ubuntu-advantage-tools.postinst and cloud-id are not robust against failure
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-advantage-tools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
If cloud-id fails in a different way from what our postinst currently checks for, then the postinst script will fail, breaking whatever apt process was running.
We fixed this by changing the line that calls cloud-id to
cloud_id=$(cloud-id 2>/dev/null) || cloud_id=""
The commit with this change is here: https:/
By doing this, any error in cloud-id will be handled by assuming we are not on a cloud. This is a safe assumption for the purposes of our postinst script.
[Test Plan]
You can verify that this problem is addressed in version 27.3 by running the following script:
-------
import pycloudlib
import os
lxd = pycloudlib.
name = 'pycloudlib-vm'
release = "bionic"
pub_key_path = "lxd-pubkey"
priv_key_path = "lxd-privkey"
userdata_
#cloud-config
bootcmd:
- cp /usr/bin/cloud-id /usr/bin/
- 'echo "error" > /usr/bin/cloud-id'
- chmod 755 /usr/bin/cloud-id
"""
pub_key, priv_key = lxd.create_
with open(pub_key_path, "w") as f:
f.write(
with open(priv_key_path, "w") as f:
f.write(
lxd.use_key(
public_
private_
)
image_id = lxd.released_
instance = lxd.launch(
name=name,
image_
user_
)
print("--- Creating base instance")
print("ip address: ", instance.ip)
print("--- Make cloud-id command fail by changing the binary")
cloud_id = instance.
print(cloud_
print("--- Running postinst script for current version of uaclient")
dpkg_out = instance.
print(instance.
print(dpkg_
print("
print("--- Updating ua package")
instance.
instance.
instance.
print(instance.
dpkg_out = instance.
print(dpkg_
print("
instance.delete()
-------
This script relies on the pycloudlib project which can be found
here:
https:/
[Where problems could occur]
Any change to postinst is particularly dangerous because a mistake could cause it to fail and therefore cause apt installs/upgrades to fail. Because ua-client is on all ubuntu images, we need to be particularly careful here.
Further, by changing the code that fixed a critical bug, we run the risk of reintroducing that bug. We've mitigated this by introducing an integration test scenario to cover that bug.
[Other Info]
The cloud id is used in postinst for doing 2 things:
1. notifying the user if they stumbled into an using an unsupported fips kernel on the cloud
2. activating the gcp_auto_attach job
It is not critical if the cloud is falsely detected as none. The worst that could happen is that a user would not be notified of the unsupported fips kernel or that a user would not have the gcp_auto_attach job activated.
[Original Description]
As discovered in regression bug 1936833:
1) "cloud-id" can sometimes crash; perhaps it should return something more sensible if a cloud-id is not available
2) ubuntu-
I wonder if one or both of these things can be improved. For example, define the failure behaviour of cloud-id when it cannot function, and have the postinst test for that, and further, adjust the postinst to be robust against _any_ failure of cloud-id.
Changed in ubuntu-advantage-tools (Ubuntu): | |
status: | New → Triaged |
description: | updated |
description: | updated |
Changed in ubuntu-advantage-tools (Ubuntu): | |
status: | Triaged → Fix Committed |
Hello Robie, or anyone else affected,
Accepted ubuntu- advantage- tools into impish-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ ubuntu- advantage- tools/27. 3~21.10. 1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification- needed- impish to verification- done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed- impish. In either case, without details of your testing we will not be able to proceed.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance for helping!
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.