Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
On Wed, 10 Oct 2018, Jeroen Dekkers wrote: > Here we generate /etc/default/grub based on the values stored by > debconf. I think that that is the problem. You should not generate a completely new file if the file is user-extensible or contains values that aren’t also passed through debconf. You should use something like ed/sed to replace the value instead, to change only the line in question. bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-235 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
On Tue, 11 Apr 2017 19:26:44 +0200, Thorsten Glaser wrote: > debconf (developer): starting /tmp/grub-pc.config.GkdXih configure > 2.02~beta2-36 > debconf (developer): <-- SET grub2/linux_cmdline rootdelay=5 net.ifnames=0 > syscall.x32=y vsyscall=emulate kaslr > debconf (developer): --> 0 value set > debconf (developer): <-- SET grub2/linux_cmdline_default > debconf (developer): --> 0 value set > debconf (developer): <-- SET grub-pc/timeout 4 > debconf (developer): --> 0 value set > debconf (developer): <-- INPUT medium grub2/linux_cmdline > debconf (developer): --> 30 question skipped > debconf (developer): <-- INPUT medium grub2/linux_cmdline_default > debconf (developer): --> 30 question skipped > debconf (developer): <-- GO > debconf (developer): --> 0 ok Here grub-pc.config parses /etc/default/grub and sets grub-pc/timeout to 4. > debconf (developer): starting /var/lib/dpkg/info/grub-pc.postinst configure > 2.02~beta2-36 > debconf (developer): <-- GET grub2/linux_cmdline > debconf (developer): --> 0 rootdelay=5 net.ifnames=0 syscall.x32=y > vsyscall=emulate kaslr > debconf (developer): <-- GET grub2/linux_cmdline_default > debconf (developer): --> 0 > debconf (developer): <-- GET grub-pc/timeout > debconf (developer): --> 0 4 > debconf (developer): <-- GET grub-pc/hidden_timeout > debconf (developer): --> 0 false > ucf: The new file is /tmp/grub.ePz0QM4HXU > ucf: The Destination file is /etc/default/grub > ucf: The Source directory is /tmp > ucf: The State directory is /var/lib/ucf > ucf: The md5sum is found here is /usr/share/grub/default/grub.md5sum > The hash file exists > egrep [[:space:]]\/etc\/default\/grub$ /var/lib/ucf/hashfile > 2dcf752a6412b128ad753b192aaa39ba /etc/default/grub > The new start file is `/tmp/grub.ePz0QM4HXU\' > The destination is `/etc/default/grub\' (`\/etc\/default\/grub\') > The history is kept under \'/tmp\' > The file may be cached at \'/var/lib/ucf/cache/:etc:default:grub\' > The destination file exists, and has md5sum: > 011d1dd794945a8b756d52be4c8cdc88 /etc/default/grub > The old md5sum exists, and is: > 2dcf752a6412b128ad753b192aaa39ba > The new file exists, and has md5sum: > 359c3711e747b287ed186472de6b966a /tmp/grub.ePz0QM4HXU Here we generate /etc/default/grub based on the values stored by debconf. The problem is that we just changed grub-pc/timeout and thus the new file has the new timeout while the old file has the old timeout and you get the ucf prompt. I don't really see an easy way to fix this. On the one hand we try to prevent a prompt on upgrade by parsing the cmdline and timeout, but on the other hand this causes an ucf prompt on the next upgrade if there were also other changes made. This would only happen once after one of the variables are changed and debconf is updated and not on each upgrade as the original bug report claimed. Kind regards, Jeroen Dekkers
Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
On Tue, 11 Apr 2017, Niels Thykier wrote: > AFAICT, we are waiting for more information on this bug - tagging > accordingly. Oh, thanks for the heads-up. > On Sun, 19 Feb 2017 18:29:46 + Colin Watsonwrote: > > I guess we need to break out bigger guns. Could you do the same > > package-reinstall procedure as before, only this time: Now it’s getting funny. I did a “sudo dpkg-reconfigure grub-pc” as I did not remember what I did to reproduce this. Now, a “sudo apt-get install --reinstall grub-pc” does NOT trigger this any more. Hand-editing a comment in that file does not change this. Hand-editing additional settings (GRUB_TIMEOUT and GRUB_CMDLINE_LINUX) however *does* trigger it again. But now, only once after doing such a change… On further testing, changing GRUB_TIMEOUT is enough. > > That should let me see both what ucf is doing and (enough of) what the > > GRUB postinst is doing. Now to that (I had just changed the timeout from 3 to 4): -cutting here may damage your screen surface- tglase@tglase:~ $ sudo env DEBCONF_DEBUG=developer apt-get install --reinstall grub-pc Reading package lists... Done Building dependency tree Reading state information... Done Starting pkgProblemResolver with broken count: 0 Starting 2 pkgProblemResolver with broken count: 0 Done 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 19 not upgraded. Need to get 0 B/196 kB of archives. After this operation, 0 B of additional disk space will be used. [master 7ac372b] saving uncommitted changes in /etc prior to apt run 1 file changed, 1 insertion(+), 1 deletion(-) Preconfiguring packages ... debconf (developer): starting /tmp/grub-pc.config.GkdXih configure 2.02~beta2-36 debconf (developer): <-- SET grub2/linux_cmdline rootdelay=5 net.ifnames=0 syscall.x32=y vsyscall=emulate kaslr debconf (developer): --> 0 value set debconf (developer): <-- SET grub2/linux_cmdline_default debconf (developer): --> 0 value set debconf (developer): <-- SET grub-pc/timeout 4 debconf (developer): --> 0 value set debconf (developer): <-- INPUT medium grub2/linux_cmdline debconf (developer): --> 30 question skipped debconf (developer): <-- INPUT medium grub2/linux_cmdline_default debconf (developer): --> 30 question skipped debconf (developer): <-- GO debconf (developer): --> 0 ok (Reading database ... (Reading database ... 5%(Reading database ... 10%(Reading database ... 15%(Reading database ... 20%(Reading database ... 25%(Reading database ... 30%(Reading database ... 35%(Reading database ... 40%(Reading database ... 45%(Reading database ... 50%(Reading database ... 55%(Reading database ... 60%(Reading database ... 65%(Reading database ... 70%(Reading database ... 75%(Reading database ... 80%(Reading database ... 85%(Reading database ... 90%(Reading database ... 95%(Reading database ... 100%(Reading database ... 386465 files and directories currently installed.) Preparing to unpack .../grub-pc_2.02~beta2-36_x32.deb ... Unpacking grub-pc (2.02~beta2-36) over (2.02~beta2-36) ... Setting up grub-pc (2.02~beta2-36) ... debconf (developer): frontend started debconf (developer): frontend running, package name is grub-pc debconf (developer): starting /var/lib/dpkg/info/grub-pc.config configure 2.02~beta2-36 debconf (developer): <-- SET grub2/linux_cmdline rootdelay=5 net.ifnames=0 syscall.x32=y vsyscall=emulate kaslr debconf (developer): --> 0 value set debconf (developer): <-- SET grub2/linux_cmdline_default debconf (developer): --> 0 value set debconf (developer): <-- SET grub-pc/timeout 4 debconf (developer): --> 0 value set debconf (developer): <-- INPUT medium grub2/linux_cmdline debconf (developer): --> 30 question skipped debconf (developer): <-- INPUT medium grub2/linux_cmdline_default debconf (developer): --> 30 question skipped debconf (developer): <-- GO debconf (developer): --> 0 ok debconf (developer): starting /var/lib/dpkg/info/grub-pc.postinst configure 2.02~beta2-36 debconf (developer): <-- GET grub2/linux_cmdline debconf (developer): --> 0 rootdelay=5 net.ifnames=0 syscall.x32=y vsyscall=emulate kaslr debconf (developer): <-- GET grub2/linux_cmdline_default debconf (developer): --> 0 debconf (developer): <-- GET grub-pc/timeout debconf (developer): --> 0 4 debconf (developer): <-- GET grub-pc/hidden_timeout debconf (developer): --> 0 false ucf: The new file is /tmp/grub.ePz0QM4HXU ucf: The Destination file is /etc/default/grub ucf: The Source directory is /tmp ucf: The State directory is /var/lib/ucf ucf: The md5sum is found here is /usr/share/grub/default/grub.md5sum The hash file exists egrep [[:space:]]\/etc\/default\/grub$ /var/lib/ucf/hashfile 2dcf752a6412b128ad753b192aaa39ba /etc/default/grub The new start file is `/tmp/grub.ePz0QM4HXU\' The destination is `/etc/default/grub\' (`\/etc\/default\/grub\') The history is kept under \'/tmp\' The file may be cached at \'/var/lib/ucf/cache/:etc:default:grub\' The destination file exists, and has md5sum:
Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
Control: tags -1 moreinfo unreproducible On Sun, 19 Feb 2017 18:29:46 + Colin Watsonwrote: > On Mon, Jan 02, 2017 at 12:37:32PM +0100, Thorsten Glaser wrote: > > On Sat, 31 Dec 2016, Colin Watson wrote: > > > The current postinst is certainly trying to use ucf in such a way, so > > > let's try to debug this. Please could you: > > > > Oh ok. Let me check that this system is affected first⦠> > Thanks, and sorry for once again taking a while to get round to this. > > > > * attach /var/lib/ucf/cache/:etc:default:grub > > > * attach /etc/default/grub > > > > Attached. > > > > > * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile" > > > > tglase@tglase:~ $ grep /etc/default/grub /var/lib/ucf/hashfile > > fe09266a730fcba271f832ebb82a6a91 /etc/default/grub > > > > > With any luck that will be enough to make some progress here. > > > > OK, thanks! > > Unfortunately, when I put these in place in a VM, I couldn't reproduce > your bug; and the information here looks right, in that the hash in > /var/lib/ucf/hashfile matches the hash of > /var/lib/ucf/cache/:etc:default:grub. There must be something a bit > more subtle happening, or else I'm being stupid. > > I guess we need to break out bigger guns. Could you do the same > package-reinstall procedure as before, only this time: > > * temporarily edit /usr/bin/ucf, changing its initialisation from: > > DEBUG=0 > VERBOSE='' > >to: > > DEBUG=1 > VERBOSE=1 > > * export DEBCONF_DEBUG=developer in the environment > > That should let me see both what ucf is doing and (enough of) what the > GRUB postinst is doing. > > Thanks, > > -- > Colin Watson [cjwat...@debian.org] > > Hi, AFAICT, we are waiting for more information on this bug - tagging accordingly. Thanks, ~Niels
Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
On Mon, Jan 02, 2017 at 12:37:32PM +0100, Thorsten Glaser wrote: > On Sat, 31 Dec 2016, Colin Watson wrote: > > The current postinst is certainly trying to use ucf in such a way, so > > let's try to debug this. Please could you: > > Oh ok. Let me check that this system is affected first… Thanks, and sorry for once again taking a while to get round to this. > > * attach /var/lib/ucf/cache/:etc:default:grub > > * attach /etc/default/grub > > Attached. > > > * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile" > > tglase@tglase:~ $ grep /etc/default/grub /var/lib/ucf/hashfile > fe09266a730fcba271f832ebb82a6a91 /etc/default/grub > > > With any luck that will be enough to make some progress here. > > OK, thanks! Unfortunately, when I put these in place in a VM, I couldn't reproduce your bug; and the information here looks right, in that the hash in /var/lib/ucf/hashfile matches the hash of /var/lib/ucf/cache/:etc:default:grub. There must be something a bit more subtle happening, or else I'm being stupid. I guess we need to break out bigger guns. Could you do the same package-reinstall procedure as before, only this time: * temporarily edit /usr/bin/ucf, changing its initialisation from: DEBUG=0 VERBOSE='' to: DEBUG=1 VERBOSE=1 * export DEBCONF_DEBUG=developer in the environment That should let me see both what ucf is doing and (enough of) what the GRUB postinst is doing. Thanks, -- Colin Watson [cjwat...@debian.org]
Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
On Sat, 31 Dec 2016, Colin Watson wrote: > The current postinst is certainly trying to use ucf in such a way, so > let's try to debug this. Please could you: Oh ok. Let me check that this system is affected first… tglase@tglase:~ $ sudo apt-get install --reinstall grub-pc Reading package lists... Done Building dependency tree Reading state information... Done Starting pkgProblemResolver with broken count: 0 Starting 2 pkgProblemResolver with broken count: 0 Done 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 25 not upgraded. Need to get 196 kB of archives. After this operation, 0 B of additional disk space will be used. Get:1 http://ftp.ports.debian.org/debian-ports unstable/main x32 grub-pc x32 2.02~beta2-36 [196 kB] Fetched 196 kB in 0s (1389 kB/s) [master 48c4c72] saving uncommitted changes in /etc prior to apt run 1 file changed, 1 insertion(+), 1 deletion(-) Preconfiguring packages ... (Reading database ... 386357 files and directories currently installed.) Preparing to unpack .../grub-pc_2.02~beta2-36_x32.deb ... Unpacking grub-pc (2.02~beta2-36) over (2.02~beta2-36) ... Setting up grub-pc (2.02~beta2-36) ... Package configuration ┌───┤ Configuring grub-pc ├┐ │ A new version (/tmp/grub.dUfldFlOSy) of configuration file /etc/default/grub is available, but the │ │ version installed currently has been locally modified. │ │ │ │ What do you want to do about modified configuration file grub? │ │ │ │ install the package maintainer's version │ │ keep the local version currently installed │ │ show the differences between the versions │ │ show a side-by-side difference between the versions │ │ show a 3-way difference between available versions │ │ do a 3-way merge between available versions (experimental) │ │ start a new shell to examine the situation │ │ │ │ │ │ │ │ │ └──┘ Installing for i386-pc platform. Installation finished. No error reported. Installing for i386-pc platform. Installation finished. No error reported. Installing for i386-pc platform. Installation finished. No error reported. Generating grub configuration file ... Found background image: /usr/share/images/desktop-base/desktop-grub.png Found linux image: /boot/vmlinuz-4.8.0-2-amd64 Found initrd image: /boot/initrd.img-4.8.0-2-amd64 Found linux image: /boot/vmlinuz-4.8.0-1-amd64 Found initrd image: /boot/initrd.img-4.8.0-1-amd64 Found memtest86+ image: /memtest86+.bin Found memtest86+ multiboot image: /memtest86+_multiboot.bin Found Grml ISO image: /boot/grml/grml96-full_2013.09.iso done Processing triggers for man-db (2.7.6.1-2) ... … yes, looks affected to me. > * attach /var/lib/ucf/cache/:etc:default:grub > * attach /etc/default/grub Attached. > * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile" tglase@tglase:~ $ grep /etc/default/grub /var/lib/ucf/hashfile fe09266a730fcba271f832ebb82a6a91 /etc/default/grub > With any luck that will be enough to make some progress here. OK, thanks! bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-235 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg# If you change this file, run 'update-grub' afterwards to update # /boot/grub/grub.cfg. # For full documentation of the options in this file, see: # info -f grub -n 'Simple configuration' GRUB_DEFAULT=0 GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="" GRUB_CMDLINE_LINUX="rootdelay=5 syscall.x32=y vsyscall=emulate net.ifnames=0 kaslr" # Uncomment to enable BadRAM filtering, modify to
Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
Control: forcemerge -1 841889 On Mon, Jan 25, 2016 at 09:28:56AM +0100, Thorsten Glaser wrote: > On each upgrade, I get prompted by ucf, despite there never being > any diff introduced by grub-pc, i.e. all it wants is to remove my > local admin-provided changes and revert to the package’s default: [...] > Please ensure to use ucf only in a way that only asks the user or > merges when there are diffs between the package-provided versions > (old and new) of the package, not to revert the admin-made changes. The current postinst is certainly trying to use ucf in such a way, so let's try to debug this. Please could you: * attach /var/lib/ucf/cache/:etc:default:grub * attach /etc/default/grub * show the output of "grep /etc/default/grub /var/lib/ucf/hashfile" With any luck that will be enough to make some progress here. Thanks, -- Colin Watson [cjwat...@debian.org]
Bug#812574: grub-pc: wants to overwrite admin configuration on each upgrade
Package: grub-pc Version: 2.02~beta2-35 Severity: serious Justification: Policy 10.7.3 (MUST), 3.9.1 (SHOULD) On each upgrade, I get prompted by ucf, despite there never being any diff introduced by grub-pc, i.e. all it wants is to remove my local admin-provided changes and revert to the package’s default: Package configuration ┌─┤ Configuring grub-pc ├─┐ │ │ │ Line by line differences between versions │ │ --- /etc/default/grub 2016-01-12 20:02:57.475863370 +0100 │ +++ /tmp/grub.urpnpGUUyO 2016-01-25 09:21:12.178819012 +0100 │ @@ -8,8 +8,6 @@ │ GRUB_DISTRIBUTOR=sb_release -i -s 2> /dev/null || echo Debian │ GRUB_CMDLINE_LINUX_DEFAULT="" │ GRUB_CMDLINE_LINUX="syscall.x32=y net.ifnames=0" │ -GRUB_DISABLE_SUBMENU=y │ -GRUB_FONT=/usr/share/grub/FixedMisc.pf2 │ │ # Uncomment to enable BadRAM filtering, modify to suit your needs │ # This works with Linux (no patch required) and with any kernel that obtains │ @@ -22,10 +20,10 @@ │ # The resolution used on graphical terminal │ # note that you can use only modes which your graphic card supports via VBE │ # you can see them in real GRUB with the command beinfo' │ -GRUB_GFXMODE=1280x1024 │ +#GRUB_GFXMODE=640x480 │ │ # Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux │ -GRUB_DISABLE_LINUX_UUID=true │ +#GRUB_DISABLE_LINUX_UUID=true │ │ # Uncomment to disable generation of recovery mode menu entries │ #GRUB_DISABLE_RECOVERY="true" │ │ │ │ └─┘ This is not only rather annoying but also violates the part in Policy about configuration file handling “must cope with all the variety of ways `dpkg' can call maintainer scripts, must not overwrite or otherwise mangle the user's configuration without asking, must not ask unnecessary questions (particularly during upgrades), and must otherwise be good citizens.” Please ensure to use ucf only in a way that only asks the user or merges when there are diffs between the package-provided versions (old and new) of the package, not to revert the admin-made changes. -- Package-specific info: *** BEGIN /proc/mounts /dev/dm-0 / ext4 rw,relatime,data=ordered 0 0 /dev/md1 /boot ext4 rw,noatime,data=ordered 0 0 /dev/dm-0 /var/lib/schroot/mount/vncsess ext4 rw,relatime,data=ordered 0 0 /dev/dm-0 /var/lib/schroot/mount/vncsess/home ext4 rw,relatime,data=ordered 0 0 /dev/dm-0 /var/lib/schroot/mount/vncsess/var/lib/libvirt ext4 rw,relatime,data=ordered 0 0 /dev/dm-0 /var/lib/schroot/mount/vncsess/var/cache/pbuilder ext4 rw,relatime,data=ordered 0 0 *** END /proc/mounts *** BEGIN /boot/grub/grub.cfg # # DO NOT EDIT THIS FILE # # It is automatically generated by grub-mkconfig using templates # from /etc/grub.d and settings from /etc/default/grub # ### BEGIN /etc/grub.d/00_header ### if [ -s $prefix/grubenv ]; then set have_grubenv=true load_env fi if [ "${next_entry}" ] ; then set default="${next_entry}" set next_entry= save_env next_entry set boot_once=true else set default="0" fi if [ x"${feature_menuentry_id}" = xy ]; then menuentry_id_option="--id" else menuentry_id_option="" fi export menuentry_id_option if [ "${prev_saved_entry}" ]; then set saved_entry="${prev_saved_entry}" save_env saved_entry set prev_saved_entry= save_env prev_saved_entry set boot_once=true fi function savedefault { if [ -z "${boot_once}" ]; then saved_entry="${chosen}" save_env saved_entry fi } function load_video { if [ x$feature_all_video_module = xy ]; then insmod all_video else insmod efi_gop insmod efi_uga insmod ieee1275_fb insmod vbe insmod vga insmod video_bochs insmod video_cirrus fi } insmod part_msdos insmod part_msdos insmod part_msdos insmod diskfilter insmod mdraid1x insmod raid5rec insmod lvm insmod ext2 set root='lvmid/qDLMsR-gVmh-Gqgx-r086-DTsY-3t1W-k5pd2r/yfyLBo-eBFf-C4Tg-kvwG-KBCb-UFmx-kuEZry' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvmid/qDLMsR-gVmh-Gqgx-r086-DTsY-3t1W-k5pd2r/yfyLBo-eBFf-C4Tg-kvwG-KBCb-UFmx-kuEZry' 7a639cc0-061e-429d-9381-0c2e4660da54 else search --no-floppy --fs-uuid --set=root 7a639cc0-061e-429d-9381-0c2e4660da54 fi if loadfont