Ubuntu
snap-confine package

snap-confine: dpkg --compare-versions error outputs during installation from snapd/ubuntu-core-launcher upgrade

Bug #1605052 reported by Trent Lloyd
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snap-confine
Fix Released
Undecided
Zygmunt Krynicki
snap-confine 1.0.40
snap-confine (Ubuntu)
Fix Released
Critical
Unassigned
Xenial
Fix Released
Critical
Unassigned

Bug Description

[Impact]

The snap-confine package used to contain an apparmor profile for 'ubuntu-core-launcher' that is no longer confined and is simply a symlink to snap-confine itself.

The apparmor profile for ubuntu-core-launcher was stored in /etc/apparmor.d/. This profile had to be removed on package upgrades to let the application work as expected. Due to a bug in dpkg the dpkg rm_conffile helper was buggy and didn't run as documented or as expected.

[Test Case]

Upgrade from earlier versions of ubuntu-core-launcher should work correctly when updated to snap-confine. After the upgrade process snap applications can be started (e.g. hello-world snap).

[Regression Potential]

I did not evaluate regression potential as the fix is already released in Ubuntu Xenial and this bug update is just to facilitate the complete upgrade to 1.0.41 which.

[Other Info]

* This bug is a part of a major SRU that brings snap-confine in Ubuntu 16.04 in line with the current upstream release 1.0.41.

* This bug was included in an earlier SRU and is now fixed in Ubuntu. I am updating the template here to ensure that the process is fully documented from 1.0.38 all the way up to the current upstream release 1.0.41.

* snap-confine is technically an integral part of snapd which has an SRU exception and is allowed to introduce new features and take advantage of accelerated procedure. For more information see https://wiki.ubuntu.com/SnapdUpdates

== # Pre-SRU bug description follows # ==

The following non-fatal error is output during snap-confine installation:
dpkg: error: --compare-versions takes three arguments: <version> <relation> <version>

Below log is from a manual install to reproduce the issue, but this first occurred during upgrade of snapd/ubuntu-core-launcher on xenial-proposed which caused snap-confine to be installed.

 * Full error *

Preparing to unpack .../snap-confine_1.0.38-0ubuntu0.16.04.1_amd64.deb ...
dpkg: error: --compare-versions takes three arguments: <version> <relation> <version>

Type dpkg --help for help about installing and deinstalling packages [*];
Use 'apt' or 'aptitude' for user-friendly package management;
Type dpkg -Dhelp for a list of dpkg debug flag values;
Type dpkg --force-help for a list of forcing options;
Type dpkg-deb --help for help about manipulating *.deb files;

Options marked [*] produce a lot of output - pipe it through 'less' or 'more' !
Unpacking snap-confine (1.0.38-0ubuntu0.16.04.1) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up snap-confine (1.0.38-0ubuntu0.16.04.1) ...

See original description
Zygmunt Krynicki (zyga)
Changed in snap-confine (Ubuntu):
status: New → Confirmed
Revision history for this message
Michael Vogt (mvo) wrote :

Here is how dpkg-maintscript-helper calls dpkg --compare-versions:
"""
[pid 10745] execve("/usr/bin/dpkg", ["dpkg", "--compare-versions", "--", "le-nl", "1.0.36-1~"], [/* 47 vars */]) = 0
                            dpkg: error: --compare-versions takes three arguments: <version> <relation> <version>

Type dpkg --help for help about installing and deinstalling packages [*];
Use 'apt' or 'aptitude' for user-friendly package management;
Type dpkg -Dhelp for a list of dpkg debug flag values;
Type dpkg --force-help for a list of forcing options;
Type dpkg-deb --help for help about manipulating *.deb files;

Options marked [*] produce a lot of output - pipe it through 'less' or 'more' !
[pid 10745] +++ exited with 2 +++
"""

Revision history for this message
Michael Vogt (mvo) wrote :

The issue is that snap-confine has a debian/snap-confine.maintscript that deal with upgrades in the debian version of the package. However we do not have a version of snap-confine in xenial yet.

Fwiw, this is a bug in dpkg-maintscript-helper because it should deal with the case that there is no previous version without showing a huge error message: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582819

We have two options here, backport the fix for dpkg-maintscript-helper or trying to workaround this issue in snap-confine.

Revision history for this message
Michael Vogt (mvo) wrote :

Run with "sh -ex":
+ [ configure = configure ]
+ APP_PROFILE=/etc/apparmor.d/usr.lib.snapd.snap-confine
+ [ -f /etc/apparmor.d/usr.lib.snapd.snap-confine ]
+ LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.lib.snapd.snap-confine
+ test -e /etc/apparmor.d/local/usr.lib.snapd.snap-confine
+ mktemp
+ tmp=/tmp/tmp.BKsvA38yfB
+ cat
+ dirname /etc/apparmor.d/local/usr.lib.snapd.snap-confine
+ mkdir /etc/apparmor.d/local
+ true
+ mv -f /tmp/tmp.BKsvA38yfB /etc/apparmor.d/local/usr.lib.snapd.snap-confine
+ chmod 644 /etc/apparmor.d/local/usr.lib.snapd.snap-confine
+ aa-status --enabled
+ dpkg-maintscript-helper rm_conffile /etc/apparmor.d/usr.bin.snap-confine 1.0.36-1~ -- configure -- configure

So the .maintscript is not quite correct. I attach a diff with the fix. However, there is still a ugly warning when this gets installed, I think because "ubuntu-core-launcher" switches from arch:any to arch:all:

root@bod:/tmp# dpkg -i ubuntu-core-launcher_1.0.38-0ubuntu0.16.04.2_all.deb snap-confine_1.0.38-0ubuntu0.16.04.2_amd64.deb
(Reading database ... 13773 files and directories currently installed.)
Preparing to unpack ubuntu-core-launcher_1.0.38-0ubuntu0.16.04.2_all.deb ...
dpkg-query: package 'ubuntu-core-launcher' is not installed
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
Unpacking ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.2) over (1.0.27.1) ...
Selecting previously unselected package snap-confine.
Preparing to unpack snap-confine_1.0.38-0ubuntu0.16.04.2_amd64.deb ...
Unpacking snap-confine (1.0.38-0ubuntu0.16.04.2) ...
Setting up snap-confine (1.0.38-0ubuntu0.16.04.2) ...
Setting up ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.2) ...

Revision history for this message
Michael Vogt (mvo) wrote :
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Michael Vogt (mvo) wrote :

This is a better version:

root@bod:/tmp# dpkg -i ubuntu-core-launcher_1.0.38-0ubuntu0.16.04.2_amd64.deb snap-confine_1.0.38-0ubuntu0.16.04.2_amd64.deb
(Reading database ... 13773 files and directories currently installed.)
Preparing to unpack ubuntu-core-launcher_1.0.38-0ubuntu0.16.04.2_amd64.deb ...
Unpacking ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.2) over (1.0.27.1) ...
Selecting previously unselected package snap-confine.
Preparing to unpack snap-confine_1.0.38-0ubuntu0.16.04.2_amd64.deb ...
Unpacking snap-confine (1.0.38-0ubuntu0.16.04.2) ...
Setting up snap-confine (1.0.38-0ubuntu0.16.04.2) ...
Setting up ubuntu-core-launcher (1.0.38-0ubuntu0.16.04.2) ...
Removing obsolete conffile /etc/apparmor.d/usr.bin.ubuntu-core-launcher ...

which makes ubuntu-core-launcher not arch:all but arch:any to workaround a bug
in dpkg-maintscript-helper that does not deal with changes in the architecture.

Changed in snap-confine (Ubuntu):
status: Confirmed → In Progress
importance: Undecided → Critical
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Trent, or anyone else affected,

Accepted snap-confine into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/snap-confine/1.0.38-0ubuntu0.16.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in snap-confine (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed
Mathew Hodson (mhodson)
Changed in snap-confine (Ubuntu Xenial):
importance: Undecided → Critical
Zygmunt Krynicki (zyga)
Changed in snap-confine:
assignee: nobody → Zygmunt Krynicki (zyga)
milestone: none → 1.0.40
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Upstream version of snap-confine will soon drop debian packaging. This will "fix" the problem. Downstream version was fixed a while ago.

Revision history for this message
Zygmunt Krynicki (zyga) wrote :

Upstream repository no longer contains distribution packaging and as mentioned earlier, this was fixed in actual distributions separately. Marking as fix committed.

Changed in snap-confine:
status: New → Fix Committed
Zygmunt Krynicki (zyga)
Changed in snap-confine:
status: Fix Committed → Fix Released
Zygmunt Krynicki (zyga)
description: updated
Amr Ibrahim (amribrahim1987)
Changed in snap-confine (Ubuntu Xenial):
status: Fix Committed → Fix Released
Changed in snap-confine (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Leo Arias (elopio) wrote :

I tested the launch of snaps in a xenial kvm up-to-date after updating snap-confine from -proposed to 0.43.

I'm marking this as verified.

tags: added: verification-done
removed: verification-needed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.