sysctl errors from bad /etc/sysctl.d conf files making packages uninstallable

Scott Ritchie scott at open-vote.org
Sun Nov 1 21:28:20 GMT 2009 

A lot of users are running across the Wine package failing to install
and causing a whole system mess:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/447197

At first I thought the issue was an old maintainer script that called
/etc/init.d/procps start manually.  However, transitioning this script
to upstart with start procps, as well as reverting it to invoking sysctl
directly causes the same issue.

The root cause is this: sysctl is throwing an error when it encounters
an /etc/sysctl.d/foo.conf file that contains keys it doesn't use.  How
these keys got onto the system is somewhat mysterious -- most likely
cause is they're conf files from an older version of some other package
(Wine's .conf file is a single line and works fine).

This error propagates through upstart and causes dpkg --configure to
panic, making the package uninstallable.  This is obviously bad.

So it seems like we have 3 options:
1) Quiet down sysctl so it doesn't throw these errors on unknown
commands.  As far as I can tell, it's undocumented if sysctl gives a
different exit status for unknown commands and genuine errors, so
there's no good way to tell them apart.
2) Change procps upstart job to not care about sysctl errors.  I believe
debian does something similar.
3) Change every package with a sysctl.d conffile to ignore start procps
errors (eg start procps || true).

At the moment, installing a package like Wine is the only way a user
will notice this error - upstart won't let a failing procps job prevent
system bootup.  I could hack around this by using option 3 for the Wine
package, but the problem will likely crop up elsewhere later.

It's also not clear how sysctl is dealing with the error at the moment -
quite possibly, sysctl is giving up the first time it sees a bad key,
meaning later keys are never loaded (possible security implications).

Either way, I believe some coordination here will be important to
getting this handled well, so I've cced the Debian procps maintainer as
well.  Thanks for your time :)

Thanks,
Scott Ritchie

More information about the ubuntu-devel mailing list