VM detection is broken, leading to prompt to restart for microcode updates

[Impact]

VM detection in needrestart was quietly and subtly broken in version 3.6 that ships in kinetic, lunar and mantic, where a spelling mistake had been made that incorrectly called /usr/bin/systemds-detect-virt over /usr/bin/systemd-detect-virt.

This causes needrestart to think we are running in bare metal always, and it spends extra time checking microcode status, and sometimes prompting the user that their microcode is out of date, even know there is no way to apply microcode updates, which can mislead users each time they run apt install commands.

The fix is to correct the spelling mistake.

[Testcase]

Start a VM, I used a m5.large on AWS, with either kinetic, lunar or mantic.

If you run needrestart from your prompt, it checks for microcode. This run is on a system where the microcode package is at its latest, but on systems where it is out of date, you receive a curses prompt.

$ /usr/sbin/needrestart -w -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in user mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[ucode] using NeedRestart::uCode::AMD
[ucode] using NeedRestart::uCode::Intel
[uCode/AMD] #0 cpu vendor id mismatch
[uCode/Intel] #0 current revision: 0x2006f05
+ + grep -oE [^[:space:]]+$
iucode_tool --scan-system
+ sig=0x00050654
+ [ -r /sys/devices/system/cpu/cpu0/microcode/processor_flags ]
+ filter=-S
+ test -r /etc/needrestart/iucode.sh
+ . /etc/needrestart/iucode.sh
+ type bsdtar
+ IUCODE_TOOL_EXTRA_OPTIONS=
+ test -r /etc/default/intel-microcode
+ . /etc/default/intel-microcode
+ test = no
+ [ -r /usr/share/misc/intel-microcode* ]
+ iucode_tool -l+ -Sgrep 0x00050654
 --ignore-broken -tb /lib/firmware/intel-ucode
[uCode/Intel] #0 available revision: 0x2006e05

The processor microcode seems to be up-to-date.

If you install the test packages from the below ppa:

https://launchpad.net/~mruffell/+archive/ubuntu/sf361263-test

The expected output is to correctly register that we are running inside a VM and microcode checks can be skipped:

$ /usr/sbin/needrestart -w -v
[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in user mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[main] vm detected
[main] inside container or vm, skipping microcode checks

[Where problems could occur]

We are fixing a spelling mistake made in a previous commit, and not changing any functionality or behaviour. The spelling mistake changes invoking the incorrect /usr/bin/systemds-detect-virt to /usr/bin/systemd-detect-virt.

Beforehand, /usr/bin/systemd-detect-virt would not exist, and thus return false. We would never enter the if statement, and thus never check to see if we are in a VM. By fixing the mistake, we now call /usr/bin/systemd-detect-virt, and if we are inside a VM, skip some unnecessary steps, like checking microcode versions.

If a regression were to occur, it would cause needrestart to interpret running in a VM or bare metal differently, and may or may not prompt the user at the correct times to restart any services or the system.

One thing to note is that needrestart is called automatically by apt after every install or remove invocation, and a regression could cause apt to return an error code, even when the packages were installed or removed correctly.

[Other Info]

Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026026

This was fixed in the below commit, currently not tagged to a release:

commit 27bf4678bb92f68dfadd04ab04e96cba6ea2c376
From: zxyrepf <email address hidden>
Date: Sun, 24 Jul 2022 08:30:19 +0000
Subject: Fix VM detection regression introduced in f54d85c
Link: https://github.com/liske/needrestart/commit/27bf4678bb92f68dfadd04ab04e96cba6ea2c376

This fixes the regression introduced by:

commit f54d85cab33c450b2d4e17eaf359a5c7470ef91d
From: Thomas Liske <email address hidden>
Date: Tue, 17 May 2022 15:38:42 +0200
Subject: [Core] Use ImVirt for virtualization detection if not running
 on systemd (Debian Bug#984789 by Patrik Schindler <email address hidden>).
Link: https://github.com/liske/needrestart/commit/f54d85cab33c450b2d4e17eaf359a5c7470ef91d