** Description changed:
[Impact]
There are two conditions for this bug to happen, as far as I could figure out:
a) the mpm_prefork module configuration files are named just
prefork.{conf,module} instead of mpm_prefork.{conf,module}
b) this renamed prefork mpm module is enabled manually instead of using
a2enmod
These conditions mean that one will have two mpm modules enabled at the
same time in /etc/apache2/mod-enabled, something that the a2enmod tool
knows how to prevent. But the symlinks can still be created manually.
These were the conditions I could figure out via code inspection and
from logs from this bug and #1771934, meaning, I could reproduce the
same error, including shell code path execution.
It's quite a corner case, but it showed a real bug in the apache apache2
-maintscript-helper shell script. It seems to be triggered by a
puppetlabs module, but I didn't install or configure puppet to confirm.
One could argue it's a local configuration issue, since non-standard
tools were used, but the bug it showed in the apache script is real and
I believe it's worth fixing.
Once the two mpm modules (event, from the default install, and preform, from
the manual symlink) are enabled at the same time, the following happens when
php is installed:
- php's postinst runs a2query -M to check which mpm is in use
- that call returns "event", so php proceeds to switch the mpm to prefork by
calling "apache2_switch_mpm prefork"
- due to the bug, apache2_switch_mpm() will check if "prefork" (and NOT
mpm_prefork) is already enabled. At this line, $MPM=preform, and $mpm is not
defined. So this:
- a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$?
+ a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$?
Turns into:
- a2query -m "prefork" > /dev/null 2>&1 || a2query_ret=$?
+ a2query -m "prefork" > /dev/null 2>&1 || a2query_ret=$?
- because there is a /etc/apache2/mods-enabled/prefork.* symlink (manually
created), this returns 0, in which case the function determines there is
nothing to do (prefork is already enabled!) and exits 0 without actually
switching anything
- mpm_event is still enabled, and when a2enmod is called to enable php, that
correctly complains and fails.
With the fix, the a2query call from apache2_switch_mpm() will correctly
determine that mpm_prefork is not enabled, and perform the requested
switch.
+
+ In the end, prefork will be loaded twice, but apache handles that
+ gracefully and ignores the second load:
+
+ [Thu Oct 11 18:33:48.576838 2018] [so:warn] [pid 9923] AH01574: module
+ mpm_prefork_module is already loaded, skipping
[Test Case]
sudo apt update
sudo apt install apache2
sudo cp /etc/apache2/mods-available/{mpm_prefork,prefork}.conf
sudo cp /etc/apache2/mods-available/{mpm_prefork,prefork}.load
sudo ln -s /etc/apache2/mods-{available,enabled}/prefork.load
sudo ln -s /etc/apache2/mods-{available,enabled}/prefork.conf
Installing the php7.2 module now will fail:
sudo apt install libapache2-mod-php7.2
Creating config file /etc/php/7.2/apache2/php.ini with new version
apache2_switch_mpm prefork: No action required
dpkg: error processing package libapache2-mod-php7.2 (--configure):
installed libapache2-mod-php7.2 package post-installation script subprocess
returned error exit status 1
E: Sub-process /usr/bin/dpkg returned an error code (1)
With the package from proposed, the above will work just fine.
If a user is in the failed situation already, a dist-upgrade also fixes the
problem.
[Regression Potential]
* discussion of how regressions are most likely to manifest as a result
of this change.
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[Other Info]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and
the Technical Board
* and address these questions in advance
[Original Description]
The following line appears to have a typo:
a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$?
It should read:
a2query -m "mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$?
Since $mpm is not defined. Later on there are references to enabling and
disabling "mpm_$MPM".
https://salsa.debian.org/apache-
team/apache2/blob/master/debian/debhelper/apache2-maintscript-
helper#L290
This appears to trip up the Puppet apache module since it creates a
prefork module (rather than mpm_prefork), which results in the above
query returning a positive response. This is what's happening in bug
#1771934.
Fix is obvious and trivial so can hopefully be implemented soon. Appears
only to affect bionic since xenial had different code.
** Description changed:
[Impact]
There are two conditions for this bug to happen, as far as I could figure out:
- a) the mpm_prefork module configuration files are named just
prefork.{conf,module} instead of mpm_prefork.{conf,module}
+ a) the mpm_prefork module configuration files are named just
prefork.{conf,module} instead of, or in addition to, mpm_prefork.{conf,module}
b) this renamed prefork mpm module is enabled manually instead of using
a2enmod
These conditions mean that one will have two mpm modules enabled at the
same time in /etc/apache2/mod-enabled, something that the a2enmod tool
knows how to prevent. But the symlinks can still be created manually.
These were the conditions I could figure out via code inspection and
from logs from this bug and #1771934, meaning, I could reproduce the
same error, including shell code path execution.
It's quite a corner case, but it showed a real bug in the apache apache2
-maintscript-helper shell script. It seems to be triggered by a
puppetlabs module, but I didn't install or configure puppet to confirm.
One could argue it's a local configuration issue, since non-standard
tools were used, but the bug it showed in the apache script is real and
I believe it's worth fixing.
Once the two mpm modules (event, from the default install, and preform, from
the manual symlink) are enabled at the same time, the following happens when
php is installed:
- php's postinst runs a2query -M to check which mpm is in use
- that call returns "event", so php proceeds to switch the mpm to prefork by
calling "apache2_switch_mpm prefork"
- due to the bug, apache2_switch_mpm() will check if "prefork" (and NOT
mpm_prefork) is already enabled. At this line, $MPM=preform, and $mpm is not
defined. So this:
a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$?
Turns into:
a2query -m "prefork" > /dev/null 2>&1 || a2query_ret=$?
- because there is a /etc/apache2/mods-enabled/prefork.* symlink (manually
created), this returns 0, in which case the function determines there is
nothing to do (prefork is already enabled!) and exits 0 without actually
switching anything
- mpm_event is still enabled, and when a2enmod is called to enable php, that
correctly complains and fails.
With the fix, the a2query call from apache2_switch_mpm() will correctly
determine that mpm_prefork is not enabled, and perform the requested
switch.
In the end, prefork will be loaded twice, but apache handles that
gracefully and ignores the second load:
[Thu Oct 11 18:33:48.576838 2018] [so:warn] [pid 9923] AH01574: module
mpm_prefork_module is already loaded, skipping
-
[Test Case]
sudo apt update
sudo apt install apache2
sudo cp /etc/apache2/mods-available/{mpm_prefork,prefork}.conf
sudo cp /etc/apache2/mods-available/{mpm_prefork,prefork}.load
sudo ln -s /etc/apache2/mods-{available,enabled}/prefork.load
sudo ln -s /etc/apache2/mods-{available,enabled}/prefork.conf
Installing the php7.2 module now will fail:
sudo apt install libapache2-mod-php7.2
Creating config file /etc/php/7.2/apache2/php.ini with new version
apache2_switch_mpm prefork: No action required
dpkg: error processing package libapache2-mod-php7.2 (--configure):
installed libapache2-mod-php7.2 package post-installation script subprocess
returned error exit status 1
E: Sub-process /usr/bin/dpkg returned an error code (1)
With the package from proposed, the above will work just fine.
If a user is in the failed situation already, a dist-upgrade also fixes the
problem.
[Regression Potential]
* discussion of how regressions are most likely to manifest as a result
of this change.
* It is assumed that any SRU candidate patch is well-tested before
upload and has a low overall risk of regression, but it's important
to make the effort to think about what ''could'' happen in the
event of a regression.
* This both shows the SRU team that the risks have been considered,
and provides guidance to testers in regression-testing the SRU.
[Other Info]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and
the Technical Board
* and address these questions in advance
[Original Description]
The following line appears to have a typo:
a2query -m "$mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$?
It should read:
a2query -m "mpm_$MPM" > /dev/null 2>&1 || a2query_ret=$?
Since $mpm is not defined. Later on there are references to enabling and
disabling "mpm_$MPM".
https://salsa.debian.org/apache-
team/apache2/blob/master/debian/debhelper/apache2-maintscript-
helper#L290
This appears to trip up the Puppet apache module since it creates a
prefork module (rather than mpm_prefork), which results in the above
query returning a positive response. This is what's happening in bug
#1771934.
Fix is obvious and trivial so can hopefully be implemented soon. Appears
only to affect bionic since xenial had different code.
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1782806
Title:
Typo in apache2-maintscript-helper causes MPM check to misfire
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1782806/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
