mod_php gets disabled during do-release-upgrade
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php7.2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
php7.3 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
php7.4 (Debian) |
New
|
Unknown
|
|||
php7.4 (Ubuntu) |
Fix Released
|
High
|
Bryce Harrington | ||
Focal |
Fix Released
|
High
|
Bryce Harrington | ||
Groovy |
Fix Released
|
High
|
Bryce Harrington |
Bug Description
[Impact]
A normal upgrade of a properly functioning PHP website server can unexpectedly result in disabling PHP, when there are no misconfigurations or other actual errors. It's also easy to miss the error message, thus making it more challenging to notice the site breakage.
[Fix]
Instead of issuing an err when there is already one or more active apache mod for php(s) of a different version, issue a warning and disable it.
[Test Case]
For bionic -> focal upgrades:
$ lxc launch ubuntu:18.04/amd64 ba
$ lxc exec ba -- bash
# apt-get install -y libapache2-mod-php
# apt-get install -y ubuntu-
# do-release-upgrade -d
+ Answer defaults for everything
+ Allow it to reboot when done, and log back in
For eoan -> focal upgrades:
$ lxc launch ubuntu:19.10/amd64 ea
$ lxc exec ea -- bash
# apt-get install -y libapache2-mod-php
# apt-get install -y ubuntu-
# do-release-upgrade
+ Answer defaults for everything
+ Allow it to reboot when done, and log back in
For either case, to verify the error is present:
# journalctl --boot | grep libapache2-
php7.3 module already enabled, not enabling PHP 7.4
# apt-cache policy libapache2-mod-php* | grep -B1 Installed
libapache2-
Installed: 2:7.4+75
--
libapache2-
Installed: (none)
--
libapache2-
Installed: (none)
--
libapache2-
Installed: (none)
--
libapache2-
Installed: 7.4.3-4ubuntu1
To verify the fix (for bionic; eoan is similar: s/7.2/7.3/):
$ lxc launch ubuntu:18.04/amd64 bb
$ lxc exec bb -- bash
# apt-get -y install software-
# add-apt-repository -yus ppa:bryce/
# apt-cache policy libapache2-
+ Verify the new version is available
# apt-get install -y libapache2-
# apt-cache policy libapache2-
+ Verify the new version is installed
# apt-get install -y ubuntu-
# apt-get upgrade -y
# do-release-upgrade -d # drop -d on eoan
+ Answer defaults for everything
+ Allow it to reboot when done, and log back in
# Verify the 7.4 version is installed
apt-cache policy libapache2-mod-php* | grep -B1 Installed
# Verify error is not present
journalctl --boot | grep libapache2-
[Regression Potential]
Since this change affects only the installer's upgrade logic, the thing to keep an eye on would be behavioral changes during upgrades or, possibly, during installation.
Presumably the rationale for the current behavior of refusing to disable an already running mod-php is if the user had intentionally installed a non-distro managed or self-modified mod-php. Upgrading in such a situation might result in unexpected behavior changes. However, this custom configuration is unlikely to be common, and should be expected to be affected during a system upgrade.
[Original Report]
Yesterday, when upgrading a client VMs running Xenial and moving to Bionic, I noticed Apache's mod_php was disabled. I later reproduced this in a container:
# create a Xenial container
$ lxc launch images:
Creating xa
Starting xa
# Install Apache mod_php
$ lxc shell xa
mesg: ttyname failed: Success
root@xa:~# apt-get install libapache2-mod-php
Reading package lists... Done
Building dependency tree
Reading state information... Done
...
Unpacking libapache2-
...
apache2_switch_mpm Switch to prefork
apache2_invoke: Enable module php7.0
# Upgrade to Bionic
root@xa:~# apt-get install ubuntu-
...
root@xa:~# do-release-upgrade
...
Creating config file /etc/php/
Setting up libapache2-
Creating config file /etc/php/
libapache2-
Setting up libapache2-mod-php (1:7.2+60ubuntu1) ...
...
Removing libapache2-
Module php7.0 disabled.
apache2_invoke prerm: Disable module php7.0
Purging configuration files for libapache2-
apache2_invoke postrm: Purging state for php7.0
dpkg: warning: while removing libapache2-
...
System upgrade is complete.
Restart required
To finish the upgrade, a restart is required.
If you select 'y' the system will be restarted.
Continue [yN] y
Additional information on the upgraded container:
root@xa:~# lsb_release -rd
Description: Ubuntu 18.04.4 LTS
Release: 18.04
root@xa:~# apt-cache policy libapache2-
libapache2-
Installed: 7.2.24-
Candidate: 7.2.24-
Version table:
*** 7.2.24-
500 http://
500 http://
100 /var/lib/
7.2.3-1ubuntu1 500
500 http://
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 38 lines (+16/-3)2 files modifieddebian/changelog (+8/-0)
debian/libapache2-mod-php.postinst.extra (+8/-3)
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 38 lines (+16/-3)2 files modifieddebian/changelog (+8/-0)
debian/libapache2-mod-php.postinst.extra (+8/-3)
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 39 lines (+17/-3)2 files modifieddebian/changelog (+9/-0)
debian/libapache2-mod-php.postinst.extra (+8/-3)
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
-
Diff: 38 lines (+16/-3)2 files modifieddebian/changelog (+8/-0)
debian/libapache2-mod-php.postinst.extra (+8/-3)
CVE References
Changed in php7.4 (Debian): | |
status: | Unknown → New |
description: | updated |
Changed in php7.4 (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in php7.4 (Ubuntu Eoan): | |
status: | New → Fix Committed |
Changed in php7.4 (Ubuntu Bionic): | |
status: | New → Fix Committed |
Changed in php7.4 (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in php7.4 (Ubuntu Eoan): | |
importance: | Undecided → Medium |
Changed in php7.4 (Ubuntu Bionic): | |
importance: | Undecided → High |
assignee: | nobody → Bryce Harrington (bryce) |
Changed in php7.4 (Ubuntu Eoan): | |
assignee: | nobody → Bryce Harrington (bryce) |
Changed in php7.4 (Ubuntu Focal): | |
assignee: | nobody → Bryce Harrington (bryce) |
Changed in php7.4 (Ubuntu Groovy): | |
assignee: | nobody → Bryce Harrington (bryce) |
description: | updated |
description: | updated |
description: | updated |
Thanks for the reproduction steps, marking as triaged.