Re: Re: System in broken state after dpkg upgrade
Don Armstrong wrote: That's basically because the policy wasn't fixed in time for the jessie release (see #756729 and #771484). If you're using selinux on Debian, it would probably be good to participate in the development of the default policy and refpolicy packages. Yes please
Re: System in broken state after dpkg upgrade
On Wed, 07 Sep 2016, Marko Randjelovic wrote: > setenforce 0 works, there is no need to reboot the whole system. On > the other hand, I cannot upgrade selinux policy from jessie because > there is no selinux-policy-default in jessie, although there is in > testing. That's basically because the policy wasn't fixed in time for the jessie release (see #756729 and #771484). If you're using selinux on Debian, it would probably be good to participate in the development of the default policy and refpolicy packages. -- Don Armstrong https://www.donarmstrong.com If it jams, force it. If it breaks, it needed replacing anyway. -- Lowery's Law
Re: System in broken state after dpkg upgrade
On Wed, 07 Sep 2016 18:24:29 +0200 Sven Joachimwrote: > On 2016-09-07 17:13 +0200, Marko Randjelovic wrote: > > > On Wed, 07 Sep 2016 15:17:23 +0200 > > Sven Joachim wrote: > > > >> File a bug against dpkg. In the meantime, rebooting with the > >> "selinux=0" kernel parameter should give you a working dpkg. > > > > After rebooting with 'selinux=0' I reinstalled dpkg with success: > > > > dpkg -i /var/cache/apt/archives/dpkg_deb > > > > However, then I wanted to install reportbug and during install received > > the same error. > > Which is not surprising if you had rebooted without that kernel > parameter again. Don Armstrong already gave the right hint: your > selinux policy does not know about dpkg_script_t, and you should upgrade > your selinux-policy-* package(s) to the jessie version. See the > changelogs of dpkg and refpolicy: setenforce 0 works, there is no need to reboot the whole system. On the other hand, I cannot upgrade selinux policy from jessie because there is no selinux-policy-default in jessie, although there is in testing. > > , > | dpkg (1.17.0) unstable; urgency=low > | [...] > | * Execute maintainer scripts in a new execution context, based on the > | current one and the specific maintainer script filename, and if it's > | not different to the current one, use "dpkg_script_t" as a fallback. > ` > > , > | refpolicy (2:2.20140206-1) unstable; urgency=medium > | [...] > | - Allow unconfined user to transition to dpkg_t and transitively to > | dpkg_script_t (Closes: #707214) > ` > > See https://bugs.debian.org/707214 for more information. > > Cheers, >Sven > -- http://markorandjelovic.hopto.org "The only thing necessary for the triumph of evil is that good people do nothing." -- Edmund Burke
Re: System in broken state after dpkg upgrade
On 2016-09-07 17:13 +0200, Marko Randjelovic wrote: > On Wed, 07 Sep 2016 15:17:23 +0200 > Sven Joachimwrote: > >> File a bug against dpkg. In the meantime, rebooting with the >> "selinux=0" kernel parameter should give you a working dpkg. > > After rebooting with 'selinux=0' I reinstalled dpkg with success: > > dpkg -i /var/cache/apt/archives/dpkg_deb > > However, then I wanted to install reportbug and during install received > the same error. Which is not surprising if you had rebooted without that kernel parameter again. Don Armstrong already gave the right hint: your selinux policy does not know about dpkg_script_t, and you should upgrade your selinux-policy-* package(s) to the jessie version. See the changelogs of dpkg and refpolicy: , | dpkg (1.17.0) unstable; urgency=low | [...] | * Execute maintainer scripts in a new execution context, based on the | current one and the specific maintainer script filename, and if it's | not different to the current one, use "dpkg_script_t" as a fallback. ` , | refpolicy (2:2.20140206-1) unstable; urgency=medium | [...] | - Allow unconfined user to transition to dpkg_t and transitively to | dpkg_script_t (Closes: #707214) ` See https://bugs.debian.org/707214 for more information. Cheers, Sven
Re: System in broken state after dpkg upgrade
On Wed, 07 Sep 2016, Marko Randjelovic wrote: > I have mixed wheezy/jessie system. When tried to upgrade cmake from > jessie, apt pulled other packages including dpkg which gave error > during configure: [...] > dpkg (subprocess): cannot set security execution context for maintainer > script: Invalid argument > dpkg: error processing package dpkg (--configure): > subprocess installed post-installation script returned error exit status 2 > Errors were encountered while processing: > dpkg You have selinux enabled, and for whatever reason, setting the appropriate security context for the maintainer script, likely because you haven't upgraded refpolicy to properly support dpkg_script_t or other set up the selinux policy correctly. Fix that, and you should be able to complete the install. -- Don Armstrong https://www.donarmstrong.com The whole modern world has divided itself into Conservatives and Progressives. The business of Progressives is to go on making mistakes. The business of the Conservatives is to prevent the mistakes from being corrected. -- G. K. Chesterton "Illustrated London News (1924-04-19)"
Re: System in broken state after dpkg upgrade
On Wed, 07 Sep 2016 15:17:23 +0200 Sven Joachimwrote: > File a bug against dpkg. In the meantime, rebooting with the > "selinux=0" kernel parameter should give you a working dpkg. After rebooting with 'selinux=0' I reinstalled dpkg with success: dpkg -i /var/cache/apt/archives/dpkg_deb However, then I wanted to install reportbug and during install received the same error. root@debian:~# apt-get install reportbug Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: python-debian python-debianbts python-fpconst python-reportbug python-soappy Suggested packages: postfix exim4 mail-transport-agent debconf-utils debsums dlocate python-urwid python-vte python-gtkspell emacs22-bin-common emacs23-bin-common claws-mail Recommended packages: python-apt The following NEW packages will be installed: python-debian python-debianbts python-fpconst python-reportbug python-soappy reportbug 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/468 kB of archives. After this operation, 1,819 kB of additional disk space will be used. Do you want to continue? [Y/n] Selecting previously unselected package python-debian. (Reading database ... 115166 files and directories currently installed.) Preparing to unpack .../python-debian_0.1.21_all.deb ... Unpacking python-debian (0.1.21) ... Selecting previously unselected package python-fpconst. Preparing to unpack .../python-fpconst_0.7.2-5_all.deb ... Unpacking python-fpconst (0.7.2-5) ... Selecting previously unselected package python-soappy. Preparing to unpack .../python-soappy_0.12.0-4_all.deb ... Unpacking python-soappy (0.12.0-4) ... Selecting previously unselected package python-debianbts. Preparing to unpack .../python-debianbts_1.11_all.deb ... Unpacking python-debianbts (1.11) ... Selecting previously unselected package python-reportbug. Preparing to unpack .../python-reportbug_6.4.4+deb7u1_all.deb ... Unpacking python-reportbug (6.4.4+deb7u1) ... Selecting previously unselected package reportbug. Preparing to unpack .../reportbug_6.4.4+deb7u1_all.deb ... Unpacking reportbug (6.4.4+deb7u1) ... Processing triggers for desktop-file-utils (0.20-0.1) ... dpkg (subprocess): cannot set security execution context for maintainer script: Invalid argument dpkg: error processing package desktop-file-utils (--unpack): subprocess installed post-installation script returned error exit status 2 Processing triggers for man-db (2.7.0.2-5) ... dpkg (subprocess): cannot set security execution context for maintainer script: Invalid argument dpkg: error processing package man-db (--unpack): subprocess installed post-installation script returned error exit status 2 Errors were encountered while processing: desktop-file-utils man-db E: Sub-process /usr/bin/dpkg returned an error code (1) root@debian:~# setenforce 0 root@debian:~# apt-get install reportbug Reading package lists... Done Building dependency tree Reading state information... Done reportbug is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 8 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Setting up man-db (2.7.0.2-5) ... Updating database of manual pages ... Setting up python-debian (0.1.21) ... Setting up python-fpconst (0.7.2-5) ... Setting up python-soappy (0.12.0-4) ... Setting up python-debianbts (1.11) ... Setting up python-reportbug (6.4.4+deb7u1) ... Setting up reportbug (6.4.4+deb7u1) ... Setting up desktop-file-utils (0.20-0.1) ... Processing triggers for python-support (1.0.15) ... root@debian:~# apt-cache policy libselinux1 libselinux1: Installed: 2.3-2 Candidate: 2.3-2 Version table: 2.5-3 0 350 http://ftp.de.debian.org/debian/ testing/main amd64 Packages *** 2.3-2 0 450 http://ftp.de.debian.org/debian/ jessie/main amd64 Packages 100 /var/lib/dpkg/status 2.1.9-5 0 500 cdrom://[Debian GNU/Linux 7.8.0 _Wheezy_ - Official amd64 DVD Binary-1 20150110-14:43]/ wheezy/main amd64 Packages 500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages root@debian:~# apt-cache policy libpcre3 libpcre3: Installed: 2:8.35-3.3+deb8u4 Candidate: 2:8.35-3.3+deb8u4 Version table: 2:8.39-2 0 350 http://ftp.de.debian.org/debian/ testing/main amd64 Packages *** 2:8.35-3.3+deb8u4 0 450 http://ftp.de.debian.org/debian/ jessie/main amd64 Packages 100 /var/lib/dpkg/status 1:8.30-5 0 500 cdrom://[Debian GNU/Linux 7.8.0 _Wheezy_ - Official amd64 DVD Binary-1 20150110-14:43]/ wheezy/main amd64 Packages 500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages -- http://markorandjelovic.hopto.org "The only thing necessary for the triumph of evil is that good people do nothing." -- Edmund Burke
Re: System in broken state after dpkg upgrade
On Wed, 07 Sep 2016 15:17:23 +0200 Sven Joachimwrote: > This might be a bug in dpkg or in one of the libraries it depends on > (libselinux1 comes to mind). What are the versions of libselinux1 and > libpcre3 on your system? They are both latest jessie versions. -- http://markorandjelovic.hopto.org "The only thing necessary for the triumph of evil is that good people do nothing." -- Edmund Burke
Re: System in broken state after dpkg upgrade
On 2016-09-07 10:16 +0200, Marko Randjelovic wrote: > I have mixed wheezy/jessie system. This is not really recommended, since your particular combination of packages might not have been tested by anyone. Having all packages from the same distribution avoids this source of problems. > When tried to upgrade cmake from > jessie, apt pulled other packages including dpkg which gave error > during configure: > Setting up dpkg (1.17.27) ... > Installing new version of config file /etc/cron.daily/dpkg ... > dpkg (subprocess): cannot set security execution context for maintainer > script: Invalid argument > dpkg: error processing package dpkg (--configure): > subprocess installed post-installation script returned error exit status 2 > Errors were encountered while processing: > dpkg This might be a bug in dpkg or in one of the libraries it depends on (libselinux1 comes to mind). What are the versions of libselinux1 and libpcre3 on your system? > Please help. File a bug against dpkg. In the meantime, rebooting with the "selinux=0" kernel parameter should give you a working dpkg. Cheers, Sven
System in broken state after dpkg upgrade
I have mixed wheezy/jessie system. When tried to upgrade cmake from jessie, apt pulled other packages including dpkg which gave error during configure: root@debian:~# apt-get -t jessie install cmake Reading package lists... Done Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: libxmlrpc-core-c3 Use 'apt-get autoremove' to remove it. The following extra packages will be installed: cmake-data dpkg fontconfig install-info libarchive13 libpipeline1 man-db Suggested packages: codeblocks eclipse ninja-build lrzip groff The following NEW packages will be installed: libarchive13 The following packages will be upgraded: cmake cmake-data dpkg fontconfig install-info libpipeline1 man-db 7 upgraded, 1 newly installed, 0 to remove and 791 not upgraded. Need to get 8,200 kB of archives. After this operation, 3,399 kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://security.debian.org/ jessie/updates/main fontconfig amd64 2.11.0-6.3+deb8u1 [403 kB] Get:2 http://ftp.de.debian.org/debian/ jessie/main install-info amd64 5.2.0.dfsg.1-6 [193 kB] Get:3 http://ftp.de.debian.org/debian/ jessie/main libpipeline1 amd64 1.4.0-1 [27.9 kB] Get:4 http://ftp.de.debian.org/debian/ jessie/main man-db amd64 2.7.0.2-5 [1,000 kB] Get:5 http://security.debian.org/ jessie/updates/main libarchive13 amd64 3.1.2-11+deb8u2 [270 kB] Get:6 http://ftp.de.debian.org/debian/ jessie/main dpkg amd64 1.17.27 [2,994 kB] Get:7 http://ftp.de.debian.org/debian/ jessie/main cmake amd64 3.0.2-1 [2,384 kB] Get:8 http://ftp.de.debian.org/debian/ jessie/main cmake-data all 3.0.2-1 [929 kB] Fetched 8,200 kB in 9s (845 kB/s) Preconfiguring packages ... (Reading database ... 115145 files and directories currently installed.) Preparing to replace fontconfig 2.9.0-7.1+deb7u1 (using .../fontconfig_2.11.0-6.3+deb8u1_amd64.deb) ... Unpacking replacement fontconfig ... Preparing to replace install-info 4.13a.dfsg.1-10 (using .../install-info_5.2.0.dfsg.1-6_amd64.deb) ... Unpacking replacement install-info ... Processing triggers for man-db ... Setting up install-info (5.2.0.dfsg.1-6) ... (Reading database ... 115145 files and directories currently installed.) Preparing to replace libpipeline1:amd64 1.2.1-1 (using .../libpipeline1_1.4.0-1_amd64.deb) ... Unpacking replacement libpipeline1:amd64 ... Preparing to replace man-db 2.6.2-1 (using .../man-db_2.7.0.2-5_amd64.deb) ... Unpacking replacement man-db ... Preparing to replace dpkg 1.16.18 (using .../dpkg_1.17.27_amd64.deb) ... Unpacking replacement dpkg ... Processing triggers for mime-support ... Setting up dpkg (1.17.27) ... Installing new version of config file /etc/cron.daily/dpkg ... dpkg (subprocess): cannot set security execution context for maintainer script: Invalid argument dpkg: error processing package dpkg (--configure): subprocess installed post-installation script returned error exit status 2 Errors were encountered while processing: dpkg E: Sub-process /usr/bin/dpkg returned an error code (1) root@debian:~# dpkg --configure -a Setting up libpipeline1:amd64 (1.4.0-1) ... dpkg (subprocess): cannot set security execution context for maintainer script: Invalid argument dpkg: error processing package libpipeline1:amd64 (--configure): subprocess installed post-installation script returned error exit status 2 Setting up dpkg (1.17.27) ... dpkg (subprocess): cannot set security execution context for maintainer script: Invalid argument dpkg: error processing package dpkg (--configure): subprocess installed post-installation script returned error exit status 2 dpkg: dependency problems prevent configuration of man-db: man-db depends on libpipeline1 (>= 1.3.0); however: Package libpipeline1:amd64 is not configured yet. man-db depends on dpkg (>= 1.16.1~); however: Package dpkg is not configured yet. dpkg: error processing package man-db (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of fontconfig: fontconfig depends on dpkg (>= 1.16.1); however: Package dpkg is not configured yet. dpkg: error processing package fontconfig (--configure): dependency problems - leaving unconfigured Errors were encountered while processing: libpipeline1:amd64 dpkg man-db fontconfig root@debian:~# apt-get -f install Reading package lists... Done Building dependency tree Reading state information... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 4 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Setting up dpkg (1.17.27) ... dpkg (subprocess): cannot set security execution context for maintainer script: Invalid argument dpkg: error processing package dpkg (--configure): subprocess installed post-installation script returned error exit status 2 Setting up libpipeline1:amd64 (1.4.0-1)