The latest version creates /\"/var/lib/hibinit-agent\" directory
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ec2-hibinit-agent (Ubuntu) |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Focal |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Jammy |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Kinetic |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Lunar |
Fix Released
|
Undecided
|
Mitchell Dzurick | ||
Mantic |
Fix Released
|
Undecided
|
Mitchell Dzurick |
Bug Description
[Impact]
A state-dir directory is created to store instance state for AWS EC2 instances. This package parses a configuration file variable with quotes and makes the quotes part of the full path, thus creating a directory titles '"' in root.
[Fix]
Remove the quotes in the configuration file. See upstream commit https:/
[Test Case]
# General test case
1.
# Create AWS EC2 instance
AWS_REGION=
AWS_AMI=
AWS_KEY="your key name"
AWS_SECURITY_
aws ec2 run-instances \
--region ${AWS_REGION} \
--image-id ${AWS_AMI} \
--count 1 \
--instance-type t3.micro \
--key-name ${AWS_KEY} \
--metadata-options "HttpTokens=
--security-
--tag-
--block-
--hibernation-
2. SSH into instance
3. Remove weird directory if it exists
$ sudo rm -rf /'"'/
4. Start hibinit-agent
$ sudo systemctl start hibinit-agent
5. check for dir
# before fix
$ ll / | head -n 3
total 4096080
drwxr-xr-x 3 root root 4096 Jun 20 22:25 "/
drwxr-xr-x 20 root root 4096 Jun 20 22:25 ./
# after fix
$ ll / | head -n 3
total 4096076
drwxr-xr-x 19 root root 4096 Jun 20 22:25 ./
drwxr-xr-x 19 root root 4096 Jun 20 22:25 ../
# On upgrade
This test case ensures that /"/ is uninstalled on upgrade during from d/postinst.
1. Create an AWS instance
AWS_REGION=
AWS_AMI=
AWS_KEY="your key name"
AWS_SECURITY_
aws ec2 run-instances \
--region ${AWS_REGION} \
--image-id ${AWS_AMI} \
--count 1 \
--instance-type t3.micro \
--key-name ${AWS_KEY} \
--metadata-options "HttpTokens=
--security-
--tag-
--block-
--hibernation-
2. Check for directory (ec2-hibinit-agent will be installed by default, and therefore directory will exist by default)
$ file /\"/
/"/: directory
3. Upgrade ec2-hibinit-agent
$ # add ppa if needed
$ sudo apt update -y && sudo apt upgrade ec2-hibinit-agent -y
--- snippet from upgrade ---
The following packages will be upgraded:
ec2-hibinit-agent
1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 12.6 kB of archives.
After this operation, 2048 B of additional disk space will be used.
Get:1 https:/
Fetched 12.6 kB in 0s (82.2 kB/s)
(Reading database ... 125081 files and directories currently installed.)
Preparing to unpack .../ec2-
Unpacking ec2-hibinit-agent (1.0.0-
Setting up ec2-hibinit-agent (1.0.0-
Installing new version of config file /etc/hibinit-
Removing file /"/var/
Recursively removing directories /"/var/
---
4. check for erroneous directory existence
$ file /\"/
/"/: cannot open `/"/' (No such file or directory)
[Where things can go wrong]
Past logic could look for the weird directory path (did test for this, and nothing along these lines were seen), on upgrade old path remains in filesystem without being deleted.
[Original Report]
The latest version 1.0.0-0ubuntu9.3 creates incorrect state-dir directory which includes double quotes in its name - /\"/var/
https:/
Related branches
- git-ubuntu import: Pending requested
-
Diff: 220 lines (+192/-0)4 files modifieddebian/changelog (+10/-0)
debian/patches/lp1941785-Add-support-for-IMDSv2.patch (+161/-0)
debian/patches/lp2023924-remove-quotes-from-state-dir.patch (+19/-0)
debian/patches/series (+2/-0)
- Dan Bungert (community): Approve
- Michael Hudson-Doyle (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 109 lines (+70/-0)5 files modifieddebian/changelog (+10/-0)
debian/patches/lp2023924-remove-quotes-from-state-dir.patch (+19/-0)
debian/patches/lp2024505-fix-locale-issue.patch (+18/-0)
debian/patches/series (+2/-0)
debian/postinst (+21/-0)
- Dan Bungert (community): Approve
- Michael Hudson-Doyle (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 107 lines (+68/-0)5 files modifieddebian/changelog (+10/-0)
debian/patches/lp2023924-remove-quotes-from-state-dir.patch (+19/-0)
debian/patches/lp2024505-fix-locale-issue.patch (+18/-0)
debian/patches/series (+2/-0)
debian/postinst (+19/-0)
- Dan Bungert (community): Approve
- Michael Hudson-Doyle (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 107 lines (+68/-0)5 files modifieddebian/changelog (+10/-0)
debian/patches/lp2023924-remove-quotes-from-state-dir.patch (+19/-0)
debian/patches/lp2024505-fix-locale-issue.patch (+18/-0)
debian/patches/series (+2/-0)
debian/postinst (+19/-0)
- Dan Bungert (community): Approve
- Steve Langasek (community): Approve
- Michael Hudson-Doyle (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 108 lines (+69/-0)5 files modifieddebian/changelog (+11/-0)
debian/patches/lp2023924-remove-quotes-from-state-dir.patch (+19/-0)
debian/patches/lp2024505-fix-locale-issue.patch (+18/-0)
debian/patches/series (+2/-0)
debian/postinst (+19/-0)
- Utkarsh Gupta (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 78 lines (+50/-0)4 files modifieddebian/changelog (+11/-0)
debian/patches/lp2023924-remove-quotes-from-state-dir.patch (+19/-0)
debian/patches/lp2024505-fix-locale-issue.patch (+18/-0)
debian/patches/series (+2/-0)
information type: | Public → Public Security |
information type: | Public Security → Public |
Changed in ec2-hibinit-agent (Ubuntu Mantic): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in ec2-hibinit-agent (Ubuntu Lunar): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in ec2-hibinit-agent (Ubuntu Kinetic): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in ec2-hibinit-agent (Ubuntu Jammy): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in ec2-hibinit-agent (Ubuntu Focal): | |
assignee: | nobody → Mitchell Dzurick (mitchdz) |
Changed in ec2-hibinit-agent (Ubuntu Mantic): | |
status: | New → In Progress |
description: | updated |
Changed in ec2-hibinit-agent (Ubuntu Focal): | |
status: | Confirmed → Fix Committed |
Changed in ec2-hibinit-agent (Ubuntu Jammy): | |
status: | Confirmed → Fix Committed |
Changed in ec2-hibinit-agent (Ubuntu Kinetic): | |
status: | Confirmed → Fix Committed |
Changed in ec2-hibinit-agent (Ubuntu Lunar): | |
status: | Confirmed → Fix Committed |
Changed in ec2-hibinit-agent (Ubuntu Lunar): | |
status: | Incomplete → Fix Committed |
tags: |
added: verification-done verification-done-focal verification-done-jammy verification-done-kinetic verification-done-lunar removed: verification-needed verification-needed-focal verification-needed-jammy verification-needed-kinetic verification-needed-lunar |
Thank you for reporting this Alex! I tested version 1.0.0-0ubuntu9.3 in a Focal EC2 instance (instructions on what I used to provision system below) and do not see this. Do you happen to have the AMI ID/machine configuration that you used and reproduce this? I'd be glad to try that configuration out.
What I used to test: "eu-north- 1" "ami-07ca74b1a9 7901682" GROUP=" security instance that allows ssh from anywhere" required" \ group-ids ${AWS_SECURITY_ GROUP} \ specifications 'ResourceType= instance, Tags=[{ Key=Name, Value=focal- test-hibinit} ]' \ device- mappings '[{"DeviceName" :"/dev/ sda1"," Ebs":{" Encrypted" :true," DeleteOnTermina tion":true, "VolumeSize" :8,"VolumeType" :"gp2"} }]' \ options 'Configured=true'
```
AWS_REGION=
AWS_AMI=
AWS_KEY="your key name"
AWS_SECURITY_
aws ec2 run-instances \
--region ${AWS_REGION} \
--image-id ${AWS_AMI} \
--count 1 \
--instance-type t3.micro \
--key-name ${AWS_KEY} \
--metadata-options "HttpTokens=
--security-
--tag-
--block-
--hibernation-
```