Ubuntu Docker Images

systemd-resolved is not installable in Docker images

Bug #1988300 reported by Peter van Dijk
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Docker Images
Fix Released
Undecided
Cristovao Cordeiro
dpkg (Ubuntu)
Invalid
Undecided
Unassigned
systemd (Ubuntu)
Fix Released
Undecided
Nick Rosbrook

Bug Description

Since 30 August (going by my daily CI builds, I do see the changelog entry for resolved is a few days older), I get this:

Selecting previously unselected package systemd-resolved.
Preparing to unpack .../321-systemd-resolved_251.4-1ubuntu1_amd64.deb ...
Unpacking systemd-resolved (251.4-1ubuntu1) ...
dpkg: error processing archive /tmp/apt-dpkg-install-NS2Yvi/321-systemd-resolved_251.4-1ubuntu1_amd64.deb (--unpack):
 unable to make backup link of './etc/resolv.conf' before installing new version: Invalid cross-device link

The reason this fails is that Docker mounts resolv.conf, readonly, from the host system, so dpkg is not allowed to move/replace it.

(To be clear, I do not need systemd-resolved in my container. "apt install devscripts" pulled it in, and debtree does not tell me why. "apt install --no-install-recommends devscripts" does not pull it in, and I'll likely adjust my builds [for PowerDNS] to do that because it's a good idea anyway).

Related branches

~enr0n/ubuntu/+source/systemd:ubuntu-kinetic
Lukas Märdian: Approve
Diff: 114 lines (+77/-3)
4 files modified
debian/changelog (+43/-2)
debian/systemd-resolved.postinst (+10/-0)
debian/systemd-resolved.postrm (+24/-0)
dev/null (+0/-1)
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote (last edit ):

Thanks for filing this bug, Peter.

The issue here is not related to /etc/resolv.conf being read-only (it is actually a RW file) [1]. The issue lies in the fact that it is always mounted in a running container by docker itself [2].

During a package installation process, dpkg performs backups of existing files through hard links. Hard links cannot be performed across mounts, hence, dpkg fails to install systemd-resolved when it tried to backup /etc/resolv.conf

$ apt-file search /etc/resolv.conf
...
systemd-resolved: /etc/resolv.conf

This is the error being triggered:
dpkg: error processing archive /tmp/apt-dpkg-install-qDQYcB/21-systemd-resolved_251.4-1ubuntu1_amd64.deb (--unpack):
 unable to make backup link of './etc/resolv.conf' before installing new version: Invalid cross-device link

Now, while I am unsure where this bug belongs, this should be a good place to start a discussion.

For further context, this is the bug where systemd-resolved split and /etc/resolv.conf ownership were discussed [3].

[1] https://github.com/moby/moby/pull/5129/files
[2] https://docs.docker.com/storage/#good-use-cases-for-bind-mounts
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939904

Athos Ribeiro (athos-ribeiro)
summary: - systemd-resolved in kinetic image tries to replace resolv.conf
+ systemd-resolved is not installable in Docker images
Revision history for this message
Nick Rosbrook (enr0n) wrote :

The bug is in the systemd packaging, and we have cherry-picked a fix [1] from Debian that will be included in the next kinetic upload.

[1] https://salsa.debian.org/systemd-team/systemd/-/commit/5d8a69933df0e9ce9e02ff07baed916ddc5af35e

Changed in dpkg (Ubuntu):
status: New → Invalid
Changed in ubuntu-docker-images:
status: New → Invalid
Changed in systemd (Ubuntu):
status: New → Fix Committed
status: Fix Committed → In Progress
assignee: nobody → Nick Rosbrook (enr0n)
Lukas Märdian (slyon)
Changed in systemd (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 251.4-1ubuntu3

---------------
systemd (251.4-1ubuntu3) kinetic; urgency=medium

  * Fix version of backported sd_hwdb_new_from_path symbol.
    The systemd-hwdb binary calling into this library is linked statically,
    but we still want to keep a future proof ABI, just in case.
    Files:
    - debian/libsystemd0.symbols
    - debian/patches/sd-hwdb-add-sd_hwdb_new_from_path.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=dee01ca169cd41e514658f8a631847c9e852e842

systemd (251.4-1ubuntu2) kinetic; urgency=medium

  [ Lukas Märdian ]
  * Provide upgrade path (Replaces:) for Jammy's systemd-repart (LP: 1897932)
    File: debian/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2281670aa8007179170d5cc485bb94e3bbc3b63c

  [ Luca Boccassi ]
  * resolved: switch from .links to postinst/rm (LP: #1988300)
    dpkg refuses to install the symlink in chroot/container environments
    where /etc/resolv.conf is bind mounted:
    | Unpacking systemd-resolved (251.4-1) ...
    | dpkg: error processing archive /var/cache/apt/archives/systemd-resolved_251.4-1_amd64.deb (--unpack):
    | unable to make backup link of './etc/resolv.conf' before installing new version: Invalid cross-device link
    So unfortunately manual handling via maintainerscripts is necessary.
    Use maintainer scripts to avoid failing the installation, and provide
    feedback to the user if the symlink cannot be successfully installed.
    Also on removal, either copy /run/systemd/resolve/resolv.conf or
    create an empty /etc/resolv.conf.
    Amend to use the correct Ubuntu version string (251.4-1ubuntu2).
    Author: Luca Boccassi
    Files:
    - debian/systemd-resolved.links
    - debian/systemd-resolved.postinst
    - debian/systemd-resolved.postrm
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=faf479a6158aac977c2cdb32fd1eaecc0862a7ef
  * resolv.conf: take backup as a fallback
    piuparts doesn't like seeing an empty resolv.conf after removing
    the package, so take a backup and use it in case resolved/resolv.conf
    is not available
    Author: Luca Boccassi
    Files:
    - debian/systemd-resolved.postinst
    - debian/systemd-resolved.postrm
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c2b15f43eb7779953a3dda7f461edbb1bf038701

  [ Nick Rosbrook ]
  * debian/systemd-resolved.{postinst,postrm}: do not use DPKG_ROOT.
    We cherry-picked "resolved: switch from .links to postinst/rm" and
    "resolv.conf: take backup as a fallback" from debian/251.4-3 to fix a
    systemd-resolved installation issue, but we are not taking the DPKG_ROOT
    changes at the moment due to feature freeze.
    Files:
    - debian/systemd-resolved.postinst
    - debian/systemd-resolved.postrm
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5664be09ce9813cb2dd2bd71c5d325036655c312

 -- Lukas Märdian <email address hidden> Thu, 01 Sep 2022 12:42:10 +0200

Changed in systemd (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Cristovao Cordeiro (cjdc) wrote :

I can no longer reproduce the issue after the systemd fix (both on Jammy and Kinetic).

Changed in ubuntu-docker-images:
assignee: nobody → Cristovao Cordeiro (cjdc)
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.