Ubuntu
postgresql-common package

postinst cannot add 'postgres' user to 'ssl-cert' group when system config cannot be written to

Bug #1690432 reported by aymen overdoz
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
postgresql-common (Debian)
Fix Released
Unknown
postgresql-common (Ubuntu)
Fix Released
High
Bryce Harrington

Bug Description

i don't know

ProblemType: Package
DistroRelease: Ubuntu 16.04
Package: postgresql-common 173
ProcVersionSignature: Ubuntu 4.4.0-77.98-generic 4.4.59
Uname: Linux 4.4.0-77-generic i686
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: i386
Date: Fri May 12 19:34:45 2017
DuplicateSignature:
 package:postgresql-common:173
 Setting up postgresql-common (173) ...
 Adding user postgres to group ssl-cert
 dpkg: error processing package postgresql-common (--configure):
  subprocess installed post-installation script returned error exit status 10
ErrorMessage: subprocess installed post-installation script returned error exit status 10
InstallationDate: Installed on 2017-04-09 (32 days ago)
InstallationMedia: Ubuntu 14.04.4 LTS "Trusty Tahr" - Release i386 (20160217.1)
PackageArchitecture: all
RelatedPackageVersions:
 dpkg 1.18.4ubuntu1.2
 apt 1.2.20
SourcePackage: postgresql-common
Title: package postgresql-common 173 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10
UpgradeStatus: Upgraded to xenial on 2017-04-12 (29 days ago)

Revision history for this message
aymen overdoz (aymen09) wrote :
Apport retracing service (apport)
tags: removed: need-duplicate-check
Revision history for this message
Bryce Harrington (bryce) wrote :

From the journal errors:

ماي 12 19:13:47 hostname org.gtk.vfs.Daemon[1646]: ** (gvfsd:1724): WARNING **: dbus_mount_reply: Error from org.gtk.vfs.Mountable.mount(): Failed to retrieve share list from server: Connection refused
ماي 12 19:13:47 hostname org.gtk.vfs.Daemon[1646]: ** (process:5169): WARNING **: Couldn't create directory monitor on smb://x-gnome-default-workgroup/. Error: The specified location is not mounted
...
ماي 12 19:32:00 hostname com.ubuntu.OneConf[1646]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/overdoz/.cache/oneconf/96c88f9cc88d498f726b551d58eabcdd/other_hosts'

So it looks like the system is set up to use oneconf, but couldn't communicate with the service for some reason. Later on, postfix attempts to make a system conf change, to add the postgres user to the ssl-cert group, and then fails:

Setting up postgresql-common (173) ...
Adding user postgres to group ssl-cert
dpkg: error processing package postgresql-common (--configure):
 subprocess installed post-installation script returned error exit status 10

Looking in postgres' postinst, the config code is attempting to add the user to the group here:

    # Add postgres user to the ssl-cert group on fresh installs
    if [ -z "$2" ]; then
        if getent group ssl-cert >/dev/null; then
            adduser $quiet postgres ssl-cert
        fi
    fi

Revision history for this message
Bryce Harrington (bryce) wrote :

The oneconf issue already has a bug report filed here:

    https://bugs.launchpad.net/ubuntu/+source/oneconf/+bug/1486450

So we can consider that aspect of this install failure to be a dupe of that bug report.

The other part is that postgres failed when the system configuration is unwritable. I haven't found an independent report of that, so let's have this bug report narrow to focus on just that.

I'm not sure how to set up oneconf to match the original bug report, but I am able to reproduce a similar error message by building a docker image with postgres, in hirsute. We're obviously not going to be able to set config when the config is unwritable, but my goal will be to enable workarounds and better diagnostics to make this easier to resolve when it crops up.

summary: - package postgresql-common 173 failed to install/upgrade: subprocess
- installed post-installation script returned error exit status 10
+ postinst cannot add 'postgres' user to 'ssl-cert' group when system
+ config cannot be written to
Changed in postgresql-common (Ubuntu):
status: New → Triaged
importance: Undecided → High
assignee: nobody → Bryce Harrington (bryce)
Bryce Harrington (bryce)
Changed in postgresql-common (Ubuntu):
status: Triaged → Fix Committed
status: Fix Committed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-common - 225ubuntu1

---------------
postgresql-common (225ubuntu1) hirsute; urgency=medium

  * d/postinst: Only add postgres to group ssl-cert if it isn't
    already a member of that group.
    (LP: #1690432)

 -- Bryce Harrington <email address hidden> Thu, 25 Feb 2021 16:21:44 -0800

Changed in postgresql-common (Ubuntu):
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in postgresql-common (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in postgresql-common (Debian):
status: New → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in postgresql-common (Debian):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.