Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-10-02 Thread Aurelien Jarno 
Hi,

On 2021-09-30 22:16, Adam D. Barratt wrote:
> On Mon, 2021-09-27 at 12:38 +0100, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed d-i
> > 
> 
> To confirm some IRC conversations - given the closeness of the freeze
> for 11.1, please feel free to upload and kibi can review the package
> from stable-new.
> 

Unfortunately Cyril has found an issue while testing, the query to debconf
doesn't work when the libc6.preinst script is re-executed by the debconf
frontend:

| ...
| Preparing to unpack .../libc6_2.31-13+deb11u1_amd64.deb ...
| debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by 
another process: Resource temporarily unavailable
| Unpacking libc6:amd64 (2.31-13+deb11u1) over (2.31-13+deb11u1) .
| ...

This message is harmless in most cases, but can cause a switch to text
mode while debconf is able to fallback to another frontend. It is also
very worrying for users.

As discussed on IRC, I have uploaded glibc 2.31-13+deb11u2 that fixes
that issue by not trying to detect if debconf is available when the 
debconf frontend has already been loaded. You will find the
corresponding debdiff attached.

Regards,
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net
diff --git a/debian/changelog b/debian/changelog
index dd5370af..7c23c790 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+glibc (2.31-13+deb11u2) bullseye; urgency=medium
+
+  [ Aurelien Jarno ]
+  * debian/debhelper.in/libc.preinst: do not try to detect if debconf is
+available when the debconf frontend has already been loaded.
+
+ -- Aurelien Jarno   Sat, 02 Oct 2021 14:47:40 +0200
+
 glibc (2.31-13+deb11u1) bullseye; urgency=medium
 
   [ Aurelien Jarno ]
diff --git a/debian/debhelper.in/libc.preinst b/debian/debhelper.in/libc.preinst
index f0285832..ff59ad9a 100644
--- a/debian/debhelper.in/libc.preinst
+++ b/debian/debhelper.in/libc.preinst
@@ -23,7 +23,11 @@ if [ "$type" != abort-upgrade -a -z "$DPKG_ROOT" ]
 then
 # Check if the debconf module is available and usable
 USE_DEBCONF=
-if [ -f /usr/share/debconf/confmodule ]; then
+if [ "$DEBIAN_HAS_FRONTEND" ]; then
+# Debconf is already loaded, so we already checked if the frontend
+# is usable or not
+USE_DEBCONF=1
+elif [ -f /usr/share/debconf/confmodule ]; then
 # cdebconf has a working fallback mechanism in case dialog
 # is not usable, so do not try to do anything smart here
 if [ "$DEBCONF_USE_CDEBCONF" ] ; then


signature.asc
Description: PGP signature

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-10-01 Thread Cyril Brulebois 
Adam D. Barratt  (2021-09-30):
> To confirm some IRC conversations - given the closeness of the freeze
> for 11.1, please feel free to upload and kibi can review the package
> from stable-new.

No objections, and apologies for the lag.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-09-30 Thread Adam D. Barratt 
On Mon, 2021-09-27 at 12:38 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
> 

To confirm some IRC conversations - given the closeness of the freeze
for 11.1, please feel free to upload and kibi can review the package
from stable-new.

Regards,

Adam


> Control: fixed 994042 2.32-3
> 
> Hi,
> 
> On Sun, 2021-09-26 at 22:16 +0200, Aurelien Jarno wrote:
> > Hi,
> > 
> > On 2021-09-26 20:46, Adam D. Barratt wrote:
> > > On Tue, 2021-09-21 at 23:47 +0200, Aurelien Jarno wrote:
> > > [...]
> > > > In the meantime another issue that would need to be fixed in
> > > > sid
> > > > > > came
> > > > as
> > > > bug#994042. 
> > > > 
> > > > This time the issue is in the preinst. To summarize, in the
> > > > case
> > > > debconf is not usable to prompt the user about the upgrade, the
> > > > preinst switches to text prompt. However as the debconf module
> > > > has
> > > > been loaded got control of the tty, which prevent any input
> > > > from
> > > > the
> > > > user. For skilled users it still possible to kill the upgrade
> > > > from
> > > > another, but other users will probably try other actions that
> > > > might
> > > > have damaging effects (like rebooting the system).
> > > > 
> > > > The fix is to get the debconf configuration without using the
> > > > debconf
> > > > module, as suggested by Colin Watson.
> > > > 
> > > 
> > > Thanks. That looks OK to me, particularly with Colin's review.
> > 
> > Thanks for the review. I guess that now it just needs a kibi-ack.
> 
> Yep; re-tagging accordingly.
> 
> > > Is there an ETA for getting the fix into unstable?
> > 
> > Upgrades from buster to bookworm are not supported, so it means
> > upgrade
> > to bookworm starts from bullseye, which has a fixed debconf (the
> > issue
> > has been fixed in version 1.5.76). Therefore the fix in unstable
> > has
> > been done in glibc 2.32-3 by just dropping all the workaround:
> > 
> > https://salsa.debian.org/glibc-team/glibc/-/commit/66359576b1aa793ae6c79618b188738287cf8789
> 
> Aha, thanks for connecting the dots. I was misled / confused slightly
> by the lack of fixed versions on #994042, where the version tracking
> implies that unstable is still affected, and 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994042;msg=33 not
> indicating which branch the fix was on (I realise I {c,sh}ould have
> checked). I've added a fixed version based on your explanation above;
> hopefully that makes the status clearer.
> 
> Regards,
> 
> Adam
> 
>

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-09-30 Thread Aurelien Jarno 
Hi,

On 2021-09-27 12:38, Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
> Control: fixed 994042 2.32-3
> 
> Hi,
> 
> On Sun, 2021-09-26 at 22:16 +0200, Aurelien Jarno wrote:
> > Hi,
> > 
> > On 2021-09-26 20:46, Adam D. Barratt wrote:
> > > On Tue, 2021-09-21 at 23:47 +0200, Aurelien Jarno wrote:
> > > [...]
> > > > In the meantime another issue that would need to be fixed in sid
> > > > > > came
> > > > as
> > > > bug#994042. 
> > > > 
> > > > This time the issue is in the preinst. To summarize, in the case
> > > > debconf is not usable to prompt the user about the upgrade, the
> > > > preinst switches to text prompt. However as the debconf module
> > > > has
> > > > been loaded got control of the tty, which prevent any input from
> > > > the
> > > > user. For skilled users it still possible to kill the upgrade
> > > > from
> > > > another, but other users will probably try other actions that
> > > > might
> > > > have damaging effects (like rebooting the system).
> > > > 
> > > > The fix is to get the debconf configuration without using the
> > > > debconf
> > > > module, as suggested by Colin Watson.
> > > > 
> > > 
> > > Thanks. That looks OK to me, particularly with Colin's review.
> > 
> > Thanks for the review. I guess that now it just needs a kibi-ack.
> 
> Yep; re-tagging accordingly.

I have just uploaded this package to bullseye.

Regards,
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-09-27 Thread Adam D. Barratt 
Control: tags -1 + confirmed d-i
Control: fixed 994042 2.32-3

Hi,

On Sun, 2021-09-26 at 22:16 +0200, Aurelien Jarno wrote:
> Hi,
> 
> On 2021-09-26 20:46, Adam D. Barratt wrote:
> > On Tue, 2021-09-21 at 23:47 +0200, Aurelien Jarno wrote:
> > [...]
> > > In the meantime another issue that would need to be fixed in sid
> > > > > came
> > > as
> > > bug#994042. 
> > > 
> > > This time the issue is in the preinst. To summarize, in the case
> > > debconf is not usable to prompt the user about the upgrade, the
> > > preinst switches to text prompt. However as the debconf module
> > > has
> > > been loaded got control of the tty, which prevent any input from
> > > the
> > > user. For skilled users it still possible to kill the upgrade
> > > from
> > > another, but other users will probably try other actions that
> > > might
> > > have damaging effects (like rebooting the system).
> > > 
> > > The fix is to get the debconf configuration without using the
> > > debconf
> > > module, as suggested by Colin Watson.
> > > 
> > 
> > Thanks. That looks OK to me, particularly with Colin's review.
> 
> Thanks for the review. I guess that now it just needs a kibi-ack.

Yep; re-tagging accordingly.

> > Is there an ETA for getting the fix into unstable?
> 
> Upgrades from buster to bookworm are not supported, so it means
> upgrade
> to bookworm starts from bullseye, which has a fixed debconf (the
> issue
> has been fixed in version 1.5.76). Therefore the fix in unstable has
> been done in glibc 2.32-3 by just dropping all the workaround:
> 
> https://salsa.debian.org/glibc-team/glibc/-/commit/66359576b1aa793ae6c79618b188738287cf8789

Aha, thanks for connecting the dots. I was misled / confused slightly
by the lack of fixed versions on #994042, where the version tracking
implies that unstable is still affected, and 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994042;msg=33 not
indicating which branch the fix was on (I realise I {c,sh}ould have
checked). I've added a fixed version based on your explanation above;
hopefully that makes the status clearer.

Regards,

Adam

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-09-26 Thread Aurelien Jarno 
Hi,

On 2021-09-26 20:46, Adam D. Barratt wrote:
> On Tue, 2021-09-21 at 23:47 +0200, Aurelien Jarno wrote:
> [...]
> > In the meantime another issue that would need to be fixed in sid
> > > > came
> > as
> > bug#994042. 
> > 
> > This time the issue is in the preinst. To summarize, in the case
> > debconf is not usable to prompt the user about the upgrade, the
> > preinst switches to text prompt. However as the debconf module has
> > been loaded got control of the tty, which prevent any input from the
> > user. For skilled users it still possible to kill the upgrade from
> > another, but other users will probably try other actions that might
> > have damaging effects (like rebooting the system).
> > 
> > The fix is to get the debconf configuration without using the debconf
> > module, as suggested by Colin Watson.
> > 
> 
> Thanks. That looks OK to me, particularly with Colin's review.

Thanks for the review. I guess that now it just needs a kibi-ack.
 
> Is there an ETA for getting the fix into unstable?

Upgrades from buster to bookworm are not supported, so it means upgrade
to bookworm starts from bullseye, which has a fixed debconf (the issue
has been fixed in version 1.5.76). Therefore the fix in unstable has
been done in glibc 2.32-3 by just dropping all the workaround:

https://salsa.debian.org/glibc-team/glibc/-/commit/66359576b1aa793ae6c79618b188738287cf8789

Regards,
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-09-26 Thread Adam D. Barratt 
On Tue, 2021-09-21 at 23:47 +0200, Aurelien Jarno wrote:
[...]
> In the meantime another issue that would need to be fixed in sid
> > > came
> as
> bug#994042. 
> 
> This time the issue is in the preinst. To summarize, in the case
> debconf is not usable to prompt the user about the upgrade, the
> preinst switches to text prompt. However as the debconf module has
> been loaded got control of the tty, which prevent any input from the
> user. For skilled users it still possible to kill the upgrade from
> another, but other users will probably try other actions that might
> have damaging effects (like rebooting the system).
> 
> The fix is to get the debconf configuration without using the debconf
> module, as suggested by Colin Watson.
> 

Thanks. That looks OK to me, particularly with Colin's review.

Is there an ETA for getting the fix into unstable?

Regards,

Adam

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-09-21 Thread Aurelien Jarno 
control: tag -1 - confirmed

On 2021-09-04 15:08, Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
> 
> On Sun, 2021-08-22 at 14:58 +0200, Aurelien Jarno wrote:
> > During the upgrade from Buster to Bullseye, the SSH server is not
> > restarted following the libc6 upgrade, causing new SSH connections to
> > get rejected until the SSH server is restarted later in the upgrade.
> > 
> > It could be considered as a regression as it didn't happen during the
> > upgrade from Stretch to Buster.
> > 
> > [ Impact ]
> > Upgrade might fail or get stuck for remote upgrade using SSH if for
> > some reason the SSH connection breaks. Using screen or tmux doesn't
> > help here as it is not possible to connect again using SSH.
> [...]
> > The change consist in updating the regex getting the list of services
> > in the "installed" state, to  also consider openssh-server in
> > 'unpacked' state.
> 
> +glibc (2.31-13+deb11u1) unstable; urgency=medium
> 
> The distribution there should be "bullseye".

Indeed good catch. dch just reuse the one from the previous entry.

> I realise that the changes don't affect the udeb, but for completeness
> this wants a kibi-ack; CCed and tagging appropriately. Please feel free
> to go ahead on that basis.

In the meantime another issue that would need to be fixed in sid came as
bug#994042. 

This time the issue is in the preinst. To summarize, in the case debconf
is not usable to prompt the user about the upgrade, the preinst switches
to text prompt. However as the debconf module has been loaded got
control of the tty, which prevent any input from the user. For skilled
users it still possible to kill the upgrade from another, but other
users will probably try other actions that might have damaging effects
(like rebooting the system).

The fix is to get the debconf configuration without using the debconf
module, as suggested by Colin Watson.

You will find the new debdiff including this fix attached to the mail.
It has been tested by using the reproducer providing by Colin with an
additional repository containing the fixed glibc packages. Two cases
have been tested:
- upgrade + dist-upgrade to reproduce the original issue where the
  preinst switches to text prompt and verify that the user input is now
  accepted
- dist-upgrade to get a debconf prompt and verify it still works.

Could you please consider this new debdiff for bullseye?

Regards,
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net
diff --git a/debian/changelog b/debian/changelog
index 138f350a..d19a1d75 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+glibc (2.31-13+deb11u1) bullseye; urgency=medium
+
+  [ Aurelien Jarno ]
+  * debian/script.in/nsscheck.sh: restart openssh-server even if it has been
+deconfigured during the upgrade.  Closes: #990069.
+  * debian/debhelper.in/libc.preinst: fix text fallback when debconf is
+unusable, the current debconf configuration should be queried without
+first sourcing the confmodule to avoid losing control of the tty. Big
+thanks to Colin Watson for the help diagnosing the issue and for providing
+an easy reproducer.  Closes: #994042.
+
+ -- Aurelien Jarno   Sun, 22 Aug 2021 14:38:58 +0200
+
 glibc (2.31-13) unstable; urgency=medium
 
   [ Colin Watson ]
diff --git a/debian/debhelper.in/libc.preinst b/debian/debhelper.in/libc.preinst
index d679db4f..f0285832 100644
--- a/debian/debhelper.in/libc.preinst
+++ b/debian/debhelper.in/libc.preinst
@@ -21,23 +21,23 @@ kfreebsd_compare_versions () {
 
 if [ "$type" != abort-upgrade -a -z "$DPKG_ROOT" ]
 then
-# Load debconf module if available and usable
+# Check if the debconf module is available and usable
+USE_DEBCONF=
 if [ -f /usr/share/debconf/confmodule ]; then
 # cdebconf has a working fallback mechanism in case dialog
 # is not usable, so do not try to do anything smart here
 if [ "$DEBCONF_USE_CDEBCONF" ] ; then
-. /usr/share/debconf/confmodule
 USE_DEBCONF=1
 # debconf requires perl
 elif perl -e "" 2>/dev/null ; then
-. /usr/share/debconf/confmodule
 # Check that the selected frontend will work
 if [ -n "$DEBIAN_FRONTEND" ] ; then
 frontend="$DEBIAN_FRONTEND"
 else
-db_version 2.0
-db_get debconf/frontend || RET="Dialog"
-frontend="$RET"
+# Query the frontend without first sourcing the confmodule to 
avoid
+# losing control of the tty. This snippet must not be copied 
blindly.
+frontend="$(echo 'GET debconf/frontend' | debconf-communicate 
| sed '/^0 /!d;s/^0 //')"
+frontend="${frontend:-Dialog}"
 fi
 frontend=`echo $frontend | tr '[:upper:]' '[:lower:]'`
 case "$frontend" in
@@ -61,6 +61,11 @@ then
 fi

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-09-04 Thread Adam D. Barratt 
Control: tags -1 + confirmed d-i

On Sun, 2021-08-22 at 14:58 +0200, Aurelien Jarno wrote:
> During the upgrade from Buster to Bullseye, the SSH server is not
> restarted following the libc6 upgrade, causing new SSH connections to
> get rejected until the SSH server is restarted later in the upgrade.
> 
> It could be considered as a regression as it didn't happen during the
> upgrade from Stretch to Buster.
> 
> [ Impact ]
> Upgrade might fail or get stuck for remote upgrade using SSH if for
> some reason the SSH connection breaks. Using screen or tmux doesn't
> help here as it is not possible to connect again using SSH.
[...]
> The change consist in updating the regex getting the list of services
> in the "installed" state, to  also consider openssh-server in
> 'unpacked' state.

+glibc (2.31-13+deb11u1) unstable; urgency=medium

The distribution there should be "bullseye".

I realise that the changes don't affect the udeb, but for completeness
this wants a kibi-ack; CCed and tagging appropriately. Please feel free
to go ahead on that basis.

Regards,

Adam

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-09-02 Thread Aurelien Jarno 
On 2021-08-22 14:58, Aurelien Jarno wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: debian-gl...@lists.debian.org
> 
> [ Reason ]
> During the upgrade from Buster to Bullseye, the SSH server is not
> restarted following the libc6 upgrade, causing new SSH connections to
> get rejected until the SSH server is restarted later in the upgrade.
> 
> It could be considered as a regression as it didn't happen during the
> upgrade from Stretch to Buster.
> 
> [ Impact ]
> Upgrade might fail or get stuck for remote upgrade using SSH if for some
> reason the SSH connection breaks. Using screen or tmux doesn't help here
> as it is not possible to connect again using SSH.
> 
> [ Tests ]
> This is not covered by any automated test. This has been tested using a
> VM with a fresh Buster installation. This code is in unstable for a few
> days, and no issue has been reported so far.

Please note that the code is now in testing.

Regards,
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-08-22 Thread Paul Gevers 
Hi,

On 22-08-2021 14:58, Aurelien Jarno wrote:
> The alternative is to read the release notes and upgrade openssh-server
> before upgrading the full system.

That would be this paragraph:
https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#ssh-not-available

It would be good if we could drop that. For what it's worth (I'm not the
SRM), I agree with this fix.

Paul



OpenPGP_signature
Description: OpenPGP digital signature

Bug#992693: bullseye-pu: package glibc/2.31-13+deb11u1

2021-08-22 Thread Aurelien Jarno 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-gl...@lists.debian.org

[ Reason ]
During the upgrade from Buster to Bullseye, the SSH server is not
restarted following the libc6 upgrade, causing new SSH connections to
get rejected until the SSH server is restarted later in the upgrade.

It could be considered as a regression as it didn't happen during the
upgrade from Stretch to Buster.

[ Impact ]
Upgrade might fail or get stuck for remote upgrade using SSH if for some
reason the SSH connection breaks. Using screen or tmux doesn't help here
as it is not possible to connect again using SSH.

[ Tests ]
This is not covered by any automated test. This has been tested using a
VM with a fresh Buster installation. This code is in unstable for a few
days, and no issue has been reported so far.

[ Risks ]
The risk can probably be considered low. If openssh-server fails to
start due to a removed config option, the installation will continue
anyway, after displaying a debconf message that the service has failed
to restart. This will just leave the SSH service disabled, until it get
restarted later in the upgrade.

The alternative is to read the release notes and upgrade openssh-server
before upgrading the full system.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The change consist in updating the regex getting the list of services in
the "installed" state, to  also consider openssh-server in 'unpacked'
state.
diff --git a/debian/changelog b/debian/changelog
index 138f350a..a8586063 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+glibc (2.31-13+deb11u1) unstable; urgency=medium
+
+  [ Aurelien Jarno ]
+  * debian/script.in/nsscheck.sh: restart openssh-server even if it has been
+deconfigured during the upgrade.  Closes: #990069.
+
+ -- Aurelien Jarno   Sun, 22 Aug 2021 14:41:36 +0200
+
 glibc (2.31-13) unstable; urgency=medium
 
   [ Colin Watson ]
diff --git a/debian/script.in/nsscheck.sh b/debian/script.in/nsscheck.sh
index 8406a543..7e21b8e4 100644
--- a/debian/script.in/nsscheck.sh
+++ b/debian/script.in/nsscheck.sh
@@ -1,8 +1,10 @@
echo -n "Checking for services that may need to be restarted..."
# Only get the ones that are installed, of the same architecture
-   # as libc (or arch all) and configured
+   # as libc (or arch all) and configured. Restart openssh-server even
+   # if only half-configured to continue accepting new connections
+   # during the upgrade.
check=$(dpkg-query -W -f='${binary:Package} ${Status} 
${Architecture}\n' $check 2> /dev/null | \
-   grep -E "installed (all|${DPKG_MAINTSCRIPT_ARCH})$" | 
sed 's/[: ].*//')
+   grep -E "(^openssh-server .* unpacked|installed) 
(all|${DPKG_MAINTSCRIPT_ARCH})$" | sed 's/[: ].*//')
# some init scripts don't match the package names
check=$(echo $check | \
sed -e's/\bapache2.2-common\b/apache2/g' \