nsd fails to install

Bug #1311886 reported by Joshua Tauberer on 2014-04-23
116
This bug affects 19 people
Affects Status Importance Assigned to Milestone
nsd (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned

Bug Description

[IMPACT]

Currently, nsd fails to install. The postinst attempts to start the nsd daemon before creating the nsd user, and fails when starting the daemon fails.

The daemon is started by debhelper-generated snippets. The attached fixes move the auto-generated snippets to the end of the postinst, after the non-auto-generated code creates the user.

(This is the fix used by Debian to fix Debian bug #743396)

[TEST CASE]

1. Ensure that the nsd user doesn't already exist:

   $ getent passwd nsd
   $

2. Install nsd:

   $ sudo apt-get install nsd

Note: This won't work in an environment such as a buildd chroot where daemons are disabled via policy-rc.d - you'll either have to remove the file or specifically whitelist the nsd daemon.

Expected results: package install successfully

Actual results:

  $ sudo apt-get install nsd
  ....
  Unpacking nsd (4.0.1-1) ...
  Processing triggers for man-db (2.6.7.1-1) ...
  Processing triggers for ureadahead (0.100.0-16) ...
  Setting up nsd (4.0.1-1) ...
  start: Job failed to start
  invoke-rc.d: initscript nsd, action "start" failed.
  dpkg: error processing package nsd (--configure):
  subprocess installed post-installation script returned error exit status 1
  Processing triggers for ureadahead (0.100.0-16) ...
  Errors were encountered while processing:
   nsd
  E: Sub-process /usr/bin/dpkg returned an error code (1)

[REGRESSION POTENTIAL]

Seems quite low. There are no changes to the actual nsd code, so the likelihood of affecting successful installs seems minimal. The only debhelper-generated code in the postinst are related to the init script (starting the daemon, and upgrading from sysvinit to upstart), so the possibility for side-effects from moving the snippets also seems minimal.

===
Original description:

installing nsd fails unless the `nsd` user is created first.

On a completely fresh Ubuntu 14.04 machine (from AWS's AMI):

$ sudo apt-get update
$ sudo apt-get install nsd
....
Unpacking nsd (4.0.1-1) ...
Processing triggers for man-db (2.6.7.1-1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up nsd (4.0.1-1) ...
start: Job failed to start
invoke-rc.d: initscript nsd, action "start" failed.
dpkg: error processing package nsd (--configure):
 subprocess installed post-installation script returned error exit status 1
Processing triggers for ureadahead (0.100.0-16) ...
Errors were encountered while processing:
 nsd
E: Sub-process /usr/bin/dpkg returned an error code (1)

$ sudo useradd nsd
$ sudo dpkg --configure nsd
Setting up nsd (4.0.1-1) ...
nsd start/running, process 1887

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nsd (Ubuntu):
status: New → Confirmed
rado_p (rado-p) wrote :

It's an easy fix, just move the autogenerated-by-dh_installinit section of postinst to the end of the file.

Tracy Phillips (tracphil) wrote :

I don't understand the "easy fix". Can you elaborate how I can install this from within an ubuntu server without it failing?

Joshua Tauberer (jt-occams) wrote :

I think rado_p was describing how the Ubuntu maintainers can fix the problem.

As a user, just run "sudo useradd nsd" before trying to install the package (as I tried to show at the top not very clearly).

Tracy Phillips (tracphil) wrote :

Got it, thanks! I am slow to catch on :)

Tamas Papp (tomposmiko) wrote :

Is there any update on this issue?
It's getting quite old..

Ian Justman (ianj) wrote :

Indeed.

What I've found is that the user add function to bring the user/group "nsd" into existence comes AFTER (WTF?!?!) the system tries to start the daemon. What I tried doing was using another unprivileged user (e.g. daemon) so the daemon starts when I do the "dpkg --configure -a" or "apt-get -f install". I do not want to do a random "useradd"; I would rather the packaging system add it per policy, not assign a normal user ID (anything above 1000) willy-nilly.

I'll show you an example which can tacked on at the end of the /etc/nsd/nsd/conf file:

server:
  username: "daemon"

Then I perform a "dpkg --configure -a" or "apt-get -f install"

Once the program starts, I will shut it down via "service nsd stop" , then removing the above stanza from /etc/nsd/nsd.conf. Then it works normally since the useradd portion of the script had a chance to do its thing.

Ian Justman (ianj) wrote :

To over-simply demonstrate the flow of what I'm seeing and how my actions allow it to work, consider this:

In theory, here is what happens given the .deb the way it is now:
1. dpkg unpacks the .deb.
2. dpkg attempts to start the daemon.
3. dpkg adds the nsd user and group if it doesn't exist already.
4. dpkg reports to the installed list that nsd installed successfully.

Since nsd assumes that the default user to start as is "nsd" and if this is a first-time install, the user "nsd" will not exist. As such, step #2 will fail, keeping the remaining steps from continuing.

If steps 2 and 3 are reversed, a first-time install of nsd will actually succeed.

To work around this problem, once the files are unpacked, I back up the main config file, tell nsd to start as user "daemon" via the config file, then tell dpkg to configure the package. Once done, I restore the original config file, then restart nsd.

Any timeline on when this will be fixed?

Yutani (hiroaki-yutani) wrote :

I create the "easy-fix" patch, which rado_p suggested.

The step "2. dpkg attempts to start the daemon." is automatically inserted into the line with the word "#DEBHELPER#" by debhelper.
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/nsd/trusty-proposed/view/head:/debian/nsd.postinst#L4
(For the details, see "Automatic generation of debian install scripts" section of `man debhelper`)

I reordered this step to the last, in order to ensure nsd starts after setup is done.

unbound package uses the right order as below:
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/unbound/trusty/view/head:/debian/unbound.postinst

YAMAMOTO Hirotaka (ymmt2005) wrote :

Debian bug #743396 addresses this issue.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743396

Upstream has fixed this in 4.1.0-2.

The attachment "Start nsd after setup is done" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Yutani (hiroaki-yutani) wrote :

Sorry, I removed my patch.
As Hirotaka pointed out, the upstream fix seems what we want. Perfect.

tags: removed: patch
Yutani (hiroaki-yutani) wrote :

Just in case when the upstream fix won't come down to trusty so quickly, I resubmit this patch.

Evan Broder (broder) on 2015-01-11
Changed in nsd (Ubuntu Trusty):
status: New → Confirmed
Changed in nsd (Ubuntu Utopic):
status: New → Confirmed
Changed in nsd (Ubuntu):
status: Confirmed → Fix Released
Evan Broder (broder) wrote :
description: updated
Evan Broder (broder) wrote :
Evan Broder (broder) wrote :

I've attached fixes for the issue for Trusty and Utopic, the only two affected releases. They're also building now in my PPA (https://launchpad.net/~broder/+archive/ubuntu/ubuntu-tests). I'll upload to -proposed once I can confirm the test packages work.

Evan Broder (broder) on 2015-01-11
Changed in nsd (Ubuntu Trusty):
status: Confirmed → In Progress
Changed in nsd (Ubuntu Utopic):
status: Confirmed → In Progress

Hello Joshua, or anyone else affected,

Accepted nsd into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/nsd/4.0.1-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in nsd (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in nsd (Ubuntu Utopic):
status: In Progress → Fix Committed
Chris J Arges (arges) wrote :

Hello Joshua, or anyone else affected,

Accepted nsd into utopic-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/nsd/4.0.3-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Yutani (hiroaki-yutani) wrote :

Thanks!

I've confirmed the problem is now fixed in trusty-proposed. The result is below.

$ sudo apt-get install nsd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  nsd
0 upgraded, 1 newly installed, 0 to remove and 42 not upgraded.
Need to get 654 kB of archives.
After this operation, 1,226 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu/ trusty-proposed/universe nsd amd64 4.0.1-1ubuntu0.1 [654 kB]
Fetched 654 kB in 1s (339 kB/s)
Preconfiguring packages ...
Selecting previously unselected package nsd.
(Reading database ... 100205 files and directories currently installed.)
Preparing to unpack .../nsd_4.0.1-1ubuntu0.1_amd64.deb ...
Unpacking nsd (4.0.1-1ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Setting up nsd (4.0.1-1ubuntu0.1) ...
nsd start/pre-start, process 5266
Processing triggers for ureadahead (0.100.0-16) ...

tags: added: verification-done-trusty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nsd - 4.0.1-1ubuntu0.1

---------------
nsd (4.0.1-1ubuntu0.1) trusty-proposed; urgency=low

  * Fix "invalid user: nsd" install error by moving auto-generated
    debhelper code to the end of the postinst script. (LP: #1311886)
 -- Evan Broder <email address hidden> Sun, 11 Jan 2015 17:55:51 +0100

Changed in nsd (Ubuntu Trusty):
status: Fix Committed → Fix Released
Mathew Hodson (mhodson) on 2015-01-15
tags: added: verification-needed-utopic
removed: verification-needed
tags: added: trusty verification-needed
removed: verification-needed-utopic
tags: added: verification-needed-utopic
removed: verification-needed
Joshua Tauberer (jt-occams) wrote :

Looks good, thank you!

Timo Aaltonen (tjaalton) wrote :

Joshua: Did you mean the trusty or utopic version 'looks good'? The latter still needs to be verified.

Michael Chang (thenewme91) wrote :

I confirm the problem is now fixed in utopic-proposed. The result is below.

ubuntu@ip-10-0-0-30:~$ sudo apt-get install nsd/utopic-proposed
Reading package lists... Done
Building dependency tree
Reading state information... Done
Selected version '4.0.3-1ubuntu0.1' (Ubuntu:14.10/utopic-proposed [amd64]) for 'nsd'
The following packages will be upgraded:
  nsd
1 upgraded, 0 newly installed, 0 to remove and 42 not upgraded.
1 not fully installed or removed.
Need to get 658 kB of archives.
After this operation, 12.3 kB of additional disk space will be used.
Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ utopic-proposed/universe nsd amd64 4.0.3-1ubuntu
Fetched 658 kB in 1s (475 kB/s)
Preconfiguring packages ...
(Reading database ... 51454 files and directories currently installed.)
Preparing to unpack .../nsd_4.0.3-1ubuntu0.1_amd64.deb ...
Unpacking nsd (4.0.3-1ubuntu0.1) over (4.0.3-1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for man-db (2.7.0.2-2) ...

tags: added: verification-done-utopic
removed: verification-needed-utopic

The verification of the Stable Release Update for nsd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nsd - 4.0.3-1ubuntu0.1

---------------
nsd (4.0.3-1ubuntu0.1) utopic-proposed; urgency=low

  * Fix "invalid user: nsd" install error by moving auto-generated
    debhelper code to the end of the postinst script. (LP: #1311886)
 -- Evan Broder <email address hidden> Sun, 11 Jan 2015 17:44:59 +0100

Changed in nsd (Ubuntu Utopic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.