Package: runit-helper
Version: 2.16.6
Severity: critical
Hi,
(rationale for critical severity: makes unrelated software break)
/usr/lib/runit-helper/runit-helper only performs requested runit service
operations if the following test succeeds:
ok_pipe () {
[ -p "/etc/sv/$NAME/supervise/ok" ]
}
This test can yield both false positives and false negatives.
* False positive: /etc/sv/$NAME was a runit service, but is no longer
symlinked into the directory runsvdir monitors (e.g. due to runsvchdir), so the
supervise/ok pipe still exists but there is no process attached to it.
* False negative: if a runit service is installed in any directory other than
/etc/sv, /etc/service/$NAME/supervise/ok may exist and be a pipe without
/etc/sv/$NAME/supervise/ok existing.
I have been hit by the false-negative error on two openssh-server upgrades,
once when upgrading to 10.0p1 and once (today) with 10.4p1 -- in both cases, if
ssh is not restarted after the package upgrade, it can't accept new
connections. (If being able to ssh into a system is the entire purpose of the
system, then this even "breaks the entire system".)
My ssh runit service is not /etc/sv/ssh, so even though the openssh-server
postinst script did try to issue a runit restart command like this:
NAME='ssh' ENABLE='yes' ONUPGRADE='restart'
/usr/lib/runit-helper/runit-helper postinst "$@"
This was ineffective because runit-helper decided not to perform the restart.
If runit helper were less (unnecessarily?) complex and had just tried to "sv
restart $NAME", ssh would just have worked after the upgrade.
(On a philosophical level, I think it's better for such critical, low-level
system software to just attempt requested operations instead of trying to
anticipate all possible errors and not even making the attempt if it looks like
it might fail.)
My recommendation would be to lose 90% of the complexity in runit-helper that
deals with potentially not doing what it was asked to do; and instead
handle/mask errors (if any) after they happen.
AndrĂ¡s
-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 7 (freia/ceres)
Release: 7
Codename: freia ceres
Architecture: x86_64
Kernel: Linux 7.0.13+deb14-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: runit (via /run/runit.stopit)
LSM: AppArmor: enabled
-- no debconf information
--
In DBLSPACE no one can hear you scream.