do-release-upgrade crashed with SIGSEGV under wayland

StacktraceTop:
 gtk_switch_class_init (klass=0x0) at ././gtk/gtkswitch.c:875
 gtk_switch_class_intern_init (klass=0x0) at ././gtk/gtkswitch.c:129
 default_icon_theme_value () from /tmp/apport_sandbox_urPSiG/usr/lib/x86_64-linux-gnu/libgtk-3.so.0
 ?? ()
 ?? ()

A workaround is to add root to the access control list when running under wayland.

Proposal to workaround the limitation to run GUI apps by user root under wayland when do-release-upgrade is called from update-manager.

The attachment "update-manager_17.10.11ubuntu1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Same patch but in ubuntu-release-upgrader instead so users can run "sudo do-release-upgrade -f ..."

Both patches are actually needed for when the upgrader is called directly or from update-manager

So i guess this elevates priviledges from the get go, but i believe previously some of the early code was run unpriviledged previously. So, in addition to this raising priviledges, does update/upgrade-manager need now grow ability to drop priviledges when doing risky moves? (like downloading things off the internet, etc?!)

@jibel Thanks for the update-manager patch, I uploaded it. Regarding the ubuntu-release-upgrader patch sudo filters out WAYLAND_DISPLAY on Artful and sudo xhost does not work either under wayland thus I think to run sudo do-release-upgrade with GUI one needs to adjust xhost in advance.
Running do-release-upgrade with GUI but as a normal user also fails because gksu is broken under wayland and the GUI is started earler, but this can be fixed at least.

@xnox IMO ubuntu-release-upgrader needs to grow the ability to run the GUI as the normal user and execute the minimal set of commands as root. Not that it would be a simple change.

I'm wondering about the importance of adding the workaround to ubuntu-release-upgrader since with the change to update-manager the upgrade seems to work and probably most users would use do-release-upgrade only when preferring a CLI tool.

check-new-release-gtk in ubuntu-release-upgrader has this code that must also be fixed:

123 def on_button_upgrade_now_clicked(self, button):
124 logging.debug("upgrade now")
125 extra_args = ""
126 if options.devel_release:
127 extra_args = extra_args + " --devel-release"
128 if options.proposed_release:
129 extra_args = extra_args + " --proposed"
130 os.execl("/bin/sh", "/bin/sh", "-c",
131 "/usr/bin/pkexec /usr/bin/do-release-upgrade "
132 "--frontend=DistUpgradeViewGtk3%s" % extra_args)

Hello Jean-Baptiste, or anyone else affected,

Accepted update-manager into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update-manager/1:17.10.12 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Jean-Baptiste, or anyone else affected,

Accepted ubuntu-release-upgrader into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-release-upgrader/1:17.10.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

This has been uploaded so I'm unsubscribing ubuntu-sponsors.

I verified ubuntu-release-upgrader 1:17.10.9 from proposed. It works under wayland as a user but is still crashing as root. From the diff the workaround is only applied when uid != 0

Marking as verification-failed.

verification of update-manager 1:17.10.12

I have reproduced the problem with update-manager 1:17.10.11 in artful and have verified that the version of update-manager 1:17.10.12 in -proposed fixes the issue.

On Fri, Jan 26, 2018 at 10:41 AM, Jean-Baptiste Lallement
<email address hidden> wrote:
> I verified ubuntu-release-upgrader 1:17.10.9 from proposed. It works
> under wayland as a user but is still crashing as root. From the diff the
> workaround is only applied when uid != 0

Thanks for the verification!
Yes, this is expected. As uid 0 xhost command fails and you can't
apply the workaround, but starting do-release-upgrade with GUI from
command line is something I would not expect users to do.

I found another place to fix and I plan removing the workaround from
update-manager in bionic and just calling do-release-upgrade without
pkexec letting do-release-upgrade elevating privileges and applying
the workaround.

Okay then. Apart from this case all the other cases are working. I tested on Xorg and Wayland. I tried update-manager, do-release-upgrade and check-new-release-gtk.

Marking as verification-done.

Rbalint, out of interest, could your new fix be tramsferred to Synaptic somehow?

This bug was fixed in the package update-manager - 1:18.04.2

---------------
update-manager (1:18.04.2) bionic; urgency=medium

  * Build from bazaar repository to keep empty dirs in the source package
  * Break long comment to keep PEP 8 test happy

 -- Balint Reczey <email address hidden> Fri, 12 Jan 2018 01:12:32 +0100

This bug was fixed in the package ubuntu-release-upgrader - 1:18.04.6

---------------
ubuntu-release-upgrader (1:18.04.6) bionic; urgency=medium

  * DistUpgradeFetcherKDE.py:
    - ensure theming is correct across all Qt versions and Plasma versions
    - drop unused openUrl helper (replaced by QUrlOpener)
  * QUrlOpener.py:
    - make sure to pass --set-home to sudo when dropping back to user, prevents
      browsers from getting confused which HOME to use
  * DistUpgradeViewKDE.py:
    - force KDE theming for Qt5
    - fix icon & pixmap lookup by running them throw a compatibility helper
      using either Qt3/4 static lookup or Qt5 theme-based lookup (theme is
      determined by the QPA ideally)
    - let name mangling use os-release' PRETTY_NAME if present
    - do not resize windows, adjustsize() them (same as resize albeit readable)
    - introduce an override for QWidget.adjustSize() which prevents adjustment
      iff the window is maximized. as noted in the documentation adjusting a
      maximized yields unexpected results due to a control mismatch between
      X11 window managers and Qt (in short: Qt cannot unmaximize, so adjustsize
      does nothing useful in this case and in fact causes only part of the
      window to be marked dirty by Qt causing sever rendering artifacts)

 -- Harald Sitter <email address hidden> Fri, 19 Jan 2018 13:34:32 +0100

The verification of the Stable Release Update for ubuntu-release-upgrader has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package update-manager - 1:17.10.12

---------------
update-manager (1:17.10.12) artful; urgency=medium

  [ Jean-Baptiste Lallement ]
  * UpdateManager/Dialogs.py: Workaround restricted access to GUI applications
    by user root under wayland to start do-release-upgrade in graphical mode
    (LP: #1732185)

  [ Balint Reczey ]
  * Break long comment to keep PEP 8 test happy

 -- Balint Reczey <email address hidden> Fri, 12 Jan 2018 23:55:03 +0100

This bug was fixed in the package ubuntu-release-upgrader - 1:17.10.9

---------------
ubuntu-release-upgrader (1:17.10.9) artful; urgency=medium

  * DistUpgrade/DistUpgradeFetcher.py,
    check-new-release-gtk,
    do-release-upgrade:
    - Raise privileges in do-release-upgrade using pkexec when GUI is used
    - Drop gksu usage
    - Use os.execv in check-new-release-gtk instead of os.execl
    - Apply the workaround "xhost +si:localuser:root" under Wayland to let
      upgrades finish (LP: #1732185)
  * Skip Python files from other packages in PEP 8 tests

 -- Balint Reczey <email address hidden> Mon, 15 Jan 2018 17:20:58 +0100