Public bug reported:
Puppet is a configuration and software management system that can be
used e.g. for installing and upgrading debian packages, modifying
configuration files, etc. Puppet will call apt-get/dpkg when needed to
handle packages.
When libssl1.1 is installed/upgraded and the installation process is
controlled by Puppet, the automatic re-start of ssl-dependant services
Puts puppet into a re-start loop:
1. libssl1.1 's postinstall script re-starts puppet via systemd (systemctl
restart puppet.service)
2. systemd will terminate all processes associated with the Puppet service
3. dpkg is among these processes since it's called by Puppet and inherits
its cgroup-memberships.
4. libssl1.1 's postinstall script will never succeed since it's killed by
systemd
5. puppet re-starts
6. puppet runs "dpkg --configura -a"
7. libssl1.1 is unconfigured, the postinst script is run
8. goto 1.
Puppet should be removed from hardcoded list of services to be re-
started in libssl1.1's postinst script. A patch to do so is attached.
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
** Tags: bionic xenial
** Attachment added: "Removes puppet from list of to-be-re-restarted services"
https://bugs.launchpad.net/bugs/1837526/+attachment/5278651/+files/libssl.diff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1837526
Title:
Restarting services puts puppet into restart-loop
Status in openssl package in Ubuntu:
New
Bug description:
Puppet is a configuration and software management system that can be
used e.g. for installing and upgrading debian packages, modifying
configuration files, etc. Puppet will call apt-get/dpkg when needed to
handle packages.
When libssl1.1 is installed/upgraded and the installation process is
controlled by Puppet, the automatic re-start of ssl-dependant services
Puts puppet into a re-start loop:
1. libssl1.1 's postinstall script re-starts puppet via systemd (systemctl
restart puppet.service)
2. systemd will terminate all processes associated with the Puppet service
3. dpkg is among these processes since it's called by Puppet and inherits
its cgroup-memberships.
4. libssl1.1 's postinstall script will never succeed since it's killed by
systemd
5. puppet re-starts
6. puppet runs "dpkg --configura -a"
7. libssl1.1 is unconfigured, the postinst script is run
8. goto 1.
Puppet should be removed from hardcoded list of services to be re-
started in libssl1.1's postinst script. A patch to do so is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1837526/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
