[Bug 1206878] Re: [SRU] Configuration should be purged only in nginx-common

Robie Basak 1206878 at bugs.launchpad.net
Thu Aug 8 12:08:58 UTC 2013 

** Description changed:

  [Impact]
  
-  * When purging nginx-light, nginx-full, or nginx-naxsi with apt-get
+  * When purging nginx-light, nginx-full, or nginx-naxsi with apt-get
  remove --purge (or similar), the /etc/nginx/ folder and all
  configurations are removed.
  
-  * nginx-common should be the package that, when purged, will remove the
+  * nginx-common should be the package that, when purged, will remove the
  configuration data as well as the program.
  
-  * Removal of a user's configuration when the -common package is not
+  * Removal of a user's configuration when the -common package is not
  removed is a severe issue, and when Thomas Ward consulted with Clint
  Byrum on bug importance, this was determined to be a "Critical" bug as
  user configuration removals should not be happening in this case.
  
- [Test Case]
+ [Test Cases]
  
-  * Produced by purging nginx-full, nginx-light, or nginx-naxsi.
+ Make sure to run all three test cases. The third one, in particular, was
+ not fixed with the others at the same time in Debian, and relies on a
+ separate commit. --rbasak
  
-  * By running a purge of nginx-full or nginx-light or nginx-naxsi
+ [Test Case 1]
+ 
+  * Produced by purging nginx-full, nginx-light, or nginx-naxsi.
+ 
+  * By running a purge of nginx-full or nginx-light or nginx-naxsi
  without removing nginx-common, the system should not be removing a
  user's configuration files for nginx.  Only if nginx-common is removed
  should the system
  
+ [Test Case 2 (added by rbasak)]
+ 1. apt-get install nginx
+ 2. dpkg -P nginx nginx-full
+ 3. apt-get install nginx
+ 
+ Expected results: nginx-full installed again and functional, with the daemon running.
+ Actual results: nginx-full postinst failure due to missing /etc/nginx directory causing daemon start failure.
+ 
+ [Test Case 3 (added by rbasak)]
+ 1. apt-get install nginx-extras
+ 2. dpkg -P nginx-extras
+ 3. apt-get install nginx-extras
+ 
+ Expected results: nginx-extras installed again and functional, with the daemon running.
+ Actual results: nginx-extras postinst failure due to missing /etc/nginx directory causing daemon start failure.
+ 
  [Regression Potential]
  
-  * Minimal - The patch from Debian has been in the NGINX packages since
+  * Minimal - The patch from Debian has been in the NGINX packages since
  1.2.1 and is also included in Quantal and later with no regressions.
  
+ Added by rbasak:
+ 
+ Consider the upgrade path carefully. For example: if the nginx-common
+ binary package is held back, and other binaries are upgraded with this
+ SRU, then it's possible that purging functionality will disappear and
+ the old nginx-common binary package could then be purged and /etc/nginx
+ would not be cleaned up. I [rbasak] don't think this case is worth
+ considering in an SRU though, since at worse it'll leave /etc/nginx
+ behind in a very unusual case, which shouldn't have any other
+ repercussions anyway.
+ 
+ Only postinsts are changed here. The nginx-{full,light,naxsi} postrms
+ are removed, since they didn't have any other functionality. The purge
+ functionality is wholesale added to nginx-common's postrm. So I expect
+ that any regressions will affect maintainer scripts only, not in
+ functionality of the package once configured and installed. If something
+ does go wrong, it will be with users' configurations being affected, but
+ should only happen when they purge a package, which is unlikely in
+ production.
+ 
+ Finally, make sure to check nginx-extras separately, as this was missed
+ in Debian the first time round.
+ 
  [Other Info]
-  
-  * Patch to fix this issue (to be attached here shortly) originated from Debian.
  
-  * Debdiffs to be attached after build-tests are completed.
+  * Patch to fix this issue (to be attached here shortly) originated from
+ Debian.
  
+  * Debdiffs to be attached after build-tests are completed.
  
  ------
  
  Original Description:
  
  nginx in ubuntu has a very violently bug when purging one of the packages
  nginx-full, nginx-light or nginx-naxsi while moving from light to full or other
  ways. The packages -light, -full and -naxsi will remove /etc/nginx,
  /var/log/nginx and /var/lib/nginx completely leaving the system broken. The
  directories are not owned by this respective packages at all then owned by
  nginx-common. So after such a transition the whole nginx installation is broken
  and one has to also first to purge nginx-common and reinstalling it.
  
  Unneeded to say that all own site configurations has been deleted too.
  
  This is a massive violation of debian policy. However, debian had never has
  this bug in one of there stable distributions, so this bug only affects ubuntu
  (12.04 LTS was checked by me)

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1206878

Title:
  [SRU] Configuration should be purged only in nginx-common

Status in “nginx” package in Ubuntu:
  Fix Released
Status in “nginx” source package in Precise:
  Triaged
Status in “nginx” package in Debian:
  Fix Released

Bug description:
  [Impact]

   * When purging nginx-light, nginx-full, or nginx-naxsi with apt-get
  remove --purge (or similar), the /etc/nginx/ folder and all
  configurations are removed.

   * nginx-common should be the package that, when purged, will remove
  the configuration data as well as the program.

   * Removal of a user's configuration when the -common package is not
  removed is a severe issue, and when Thomas Ward consulted with Clint
  Byrum on bug importance, this was determined to be a "Critical" bug as
  user configuration removals should not be happening in this case.

  [Test Cases]

  Make sure to run all three test cases. The third one, in particular,
  was not fixed with the others at the same time in Debian, and relies
  on a separate commit. --rbasak

  [Test Case 1]

   * Produced by purging nginx-full, nginx-light, or nginx-naxsi.

   * By running a purge of nginx-full or nginx-light or nginx-naxsi
  without removing nginx-common, the system should not be removing a
  user's configuration files for nginx.  Only if nginx-common is removed
  should the system

  [Test Case 2 (added by rbasak)]
  1. apt-get install nginx
  2. dpkg -P nginx nginx-full
  3. apt-get install nginx

  Expected results: nginx-full installed again and functional, with the daemon running.
  Actual results: nginx-full postinst failure due to missing /etc/nginx directory causing daemon start failure.

  [Test Case 3 (added by rbasak)]
  1. apt-get install nginx-extras
  2. dpkg -P nginx-extras
  3. apt-get install nginx-extras

  Expected results: nginx-extras installed again and functional, with the daemon running.
  Actual results: nginx-extras postinst failure due to missing /etc/nginx directory causing daemon start failure.

  [Regression Potential]

   * Minimal - The patch from Debian has been in the NGINX packages
  since 1.2.1 and is also included in Quantal and later with no
  regressions.

  Added by rbasak:

  Consider the upgrade path carefully. For example: if the nginx-common
  binary package is held back, and other binaries are upgraded with this
  SRU, then it's possible that purging functionality will disappear and
  the old nginx-common binary package could then be purged and
  /etc/nginx would not be cleaned up. I [rbasak] don't think this case
  is worth considering in an SRU though, since at worse it'll leave
  /etc/nginx behind in a very unusual case, which shouldn't have any
  other repercussions anyway.

  Only postinsts are changed here. The nginx-{full,light,naxsi} postrms
  are removed, since they didn't have any other functionality. The purge
  functionality is wholesale added to nginx-common's postrm. So I expect
  that any regressions will affect maintainer scripts only, not in
  functionality of the package once configured and installed. If
  something does go wrong, it will be with users' configurations being
  affected, but should only happen when they purge a package, which is
  unlikely in production.

  Finally, make sure to check nginx-extras separately, as this was
  missed in Debian the first time round.

  [Other Info]

   * Patch to fix this issue (to be attached here shortly) originated
  from Debian.

   * Debdiffs to be attached after build-tests are completed.

  ------

  Original Description:

  nginx in ubuntu has a very violently bug when purging one of the packages
  nginx-full, nginx-light or nginx-naxsi while moving from light to full or other
  ways. The packages -light, -full and -naxsi will remove /etc/nginx,
  /var/log/nginx and /var/lib/nginx completely leaving the system broken. The
  directories are not owned by this respective packages at all then owned by
  nginx-common. So after such a transition the whole nginx installation is broken
  and one has to also first to purge nginx-common and reinstalling it.

  Unneeded to say that all own site configurations has been deleted too.

  This is a massive violation of debian policy. However, debian had never has
  this bug in one of there stable distributions, so this bug only affects ubuntu
  (12.04 LTS was checked by me)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1206878/+subscriptions

More information about the Ubuntu-sponsors mailing list