Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unattended upgrades from 1.8.2 to 2.0.0-rc3 fail #6005

Closed
zenmonkeykstop opened this issue Jun 18, 2021 · 5 comments · Fixed by #6006
Closed

Unattended upgrades from 1.8.2 to 2.0.0-rc3 fail #6005

zenmonkeykstop opened this issue Jun 18, 2021 · 5 comments · Fixed by #6006
Assignees
@kushaldas
Labels
QA: Release release blocker
Projects
SecureDrop Team Board

Comments

@zenmonkeykstop
Copy link
Contributor

Description

Unattended upgrades from 1.8.2 to 2.0.0-rc3 fail to complete successfully on the app server, with the securedrop-app-code package being held back.

Steps to Reproduce

  • Set up a prod environment (hardware or VMs) with current version 1.8.2
  • install testing apt key and flip repos from apt.freedom.press to apt-test.freedom.press in apt sources lists
  • run sudo apt-get update && sudo unattended-upgrades -d

Expected Behavior

2.0.0-rc3 packages are installed without error (altbeit with a connection drop if ssh-over-tor is enabled)

Actual Behavior

securedrop-app-code is held back as "package haveged is marked to be deleted"

Comments

Suggestions to fix, any other relevant information.
@kushaldas kushaldas added this to In Development in SecureDrop Team Board Jun 21, 2021
@kushaldas
Copy link
Contributor

I can now verify this issue.

<snipped>
Checking: securedrop-app-code ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])              
sanity check failed for: {'haveged=1.9.1-6ubuntu1', 'securedrop-app-code=2.0.0~rc3+focal'} : pkg haveged is marked to be deleted                              
falling back to adjusting securedrop-app-code's dependencies                                                                                                  
sanity check failed for: {'haveged=1.9.1-6ubuntu1', 'securedrop-app-code=2.0.0~rc3+focal'} : pkg haveged is marked to be deleted                              
Checking: securedrop-config ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])                
Checking: securedrop-keyring ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])               
Checking: securedrop-ossec-agent ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])           
Checking: tor ([<Origin component:'main' archive:'' origin:'SecureDrop' label:'' site:'apt-test.freedom.press' isTrusted:True>])                              
pkgs that look like they should be upgraded: securedrop-config                                                                                                
securedrop-keyring                                                                                                                                            
securedrop-ossec-agent                                                                                                                                        
tor                                                                                                                                                           
Get:1 https://apt-test.freedom.press focal/main amd64 securedrop-config all 0.1.4+2.0.0~rc3+focal [3064 B]                                                    
Get:2 https://apt-test.freedom.press focal/main amd64 securedrop-keyring amd64 0.1.5+2.0.0~rc3+focal [8120 B]                                                 
Get:3 https://apt-test.freedom.press focal/main amd64 securedrop-ossec-agent amd64 3.6.0+2.0.0~rc3+focal [4664 B]                                             
Get:4 https://apt-test.freedom.press focal/main amd64 tor amd64 0.4.5.8-1~focal+1 [1488 kB]                                                                   
Fetched 1503 kB in 0s (0 B/s)                                                                                                                                 
fetch.run() result: 0                                                                                                                                         
dpkg is configured not to cause conffile prompts                                                                                                              
Packages that will be upgraded: securedrop-config securedrop-keyring securedrop-ossec-agent tor 


<snipped>

Log started: 2021-06-21  06:57:55
(Reading database ... 46453 files and directories currently installed.)
Preparing to unpack .../tor_0.4.5.8-1~focal+1_amd64.deb ...
Unpacking tor (0.4.5.8-1~focal+1) over (0.4.5.7-1~focal+1) ...
Setting up tor (0.4.5.8-1~focal+1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.7) ...
left to upgrade set()
All upgrades installed
InstCount=0 DelCount=0 BrokenCount=0
Package securedrop-app-code has a higher version available, checking if it is from an allowed origin and is not pinned down.
Package securedrop-app-code is kept back because a related package is kept back or due to local apt_preferences(5).
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2021-06-21 06:57:34

@kushaldas kushaldas self-assigned this Jun 21, 2021
@kushaldas
Copy link
Contributor

kushaldas commented Jun 21, 2021
edited

I think this happened due to https://github.com/freedomofpress/securedrop/pull/5954/files#diff-6625b173542ab918529e3fb0d9afe3e148b3bc79d4cd33c0106d237c155155b0R11, during review I missed how that Conflicts actually works.

From the Debian documentation:

If one package is to be unpacked, the other must be removed first. If the
package being unpacked is marked as replacing (see Overwriting files and
replacing packages - Replaces, but note that Breaks should normally be used in
this case) the one on the system, or the one on the system is marked as
deselected, or both packages are marked Essential, then dpkg will automatically
remove the package which is causing the conflict. Otherwise, it will halt the
installation of the new package with an error. This mechanism is specifically
designed to produce an error when the installed package is Essential, but the
new package is not.

Also from the same page:

This usage of Replaces only takes effect when both packages are at least partially on
 the system at once. It is not relevant if the packages conflict unless the conflict has been overridden.

Because haveged is already on the system, it is not getting removed automatically and dpkg is throwing the error.

My suggestion is to remove haveged from Conflicts and Replaces lines in the control file. The package will be removed next time the admins rerun the ansible.

kushaldas added a commit that referenced this issue Jun 21, 2021
@kushaldas
Fixes #6005 removed haveged from control file
4813135 
We can remove haveged from the system later by an ansible run.
@kushaldas kushaldas mentioned this issue Jun 21, 2021
Merged
10 tasks
SecureDrop Team Board automation moved this from In Development to Done Jun 21, 2021
zenmonkeykstop added a commit that referenced this issue Jun 21, 2021
@zenmonkeykstop
Merge pull request #6006 from freedomofpress/dont_fight_haveged
d92911c 
Fixes #6005 removed haveged from control file
zenmonkeykstop pushed a commit that referenced this issue Jun 21, 2021
@kushaldas @zenmonkeykstop
Fixes #6005 removed haveged from control file
cc677d4 
We can remove haveged from the system later by an ansible run.

(cherry picked from commit 4813135)
@rmol
Copy link
Contributor

rmol commented Jun 21, 2021

The removal of haveged was prompted by the idea that it could actually give some control over the system's source of randomness if compromised.

From your reading of the control file docs, do you think marking securedrop-app-code Essential could also work?

@kushaldas
Copy link
Contributor

The removal of haveged was prompted by the idea that it could actually give some control over the system's source of randomness if compromised.

From your reading of the control file docs, do you think marking securedrop-app-code Essential could also work?

Maybe, this is totally unknown territory for me. Specially when Essential packages are important for the system to run. I don't know enough how that break things now or in future.

kushaldas added a commit that referenced this issue Jun 21, 2021
@kushaldas
Merge pull request #6007 from freedomofpress/backport-6006
14755c0 
[2.0.0] Backport: Fixes #6005 removed haveged from control file
@rmol
Copy link
Contributor

rmol commented Jun 21, 2021

After looking a bit more, I think unattended-upgrades is going to refuse to handle a deletion like this no matter how we trigger it, so if we want securedrop-app-code updated, #6006 is required.

This was referenced Jun 21, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kushaldas kushaldas

Labels
QA: Release release blocker
Projects
No open projects
SecureDrop Team Board
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #6005 removed haveged from control file freedomofpress/securedrop
3 participants
@kushaldas @zenmonkeykstop @rmol