[SRU] Configuration should be purged only in nginx-common
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nginx (Debian) |
Fix Released
|
Unknown
|
|||
nginx (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Precise |
Fix Released
|
Critical
|
Unassigned |
Bug Description
[Impact]
* When purging nginx-light, nginx-full, or nginx-naxsi with apt-get remove --purge (or similar), the /etc/nginx/ folder and all configurations are removed.
* nginx-common should be the package that, when purged, will remove the configuration data as well as the program.
* Removal of a user's configuration when the -common package is not removed is a severe issue, and when Thomas Ward consulted with Clint Byrum on bug importance, this was determined to be a "Critical" bug as user configuration removals should not be happening in this case.
[Test Cases]
Make sure to run all three test cases. The third one, in particular, was not fixed with the others at the same time in Debian, and relies on a separate commit. --rbasak
[Test Case 1]
* Produced by purging nginx-full, nginx-light, or nginx-naxsi.
* By running a purge of nginx-full or nginx-light or nginx-naxsi without removing nginx-common, the system should not be removing a user's configuration files for nginx. Only if nginx-common is removed should the system
[Test Case 2 (added by rbasak)]
1. apt-get install nginx
2. dpkg -P nginx nginx-full
3. apt-get install nginx
Expected results: nginx-full installed again and functional, with the daemon running.
Actual results: nginx-full postinst failure due to missing /etc/nginx directory causing daemon start failure.
[Test Case 3 (added by rbasak)]
1. apt-get install nginx-extras
2. dpkg -P nginx-extras
3. apt-get install nginx-extras
Expected results: nginx-extras installed again and functional, with the daemon running.
Actual results: nginx-extras postinst failure due to missing /etc/nginx directory causing daemon start failure.
[Regression Potential]
* Minimal - The patch from Debian has been in the NGINX packages since 1.2.1 and is also included in Quantal and later with no regressions.
Added by rbasak:
Consider the upgrade path carefully. For example: if the nginx-common binary package is held back, and other binaries are upgraded with this SRU, then it's possible that purging functionality will disappear and the old nginx-common binary package could then be purged and /etc/nginx would not be cleaned up. I [rbasak] don't think this case is worth considering in an SRU though, since at worse it'll leave /etc/nginx behind in a very unusual case, which shouldn't have any other repercussions anyway.
Only postinsts are changed here. The nginx-{
Finally, make sure to check nginx-extras separately, as this was missed in Debian the first time round.
[Other Info]
* Patch to fix this issue (to be attached here shortly) originated from Debian.
* Debdiffs to be attached after build-tests are completed.
------
Original Description:
nginx in ubuntu has a very violently bug when purging one of the packages
nginx-full, nginx-light or nginx-naxsi while moving from light to full or other
ways. The packages -light, -full and -naxsi will remove /etc/nginx,
/var/log/nginx and /var/lib/nginx completely leaving the system broken. The
directories are not owned by this respective packages at all then owned by
nginx-common. So after such a transition the whole nginx installation is broken
and one has to also first to purge nginx-common and reinstalling it.
Unneeded to say that all own site configurations has been deleted too.
This is a massive violation of debian policy. However, debian had never has
this bug in one of there stable distributions, so this bug only affects ubuntu
(12.04 LTS was checked by me)
Related branches
description: | updated |
Changed in nginx (Debian): | |
status: | Unknown → Fix Released |
Changed in nginx (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in nginx (Ubuntu): | |
importance: | Undecided → Critical |
Changed in nginx (Ubuntu Precise): | |
importance: | Undecided → Critical |
summary: |
- Configuration should be purged only in nginx-common + [SRU] Configuration should be purged only in nginx-common |
description: | updated |
Changed in nginx (Ubuntu Precise): | |
status: | Fix Committed → Triaged |
tags: | removed: verification-failed |
As there is no field to note the version that is affected, here it is:
1.1.19-1ubuntu0.2
Ah, and there is an old debian bug report #678060 that was handling this issue.