This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=a335ee075be83eb7f69e85644b9ece40bc29a6a5 commit a335ee075be83eb7f69e85644b9ece40bc29a6a5 Author: Guillem Jover <[email protected]> AuthorDate: Mon Aug 2 02:36:45 2021 +0200 dpkg-fsys-usrunmess: Install a local policy-rc.d to ignore service restarts When in systemd emergency mode, starting (including restarting) services will force exiting the emergency mode, which can leave the system in a pretty bad state. Part of the reason for reconfiguring all packages is to both force any regeneration of missing files, and ideally to possibly restart services so that they use the new real pathnames, but restarting services is the most fragile part and with the most potential to fail for whatever reason, so we will skip restarting services entirely. A reboot after the conversion is strongly advised. Closes: #991190 Stable-Candidate: 1.20.x --- man/dpkg-fsys-usrunmess.pod | 9 +++++++++ scripts/dpkg-fsys-usrunmess.pl | 46 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/man/dpkg-fsys-usrunmess.pod b/man/dpkg-fsys-usrunmess.pod index f7065f5f1..08df56b59 100644 --- a/man/dpkg-fsys-usrunmess.pod +++ b/man/dpkg-fsys-usrunmess.pod @@ -93,8 +93,17 @@ Remove shadow root directory. =item * +Register a B<policy-rc.d> to disallow service actions, which means that +services might need to be restarted afterwards, ideally via a reboot. + +=item * + Reconfigure all packages. +=item * + +Unregister the B<policy-rc.d> and restore the alternatives state. + =back B<Note>: When running the program from some shells such as L<bash(1)> or diff --git a/scripts/dpkg-fsys-usrunmess.pl b/scripts/dpkg-fsys-usrunmess.pl index 63b09ade7..ec2cb97b5 100755 --- a/scripts/dpkg-fsys-usrunmess.pl +++ b/scripts/dpkg-fsys-usrunmess.pl @@ -358,6 +358,27 @@ if (not $opt_noact) { # Re-configure all packages, so that postinst maintscripts are executed. # +my $policypath = '/usr/sbin/dpkg-fsys-usrunmess-policy-rc.d'; + +debug('installing local policy-rc.d'); +if (not $opt_noact) { + open my $policyfh, '>', $policypath + or sysfatal("cannot create $policypath"); + print { $policyfh } <<'POLICYRC'; +#!/bin/sh +echo "$0: Denied action $2 for service $1" +exit 101 +POLICYRC + close $policyfh or fatal("cannot write $policypath"); + + my @alt = (qw(/usr/sbin/policy-rc.d policy-rc.d), $policypath, qw(1000)); + system(qw(update-alternatives --install), @alt) == 0 + or fatal("cannot register $policypath"); + + system(qw(update-alternatives --set policy-rc.d), $policypath) == 0 + or fatal("cannot select alternative $policypath"); +} + debug('reconfigured all packages'); if (not $opt_noact) { local $ENV{DEBIAN_FRONTEND} = 'noninteractive'; @@ -365,7 +386,25 @@ if (not $opt_noact) { or fatal("cannot reconfigure packages: $!"); } +debug('removing local policy-rc.d'); +if (not $opt_noact) { + system(qw(update-alternatives --remove policy-rc.d), $policypath) == 0 + or fatal("cannot unregister $policypath: $!"); + + unlink $policypath + or warning("cannot remove $policypath"); + + # Restore the selections we saved initially. + open my $altfh, '|-', qw(update-alternatives --set-selections) + or fatal("cannot restore alternatives state"); + print { $altfh } $_ foreach @selections; + close $altfh or fatal("cannot restore alternatives state"); +} + +print "\n"; + print "Done, hierarchy unmessed, congrats!\n"; +print "Rebooting now is very strongly advised.\n"; print "(Note: you might need to run 'hash -r' in your shell.)\n"; @@ -382,6 +421,13 @@ sub debug print { \*STDERR } "D: $msg\n"; } +sub warning +{ + my $msg = shift; + + warn "warning: $msg\n"; +} + sub fatal { my $msg = shift; -- Dpkg.Org's dpkg
