Ubuntu
wireguard package

Depends on wireguard-modules | wireguard-dkms are inverted

Bug #1890201 reported by Andy Whitcroft
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wireguard (Ubuntu)
Fix Released
High
Andy Whitcroft
Xenial
Fix Released
High
Andy Whitcroft
Bionic
Fix Released
High
Andy Whitcroft
Focal
Fix Released
High
Andy Whitcroft
Groovy
Fix Released
High
Andy Whitcroft

Bug Description

[Impact]

Removal of the previously official PPA package can lead to installation of an unrelated (and unbootable) kernel in preference to the official DKMS package.

[Test Case]

Install wireguard from a old kernel (or a kernel such as linux-oem-osp1 which does not yet have builtin modules) and note that linux-gke or similar is an installation candidate.

[Regression Potential]

Watch out for installation of the wireguard-dkms package when a kernel which does support wireguard natively is installed.

[Other Info]

Wishing to expedite release of these packages as we are hitting this in the wild.

=== 8< === 8< ===
wireguard depends on wireguard-modules | wqireguard-dkms. This is inverted. This will default to installing wireguard-modules in preference to wireguard-dkms when neither is installed. In Ubuntu this leads us to install an unrelated kernel to resolve the lack. We should in that case install wireguard-dkms.

See original description
Revision history for this message
Andy Whitcroft (apw) wrote :

Should it turn out that Debian (where this order comes from) needs foo-modules | foo-dkms for their own internal ordering then we should invent a new keyword and switch to that:

    Depends: foo-modules | foo-dkms | foo-builtin

Then we can provides wireguard-builtin instead.

Changed in wireguard (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw)
description: updated
description: updated
Revision history for this message
Jason A. Donenfeld (zx2c4) wrote :

The real issue here is that Andy forgot to add `Provides: wireguard-modules` to the linux-meta-oem package, and maybe some others here:

- https://lists.zx2c4.com/pipermail/wireguard/2020-August/005743.html
- https://lists.zx2c4.com/pipermail/wireguard/2020-August/005746.html
- https://lists.zx2c4.com/pipermail/wireguard/2020-August/005747.html
- https://lists.zx2c4.com/pipermail/wireguard/2020-August/005752.html

I'd recommend that any fix here prioritize fixing the root cause issue - the missing Provides:.

Revision history for this message
Andy Whitcroft (apw) wrote :

https://salsa.debian.org/debian/wireguard/-/merge_requests/4

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wireguard - 1.0.20200513-1ubuntu1

---------------
wireguard (1.0.20200513-1ubuntu1) groovy; urgency=medium

  * Switch alternative dependency order for the wireguard-modules,
    wireguard-dkms alternative. Whichever is first is deemed the
    preferred installation candidate when neither is present. When this is
    wireguard-modules this is satisfied by installation of a random kernel
    which claims support for wireguard regardless of its applicability.
    Repeat after me, do not ever depend on a kernel. (LP: #1890201)

 -- Andy Whitcroft <email address hidden> Mon, 03 Aug 2020 22:24:05 +0100

Changed in wireguard (Ubuntu Groovy):
status: In Progress → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Andy, or anyone else affected,

Accepted wireguard into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/wireguard/1.0.20200513-1~20.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in wireguard (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed verification-needed-focal
Changed in wireguard (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Andy, or anyone else affected,

Accepted wireguard into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/wireguard/1.0.20200513-1~18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in wireguard (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Andy, or anyone else affected,

Accepted wireguard into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/wireguard/1.0.20200513-1~16.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Andy Whitcroft (apw)
tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Andy Whitcroft (apw) wrote :

The real issue here with _this_ package is that the dependencies are wrong for Ubuntu. The Provides are missing on the linux-image-oem package yes, and it exposes this bug. But the bug is real and the point of _this_ bug is to fix that bug.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Changed in wireguard (Ubuntu Focal):
importance: Undecided → High
Changed in wireguard (Ubuntu Bionic):
importance: Undecided → High
Changed in wireguard (Ubuntu Xenial):
importance: Undecided → High
Changed in wireguard (Ubuntu Focal):
assignee: nobody → Andy Whitcroft (apw)
Changed in wireguard (Ubuntu Bionic):
assignee: nobody → Andy Whitcroft (apw)
Changed in wireguard (Ubuntu Xenial):
assignee: nobody → Andy Whitcroft (apw)
Revision history for this message
Andy Whitcroft (apw) wrote :

Installed and confirmed the new dependencies are correct.

tags: added: verification-done-xenial
removed: verification-needed-xenial
Revision history for this message
Jason A. Donenfeld (zx2c4) wrote :

Great that this is going through the various levels of approval for SRU, but I do hope the actual bug -- Provides: being missing -- is fixed with this same level of urgency.

Revision history for this message
Andy Whitcroft (apw) wrote :
Download full text (3.2 KiB)

Testing on bionic, with linux-oem 4.15.0.1093.96 installed and the old wireguard available, we do indeed try and install a linux-gke kernel to fill the dependency:

  $ sudo apt-get install wireguard
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following additional packages will be installed:
    linux-image-5.3.0-1032-gke linux-image-gke-5.3 linux-modules-5.3.0-1032-gke wireguard-tools
  Suggested packages:
    fdutils linux-gke-5.3-doc-5.3.0 | linux-gke-5.3-source-5.3.0 linux-gke-5.3-tools
    linux-headers-5.3.0-1032-gke openresolv | resolvconf
  The following NEW packages will be installed
    linux-image-5.3.0-1032-gke linux-image-gke-5.3 linux-modules-5.3.0-1032-gke wireguard
    wireguard-tools
  0 to upgrade, 5 to newly install, 0 to remove and 37 not to upgrade.
  Need to get 22.8 MB of archives.
  After this operation, 76.8 MB of additional disk space will be used.
  Do you want to continue? [Y/n]

With just the updates wireguard packages available we no longer install the linux-gke and will install wireguard-dkms:

  $ sudo apt-get install wireguard
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following additional packages will be installed:
    dkms fakeroot libfakeroot wireguard-dkms wireguard-tools
  Suggested packages:
    menu openresolv | resolvconf
  The following NEW packages will be installed
    dkms fakeroot libfakeroot wireguard wireguard-dkms wireguard-tools
  0 to upgrade, 6 to newly install, 0 to remove and 37 not to upgrade.
  Need to get 500 kB of archives.
  After this operation, 2,708 kB of additional disk space will be used.
  Do you want to continue? [Y/n]

With just the new linux-image-oem packages available we will upgrade those in preference to installing linux-gke:

  $ sudo apt-get install wireguard
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following additional packages will be installed:
    linux-headers-oem linux-image-oem linux-oem wireguard-tools
  Suggested packages:
    openresolv | resolvconf
  The following NEW packages will be installed
    wireguard wireguard-tools
  The following packages will be upgraded:
    linux-headers-oem linux-image-oem linux-oem
  3 to upgrade, 2 to newly install, 0 to remove and 37 not to upgrade.
  Need to get 93.3 kB/100 kB of archives.
  After this operation, 284 kB of additional disk space will be used.
  Do you want to continue? [Y/n]

With both available an explicit installation of wireguard will install wireguard-dkms:

  $ sudo apt-get install wireguard
  Reading package lists... Done
  Building dependency tree
  Reading state information... Done
  The following additional packages will be installed:
    dkms fakeroot libfakeroot wireguard-dkms wireguard-tools
  Suggested packages:
    menu openresolv | resolvconf
  The following NEW packages will be installed
    dkms fakeroot libfakeroot wireguard wireguard-dkms wireguard-tools
  0 to upgrade, 6 to newly install, 0 to remove and 40 not to upgrade.
  Need to get 500 kB of archives.
  After this operation, 2,708 k...

Read more...

Revision history for this message
Jason A. Donenfeld (zx2c4) wrote :

Super! Sounds like a big improvement. Thanks for rolling this out so quickly.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wireguard - 1.0.20200513-1~20.04.2

---------------
wireguard (1.0.20200513-1~20.04.2) focal; urgency=medium

  * Switch alternative dependency order for the wireguard-modules,
    wireguard-dkms alternative. Whichever is first is deemed the
    preferred installation candidate when neither is present. When this is
    wireguard-modules this is satisfied by installation of a random kernel
    which claims support for wireguard regardless of its applicability.
    Repeat after me, do not ever depend on a kernel. (LP: #1890201)

 -- Andy Whitcroft <email address hidden> Tue, 04 Aug 2020 08:50:04 +0100

Changed in wireguard (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for wireguard has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wireguard - 1.0.20200513-1~18.04.2

---------------
wireguard (1.0.20200513-1~18.04.2) bionic; urgency=medium

  * Switch alternative dependency order for the wireguard-modules,
    wireguard-dkms alternative. Whichever is first is deemed the
    preferred installation candidate when neither is present. When this is
    wireguard-modules this is satisfied by installation of a random kernel
    which claims support for wireguard regardless of its applicability.
    Repeat after me, do not ever depend on a kernel. (LP: #1890201)

 -- Andy Whitcroft <email address hidden> Tue, 04 Aug 2020 09:29:13 +0100

Changed in wireguard (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wireguard - 1.0.20200513-1~16.04.2

---------------
wireguard (1.0.20200513-1~16.04.2) xenial; urgency=medium

  * Switch alternative dependency order for the wireguard-modules,
    wireguard-dkms alternative. Whichever is first is deemed the
    preferred installation candidate when neither is present. When this is
    wireguard-modules this is satisfied by installation of a random kernel
    which claims support for wireguard regardless of its applicability.
    Repeat after me, do not ever depend on a kernel. (LP: #1890201)

 -- Andy Whitcroft <email address hidden> Tue, 04 Aug 2020 09:33:42 +0100

Changed in wireguard (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.