users will probably try other actions that might have damaging effects (like rebooting the system). The fix is to get the debconf configuration without using the debconf module, as suggested by Colin Watson. You will find the new debdiff including this fix attached to the mail. It has been tested by using the reproducer providing by Colin with an additional repository containing the fixed glibc packages. Two cases have been tested: - upgrade + dist-upgrade to reproduce the original issue where the preinst switches to text prompt and verify that the user input is now accepted - dist-upgrade to get a debconf prompt and verify it still works. Could you please consider this new debdiff for bullseye? Regards, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net
diff --git a/debian/changelog b/debian/changelog
index 138f350a..d19a1d75 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+glibc (2.31-13+deb11u1) bullseye; urgency=medium
+
+ [ Aurelien Jarno ]
+ * debian/script.in/nsscheck.sh: restart openssh-server even if it has been
+ deconfigured during the upgrade. Closes: #990069.
+ * debian/debhelper.in/libc.preinst: fix text fallback when debconf is
+ unusable, the current debconf configuration should be queried without
+ first sourcing the confmodule to avoid losing control of the tty. Big
+ thanks to Colin Watson for the help diagnosing the issue and for providing
+ an easy reproducer. Closes: #994042.
+
+ -- Aurelien Jarno <aurel32@debian.org> Sun, 22 Aug 2021 14:38:58 +0200
+
glibc (2.31-13) unstable; urgency=medium
[ Colin Watson ]
diff --git a/debian/debhelper.in/libc.preinst b/debian/debhelper.in/libc.preinst
index d679db4f..f0285832 100644
--- a/debian/debhelper.in/libc.preinst
+++ b/debian/debhelper.in/libc.preinst
@@ -21,23 +21,23 @@ kfreebsd_compare_versions () {
if [ "$type" != abort-upgrade -a -z "$DPKG_ROOT" ]
then
- # Load debconf module if available and usable
+ # Check if the debconf module is available and usable
+ USE_DEBCONF=
if [ -f /usr/share/debconf/confmodule ]; then
# cdebconf has a working fallback mechanism in case dialog
# is not usable, so do not try to do anything smart here
if [ "$DEBCONF_USE_CDEBCONF" ] ; then
- . /usr/share/debconf/confmodule
USE_DEBCONF=1
# debconf requires perl
elif perl -e "" 2>/dev/null ; then
- . /usr/share/debconf/confmodule
# Check that the selected frontend will work
if [ -n "$DEBIAN_FRONTEND" ] ; then
frontend="$DEBIAN_FRONTEND"
else
- db_version 2.0
- db_get debconf/frontend || RET="Dialog"
- frontend="$RET"
+ # Query the frontend without first sourcing the confmodule to avoid
+ # losing control of the tty. This snippet must not be copied blindly.
+ frontend="$(echo 'GET debconf/frontend' | debconf-communicate | sed '/^0 /!d;s/^0 //')"
+ frontend="${frontend:-Dialog}"
fi
frontend=`echo $frontend | tr '[:upper:]' '[:lower:]'`
case "$frontend" in
@@ -61,6 +61,11 @@ then
fi
fi
+ # Load debconf module if available and usable
+ if [ "$USE_DEBCONF" ]; then
+ . /usr/share/debconf/confmodule
+ fi
+
# See if LD_LIBRARY_PATH contains the traditional /lib, but not the
# multiarch path
dirs=$(echo $LD_LIBRARY_PATH | sed 's/:/ /g')
diff --git a/debian/script.in/nsscheck.sh b/debian/script.in/nsscheck.sh
index 8406a543..7e21b8e4 100644
--- a/debian/script.in/nsscheck.sh
+++ b/debian/script.in/nsscheck.sh
@@ -1,8 +1,10 @@
echo -n "Checking for services that may need to be restarted..."
# Only get the ones that are installed, of the same architecture
- # as libc (or arch all) and configured
+ # as libc (or arch all) and configured. Restart openssh-server even
+ # if only half-configured to continue accepting new connections
+ # during the upgrade.
check=$(dpkg-query -W -f='${binary:Package} ${Status} ${Architecture}\n' $check 2> /dev/null | \
- grep -E "installed (all|${DPKG_MAINTSCRIPT_ARCH})$" | sed 's/[: ].*//')
+ grep -E "(^openssh-server .* unpacked|installed) (all|${DPKG_MAINTSCRIPT_ARCH})$" | sed 's/[: ].*//')
# some init scripts don't match the package names
check=$(echo $check | \
sed -e's/\bapache2.2-common\b/apache2/g' \
Attachment:
signature.asc
Description: PGP signature