Ubuntu
gce-compute-image-packages package

Startup scripts get run when guest packages are updated

Bug #1668327 reported by Philip Roche
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gce-compute-image-packages (Ubuntu)
Fix Released
Medium
Philip Roche
Trusty
Fix Released
Medium
Philip Roche
Xenial
Fix Released
Medium
Philip Roche
Yakkety
Fix Released
Medium
Philip Roche
Zesty
Fix Released
Medium
Philip Roche

Bug Description

[Impact]

 * This bug affects: Zesty, Yakkety, Xenial and Trusty

 * When a user upgrades to a newer version of gce-cimpute-image-packages
   then the google-startup-scripts service is run which causes any configured
   startup scripts to be executed.

 * Running these scripts more than once on a running instance is not exptected
   behaviour and depending on the contents of the user's scripts could have
   disastrous consequences.

 * The fix tis to use override_dh_systemd_start in the debian/rules to alter the
   generated postinst, prerm and postrm files to not restart the startup or
   shutdown scripts on upgrade or install.

[Test Case]

 * Start instance with shutdown script and startup script

gcloud compute instances create ubuntu-1604-xenial-v20170224 --image-project ubuntu-os-cloud
--image "ubuntu-1604-xenial-v20170224" --metadata shutdown-script="#! /bin/bash
touch /home/ubuntu/shutdown.txt",startup-script="#! /bin/bash
touch /home/ubuntu/startup.txt"

# Run the following on the running instance
# clean up instance ready for testing

rm -f ~/startup.txt

# Add new PPA with fixed package

sudo add-apt-repository -y ppa:philroche/gce-compute-image-packages
sudo apt-get update
sudo apt-get install --only-upgrade gce-compute-image-packages

# Note that the first upgrade will always result in shutdown
# scripts being run as the initial gce-compute-image-packages postrm script are still in use.
# verify that the bug still exists

if [ -f ~/shutdown.txt ]; then
    echo "Shutdown File found! Bug still present"
    rm -f ~/shutdown.txt
fi

[Regression Potential]

 * Possible regressions are that the startup and shutdown script services never start and user's scripts to not get
 executed. This has been tested and is not the case.

[Original bug description]

A user reported (https://github.com/GoogleCloudPlatform/compute-image-packages/issues/376) that startup scripts are running when the guest packages get updated on Ubuntu. This can of course have very unexpected consequences.

I did some digging and found that the postinst you are using is not the same as ours and appears to start all the systemd services including startup and shutdown scripts when it runs.

if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload >/dev/null || true
        deb-systemd-invoke start google-accounts-daemon.service google-clock-skew-daemon.service google-instance-setup.service google-ip-forwarding-daemon.service google-network-setup.service google-shutdown-scripts.service google-startup-scripts.service >/dev/null || true

We have a postinst that works on other systemd platforms which you are welcome to use or mimic here: https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_compute_engine_init/systemd/postinst.sh

See original description

Related branches

~oddbloke/ubuntu/+source/gce-compute-image-packages:trusty-merge
Ubuntu Development Team: Pending requested
Diff: 100 lines (+62/-0) (has conflicts)
4 files modified
debian/99-gce.rules (+2/-0)
debian/changelog (+44/-0)
debian/gce-compute-image-packages.install (+8/-0)
debian/rules (+8/-0)
Revision history for this message
Philip Roche (philroche) wrote :

The postinst file used in the ubuntu package was auto-generated by debhelper command sequencer [1]. I will start the process of including your postinst and prerm scripts instead of relying on debhelper command sequencer auto generated ones.

[1] http://manpages.ubuntu.com/manpages/zesty/man1/dh.1.html

Changed in gce-compute-image-packages (Ubuntu):
assignee: nobody → Philip Roche (philroche)
status: New → Confirmed
Philip Roche (philroche)
description: updated
Revision history for this message
Philip Roche (philroche) wrote :

Merge proposals created:

Master/Zesty:
https://code.launchpad.net/~philroche/ubuntu/+source/gce-compute-image-packages/+git/gce-compute-image-packages/+merge/320377

Yakkety:
https://code.launchpad.net/~philroche/ubuntu/+source/gce-compute-image-packages/+git/gce-compute-image-packages/+merge/320385

Xenial:
https://code.launchpad.net/~philroche/ubuntu/+source/gce-compute-image-packages/+git/gce-compute-image-packages/+merge/320386

Revision history for this message
Philip Roche (philroche) wrote :

Attached lp1668327-no-restart-of-startup-shutdown-scripts-on-upgrade-zesty.debdiff fixes this bug for Zesty

Revision history for this message
Philip Roche (philroche) wrote :

Attached lp1668327-no-restart-of-startup-shutdown-scripts-on-upgrade-yakkety.debdiff fixes this bug for Yakkety

Revision history for this message
Philip Roche (philroche) wrote :

Attached lp1668327-no-restart-of-startup-shutdown-scripts-on-upgrade-xenial.debdiff fixes this bug for Xenial

Mathew Hodson (mhodson)
tags: added: patch trusty xenial yakkety zesty
Changed in gce-compute-image-packages (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Philip Roche (philroche) wrote :

Attached lp1668327-no-restart-of-startup-shutdown-scripts-on-upgrade-trusty.debdiff fixes this bug for Trusty

Revision history for this message
Philip Roche (philroche) wrote :

Merge proposal created for Trusty:
https://code.launchpad.net/~philroche/ubuntu/+source/gce-compute-image-packages/+git/gce-compute-image-packages/+merge/320620

Gianfranco Costamagna (costamagnagianfranco)
Changed in gce-compute-image-packages (Ubuntu Yakkety):
status: New → Fix Committed
Changed in gce-compute-image-packages (Ubuntu Zesty):
status: Confirmed → Fix Committed
Changed in gce-compute-image-packages (Ubuntu Xenial):
status: New → Fix Committed
Gianfranco Costamagna (costamagnagianfranco)
Changed in gce-compute-image-packages (Ubuntu Trusty):
status: New → Fix Committed
assignee: nobody → Philip Roche (philroche)
Changed in gce-compute-image-packages (Ubuntu Xenial):
assignee: nobody → Philip Roche (philroche)
Changed in gce-compute-image-packages (Ubuntu Yakkety):
assignee: nobody → Philip Roche (philroche)
Andy Whitcroft (apw)
Changed in gce-compute-image-packages (Ubuntu Zesty):
status: Fix Committed → In Progress
Changed in gce-compute-image-packages (Ubuntu Yakkety):
status: Fix Committed → In Progress
Changed in gce-compute-image-packages (Ubuntu Xenial):
status: Fix Committed → In Progress
Changed in gce-compute-image-packages (Ubuntu Trusty):
status: Fix Committed → In Progress
Revision history for this message
Andy Whitcroft (apw) wrote : Please test proposed package

Hello Philip, or anyone else affected,

Accepted gce-compute-image-packages into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gce-compute-image-packages/20160930-0ubuntu6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gce-compute-image-packages (Ubuntu Zesty):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gce-compute-image-packages - 20160930-0ubuntu6

---------------
gce-compute-image-packages (20160930-0ubuntu6) zesty; urgency=medium

  * Do not restart startup or shutdown scripts on upgrade (LP: #1668327)

 -- Phil Roche <email address hidden> Mon, 20 Mar 2017 14:47:51 +0000

Changed in gce-compute-image-packages (Ubuntu Zesty):
status: Fix Committed → Fix Released
Revision history for this message
Philip Roche (philroche) wrote :

gce-compute-image-packages version 20160930-0ubuntu6 in zesty-proposed has been verified.

For reference attached testplan was used for verification.

tags: added: verification-done
tags: removed: verification-needed
Revision history for this message
Andy Whitcroft (apw) wrote :

Hello Philip, or anyone else affected,

Accepted gce-compute-image-packages into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gce-compute-image-packages/20160930-0ubuntu6~16.10.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gce-compute-image-packages (Ubuntu Yakkety):
status: In Progress → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
Changed in gce-compute-image-packages (Ubuntu Xenial):
status: In Progress → Fix Committed
Revision history for this message
Andy Whitcroft (apw) wrote :

Hello Philip, or anyone else affected,

Accepted gce-compute-image-packages into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gce-compute-image-packages/20160930-0ubuntu6~16.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Andy Whitcroft (apw) wrote :

Hello Philip, or anyone else affected,

Accepted gce-compute-image-packages into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gce-compute-image-packages/20160930-0ubuntu3~14.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gce-compute-image-packages (Ubuntu Trusty):
status: In Progress → Fix Committed
Revision history for this message
Philip Roche (philroche) wrote :

gce-compute-image-packages version 20160930-0ubuntu6~16.04.0 in xenial-proposed has been verified.

For reference attached testplan was used for verification.

Revision history for this message
Philip Roche (philroche) wrote :

gce-compute-image-packages version 20160930-0ubuntu6~16.10.0 in yakkety-proposed has been verified.

For reference attached testplan was used for verification.

Revision history for this message
Philip Roche (philroche) wrote :

gce-compute-image-packages version 20160930-0ubuntu3~14.04.2 in trusty-proposed has been verified.

For reference attached testplan was used for verification.

tags: added: verification-done
removed: verification-needed
Gianfranco Costamagna (costamagnagianfranco)
tags: added: verification-done-trusty verification-done-xenial verification-done-yakkety
Mathew Hodson (mhodson)
Changed in gce-compute-image-packages (Ubuntu Trusty):
importance: Undecided → Medium
Changed in gce-compute-image-packages (Ubuntu Xenial):
importance: Undecided → Medium
Changed in gce-compute-image-packages (Ubuntu Yakkety):
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gce-compute-image-packages - 20160930-0ubuntu3~14.04.2

---------------
gce-compute-image-packages (20160930-0ubuntu3~14.04.2) trusty; urgency=medium

  * Do not restart startup or shutdown scripts on upgrade (LP: #1668327)

 -- Phil Roche <email address hidden> Tue, 21 Mar 2017 17:11:51 +0000

Changed in gce-compute-image-packages (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Adam Conrad (adconrad) wrote : Update Released

The verification of the Stable Release Update for gce-compute-image-packages has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gce-compute-image-packages - 20160930-0ubuntu6~16.04.0

---------------
gce-compute-image-packages (20160930-0ubuntu6~16.04.0) xenial; urgency=medium

  * Backport to xenial.

gce-compute-image-packages (20160930-0ubuntu6~16.10.0) yakkety; urgency=medium

  * Backport to yakkety.

gce-compute-image-packages (20160930-0ubuntu6) zesty; urgency=medium

  * Do not restart startup or shutdown scripts on upgrade (LP: #1668327)

 -- Phil Roche <email address hidden> Mon, 20 Mar 2017 15:01:51 +0000

Changed in gce-compute-image-packages (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gce-compute-image-packages - 20160930-0ubuntu6~16.10.0

---------------
gce-compute-image-packages (20160930-0ubuntu6~16.10.0) yakkety; urgency=medium

  * Backport to yakkety.

gce-compute-image-packages (20160930-0ubuntu6) zesty; urgency=medium

  * Do not restart startup or shutdown scripts on upgrade (LP: #1668327)

 -- Phil Roche <email address hidden> Mon, 20 Mar 2017 14:55:51 +0000

Changed in gce-compute-image-packages (Ubuntu Yakkety):
status: Fix Committed → Fix Released
To post a comment you must log in.