[Bug 1993478] Re: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: postinstall script returned 1
Nick Rosbrook
1993478 at bugs.launchpad.net
Thu Nov 3 11:11:36 UTC 2022
I have verified each test case using openssh-server 1:9.0p1-1ubuntu7.1
from kinetic-proposed:
Test #1:
root at jammy:~# grep "^ListenAddress" /etc/ssh/sshd_config
ListenAddress 0.0.0.0:1234
root at jammy:~# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/system/service.d
└─zzz-lxc-service.conf
Active: active (running) since Thu 2022-11-03 10:22:04 UTC; 30s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 868 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 869 (sshd)
Tasks: 1 (limit: 18901)
Memory: 1.7M
CPU: 19ms
CGroup: /system.slice/ssh.service
└─869 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Nov 03 10:22:04 jammy systemd[1]: Starting OpenBSD Secure Shell server...
Nov 03 10:22:04 jammy sshd[869]: Server listening on 0.0.0.0 port 1234.
Nov 03 10:22:04 jammy systemd[1]: Started OpenBSD Secure Shell server.
root at jammy:~# vi /etc/apt/sources.list
root at jammy:~# cat /etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu kinetic main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu kinetic-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu kinetic-proposed main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu kinetic-security main restricted universe multiverse
root at jammy:~# apt update && apt dist-upgrade -y
[...]
root at jammy:~# cat /etc/systemd/system/ssh.socket.d/addresses.conf
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
root at jammy:~# systemctl status ssh.socket
● ssh.socket - OpenBSD Secure Shell server socket
Loaded: loaded (/lib/systemd/system/ssh.socket; enabled; preset: enabled)
Drop-In: /etc/systemd/system/ssh.socket.d
└─addresses.conf
Active: active (listening) since Thu 2022-11-03 10:31:12 UTC; 23s ago
Until: Thu 2022-11-03 10:31:12 UTC; 23s ago
Triggers: ● ssh.service
Listen: 0.0.0.0:1234 (Stream)
Tasks: 0 (limit: 18901)
Memory: 8.0K
CPU: 332us
CGroup: /system.slice/ssh.socket
Nov 03 10:31:12 jammy systemd[1]: Listening on OpenBSD Secure Shell server socket.
---
Test #2:
root at jammy:~# grep "^ListenAddress" /etc/ssh/sshd_config
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
root at jammy:~# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/system/service.d
└─zzz-lxc-service.conf
Active: active (running) since Thu 2022-11-03 10:33:34 UTC; 4s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 868 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 869 (sshd)
Tasks: 1 (limit: 18901)
Memory: 1.7M
CPU: 42ms
CGroup: /system.slice/ssh.service
└─869 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Nov 03 10:33:34 jammy systemd[1]: Starting OpenBSD Secure Shell server...
Nov 03 10:33:34 jammy sshd[869]: Server listening on :: port 4321.
Nov 03 10:33:34 jammy sshd[869]: Server listening on 0.0.0.0 port 1234.
Nov 03 10:33:34 jammy systemd[1]: Started OpenBSD Secure Shell server.
root at jammy:~# vi /etc/apt/sources.list
root at jammy:~# cat /etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu kinetic main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu kinetic-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu kinetic-proposed main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu kinetic-security main restricted universe multiverse
root at jammy:~# apt update && apt dist-upgrade -y
[...]
root at jammy:~# ls -alh /etc/systemd/system/ssh*
lrwxrwxrwx 1 root root 31 Nov 3 10:33 /etc/systemd/system/sshd.service -> /lib/systemd/system/ssh.service
root at jammy:~# systemctl status ssh.socket
○ ssh.socket - OpenBSD Secure Shell server socket
Loaded: loaded (/lib/systemd/system/ssh.socket; disabled; preset: enabled)
Active: inactive (dead)
Triggers: ● ssh.service
Listen: [::]:22 (Stream)
root at jammy:~# systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled)
Drop-In: /run/systemd/system/service.d
└─zzz-lxc-service.conf
Active: active (running) since Thu 2022-11-03 10:38:25 UTC; 33s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 7153 (sshd)
Tasks: 1 (limit: 18901)
Memory: 1.4M
CPU: 13ms
CGroup: /system.slice/ssh.service
└─7153 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Nov 03 10:38:25 jammy systemd[1]: Starting OpenBSD Secure Shell server...
Nov 03 10:38:25 jammy sshd[7153]: Server listening on :: port 4321.
Nov 03 10:38:25 jammy sshd[7153]: Server listening on 0.0.0.0 port 1234.
Nov 03 10:38:25 jammy systemd[1]: Started OpenBSD Secure Shell server.
---
Test #3:
root at jammy:~# apt update && apt dist-upgrade -y
[...]
Setting up openssh-server (1:9.0p1-1ubuntu7) ...
Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ssh
Removed "/etc/systemd/system/sshd.service".
Removed "/etc/systemd/system/multi-user.target.wants/ssh.service".
Created symlink /etc/systemd/system/sockets.target.wants/ssh.socket → /lib/systemd/system/ssh.socket.
rescue-ssh.target is a disabled or a static unit not running, not starting it.
Failed to restart ssh.socket: Unit ssh.socket has a bad unit file setting.
See system logs and 'systemctl status ssh.socket' for details.
Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 145.
dpkg: error processing package openssh-server (--configure):
installed openssh-server package post-installation script subprocess returned error exit status 1
[...]
Errors were encountered while processing:
openssh-server
E: Sub-process /usr/bin/dpkg returned an error code (1)
root at jammy:~# grep "^ListenAddress" /etc/ssh/sshd_config
ListenAddress 0.0.0.0:1234
root at jammy:~# cat /etc/systemd/system/ssh.socket.d/addresses.conf
[Socket]
ListenStream=
root at jammy:~# cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF
root at jammy:~# apt update && apt install openssh-server -y
[...]
root at jammy:~# systemctl status ssh.socket
● ssh.socket - OpenBSD Secure Shell server socket
Loaded: loaded (/lib/systemd/system/ssh.socket; enabled; preset: enabled)
Drop-In: /etc/systemd/system/ssh.socket.d
└─addresses.conf
Active: active (listening) since Thu 2022-11-03 11:02:39 UTC; 7s ago
Until: Thu 2022-11-03 11:02:39 UTC; 7s ago
Triggers: ● ssh.service
Listen: 0.0.0.0:1234 (Stream)
Tasks: 0 (limit: 18901)
Memory: 8.0K
CPU: 319us
CGroup: /system.slice/ssh.socket
Nov 03 11:02:39 jammy systemd[1]: Listening on OpenBSD Secure Shell server socket.
root at jammy:~# cat /etc/systemd/system/ssh.socket.d/addresses.conf
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
---
Test #4:
root at jammy:~# apt update && apt dist-upgrade -y
[...]
Setting up openssh-server (1:9.0p1-1ubuntu7) ...
Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ssh
Removed "/etc/systemd/system/sshd.service".
Removed "/etc/systemd/system/multi-user.target.wants/ssh.service".
Created symlink /etc/systemd/system/sockets.target.wants/ssh.socket → /lib/systemd/system/ssh.socket.
rescue-ssh.target is a disabled or a static unit not running, not starting it.
Failed to restart ssh.socket: Unit ssh.socket has a bad unit file setting.
See system logs and 'systemctl status ssh.socket' for details.
Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 145.
dpkg: error processing package openssh-server (--configure):
installed openssh-server package post-installation script subprocess returned error exit status 1
[...]
Errors were encountered while processing:
openssh-server
E: Sub-process /usr/bin/dpkg returned an error code (1)
root at jammy:~# grep "^ListenAddress" /etc/ssh/sshd_config
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
root at jammy:~# cat /etc/systemd/system/ssh.socket.d/addresses.conf
[Socket]
ListenStream=
root at jammy:~# apt update && apt install openssh-server -y
[...]
root at jammy:~# ls /etc/systemd/system/ssh*
/etc/systemd/system/sshd.service
** Tags removed: verification-needed-kinetic
** Tags added: verification-done-kinetic
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1993478
Title:
package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade:
postinstall script returned 1
Status in openssh package in Ubuntu:
Triaged
Status in openssh source package in Kinetic:
Fix Committed
Bug description:
[Impact]
Users with /etc/ssh/sshd_config's that contain ListenAddress entries
with the port specified will not be migrated to socket-activated ssh
correctly, or may be migrated when they should not be (e.g. if
ListenAddress, with a port number, is specified more than once). This
leaves users with a broken sshd configuration.
[Test Plan]
There are 4 tests that should be used to verify the fix:
1. Upgrade to Kinetic with just one ListenAddress entry, which
specifies port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the
following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader).
* On an affected system, ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, ssh.socket will be active/listening, and
/etc/systemd/system/ssh.socket.d/addresses.conf will contain the
following:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
2. Upgrade to Kinetic with multiple ListenAddress entries, each
specifying port number.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the
following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Before running the upgrade, make sure -proposed is enabled.
* Upgrade to Kinetic by changing jammy -> kinetic in /etc/apt/sources.list, and then running apt dist-upgrade (-proposed is disabled when using ubuntu-release-upgrader).
* On an affected system, migration will be attempted despite the multiple ListenAddress options, and ssh.socket will fail with `bad-setting` because /etc/systemd/system/ssh.socket.d/address.conf contains:
[Socket]
ListenStream=
* On a patched system, the ListenAddress option will be parsed
correctly, and migration will not be attempted.
3. On a Kinetic system which was migrated, but with errors (e.g. test
case #1, prior to being patched), installing the new package should
correct the ssh.socket configuration.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the
following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The ssh.socket configuration should be fixed, and /etc/systemd/system/ssh.socket.d/addresses.conf should contain:
[Socket]
ListenStream=
ListenStream=0.0.0.0:1234
4. On a Kinetic system which was incorrectly migrated to ssh socket
activation (e.g. test case #2, prior to being patched), installing the
new package reverts to the previous behavior.
* On a Jammy system, edit /etc/ssh/sshd_config so that it contains the
following:
[...defaults everywhere else...]
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 0.0.0.0:1234
ListenAddress [::]:4321
[...defaults everywhere else...]
* Run `systemctl restart ssh.service` and confirm that the new configuration works as expected.
* Do NOT enable -proposed before the upgrade.
* Run `do-release-upgrade` to upgrade to Kinetic (setting Prompt=normal in /etc/update-manager/release-upgrades if needed).
* After the openssh-server configuration fails, enable -proposed, and upgrade openssh-server.
* The socket-activated ssh migration should be reverted, and ssh.service should be running as before upgrade to Kinetic.
[Where problems could occur]
These changes are in the openssh-server.postinst script, specifically in the socket-activated ssh migration logic. Regressions would be seen in the migration logic, for example breaking a previously-working migration scenario.
[Original Description]
update failed...
ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: openssh-server 1:9.0p1-1ubuntu7
ProcVersionSignature: Ubuntu 5.15.0-48.54-generic 5.15.53
Uname: Linux 5.15.0-48-generic x86_64
NonfreeKernelModules: cpuid tcp_diag inet_diag tls authenc echainiv esp4 xfrm_user xfrm_algo sctp ip6_udp_tunnel udp_tunnel cfg80211 veth nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp nft_counter xt_policy nft_compat nf_tables nfnetlink bridge stp llc nls_iso8859_1 hid_generic joydev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel usbhid virtio_net net_failover hid failover i2c_piix4 pata_acpi qemu_fw_cfg floppy sch_fq_codel ipmi_devintf ipmi_msghandler msr ramoops reed_solomon pstore_blk efi_pstore pstore_zone ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress dm_crypt raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx libcrc32c xor raid6_pq raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper syscopyarea aesni_intel sysfillrect sysimgblt input_leds fb_sys_fops cec crypto_simd rc_core psmouse cryptd drm serio_raw virtio_scsi mac_hid
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Wed Oct 19 08:41:28 2022
ErrorMessage: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
InstallationDate: Installed on 2019-08-13 (1162 days ago)
InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
dpkg 1.21.9ubuntu1
apt 2.5.3
SourcePackage: openssh
Title: package openssh-server 1:9.0p1-1ubuntu7 failed to install/upgrade: »installiertes post-installation-Skript des Paketes openssh-server«-Unterprozess gab den Fehlerwert 1 zurück
UpgradeStatus: Upgraded to kinetic on 2022-10-19 (0 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1993478/+subscriptions
More information about the foundations-bugs
mailing list