[Desktop-packages] [Bug 1843044]
Created attachment 9123528 Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS is not enabled on build -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1843044 Title: firefox crashes on a FIPS enabled machine Status in Mozilla Firefox: New Status in firefox package in Ubuntu: Confirmed Bug description: [IMPACT] firefox is not a FIPS certified library. firefox uses bundled nss and on a machine running FIPS enabled kernel, nss by default goes into FIPS mode if /proc/sys/crypto/fips_enabled=1. This is an untested configuration and since firefox with bundled nss is not a certified library we propose disabling reading the 'fips_enabled' flag and therefore switching the library automatically into FIPS mode. A FIPS customer reported firefox crash on a FIPS enabled system and strace showed it was repeatedly trying to read the fips_enabled flag from the bundled nss before crashing. The proposed patch disables reading the /proc/sys/crypto/fips_enabled flag. The users of the library however can force nss into FIPS mode via an environment variable. We plan to leave it as is so as not to regress existing users who may be using it. The issue impacts firefox versions in eoan, disco, bionic and xenial. lsb_release -rd Description: Ubuntu Eoan Ermine (development branch) Release: 19.10 Version: 2:3.45-1ubuntu1 lsb_release -rd Description: Ubuntu Disco Dingo Release: 19.04 Version: 2:3.42-1ubuntu2 lsb_release -rd Description: Ubuntu Bionic Beaver Release: 18.04 Version: 2:3.35-2ubuntu2.3 lsb_release -rd Description: Ubuntu 16.04.3 LTS Release: 16.04 Version: 2:3.28.4-0ubuntu0.16.04 [FIX] This fix proposes to disable bundled nss in firefox reading proc/sys/crypto/fips_enabled. We only want fips certified modules reading this file and running in fips mode. firefox is not one of our fips certified modules, so should not be reading this along with our fips certified modules to determine whether to run in fips mode. Users who do want to run the library in FIPS mode can do so by using the environment variable "NSS_FIPS". We propose to leave it as is so as not to regress anyone using this. The user who is using this option should be doing so with the awareness. [TEST] Tested on a xenial and bionic desktop ISO running FIPS enabled kernel and in FIPS mode. With the patch fix no crashes were observed when launching firefox browser. Without the patch fix, firefox crashes. Tested on a xenial and bionic desktop ISO running non-FIPS generic kernel. With the patch fix, firefox worked as expected and no changes were observed. [REGRESSION POTENTIAL] The regression potential for this is small. A FIPS kernel is required to create /proc/sys/crypto/fips_enabled and it is not available in the standard Ubuntu archive. For users forcing FIPS through environment variable, nothing has changed. To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1843044/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1843044]
Sure, I'm not familiar with the process but will give it a try. Sorry for the late response btw, I've been afk :) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1843044 Title: firefox crashes on a FIPS enabled machine Status in Mozilla Firefox: New Status in firefox package in Ubuntu: Confirmed Bug description: [IMPACT] firefox is not a FIPS certified library. firefox uses bundled nss and on a machine running FIPS enabled kernel, nss by default goes into FIPS mode if /proc/sys/crypto/fips_enabled=1. This is an untested configuration and since firefox with bundled nss is not a certified library we propose disabling reading the 'fips_enabled' flag and therefore switching the library automatically into FIPS mode. A FIPS customer reported firefox crash on a FIPS enabled system and strace showed it was repeatedly trying to read the fips_enabled flag from the bundled nss before crashing. The proposed patch disables reading the /proc/sys/crypto/fips_enabled flag. The users of the library however can force nss into FIPS mode via an environment variable. We plan to leave it as is so as not to regress existing users who may be using it. The issue impacts firefox versions in eoan, disco, bionic and xenial. lsb_release -rd Description: Ubuntu Eoan Ermine (development branch) Release: 19.10 Version: 2:3.45-1ubuntu1 lsb_release -rd Description: Ubuntu Disco Dingo Release: 19.04 Version: 2:3.42-1ubuntu2 lsb_release -rd Description: Ubuntu Bionic Beaver Release: 18.04 Version: 2:3.35-2ubuntu2.3 lsb_release -rd Description: Ubuntu 16.04.3 LTS Release: 16.04 Version: 2:3.28.4-0ubuntu0.16.04 [FIX] This fix proposes to disable bundled nss in firefox reading proc/sys/crypto/fips_enabled. We only want fips certified modules reading this file and running in fips mode. firefox is not one of our fips certified modules, so should not be reading this along with our fips certified modules to determine whether to run in fips mode. Users who do want to run the library in FIPS mode can do so by using the environment variable "NSS_FIPS". We propose to leave it as is so as not to regress anyone using this. The user who is using this option should be doing so with the awareness. [TEST] Tested on a xenial and bionic desktop ISO running FIPS enabled kernel and in FIPS mode. With the patch fix no crashes were observed when launching firefox browser. Without the patch fix, firefox crashes. Tested on a xenial and bionic desktop ISO running non-FIPS generic kernel. With the patch fix, firefox worked as expected and no changes were observed. [REGRESSION POTENTIAL] The regression potential for this is small. A FIPS kernel is required to create /proc/sys/crypto/fips_enabled and it is not available in the standard Ubuntu archive. For users forcing FIPS through environment variable, nothing has changed. To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1843044/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1843044]
Created attachment 9120251 nss-stop-fips-query-when-disabled.patch -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1843044 Title: firefox crashes on a FIPS enabled machine Status in Mozilla Firefox: New Status in firefox package in Ubuntu: Confirmed Bug description: [IMPACT] firefox is not a FIPS certified library. firefox uses bundled nss and on a machine running FIPS enabled kernel, nss by default goes into FIPS mode if /proc/sys/crypto/fips_enabled=1. This is an untested configuration and since firefox with bundled nss is not a certified library we propose disabling reading the 'fips_enabled' flag and therefore switching the library automatically into FIPS mode. A FIPS customer reported firefox crash on a FIPS enabled system and strace showed it was repeatedly trying to read the fips_enabled flag from the bundled nss before crashing. The proposed patch disables reading the /proc/sys/crypto/fips_enabled flag. The users of the library however can force nss into FIPS mode via an environment variable. We plan to leave it as is so as not to regress existing users who may be using it. The issue impacts firefox versions in eoan, disco, bionic and xenial. lsb_release -rd Description: Ubuntu Eoan Ermine (development branch) Release: 19.10 Version: 2:3.45-1ubuntu1 lsb_release -rd Description: Ubuntu Disco Dingo Release: 19.04 Version: 2:3.42-1ubuntu2 lsb_release -rd Description: Ubuntu Bionic Beaver Release: 18.04 Version: 2:3.35-2ubuntu2.3 lsb_release -rd Description: Ubuntu 16.04.3 LTS Release: 16.04 Version: 2:3.28.4-0ubuntu0.16.04 [FIX] This fix proposes to disable bundled nss in firefox reading proc/sys/crypto/fips_enabled. We only want fips certified modules reading this file and running in fips mode. firefox is not one of our fips certified modules, so should not be reading this along with our fips certified modules to determine whether to run in fips mode. Users who do want to run the library in FIPS mode can do so by using the environment variable "NSS_FIPS". We propose to leave it as is so as not to regress anyone using this. The user who is using this option should be doing so with the awareness. [TEST] Tested on a xenial and bionic desktop ISO running FIPS enabled kernel and in FIPS mode. With the patch fix no crashes were observed when launching firefox browser. Without the patch fix, firefox crashes. Tested on a xenial and bionic desktop ISO running non-FIPS generic kernel. With the patch fix, firefox worked as expected and no changes were observed. [REGRESSION POTENTIAL] The regression potential for this is small. A FIPS kernel is required to create /proc/sys/crypto/fips_enabled and it is not available in the standard Ubuntu archive. For users forcing FIPS through environment variable, nothing has changed. To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1843044/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1843044]
Created attachment 9120250 nss-stop-fips-query-when-disabled.patch I'm attaching a patch that uses NSS_FIPS_DISABLED so /proc/sys/crypto/fips_enabled won't be checked when NSS is not built in FIPS mode (without --enable-fips). -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1843044 Title: firefox crashes on a FIPS enabled machine Status in Mozilla Firefox: New Status in firefox package in Ubuntu: Confirmed Bug description: [IMPACT] firefox is not a FIPS certified library. firefox uses bundled nss and on a machine running FIPS enabled kernel, nss by default goes into FIPS mode if /proc/sys/crypto/fips_enabled=1. This is an untested configuration and since firefox with bundled nss is not a certified library we propose disabling reading the 'fips_enabled' flag and therefore switching the library automatically into FIPS mode. A FIPS customer reported firefox crash on a FIPS enabled system and strace showed it was repeatedly trying to read the fips_enabled flag from the bundled nss before crashing. The proposed patch disables reading the /proc/sys/crypto/fips_enabled flag. The users of the library however can force nss into FIPS mode via an environment variable. We plan to leave it as is so as not to regress existing users who may be using it. The issue impacts firefox versions in eoan, disco, bionic and xenial. lsb_release -rd Description: Ubuntu Eoan Ermine (development branch) Release: 19.10 Version: 2:3.45-1ubuntu1 lsb_release -rd Description: Ubuntu Disco Dingo Release: 19.04 Version: 2:3.42-1ubuntu2 lsb_release -rd Description: Ubuntu Bionic Beaver Release: 18.04 Version: 2:3.35-2ubuntu2.3 lsb_release -rd Description: Ubuntu 16.04.3 LTS Release: 16.04 Version: 2:3.28.4-0ubuntu0.16.04 [FIX] This fix proposes to disable bundled nss in firefox reading proc/sys/crypto/fips_enabled. We only want fips certified modules reading this file and running in fips mode. firefox is not one of our fips certified modules, so should not be reading this along with our fips certified modules to determine whether to run in fips mode. Users who do want to run the library in FIPS mode can do so by using the environment variable "NSS_FIPS". We propose to leave it as is so as not to regress anyone using this. The user who is using this option should be doing so with the awareness. [TEST] Tested on a xenial and bionic desktop ISO running FIPS enabled kernel and in FIPS mode. With the patch fix no crashes were observed when launching firefox browser. Without the patch fix, firefox crashes. Tested on a xenial and bionic desktop ISO running non-FIPS generic kernel. With the patch fix, firefox worked as expected and no changes were observed. [REGRESSION POTENTIAL] The regression potential for this is small. A FIPS kernel is required to create /proc/sys/crypto/fips_enabled and it is not available in the standard Ubuntu archive. For users forcing FIPS through environment variable, nothing has changed. To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1843044/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
** Tags removed: verification-needed verification-needed-disco ** Tags added: verification-done verification-done-disco -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1822062 Title: Race condition on boot between cups and sssd Status in cups package in Ubuntu: Fix Released Status in cups source package in Xenial: Fix Committed Status in cups source package in Bionic: Fix Committed Status in cups source package in Cosmic: Fix Committed Status in cups source package in Disco: Fix Committed Status in cups source package in Eoan: Fix Released Bug description: [Impact] * When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. * The patch adds an "After=sssd.service" clause to the service unit file. [Test Case] * Configure an external authentication service (LDAP, AD...) and create a group, for instance "lpadmins@tests.local" * Set SystemGroup to match that group in /etc/cups/cups-files.conf: SystemGroup lpadmins@tests.local * Reboot * If cups has started before sssd has finished booting, cups will crash: Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. * If cups starts after sssd, it will work fine. [Regression Potential] * Minimal: this patch affects just the ordering of the service unit file. [Other Info] * Upstream: https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d [Original description] When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
# VERIFICATION: DISCO - Using the reproducer defined in the test case and the version in -updates: ubuntu@disco-sssd-ad:~$ dpkg -l | grep -E "cups-daemon| cups |cups-common" ii cups 2.2.10-4amd64 Common UNIX Printing System(tm) - PPD/driver support, web interface ii cups-common 2.2.10-4all Common UNIX Printing System(tm) - common files ii cups-daemon 2.2.10-4amd64 Common UNIX Printing System(tm) - daemon ubuntu@disco-sssd-ad:~$ grep -i systemgroup /etc/cups/cups-files.conf SystemGroup lpadmins@TESTS.LOCAL ubuntu@disco-sssd-ad:~$ systemd-analyze critical-chain cups.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. cups.service +161ms └─cups.socket @46.229s └─sysinit.target @42.682s └─cloud-init.service @37.411s +5.239s └─systemd-networkd-wait-online.service @35.640s +1.727s └─systemd-networkd.service @35.419s +189ms └─network-pre.target @35.415s └─cloud-init-local.service @21.419s +13.992s └─systemd-remount-fs.service @7.277s +570ms └─systemd-journald.socket @7.070s └─system.slice @6.915s └─-.slice @6.915s - After reboot, cups fails to start: ubuntu@disco-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2019-05-07 11:12:09 UTC; 16min ago Docs: man:cupsd(8) Process: 747 ExecStart=/usr/sbin/cupsd -l (code=exited, status=1/FAILURE) Main PID: 747 (code=exited, status=1/FAILURE) May 07 11:12:09 disco-sssd-ad systemd[1]: Stopped CUPS Scheduler. May 07 11:12:09 disco-sssd-ad systemd[1]: Started CUPS Scheduler. May 07 11:12:09 disco-sssd-ad systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE May 07 11:12:09 disco-sssd-ad systemd[1]: cups.service: Failed with result 'exit-code'. May 07 11:12:09 disco-sssd-ad systemd[1]: cups.service: Service RestartSec=100ms expired, scheduling resta May 07 11:12:09 disco-sssd-ad systemd[1]: cups.service: Scheduled restart job, restart counter is at 5. May 07 11:12:09 disco-sssd-ad systemd[1]: Stopped CUPS Scheduler. May 07 11:12:09 disco-sssd-ad systemd[1]: cups.service: Start request repeated too quickly. May 07 11:12:09 disco-sssd-ad systemd[1]: cups.service: Failed with result 'exit-code'. May 07 11:12:09 disco-sssd-ad systemd[1]: Failed to start CUPS Scheduler. ubuntu@disco-sssd-ad:~$ grep cupsd /var/log/syslog | grep -v kernel May 7 11:12:10 disco-sssd-ad cupsd[692]: Unknown SystemGroup "lpadmins@TESTS.LOCAL" on line 19 of /etc/cups/cups-files.conf. May 7 11:12:10 disco-sssd-ad cupsd[692]: Unable to read "/etc/cups/cups-files.conf" due to errors. May 7 11:12:10 disco-sssd-ad cupsd[721]: Unknown SystemGroup "lpadmins@TESTS.LOCAL" on line 19 of /etc/cups/cups-files.conf. ... - Using the version in -proposed, after rebooting, cups works fine: ubuntu@disco-sssd-ad:~$ dpkg -l | grep -E "cups-daemon| cups |cups-common" ii cups 2.2.10-4ubuntu1 amd64 Common UNIX Printing System(tm) - PPD/driver support, web interface ii cups-common 2.2.10-4ubuntu1 all Common UNIX Printing System(tm) - common files ii cups-daemon 2.2.10-4ubuntu1 amd64 Common UNIX Printing System(tm) - daemon ubuntu@disco-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-05-07 11:32:52 UTC; 33s ago Docs: man:cupsd(8) Main PID: 812 (cupsd) Tasks: 1 (limit: 2356) Memory: 2.5M CGroup: /system.slice/cups.service └─812 /usr/sbin/cupsd -l May 07 11:32:52 disco-sssd-ad systemd[1]: Started CUPS Scheduler. ubuntu@disco-sssd-ad:~$ systemd-analyze critical-chain cups.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. cups.service @49.422s └─sssd.service @41.473s +7.943s └─basic.target @41.321s └─sockets.target @41.318s └─snapd.socket @41.111s +184ms └─sysinit.target @40.800s └─cloud-init.service @37.899s +2.895s └─systemd-networkd-wait-online.service @36.713s +1.141s └─systemd-networkd.service @36.346s +360ms └─network-pre.target @36.341s └─cloud-init-local.service @21.748s +14.588s └─systemd-remount-fs.service @8.932s +140ms └─systemd-journald.socket @8.844s
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
# VERIFICATION: COSMIC - Using the reproducer defined in the test case and the version in -updates: ubuntu@cosmic-sssd-ad:~$ dpkg -l | grep -E "cups-daemon| cups |cups-common" ii cups 2.2.8-5ubuntu1.2amd64 Common UNIX Printing System(tm) - PPD/driver support, web interface ii cups-common 2.2.8-5ubuntu1.2all Common UNIX Printing System(tm) - common files ii cups-daemon 2.2.8-5ubuntu1.2amd64 Common UNIX Printing System(tm) - daemon ubuntu@cosmic-sssd-ad:~$ grep -i systemgroup /etc/cups/cups-files.conf SystemGroup lpadmins@TESTS.LOCAL ubuntu@cosmic-sssd-ad:~$ systemd-analyze critical-chain cups.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. cups.service @5d 44min 19.075s └─basic.target @32.610s └─sockets.target @32.602s └─snap.lxd.daemon.unix.socket @2min 24.862s └─snap-lxd-10601.mount @2min 1.485s +39ms └─local-fs-pre.target @8.493s └─systemd-tmpfiles-setup-dev.service @8.103s +386ms └─systemd-sysusers.service @7.546s +550ms └─systemd-remount-fs.service @7.143s +373ms └─systemd-journald.socket @7.033s └─-.mount @6.938s └─system.slice @6.938s └─-.slice @6.938s - After reboot, cups fails to start: ubuntu@cosmic-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2019-05-07 10:06:49 UTC; 57min ago Docs: man:cupsd(8) Process: 1173 ExecStart=/usr/sbin/cupsd -l (code=exited, status=1/FAILURE) Main PID: 1173 (code=exited, status=1/FAILURE) May 07 10:06:49 cosmic-sssd-ad systemd[1]: cups.service: Service RestartSec=100ms expired, scheduling rest May 07 10:06:49 cosmic-sssd-ad systemd[1]: cups.service: Scheduled restart job, restart counter is at 5. May 07 10:06:49 cosmic-sssd-ad systemd[1]: Stopped CUPS Scheduler. May 07 10:06:49 cosmic-sssd-ad systemd[1]: cups.service: Start request repeated too quickly. May 07 10:06:49 cosmic-sssd-ad systemd[1]: cups.service: Failed with result 'exit-code'. May 07 10:06:49 cosmic-sssd-ad systemd[1]: Failed to start CUPS Scheduler. ubuntu@cosmic-sssd-ad:~$ grep cupsd /var/log/syslog | grep -v kernel May 7 10:06:45 cosmic-sssd-ad cupsd[1033]: Unknown SystemGroup "lpadmins@TESTS.LOCAL" on line 19 of /etc/cups/cups-files.conf. May 7 10:06:45 cosmic-sssd-ad cupsd[1033]: Unable to read "/etc/cups/cups-files.conf" due to errors. May 7 10:06:47 cosmic-sssd-ad cupsd[1122]: Unknown SystemGroup "lpadmins@TESTS.LOCAL" on line 19 of /etc/cups/cups-files.conf. May 7 10:06:47 cosmic-sssd-ad cupsd[1122]: Unable to read "/etc/cups/cups-files.conf" due to errors. ... - Using the version in -proposed, after rebooting, cups works fine: ubuntu@cosmic-sssd-ad:~$ dpkg -l | grep -E "cups-daemon| cups |cups-common" ii cups 2.2.8-5ubuntu1.3amd64 Common UNIX Printing System(tm) - PPD/driver support, web interface ii cups-common 2.2.8-5ubuntu1.3all Common UNIX Printing System(tm) - common files ii cups-daemon 2.2.8-5ubuntu1.3amd64 Common UNIX Printing System(tm) - daemon ubuntu@cosmic-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-05-07 11:13:20 UTC; 58s ago Docs: man:cupsd(8) Main PID: 1297 (cupsd) Tasks: 1 (limit: 2361) Memory: 2.7M CGroup: /system.slice/cups.service └─1297 /usr/sbin/cupsd -l May 07 11:13:20 cosmic-sssd-ad systemd[1]: Started CUPS Scheduler. ubuntu@cosmic-sssd-ad:~$ systemd-analyze critical-chain cups.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. cups.service @1min 6.619s └─sssd.service @54.111s +12.499s └─basic.target @54.032s └─sockets.target @54.030s └─snapd.socket @53.965s +61ms └─sysinit.target @53.361s └─cloud-init.service @48.760s +4.493s └─systemd-networkd-wait-online.service @46.946s +1.809s └─systemd-networkd.service @46.237s +675ms └─network-pre.target @46.230s └─cloud-init-local.service @22.765s +23.458s └─systemd-remount-fs.service @10.923s +199ms └─systemd-journald.socket @10.574s └─system.slice @10.466s └─-.slice @10.466s - Using the version in -proposed, with sssd not installe
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
# VERIFICATION: BIONIC - Using the reproducer defined in the test case and the version in -updates: ubuntu@bionic-sssd-ad:~$ dpkg -l | grep -E "cups-daemon| cups |cups-common" ii cups 2.2.7-1ubuntu2.4 amd64Common UNIX Printing System(tm) - PPD/driver support, web interface ii cups-common 2.2.7-1ubuntu2.4 all Common UNIX Printing System(tm) - common files ii cups-daemon 2.2.7-1ubuntu2.4 amd64Common UNIX Printing System(tm) - daemon ubuntu@bionic-sssd-ad:~$ grep -i systemgroup /etc/cups/cups-files.conf SystemGroup lpadmins@TESTS.LOCAL ubuntu@bionic-sssd-ad:~$ systemd-analyze critical-chain cups.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. cups.service @5d 44min 17.034s └─basic.target @41.538s └─sockets.target @41.534s └─lxd.socket @41.422s +104ms └─sysinit.target @41.320s └─systemd-update-utmp.service @40.757s +99ms └─systemd-tmpfiles-setup.service @39.550s +1.181s └─local-fs.target @13.659s └─var-lib-lxcfs.mount @43.131s └─local-fs-pre.target @9.991s └─systemd-tmpfiles-setup-dev.service @8.859s +1.127s └─kmod-static-nodes.service @8.510s +303ms └─systemd-journald.socket @8.460s └─system.slice @8.334s └─-.slice @8.326s - After reboot, cups fails to start: ubuntu@bionic-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Tue 2019-05-07 10:06:32 UTC; 27min ago Docs: man:cupsd(8) Process: 969 ExecStart=/usr/sbin/cupsd -l (code=exited, status=1/FAILURE) Main PID: 969 (code=exited, status=1/FAILURE) May 07 10:06:32 bionic-sssd-ad systemd[1]: cups.service: Service hold-off time over, scheduling restart. May 07 10:06:32 bionic-sssd-ad systemd[1]: cups.service: Scheduled restart job, restart counter is at 5. May 07 10:06:32 bionic-sssd-ad systemd[1]: Stopped CUPS Scheduler. May 07 10:06:32 bionic-sssd-ad systemd[1]: cups.service: Start request repeated too quickly. May 07 10:06:32 bionic-sssd-ad systemd[1]: cups.service: Failed with result 'exit-code'. May 07 10:06:32 bionic-sssd-ad systemd[1]: Failed to start CUPS Scheduler. ubuntu@bionic-sssd-ad:~$ grep cupsd /var/log/syslog | grep -v kernel May 7 10:06:30 bionic-sssd-ad cupsd[860]: Unknown SystemGroup "lpadmins@TESTS.LOCAL" on line 19 of /etc/cups/cups-files.conf. May 7 10:06:30 bionic-sssd-ad cupsd[860]: Unable to read "/etc/cups/cups-files.conf" due to errors. ... - Using the version in -proposed, after rebooting, cups works fine: ubuntu@bionic-sssd-ad:~$ dpkg -l | grep -E "cups-daemon| cups |cups-common" ii cups 2.2.7-1ubuntu2.5 amd64Common UNIX Printing System(tm) - PPD/driver support, web interface ii cups-common 2.2.7-1ubuntu2.5 all Common UNIX Printing System(tm) - common files ii cups-daemon 2.2.7-1ubuntu2.5 amd64Common UNIX Printing System(tm) - daemon ubuntu@bionic-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-05-07 10:36:49 UTC; 9min ago Docs: man:cupsd(8) Main PID: 1036 (cupsd) Tasks: 1 (limit: 2361) CGroup: /system.slice/cups.service └─1036 /usr/sbin/cupsd -l May 07 10:36:49 bionic-sssd-ad systemd[1]: Started CUPS Scheduler. ubuntu@bionic-sssd-ad:~$ systemd-analyze critical-chain cups.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. cups.service @46.601s └─sssd.service @39.137s +7.411s └─basic.target @39.068s └─sockets.target @39.062s └─snapd.socket @38.991s +62ms └─sysinit.target @38.817s └─cloud-init.service @35.077s +3.695s └─systemd-networkd-wait-online.service @33.910s +1.151s └─systemd-networkd.service @33.667s +205ms └─network-pre.target @33.654s └─cloud-init-local.service @19.639s +14.007s └─systemd-remount-fs.service @6.538s +851ms └─systemd-journald.socket @6.460s └─system.slice @6.408s └─-.slice @6.129s - Using the version in -proposed, with sssd not installed in the machine (and setting SystemGroup to the original local group "lpadmin"), cups still starts
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
# VERIFICATION: XENIAL - Using the reproducer defined in the test case and the version in -updates: ubuntu@xenial-sssd-ad:~$ dpkg -l | grep -E "cups-daemon| cups |cups-common" ii cups 2.1.3-4ubuntu0.7 amd64Common UNIX Printing System(tm) - PPD/driver support, web interface ii cups-common 2.1.3-4ubuntu0.7 all Common UNIX Printing System(tm) - common files ii cups-daemon 2.1.3-4ubuntu0.7 amd64Common UNIX Printing System(tm) - daemon ubuntu@xenial-sssd-ad:~$ grep -i systemgroup /etc/cups/cups-files.conf SystemGroup lpadmins@TESTS.LOCAL ubuntu@xenial-sssd-ad:~$ systemd-analyze critical-chain cups.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. cups.service @5d 44min 12.341s └─basic.target @35.619s └─sockets.target @35.617s └─lxd.socket @35.592s +11ms └─sysinit.target @35.463s └─cloud-init.service @31.929s +3.152s └─networking.service @15.375s +16.549s └─network-pre.target @15.326s └─cloud-init-local.service @6.646s +8.677s └─systemd-remount-fs.service @5.484s +342ms └─system.slice @5.461s └─-.slice @5.389s - After reboot, cups fails to start: ubuntu@xenial-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: failed (Result: start-limit-hit) since Tue 2019-05-07 10:06:07 UTC; 1min 57s ago Docs: man:cupsd(8) Process: 1152 ExecStart=/usr/sbin/cupsd -l (code=exited, status=1/FAILURE) Main PID: 1152 (code=exited, status=1/FAILURE) May 07 10:06:07 xenial-sssd-ad systemd[1]: cups.service: Failed with result 'exit-code'. May 07 10:06:07 xenial-sssd-ad systemd[1]: Started CUPS Scheduler. May 07 10:06:07 xenial-sssd-ad cupsd[1152]: Unknown SystemGroup "lpadmins@TESTS.LOCAL" on line 19 of /etc/ May 07 10:06:07 xenial-sssd-ad cupsd[1152]: Unable to read "/etc/cups/cups-files.conf" due to errors. May 07 10:06:07 xenial-sssd-ad systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILUR May 07 10:06:07 xenial-sssd-ad systemd[1]: cups.service: Unit entered failed state. May 07 10:06:07 xenial-sssd-ad systemd[1]: cups.service: Failed with result 'exit-code'. May 07 10:06:07 xenial-sssd-ad systemd[1]: cups.service: Start request repeated too quickly. May 07 10:06:07 xenial-sssd-ad systemd[1]: Failed to start CUPS Scheduler. May 07 10:06:07 xenial-sssd-ad systemd[1]: cups.service: Failed with result 'start-limit-hit'. - Using the version in -proposed, after rebooting: ubuntu@xenial-sssd-ad:~$ dpkg -l | grep -E "cups-daemon| cups |cups-common" ii cups 2.1.3-4ubuntu0.8 amd64Common UNIX Printing System(tm) - PPD/driver support, web interface ii cups-common 2.1.3-4ubuntu0.8 all Common UNIX Printing System(tm) - common files ii cups-daemon 2.1.3-4ubuntu0.8 amd64Common UNIX Printing System(tm) - daemon ubuntu@xenial-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-05-07 10:14:10 UTC; 2min 20s ago Docs: man:cupsd(8) Main PID: 1276 (cupsd) Tasks: 1 Memory: 2.1M CPU: 12ms CGroup: /system.slice/cups.service └─1276 /usr/sbin/cupsd -l May 07 10:14:10 xenial-sssd-ad systemd[1]: Started CUPS Scheduler. ubuntu@xenial-sssd-ad:~$ systemd-analyze critical-chain cups.service The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. cups.service @32.661s └─sssd.service @29.252s +3.393s └─basic.target @29.247s └─sockets.target @29.245s └─lxd.socket @29.225s +10ms └─sysinit.target @29.117s └─cloud-init.service @26.685s +2.416s └─networking.service @11.315s +15.364s └─network-pre.target @11.301s └─cloud-init-local.service @3.841s +7.457s └─systemd-remount-fs.service @3.084s +278ms └─systemd-journald.socket @3.036s └─-.slice @2.984s - Using the version in -proposed, with sssd not installed in the machine (and setting SystemGroup to the original local group "lpadmin"), cups still starts: buntu@xenial-sssd-ad:~$ systemctl status cups ● cups.service - CUPS Scheduler Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2019-05-07 10:18:50 UTC;
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
** Patch added: "xenial-cups.debdiff" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+attachment/5258671/+files/xenial-cups.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1822062 Title: Race condition on boot between cups and sssd Status in cups package in Ubuntu: New Status in cups source package in Xenial: New Status in cups source package in Bionic: New Status in cups source package in Cosmic: New Status in cups source package in Disco: New Status in cups source package in Eoan: New Bug description: [Impact] * When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. * The patch adds an "After=sssd.service" clause to the service unit file. [Test Case] * Configure an external authentication service (LDAP, AD...) and create a group, for instance "lpadmins@tests.local" * Set SystemGroup to match that group in /etc/cups/cups-files.conf: SystemGroup lpadmins@tests.local * Reboot * If cups has started before sssd has finished booting, cups will crash: Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. * If cups starts after sssd, it will work fine. [Regression Potential] * Minimal: this patch affects just the ordering of the service unit file. [Other Info] * Upstream: https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d [Original description] When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
** Patch added: "disco-cups.debdiff" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+attachment/5258668/+files/disco-cups.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1822062 Title: Race condition on boot between cups and sssd Status in cups package in Ubuntu: New Status in cups source package in Xenial: New Status in cups source package in Bionic: New Status in cups source package in Cosmic: New Status in cups source package in Disco: New Status in cups source package in Eoan: New Bug description: [Impact] * When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. * The patch adds an "After=sssd.service" clause to the service unit file. [Test Case] * Configure an external authentication service (LDAP, AD...) and create a group, for instance "lpadmins@tests.local" * Set SystemGroup to match that group in /etc/cups/cups-files.conf: SystemGroup lpadmins@tests.local * Reboot * If cups has started before sssd has finished booting, cups will crash: Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. * If cups starts after sssd, it will work fine. [Regression Potential] * Minimal: this patch affects just the ordering of the service unit file. [Other Info] * Upstream: https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d [Original description] When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
** Description changed: + [Impact] + + * When cups has set the "SystemGroup" directive to an external group + provided through sss and cups starts before sssd has finished booting, + cups will crash because the group does not exist. + + * The patch adds an "After=sssd.service" clause to the service unit + file. + + [Test Case] + + * Configure an external authentication service (LDAP, AD...) and create + a group, for instance "lpadmins@tests.local" + + * Set SystemGroup to match that group (SystemGroup = + "lpadmins@tests.local") + + * Reboot + + * If cups has started before sssd has finished booting, cups will crash: + Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. + + * If cups starts after sssd, it will work fine. + + [Regression Potential] + + * Minimal: this patch affects just the ordering of the service unit + file. + + [Other Info] + + * Upstream: https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d + + [Original description] + When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. ** Also affects: cups (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: cups (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: cups (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: cups (Ubuntu Disco) Importance: Undecided Status: New ** Also affects: cups (Ubuntu Cosmic) Importance: Undecided Status: New ** Description changed: [Impact] - * When cups has set the "SystemGroup" directive to an external group + * When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. - * The patch adds an "After=sssd.service" clause to the service unit + * The patch adds an "After=sssd.service" clause to the service unit file. [Test Case] - * Configure an external authentication service (LDAP, AD...) and create + * Configure an external authentication service (LDAP, AD...) and create a group, for instance "lpadmins@tests.local" - * Set SystemGroup to match that group (SystemGroup = - "lpadmins@tests.local") + * Set SystemGroup to match that group in /etc/cups/cups-files.conf: + SystemGroup lpadmins@tests.local - * Reboot + * Reboot - * If cups has started before sssd has finished booting, cups will crash: + * If cups has started before sssd has finished booting, cups will crash: Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. - * If cups starts after sssd, it will work fine. + * If cups starts after sssd, it will work fine. [Regression Potential] - * Minimal: this patch affects just the ordering of the service unit + * Minimal: this patch affects just the ordering of the service unit file. [Other Info] - - * Upstream: https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d + + * Upstream: + https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d [Original description] When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Director
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
** Patch added: "cosmic-cups.debdiff" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+attachment/5258669/+files/cosmic-cups.debdiff ** Patch removed: "disco-cups.debdiff" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+attachment/5258668/+files/disco-cups.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1822062 Title: Race condition on boot between cups and sssd Status in cups package in Ubuntu: New Status in cups source package in Xenial: New Status in cups source package in Bionic: New Status in cups source package in Cosmic: New Status in cups source package in Disco: New Status in cups source package in Eoan: New Bug description: [Impact] * When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. * The patch adds an "After=sssd.service" clause to the service unit file. [Test Case] * Configure an external authentication service (LDAP, AD...) and create a group, for instance "lpadmins@tests.local" * Set SystemGroup to match that group in /etc/cups/cups-files.conf: SystemGroup lpadmins@tests.local * Reboot * If cups has started before sssd has finished booting, cups will crash: Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. * If cups starts after sssd, it will work fine. [Regression Potential] * Minimal: this patch affects just the ordering of the service unit file. [Other Info] * Upstream: https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d [Original description] When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
** Patch added: "bionic-cups.debdiff" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+attachment/5258670/+files/bionic-cups.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1822062 Title: Race condition on boot between cups and sssd Status in cups package in Ubuntu: New Status in cups source package in Xenial: New Status in cups source package in Bionic: New Status in cups source package in Cosmic: New Status in cups source package in Disco: New Status in cups source package in Eoan: New Bug description: [Impact] * When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. * The patch adds an "After=sssd.service" clause to the service unit file. [Test Case] * Configure an external authentication service (LDAP, AD...) and create a group, for instance "lpadmins@tests.local" * Set SystemGroup to match that group in /etc/cups/cups-files.conf: SystemGroup lpadmins@tests.local * Reboot * If cups has started before sssd has finished booting, cups will crash: Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. * If cups starts after sssd, it will work fine. [Regression Potential] * Minimal: this patch affects just the ordering of the service unit file. [Other Info] * Upstream: https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d [Original description] When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1822062] Re: Race condition on boot between cups and sssd
** Patch added: "disco-cups.debdiff" https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+attachment/5258667/+files/disco-cups.debdiff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1822062 Title: Race condition on boot between cups and sssd Status in cups package in Ubuntu: New Status in cups source package in Xenial: New Status in cups source package in Bionic: New Status in cups source package in Cosmic: New Status in cups source package in Disco: New Status in cups source package in Eoan: New Bug description: [Impact] * When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. * The patch adds an "After=sssd.service" clause to the service unit file. [Test Case] * Configure an external authentication service (LDAP, AD...) and create a group, for instance "lpadmins@tests.local" * Set SystemGroup to match that group in /etc/cups/cups-files.conf: SystemGroup lpadmins@tests.local * Reboot * If cups has started before sssd has finished booting, cups will crash: Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. * If cups starts after sssd, it will work fine. [Regression Potential] * Minimal: this patch affects just the ordering of the service unit file. [Other Info] * Upstream: https://github.com/apple/cups/commit/4d0f1959a3f46973caec2cd41828c59674fe195d [Original description] When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1822062] [NEW] Race condition on boot between cups and sssd
Public bug reported: When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. ** Affects: cups (Ubuntu) Importance: Undecided Status: New ** Tags: sts -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1822062 Title: Race condition on boot between cups and sssd Status in cups package in Ubuntu: New Bug description: When cups has set the "SystemGroup" directive to an external group provided through sss and cups starts before sssd has finished booting, cups will crash because the group does not exist. For instance, with a group named lpadmins@tests.local served from Active Directory through sssd, if the sssd service hasn't booted before cups: Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started CUPS Scheduler. Mar 27 10:10:33 cups-sssd systemd[1]: Started Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unknown SystemGroup "lpadmins@tests.local" on line 19 of /etc/cups/cups-files.conf. Mar 27 10:10:33 cups-sssd cupsd[21463]: Unable to read "/etc/cups/cups-files.conf" due to errors. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Main process exited, code=exited, status=1/FAILURE Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Failed with result 'exit-code'. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Service hold-off time over, scheduling restart. Mar 27 10:10:33 cups-sssd systemd[1]: cups.service: Scheduled restart job, restart counter is at 2. Mar 27 10:10:33 cups-sssd systemd[1]: Stopping Make remote CUPS printers available locally... Mar 27 10:10:33 cups-sssd systemd[1]: Stopped Make remote CUPS printers available locally. Mar 27 10:10:33 cups-sssd systemd[1]: Stopped CUPS Scheduler. If sssd is running before cups starts, everything works as expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1822062/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
