qubes-core-agent /etc/qubes/post-install.d mechanism / qvm-features-request broken #3951

adrelanos · Jun 3, 2018

Qubes OS version:

R4

Affected component(s):

all templates

Steps to reproduce the behavior:

Upgrade qubes core agent.

When qubesdb is being upgraded (i.e. not running) and at the same time https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubes-rpc/qubes.PostInstall is processing a /etc/qubes/post-install.d/ trigger,

Expected behavior:

Functional.

Actual behavior:

For example qvm-features-request whonix-ws=1 won't work, because qubesdb not running.

Other things from https://github.com/QubesOS/qubes-core-agent-linux/tree/master/post-install.d will also not work.

Leaving 'diversion of /etc/init/tty.conf to /etc/init/tty.conf.qubes-disabled by qubes-core-agent'
Leaving 'diversion of /etc/init/serial.conf to /etc/init/serial.conf.qubes-orig by qubes-core-agent'
No such key 'auto-update-type' in schema 'org.gnome.settings-daemon.plugins.updates' as specified in override file '/usr/share/glib-2.0/schemas/20_org.gnome.settings-daemon.plugins.updates.qubes.gschema.override'; ignoring override for this key.
Failed connect to local daemon
Traceback (most recent call last):
  File "/usr/bin/qvm-features-request", line 81, in <module>
    sys.exit(main())
  File "/usr/bin/qvm-features-request", line 70, in main
    qdb = qubesdb.QubesDB()
qubesdb.Error: (2, 'No such file or directory')
Traceback (most recent call last):
  File "/usr/bin/qvm-features-request", line 81, in <module>
    sys.exit(main())
  File "/usr/bin/qvm-features-request", line 70, in main
    qdb = qubesdb.QubesDB()
qubesdb.Error: (2, 'No such file or directory')
Traceback (most recent call last):
  File "/usr/bin/qvm-features-request", line 81, in <module>
    sys.exit(main())
  File "/usr/bin/qvm-features-request", line 70, in main
    qdb = qubesdb.QubesDB()
qubesdb.Error: (2, 'No such file or directory')
Traceback (most recent call last):
  File "/usr/bin/qvm-features-request", line 81, in <module>
    sys.exit(main())
  File "/usr/bin/qvm-features-request", line 70, in main
    qdb = qubesdb.QubesDB()
qubesdb.Error: (2, 'No such file or directory')
Setting up qubes-core-agent-networking (4.0.28-1+deb8u1) ...

General notes:

I think the current /etc/qubes/post-install.d implementation is fragile.

Related issues:

Affects Whonix anon-vm tag implementation.

https://www.whonix.org/wiki/Dev/Qubes#anon-vm_tag

#3765
#3595

@adrelanos could qubes-core-agent-linux have some dependency that its postinst script is called after qubes-db service is started again?

marmarek · Jun 4, 2018

@adrelanos could qubes-core-agent-linux have some dependency that its postinst script is called after qubes-db service is started again?

Dunno. Not sure.

A)
Easy, and clean, if it works:
If qubes-core-agent-linux had Depends: qubesdb-vm perhaps?

B)
More hacky:
Trigger somehow?

C)
Slightly less hacky:
Trigger and only do the /etc/qubes-rpc/qubes.PostInstall || true call?

D)
Another hacky option:
Run /var/lib/dpkg/info/qubes-core-agent.postinst from qubes-core-qubesdb postinst?

## Set environment variables for deb-systemd-helper.
export DPKG_MAINTSCRIPT_PACKAGE="qubes-core-agent"
export DPKG_MAINTSCRIPT_NAME="postinst"
/var/lib/dpkg/info/qubes-core-agent.postinst configure

E)
Another hacky option:
Run /etc/qubes-rpc/qubes.PostInstall || true from qubes-core-qubesdb postinst but after #DEBHELPER#. (To ensure systemd restart actions are already done.)

(This is interesting to fix for other purposes as well. Saw qubesdb not running errors even before (but then the impact was low).)

adrelanos · Jun 4, 2018

Dunno. Not sure.

A)
Easy, and clean, if it works:
If qubes-core-agent-linux had Depends: qubesdb-vm perhaps?

B)
More hacky:
Trigger somehow?

C)
Slightly less hacky:
Trigger and only do the /etc/qubes-rpc/qubes.PostInstall || true call?

D)
Another hacky option:
Run /var/lib/dpkg/info/qubes-core-agent.postinst from qubes-core-qubesdb postinst?

## Set environment variables for deb-systemd-helper.
export DPKG_MAINTSCRIPT_PACKAGE="qubes-core-agent"
export DPKG_MAINTSCRIPT_NAME="postinst"
/var/lib/dpkg/info/qubes-core-agent.postinst configure

E)
Another hacky option:
Run /etc/qubes-rpc/qubes.PostInstall || true from qubes-core-qubesdb postinst but after #DEBHELPER#. (To ensure systemd restart actions are already done.)

(This is interesting to fix for other purposes as well. Saw qubesdb not running errors even before (but then the impact was low).)

This is a blocker for the release of Whonix 14.

adrelanos · Jun 12, 2018

This is a blocker for the release of Whonix 14.

@adrelanos can you provide exact steps (versions etc) to reproduce? I've tried updating both qubesdb and qubes-core-agent at the same time in debian-9 template it it worked just fine. Was that during whonix-13 -> whonix-14 update?
Note that if you see those messages during template build, it doesn't matter, since qubes.PostInstall is also called at template installation time.

marmarek · Jun 13, 2018

@adrelanos can you provide exact steps (versions etc) to reproduce? I've tried updating both qubesdb and qubes-core-agent at the same time in debian-9 template it it worked just fine. Was that during whonix-13 -> whonix-14 update?
Note that if you see those messages during template build, it doesn't matter, since qubes.PostInstall is also called at template installation time.

Debian policy:

Depends

This declares an absolute dependency. A package will not be configured unless all of the packages listed in its Depends field have been correctly configured (unless there is a circular dependency as described above).

So, Depends: qubesdb-vm should fix it. But since I can't reproduce the problem, cannot reliably test it. Will push the update to testing anyway.

marmarek · Jun 13, 2018

Debian policy:

Depends

This declares an absolute dependency. A package will not be configured unless all of the packages listed in its Depends field have been correctly configured (unless there is a circular dependency as described above).

So, Depends: qubesdb-vm should fix it. But since I can't reproduce the problem, cannot reliably test it. Will push the update to testing anyway.

Marek Marczykowski-Górecki:

@adrelanos can you provide exact steps (versions etc) to reproduce?

If you have a Qubes-Whonix 14 template and upgrade it, this should be reproducible.

I've tried updating both qubesdb and qubes-core-agent at the same time in debian-9 template it it worked just fine. Was that during whonix-13 -> whonix-14 update?

Didn't test whonix-13 -> whonix-14 upgrade to reproduce this. No major upgrade required. This was happening during Whonix 14 package upgrades.

So, `Depends: qubesdb-vm` should fix it. But since I can't reproduce

the problem, cannot reliably test it. Will push the update to testing anyway. Very good! :) Once in testing, I will test. Will let you know in case I spot this issue again.

adrelanos · Jun 13, 2018

Marek Marczykowski-Górecki:

@adrelanos can you provide exact steps (versions etc) to reproduce?

If you have a Qubes-Whonix 14 template and upgrade it, this should be reproducible.

I've tried updating both qubesdb and qubes-core-agent at the same time in debian-9 template it it worked just fine. Was that during whonix-13 -> whonix-14 update?

Didn't test whonix-13 -> whonix-14 upgrade to reproduce this. No major upgrade required. This was happening during Whonix 14 package upgrades.

So, `Depends: qubesdb-vm` should fix it. But since I can't reproduce

the problem, cannot reliably test it. Will push the update to testing anyway. Very good! :) Once in testing, I will test. Will let you know in case I spot this issue again.

Automated announcement from builder-github

The package core-agent-linux has been pushed to the r4.0 testing repository for the CentOS centos7 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

QubesOS/qubes-issues

Join GitHub today

qubes-core-agent /etc/qubes/post-install.d mechanism / qvm-features-request broken #3951

Comments

adrelanos commented Jun 3, 2018 • edited Edited 2 times adrelanos edited Jun 7, 2018 (most recent) adrelanos edited Jun 7, 2018 adrelanos created Jun 3, 2018

Qubes OS version:

Affected component(s):

Steps to reproduce the behavior:

Expected behavior:

Actual behavior:

General notes:

Related issues:

andrewdavidwong added bug C: core labels Jun 3, 2018

andrewdavidwong added this to the Release 4.0 updates milestone Jun 3, 2018

This comment has been minimized.

marmarek commented Jun 4, 2018

This comment has been minimized.

adrelanos commented Jun 4, 2018 • edited Edited 2 times adrelanos edited Jun 7, 2018 (most recent) adrelanos edited Jun 7, 2018 adrelanos created Jun 4, 2018

This comment has been minimized.

adrelanos commented Jun 12, 2018

andrewdavidwong added the P: blocker label Jun 13, 2018

This comment has been minimized.

marmarek commented Jun 13, 2018

This comment has been minimized.

marmarek commented Jun 13, 2018

This comment has been minimized.

adrelanos commented Jun 13, 2018

marmarek closed this in marmarek/qubes-core-agent-linux@a715797 Jun 13, 2018

This comment has been minimized.

qubesos-bot commented Jun 15, 2018

qubesos-bot added the r4.0-centos7-cur-test label Jun 15, 2018

qubesos-bot referenced this issue in QubesOS/updates-status Jun 15, 2018

qubesos-bot added r4.0-buster-cur-test r4.0-jessie-cur-test labels Jun 15, 2018

This comment has been minimized.

qubesos-bot commented Jun 15, 2018

qubesos-bot added the r4.0-stretch-cur-test label Jun 15, 2018

This comment has been minimized.

qubesos-bot commented Jun 15, 2018

qubesos-bot added r4.0-fc26-cur-test r4.0-fc27-cur-test r4.0-fc28-cur-test labels Jun 15, 2018

This comment has been minimized.

qubesos-bot commented Jun 29, 2018

qubesos-bot added r4.0-fc26-stable r4.0-fc27-stable r4.0-fc28-stable and removed r4.0-fc26-cur-test r4.0-fc27-cur-test r4.0-fc28-cur-test labels Jun 29, 2018

This comment has been minimized.

qubesos-bot commented Jun 29, 2018

qubesos-bot added r4.0-centos7-stable r4.0-buster-stable r4.0-jessie-stable and removed r4.0-centos7-cur-test r4.0-buster-cur-test r4.0-jessie-cur-test labels Jun 29, 2018

This comment has been minimized.

qubesos-bot commented Jun 29, 2018

qubesos-bot added r4.0-stretch-stable and removed r4.0-stretch-cur-test labels Jun 29, 2018

marmarek added a commit to QubesOS/qubes-core-agent-linux that referenced this issue Jul 18, 2018

qubesos-bot added the r3.2-fc25-cur-test label Jul 18, 2018

qubesos-bot referenced this issue in QubesOS/updates-status Jul 18, 2018

This comment has been minimized.

qubesos-bot commented Jul 18, 2018

qubesos-bot added r3.2-fc26-cur-test r3.2-fc27-cur-test r3.2-fc28-cur-test r3.2-buster-cur-test r3.2-jessie-cur-test labels Jul 18, 2018

This comment has been minimized.

qubesos-bot commented Jul 18, 2018

qubesos-bot added the r3.2-stretch-cur-test label Jul 18, 2018

adrelanos commented Jun 3, 2018 •

edited

Edited 2 times

adrelanos edited Jun 7, 2018 (most recent)

adrelanos edited Jun 7, 2018

adrelanos created Jun 3, 2018

adrelanos commented Jun 4, 2018 •

edited

Edited 2 times

adrelanos edited Jun 7, 2018 (most recent)

adrelanos edited Jun 7, 2018

adrelanos created Jun 4, 2018

marmarek closed this in `marmarek/qubes-core-agent-linux@a715797` Jun 13, 2018