Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade

2018-10-10 Thread Thorsten Glaser 
On Wed, 10 Oct 2018, Jeroen Dekkers wrote:

> Here we generate /etc/default/grub based on the values stored by
> debconf.

I think that that is the problem. You should not generate a
completely new file if the file is user-extensible or contains
values that aren’t also passed through debconf.

You should use something like ed/sed to replace the value
instead, to change only the line in question.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade

2018-10-09 Thread Jeroen Dekkers 
On Tue, 11 Apr 2017 19:26:44 +0200,
Thorsten Glaser wrote:
> debconf (developer): starting /tmp/grub-pc.config.GkdXih configure 
> 2.02~beta2-36
> debconf (developer): <-- SET grub2/linux_cmdline rootdelay=5 net.ifnames=0 
> syscall.x32=y vsyscall=emulate kaslr
> debconf (developer): --> 0 value set
> debconf (developer): <-- SET grub2/linux_cmdline_default
> debconf (developer): --> 0 value set
> debconf (developer): <-- SET grub-pc/timeout 4
> debconf (developer): --> 0 value set
> debconf (developer): <-- INPUT medium grub2/linux_cmdline
> debconf (developer): --> 30 question skipped
> debconf (developer): <-- INPUT medium grub2/linux_cmdline_default
> debconf (developer): --> 30 question skipped
> debconf (developer): <-- GO
> debconf (developer): --> 0 ok

Here grub-pc.config parses /etc/default/grub and sets grub-pc/timeout
to 4.

> debconf (developer): starting /var/lib/dpkg/info/grub-pc.postinst configure 
> 2.02~beta2-36
> debconf (developer): <-- GET grub2/linux_cmdline
> debconf (developer): --> 0 rootdelay=5 net.ifnames=0 syscall.x32=y 
> vsyscall=emulate kaslr
> debconf (developer): <-- GET grub2/linux_cmdline_default
> debconf (developer): --> 0
> debconf (developer): <-- GET grub-pc/timeout
> debconf (developer): --> 0 4
> debconf (developer): <-- GET grub-pc/hidden_timeout
> debconf (developer): --> 0 false
> ucf: The new file is /tmp/grub.ePz0QM4HXU
> ucf: The Destination file is /etc/default/grub
> ucf: The Source directory is /tmp
> ucf: The State directory is /var/lib/ucf
> ucf: The md5sum is found here is /usr/share/grub/default/grub.md5sum
> The hash file exists
> egrep [[:space:]]\/etc\/default\/grub$ /var/lib/ucf/hashfile
> 2dcf752a6412b128ad753b192aaa39ba  /etc/default/grub
> The new start file is  `/tmp/grub.ePz0QM4HXU\'
> The destination is `/etc/default/grub\' (`\/etc\/default\/grub\')
> The history is kept under  \'/tmp\'
> The file may be cached at \'/var/lib/ucf/cache/:etc:default:grub\'
> The destination file exists, and has md5sum:
> 011d1dd794945a8b756d52be4c8cdc88  /etc/default/grub
> The old md5sum exists, and is:
> 2dcf752a6412b128ad753b192aaa39ba
> The new file exists, and has md5sum:
> 359c3711e747b287ed186472de6b966a  /tmp/grub.ePz0QM4HXU

Here we generate /etc/default/grub based on the values stored by
debconf. The problem is that we just changed grub-pc/timeout and thus
the new file has the new timeout while the old file has the old
timeout and you get the ucf prompt.

I don't really see an easy way to fix this. On the one hand we try to
prevent a prompt on upgrade by parsing the cmdline and timeout, but on
the other hand this causes an ucf prompt on the next upgrade if there
were also other changes made. This would only happen once after one of
the variables are changed and debconf is updated and not on each
upgrade as the original bug report claimed.


Kind regards,

Jeroen Dekkers

Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade

2017-04-11 Thread Thorsten Glaser 
On Tue, 11 Apr 2017, Niels Thykier wrote:

> AFAICT, we are waiting for more information on this bug - tagging
> accordingly.

Oh, thanks for the heads-up.

> On Sun, 19 Feb 2017 18:29:46 + Colin Watson  wrote:

> > I guess we need to break out bigger guns.  Could you do the same
> > package-reinstall procedure as before, only this time:

Now it’s getting funny.

I did a “sudo dpkg-reconfigure grub-pc” as I did not remember
what I did to reproduce this.

Now, a “sudo apt-get install --reinstall grub-pc” does NOT
trigger this any more.

Hand-editing a comment in that file does not change this.

Hand-editing additional settings (GRUB_TIMEOUT and GRUB_CMDLINE_LINUX)
however *does* trigger it again.

But now, only once after doing such a change…

On further testing, changing GRUB_TIMEOUT is enough.

> > That should let me see both what ucf is doing and (enough of) what the
> > GRUB postinst is doing.

Now to that (I had just changed the timeout from 3 to 4):

-cutting here may damage your screen surface-
tglase@tglase:~ $ sudo env DEBCONF_DEBUG=developer apt-get install --reinstall 
grub-pc
Reading package lists... Done
Building dependency tree
Reading state information... Done
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 19 not upgraded.
Need to get 0 B/196 kB of archives.
After this operation, 0 B of additional disk space will be used.
[master 7ac372b] saving uncommitted changes in /etc prior to apt run
 1 file changed, 1 insertion(+), 1 deletion(-)
Preconfiguring packages ...
debconf (developer): starting /tmp/grub-pc.config.GkdXih configure 2.02~beta2-36
debconf (developer): <-- SET grub2/linux_cmdline rootdelay=5 net.ifnames=0 
syscall.x32=y vsyscall=emulate kaslr
debconf (developer): --> 0 value set
debconf (developer): <-- SET grub2/linux_cmdline_default
debconf (developer): --> 0 value set
debconf (developer): <-- SET grub-pc/timeout 4
debconf (developer): --> 0 value set
debconf (developer): <-- INPUT medium grub2/linux_cmdline
debconf (developer): --> 30 question skipped
debconf (developer): <-- INPUT medium grub2/linux_cmdline_default
debconf (developer): --> 30 question skipped
debconf (developer): <-- GO
debconf (developer): --> 0 ok
(Reading database ... (Reading database ... 5%(Reading database ... 10%(Reading 
database ... 15%(Reading database ... 20%(Reading database ... 25%(Reading 
database ... 30%(Reading database ... 35%(Reading database ... 40%(Reading 
database ... 45%(Reading database ... 50%(Reading database ... 55%(Reading 
database ... 60%(Reading database ... 65%(Reading database ... 70%(Reading 
database ... 75%(Reading database ... 80%(Reading database ... 85%(Reading 
database ... 90%(Reading database ... 95%(Reading database ... 100%(Reading 
database ... 386465 files and directories currently installed.)
Preparing to unpack .../grub-pc_2.02~beta2-36_x32.deb ...
Unpacking grub-pc (2.02~beta2-36) over (2.02~beta2-36) ...
Setting up grub-pc (2.02~beta2-36) ...
debconf (developer): frontend started
debconf (developer): frontend running, package name is grub-pc
debconf (developer): starting /var/lib/dpkg/info/grub-pc.config configure 
2.02~beta2-36
debconf (developer): <-- SET grub2/linux_cmdline rootdelay=5 net.ifnames=0 
syscall.x32=y vsyscall=emulate kaslr
debconf (developer): --> 0 value set
debconf (developer): <-- SET grub2/linux_cmdline_default
debconf (developer): --> 0 value set
debconf (developer): <-- SET grub-pc/timeout 4
debconf (developer): --> 0 value set
debconf (developer): <-- INPUT medium grub2/linux_cmdline
debconf (developer): --> 30 question skipped
debconf (developer): <-- INPUT medium grub2/linux_cmdline_default
debconf (developer): --> 30 question skipped
debconf (developer): <-- GO
debconf (developer): --> 0 ok
debconf (developer): starting /var/lib/dpkg/info/grub-pc.postinst configure 
2.02~beta2-36
debconf (developer): <-- GET grub2/linux_cmdline
debconf (developer): --> 0 rootdelay=5 net.ifnames=0 syscall.x32=y 
vsyscall=emulate kaslr
debconf (developer): <-- GET grub2/linux_cmdline_default
debconf (developer): --> 0
debconf (developer): <-- GET grub-pc/timeout
debconf (developer): --> 0 4
debconf (developer): <-- GET grub-pc/hidden_timeout
debconf (developer): --> 0 false
ucf: The new file is /tmp/grub.ePz0QM4HXU
ucf: The Destination file is /etc/default/grub
ucf: The Source directory is /tmp
ucf: The State directory is /var/lib/ucf
ucf: The md5sum is found here is /usr/share/grub/default/grub.md5sum
The hash file exists
egrep [[:space:]]\/etc\/default\/grub$ /var/lib/ucf/hashfile
2dcf752a6412b128ad753b192aaa39ba  /etc/default/grub
The new start file is  `/tmp/grub.ePz0QM4HXU\'
The destination is `/etc/default/grub\' (`\/etc\/default\/grub\')
The history is kept under  \'/tmp\'
The file may be cached at \'/var/lib/ucf/cache/:etc:default:grub\'
The destination file exists, and has md5sum:

Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade

2017-04-11 Thread Niels Thykier 
Control: tags -1 moreinfo unreproducible

On Sun, 19 Feb 2017 18:29:46 + Colin Watson  wrote:
> On Mon, Jan 02, 2017 at 12:37:32PM +0100, Thorsten Glaser wrote:
> > On Sat, 31 Dec 2016, Colin Watson wrote:
> > > The current postinst is certainly trying to use ucf in such a way, so
> > > let's try to debug this.  Please could you:
> > 
> > Oh ok. Let me check that this system is affected first…
> 
> Thanks, and sorry for once again taking a while to get round to this.
> 
> > >  * attach /var/lib/ucf/cache/:etc:default:grub
> > >  * attach /etc/default/grub
> > 
> > Attached.
> > 
> > >  * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile"
> > 
> > tglase@tglase:~ $ grep /etc/default/grub /var/lib/ucf/hashfile
> > fe09266a730fcba271f832ebb82a6a91  /etc/default/grub
> > 
> > > With any luck that will be enough to make some progress here.
> > 
> > OK, thanks!
> 
> Unfortunately, when I put these in place in a VM, I couldn't reproduce
> your bug; and the information here looks right, in that the hash in
> /var/lib/ucf/hashfile matches the hash of
> /var/lib/ucf/cache/:etc:default:grub.  There must be something a bit
> more subtle happening, or else I'm being stupid.
> 
> I guess we need to break out bigger guns.  Could you do the same
> package-reinstall procedure as before, only this time:
> 
>  * temporarily edit /usr/bin/ucf, changing its initialisation from:
> 
>  DEBUG=0
>  VERBOSE=''
> 
>to:
> 
>  DEBUG=1
>  VERBOSE=1
> 
>  * export DEBCONF_DEBUG=developer in the environment
> 
> That should let me see both what ucf is doing and (enough of) what the
> GRUB postinst is doing.
> 
> Thanks,
> 
> -- 
> Colin Watson   [cjwat...@debian.org]
> 
> 

Hi,

AFAICT, we are waiting for more information on this bug - tagging
accordingly.

Thanks,
~Niels

Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade

2017-02-19 Thread Colin Watson 
On Mon, Jan 02, 2017 at 12:37:32PM +0100, Thorsten Glaser wrote:
> On Sat, 31 Dec 2016, Colin Watson wrote:
> > The current postinst is certainly trying to use ucf in such a way, so
> > let's try to debug this.  Please could you:
> 
> Oh ok. Let me check that this system is affected first…

Thanks, and sorry for once again taking a while to get round to this.

> >  * attach /var/lib/ucf/cache/:etc:default:grub
> >  * attach /etc/default/grub
> 
> Attached.
> 
> >  * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile"
> 
> tglase@tglase:~ $ grep /etc/default/grub /var/lib/ucf/hashfile
> fe09266a730fcba271f832ebb82a6a91  /etc/default/grub
> 
> > With any luck that will be enough to make some progress here.
> 
> OK, thanks!

Unfortunately, when I put these in place in a VM, I couldn't reproduce
your bug; and the information here looks right, in that the hash in
/var/lib/ucf/hashfile matches the hash of
/var/lib/ucf/cache/:etc:default:grub.  There must be something a bit
more subtle happening, or else I'm being stupid.

I guess we need to break out bigger guns.  Could you do the same
package-reinstall procedure as before, only this time:

 * temporarily edit /usr/bin/ucf, changing its initialisation from:

 DEBUG=0
 VERBOSE=''

   to:

 DEBUG=1
 VERBOSE=1

 * export DEBCONF_DEBUG=developer in the environment

That should let me see both what ucf is doing and (enough of) what the
GRUB postinst is doing.

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]

Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade

2017-01-02 Thread Thorsten Glaser 
On Sat, 31 Dec 2016, Colin Watson wrote:

> The current postinst is certainly trying to use ucf in such a way, so
> let's try to debug this.  Please could you:

Oh ok. Let me check that this system is affected first…

tglase@tglase:~ $ sudo apt-get install --reinstall grub-pc
Reading package lists... Done
Building dependency tree
Reading state information... Done
Starting pkgProblemResolver with broken count: 0
Starting 2 pkgProblemResolver with broken count: 0
Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 25 not upgraded.
Need to get 196 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://ftp.ports.debian.org/debian-ports unstable/main x32 grub-pc x32 
2.02~beta2-36 [196 kB]
Fetched 196 kB in 0s (1389 kB/s)
[master 48c4c72] saving uncommitted changes in /etc prior to apt run
 1 file changed, 1 insertion(+), 1 deletion(-)
Preconfiguring packages ...
(Reading database ... 386357 files and directories currently installed.)
Preparing to unpack .../grub-pc_2.02~beta2-36_x32.deb ...
Unpacking grub-pc (2.02~beta2-36) over (2.02~beta2-36) ...
Setting up grub-pc (2.02~beta2-36) ...














Package configuration






  ┌───┤ Configuring grub-pc 
├┐
  │ A new version (/tmp/grub.dUfldFlOSy) of configuration file 
/etc/default/grub is available, but the   │
  │ version installed currently has been locally modified.  
 │
  │ 
 │
  │ What do you want to do about modified configuration file grub?  
 │
  │ 
 │
  │  install the package maintainer's version   
 │
  │  keep the local version currently installed 
 │
  │  show the differences between the versions  
 │
  │  show a side-by-side difference between the versions
 │
  │  show a 3-way difference between available versions 
 │
  │  do a 3-way merge between available versions 
(experimental)  │
  │  start a new shell to examine the situation 
 │
  │ 
 │
  │ 
 │
  │ 
 │
  │ 
 │
  
└──┘







Installing for i386-pc platform.
Installation finished. No error reported.
Installing for i386-pc platform.
Installation finished. No error reported.
Installing for i386-pc platform.
Installation finished. No error reported.
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-4.8.0-2-amd64
Found initrd image: /boot/initrd.img-4.8.0-2-amd64
Found linux image: /boot/vmlinuz-4.8.0-1-amd64
Found initrd image: /boot/initrd.img-4.8.0-1-amd64
Found memtest86+ image: /memtest86+.bin
Found memtest86+ multiboot image: /memtest86+_multiboot.bin
Found Grml ISO image: /boot/grml/grml96-full_2013.09.iso
done
Processing triggers for man-db (2.7.6.1-2) ...

… yes, looks affected to me.

>  * attach /var/lib/ucf/cache/:etc:default:grub
>  * attach /etc/default/grub

Attached.

>  * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile"

tglase@tglase:~ $ grep /etc/default/grub /var/lib/ucf/hashfile
fe09266a730fcba271f832ebb82a6a91  /etc/default/grub

> With any luck that will be enough to make some progress here.

OK, thanks!

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
#   info -f grub -n 'Simple configuration'

GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="rootdelay=5 syscall.x32=y vsyscall=emulate net.ifnames=0 
kaslr"

# Uncomment to enable BadRAM filtering, modify to

Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade

2016-12-31 Thread Colin Watson 
Control: forcemerge -1 841889

On Mon, Jan 25, 2016 at 09:28:56AM +0100, Thorsten Glaser wrote:
> On each upgrade, I get prompted by ucf, despite there never being
> any diff introduced by grub-pc, i.e. all it wants is to remove my
> local admin-provided changes and revert to the package’s default:
[...]
> Please ensure to use ucf only in a way that only asks the user or
> merges when there are diffs between the package-provided versions
> (old and new) of the package, not to revert the admin-made changes.

The current postinst is certainly trying to use ucf in such a way, so
let's try to debug this.  Please could you:

 * attach /var/lib/ucf/cache/:etc:default:grub
 * attach /etc/default/grub
 * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile"

With any luck that will be enough to make some progress here.

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]

Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade

2016-01-25 Thread Thorsten Glaser 
Package: grub-pc
Version: 2.02~beta2-35
Severity: serious
Justification: Policy 10.7.3 (MUST), 3.9.1 (SHOULD)

On each upgrade, I get prompted by ucf, despite there never being
any diff introduced by grub-pc, i.e. all it wants is to remove my
local admin-provided changes and revert to the package’s default:

Package configuration

┌─┤ Configuring grub-pc 
├─┐
│   
  │
│ Line by line differences between versions
│
│ --- /etc/default/grub 2016-01-12 20:02:57.475863370 +0100
│ +++ /tmp/grub.urpnpGUUyO 2016-01-25 09:21:12.178819012 +0100
│ @@ -8,8 +8,6 @@
│  GRUB_DISTRIBUTOR=sb_release -i -s 2> /dev/null || echo Debian
│  GRUB_CMDLINE_LINUX_DEFAULT=""
│  GRUB_CMDLINE_LINUX="syscall.x32=y net.ifnames=0"
│ -GRUB_DISABLE_SUBMENU=y
│ -GRUB_FONT=/usr/share/grub/FixedMisc.pf2
│
│  # Uncomment to enable BadRAM filtering, modify to suit your needs
│  # This works with Linux (no patch required) and with any kernel 
that obtains
│ @@ -22,10 +20,10 @@
│  # The resolution used on graphical terminal
│  # note that you can use only modes which your graphic card 
supports via VBE
│  # you can see them in real GRUB with the command beinfo'
│ -GRUB_GFXMODE=1280x1024
│ +#GRUB_GFXMODE=640x480
│
│  # Uncomment if you don't want GRUB to pass "root=UUID=xxx" 
parameter to Linux
│ -GRUB_DISABLE_LINUX_UUID=true
│ +#GRUB_DISABLE_LINUX_UUID=true
│
│  # Uncomment to disable generation of recovery mode menu entries
│  #GRUB_DISABLE_RECOVERY="true"
│
│ 
│   
  │

└─┘

This is not only rather annoying but also violates the part in Policy
about configuration file handling “must cope with all the variety
 of ways `dpkg' can call maintainer scripts, must not overwrite or
 otherwise mangle the user's configuration without asking, must not ask
 unnecessary questions (particularly during upgrades), and must
 otherwise be good citizens.”

Please ensure to use ucf only in a way that only asks the user or
merges when there are diffs between the package-provided versions
(old and new) of the package, not to revert the admin-made changes.

-- Package-specific info:

*** BEGIN /proc/mounts
/dev/dm-0 / ext4 rw,relatime,data=ordered 0 0
/dev/md1 /boot ext4 rw,noatime,data=ordered 0 0
/dev/dm-0 /var/lib/schroot/mount/vncsess ext4 rw,relatime,data=ordered 0 0
/dev/dm-0 /var/lib/schroot/mount/vncsess/home ext4 rw,relatime,data=ordered 0 0
/dev/dm-0 /var/lib/schroot/mount/vncsess/var/lib/libvirt ext4 
rw,relatime,data=ordered 0 0
/dev/dm-0 /var/lib/schroot/mount/vncsess/var/cache/pbuilder ext4 
rw,relatime,data=ordered 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

insmod part_msdos
insmod part_msdos
insmod part_msdos
insmod diskfilter
insmod mdraid1x
insmod raid5rec
insmod lvm
insmod ext2
set 
root='lvmid/qDLMsR-gVmh-Gqgx-r086-DTsY-3t1W-k5pd2r/yfyLBo-eBFf-C4Tg-kvwG-KBCb-UFmx-kuEZry'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root 
--hint='lvmid/qDLMsR-gVmh-Gqgx-r086-DTsY-3t1W-k5pd2r/yfyLBo-eBFf-C4Tg-kvwG-KBCb-UFmx-kuEZry'
  7a639cc0-061e-429d-9381-0c2e4660da54
else
  search --no-floppy --fs-uuid --set=root 7a639cc0-061e-429d-9381-0c2e4660da54
fi
if loadfont