Merge ~ahasenack/ubuntu/+source/nfs-utils:focal-nfs-utils-restart-1928259 into ubuntu/+source/nfs-utils:ubuntu/focal-devel

Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 7a3fa40bb764e9a7b03ee3e71e9288baefd4f227
Merged at revision: 7a3fa40bb764e9a7b03ee3e71e9288baefd4f227
Proposed branch: ~ahasenack/ubuntu/+source/nfs-utils:focal-nfs-utils-restart-1928259
Merge into: ubuntu/+source/nfs-utils:ubuntu/focal-devel
Diff against target: 30 lines (+12/-0)
2 files modified
debian/changelog (+8/-0)
debian/nfs-common.postinst (+4/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Dan Streetman Pending
Canonical Server Pending
Review via email:

Description of the change


sudo add-apt-repository ppa:ahasenack/nfs-utils-restart-1928259

To test, follow the testing procedure in the linked bug, or, for a more detailed test, the SRU bug #1927745 and confirm that rpc.gssd was restarted after the package upgrade (different pid).

This is an attempt to fix the linked bug in the less intrusive way possible, because I want to use the same fix for an SRU all the way back to bionic.

The goal of this fix is to mark nfs-utils.service as "started", so that the debhelper postinst section will correctly restart it on upgrade.

Key aspects of this fix:
- nfs-utils.service is a "fake" service meant to control other units that declare PartOf=nfs-utils.service. It's ExecStart is simply /bin/true. There is also no [Install] section, so it can't be enabled as-is
- PartOf only has effect on "stop" and "restart":
  Configures dependencies similar to Requires=, but limited to stopping and restarting of units. When systemd stops or restarts the units listed here, the action is propagated to this unit. Note that this is a one-way dependency — changes to this unit do not affect the listed units.

This last bit is kind of crucial: it means that the "start" action has no effect on units linked via PartOf. It will just mark nfs-utils.service itself as being started (and it only runs /bin/true).

I tested this in some scenarios to make sure that the "start" action isn't starting anything by itself, and that remains true as far as I can see. The only thing that is flagged as started is nfs-utils.service itself, but just because of its RemainAfterExit=yes.

I also tested this when one of the services declaring PartOf=nfs-utils.service was masked or disabled, and it worked as expected. In both cases (masked or disabled) the service didn't start.

Another test I did was if nfs-utils.service was masked. In that case, the postinst complained about it, didn't error, and no dependent services were restarted at the end of the package upgrade, which is what I expected.

Still, this is probably not the way upstream intended for this to work (these systemd service files come from upstream, and Debian and Fedora are also affected by this bug). But a bigger surgery on all these systemd service files is out of scope for the SRU.

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :
review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagging and uploading

Also have to delete the upload tag for the previous failed SRU

$ head -n 1 debian/changelog ; git ubuntu tag --upload && git describe HEAD
nfs-utils (1:1.3.4-2.5ubuntu3.4) focal; urgency=medium

$ git push pkg upload/1%1.3.4-2.5ubuntu3.4 --force
Enumerating objects: 13, done.
Counting objects: 100% (13/13), done.
Delta compression using up to 4 threads
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 1.28 KiB | 26.00 KiB/s, done.
Total 9 (delta 6), reused 0 (delta 0), pack-reused 0
To ssh://
 + 96ab8e5d...b55f4e04 upload/1%1.3.4-2.5ubuntu3.4 -> upload/1%1.3.4-2.5ubuntu3.4 (forced update)

$ dput ubuntu ../nfs-utils_1.3.4-2.5ubuntu3.4_source.changes
Checking signature on .changes
gpg: ../nfs-utils_1.3.4-2.5ubuntu3.4_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../nfs-utils_1.3.4-2.5ubuntu3.4.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to
  Uploading nfs-utils_1.3.4-2.5ubuntu3.4.dsc: done.
  Uploading nfs-utils_1.3.4-2.5ubuntu3.4.debian.tar.xz: done.
  Uploading nfs-utils_1.3.4-2.5ubuntu3.4_source.buildinfo: done.
  Uploading nfs-utils_1.3.4-2.5ubuntu3.4_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 70a22c8..3730cfb 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+nfs-utils (1:1.3.4-2.5ubuntu3.4) focal; urgency=medium
8+ * d/nfs-common.postinst: always start nfs-utils.service, so the
9+ restart in the #DEBHELPER# section can do its job if needed
10+ (LP: #1928259)
12+ -- Andreas Hasenack <> Mon, 24 May 2021 17:51:48 -0300
14 nfs-utils (1:1.3.4-2.5ubuntu3.3) focal-security; urgency=medium
16 * SECURITY UPDATE: privilege escalation via directory permissions
17diff --git a/debian/nfs-common.postinst b/debian/nfs-common.postinst
18index 418e326..e31e92a 100644
19--- a/debian/nfs-common.postinst
20+++ b/debian/nfs-common.postinst
21@@ -43,6 +43,10 @@ case "$1" in
22 if [ -f /lib/init/rw/sendsigs.omit.d/statd ]; then
23 mv /lib/init/rw/sendsigs.omit.d/statd /run/sendsigs.omit.d/statd
24 fi
26+ # always "start" nfs-utils.service, so package upgrades will restart it,
27+ # see LP: #1928259
28+ systemctl start nfs-utils.service > /dev/null || true
29 ;;
30 esac


People subscribed via source and target branches