Init script fails test on reload/restart because of faulty regex
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squid3 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Andreas Hasenack | ||
Zesty |
Won't Fix
|
Medium
|
Unassigned |
Bug Description
[Impact]
The squid initscript has a guard against configuration mistakes that prevents the service from being disrupted if the current config has an invalid setting.
This guard relies on the "squid -k parse" command which analyzes the configuration and, in the case of a fatal problem, outputs the string "FATAL: <reason>". The initscript parses that output to catch such errors before further action is taken.
There is a mistake in the expression that is looked for, though: instead of "FATAL: ", the initscript is looking for "FATAL " (i.e., no ":"). The consequence is that actions that would reload or restart the service end up shutting the service down in the case of a configuration error.
The change fixes the expression that is looked for, restoring the functionality of the guard.
[Test Case]
* install squid:
sudo apt update && sudo apt install squid -y
* confirm the reload action is quick to return and doesn't change the pid of squid, i.e., it's not restarted:
ubuntu@
2684
ubuntu@
ubuntu@
2684
ubuntu@
* add an invalid setting to the config file:
echo "acl nonsense nonsense nonsense" | sudo tee -a /etc/squid/
* reload squid one more time:
sudo service squid reload
* After about 30s, squid should be dead and service squid status should show errors:
ubuntu@
ubuntu@
ubuntu@
● squid.service - LSB: Squid HTTP Proxy version 3.x
(...)
Oct 29 19:56:26 xenial-
Oct 29 19:56:26 xenial-
Oct 29 19:56:26 xenial-
Oct 29 19:56:26 xenial-
With the fixed package, a reload action (for example) will flag the error, and keep the service running:
ubuntu@
3801
ubuntu@
Job for squid.service failed because the control process exited with error code. See "systemctl status squid.service" and "journalctl -xe" for details.
ubuntu@
1
ubuntu@
3801
And the status message will be much clearer:
ubuntu@
● squid.service - LSB: Squid HTTP Proxy version 3.x
...
Oct 29 20:13:26 xenial-
Oct 29 20:13:26 xenial-
Oct 29 20:13:26 xenial-
Oct 29 20:13:26 xenial-
Oct 29 20:13:26 xenial-
[Regression Potential]
This changes not only the reload action, but also start and consequently restart. The fix makes an existing safety net around those actions actually work, instead of being ignored.
Due to the lack of an explicit restart action in systemd, however, the restart guard in the SysV initscript doesn't take effect. If there is a bad config, and squid is restarted, the service will be in a stopped state at the end:
- stop will succeed
- start will fail: service remains stopped
There is an upstream bug about it: https:/
This is not a regression, however, as it's the same behavior as before, but it will have an interesting consequence in package upgrades.
With the old package, admins upgrading squid to a newer version while having a syntax error in their configs will end up with a stopped service, but no notification of that, since the restart postinst action will exit 0.
With the new package, the same scenario will trigger an upgrade failure like this:
dpkg: error processing package squid (--configure):
subprocess installed post-installation script returned error exit status 1
Processing triggers for systemd (229-4ubuntu21.5) ...
Processing triggers for ureadahead (0.100.0-19) ...
Errors were encountered while processing:
squid
E: Sub-process /usr/bin/dpkg returned an error code (1)
So the end result is the same as before, in the sense that squid won't be running after the upgrade, but now it will be clear. I expect this can trigger some apport bug reports, though.
[Other Info]
Not at this time.
[Original Description]
This is a very serious issue that got fixed upstream in:
https:/
It is also logged in the Ubuntu changelog as fixed in:
squid3 (3.5.12-1) unstable; urgency=medium
[ Mathieu Parent ]
* Fix FATAL parsing before start/reload/
But is in fact not fixed.
When I look in the source package I find two init scripts:
squid3.rc and squid.rc. squid3.rc has the patch while squid.rc does not.
The one being included in the package and deployed is the one that does not have the fix.
I'm including a patch to fix this issue.
Please push this out ASAP.
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 110 lines (+25/-14)5 files modifieddebian/changelog (+12/-0)
debian/squid.rc (+3/-3)
debian/tests/control (+1/-1)
debian/tests/squid (+5/-0)
debian/tests/test-squid.py (+4/-10)
Changed in squid3 (Ubuntu Xenial): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
status: | Triaged → In Progress |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
The attachment "Fixing it" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]