[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
Patch for /usr/share/initramfs-tools/scripts/init-bottom/dropbear on Ubuntu 22.04-LTS This feels like the better place, as it respects dropbear's original semantic for IFDOWN on systems which run netplan. Needs to be followed by update-initramfs -u -k 'all' /root/dropbear-orig2022-12-27 10:50:51.619568832 + +++ /usr/share/initramfs-tools/scripts/init-bottom/dropbear 2022-12-27 10:56:21.291398517 + @@ -79,6 +79,12 @@ ip linkset dev "$IFACE" down ip address flush dev "$IFACE" ip route flush dev "$IFACE" + +if [ -f "/run/netplan/${IFACE}.yaml" ]; then +rm -f "/run/netplan/${IFACE}.yaml" + +fi + log_end_msg done fi -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in clevis package in Ubuntu: Confirmed Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
Confirming the clevis issue. Patch for reference: --- /usr/share/initramfs-tools/scripts/local-bottom/clevis.orig 2022-07-11 10:52:16.938228467 -0500 +++ /usr/share/initramfs-tools/scripts/local-bottom/clevis 2022-07-11 10:30:08.040636353 -0500 @@ -46,5 +46,9 @@ for iface in /sys/class/net/*; do ip link set dev "$iface" down ip addr flush dev "$iface" ip route flush dev "$iface" + +if [ -f "/run/netplan/${iface}.yaml" ]; then +rm "/run/netplan/${iface}.yaml" +fi fi done Followed by: update-initramfs -u -k 'all' -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in clevis package in Ubuntu: Confirmed Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: clevis (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in clevis package in Ubuntu: Confirmed Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
The same problem occurs when the hdd is automatically decrypted with clevis and a tang server. The script /usr/share/initramfs- tools/scripts/local-bottom/clevis tries to deactivate the network interface again after it got the secret to decrypt the disk from the tang server: ... for iface in /sys/class/net/*; do if [ -e "$iface" ]; then iface=$(basename "$iface") ip link set dev "$iface" down ip addr flush dev "$iface" ip route flush dev "$iface" fi done The presence of /run/net-*.conf and /run/netplan/*.yaml leads to the interface beeing managed by systemd-networkd instad of NetworkManager here, too. Instead of implementing removal of the files in dropbear an clevis, maybe there is a single place to serve both, dropbear and clevis? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in clevis package in Ubuntu: New Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
** Also affects: clevis (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in clevis package in Ubuntu: New Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
I can confirm the workaround by boxeus works on Ubuntu 20.04 LTS. To improve on that, the lines can be added to the /etc/dropbear- initramfs/config config file instead to avoid upgrade issues. It is loaded towards the end of /usr/share/initramfs-tools/scripts/init- bottom/dropbear anyway. Automation two-liner: echo -e "rm /run/net-*.conf\nrm /run/netplan/*.yaml" >> /etc/dropbear-initramfs/config update-initramfs -u After that, netplan actually works again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
Which version of Mint (or which upstream Ubuntu it is based on?) I wonder if there is a way to get those rows into the configs rather than editing packaged files? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
The easiest way to fix this on linux mint for me was to edit: /usr/share/initramfs-tools/scripts/init-bottom/dropbear add these two lines to the end of file: rm /run/net-*.conf rm /run/netplan/*.yaml save and run: update-initramfs -u -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: initramfs-tools (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: Confirmed Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
It seems the workaround above does not work on Ubuntu 20.04. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: New Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1813394] Re: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config
Digging even further back, it turns out that IFDOWN is in itself a workaround for an equal issue dating back to ~2012. As such, the core of the issue lies with how initramfs network setup overrides netplan. Adding that package. Given the very limited setup /etc/initramfs-tools/initramfs.conf allows (including the DHCP default mentioned in the description), there is a case to be made for allowing admins to rely on the full config rather than initramfs for their network setup. ** Also affects: initramfs-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu. https://bugs.launchpad.net/bugs/1813394 Title: DROPBEAR_IFDOWN=* takes interface down but leaves netplan config Status in dropbear package in Ubuntu: Confirmed Status in initramfs-tools package in Ubuntu: New Bug description: On bionic, setting the network interface up (e.g. eno1) with DHCP now causes a /run/netplan/eno1.yaml and a /run/net-eno1.conf file to be written. The former gets imported by netplan after boot and causes the DHCP lease from the initrd to be around forever, which I think goes against the intent of DROPBEAR_IFDOWN=*. I have brewed up a workaround script that lives in /etc/initramfs- tools/scripts/init-bottom/hack-delete-netif-netplan.sh for now: 8< cut >8 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case "$1" in prereqs) prereqs exit 0 ;; esac . /scripts/functions log_begin_msg "Deleting all network configuration that systemd could try to import" rm /run/net-*.conf rm /run/netplan/*.yaml log_end_msg 8< cut >8 I think that dropbear-intiramfs's init-bottom script should do this in addition to downing the interfaces that it finds via the DROPBEAR_IFDOWN pattern. Do you agree? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1813394/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp