[Bug 1668327] [NEW] Startup scripts get run when guest packages are updated

Launchpad Bug Tracker 1668327 at bugs.launchpad.net
Mon Mar 20 15:42:32 UTC 2017 

You have been subscribed to a public bug by Philip Roche (philroche):

[Impact]

 * This bug affects: Zesty, Yakkety, Xenial and Trusty

 * When a user upgrades to a newer version of gce-cimpute-image-packages 
   then the google-startup-scripts service is run which causes any configured
   startup scripts to be executed. 

 * Running these scripts more than once on a running instance is not exptected 
   behaviour and depending on the contents of the user's scripts could have 
   disastrous consequences. 

 * The fix tis to use override_dh_systemd_start in the debian/rules to alter the 
   generated postinst, prerm and postrm files to not restart the startup or 
   shutdown scripts on upgrade or install. 

[Test Case]

 * Start instance with shutdown script and startup script

gcloud compute instances create ubuntu-1604-xenial-v20170224 --image-project ubuntu-os-cloud 
--image "ubuntu-1604-xenial-v20170224"  --metadata shutdown-script="#! /bin/bash
touch /home/ubuntu/shutdown.txt",startup-script="#! /bin/bash 
touch /home/ubuntu/startup.txt"

# Run the following on the running instance 
# clean up instance ready for testing

rm -f ~/startup.txt

# Add new PPA with fixed package

sudo add-apt-repository -y ppa:philroche/gce-compute-image-packages
sudo apt-get update
sudo apt-get install --only-upgrade gce-compute-image-packages

# Note that the first upgrade will always result in shutdown 
# scripts being run as the initial gce-compute-image-packages postrm script are still in use.  
# verify that the bug still exists

if [ -f ~/shutdown.txt ]; then
    echo "Shutdown File found! Bug still present"
    rm -f ~/shutdown.txt
fi

[Regression Potential]

 * Possible regressions are that the startup and shutdown script services never start and user's scripts to not get 
 executed. This has been tested and is not the case.

[Original bug description]
 

A user reported (https://github.com/GoogleCloudPlatform/compute-image-
packages/issues/376) that startup scripts are running when the guest
packages get updated on Ubuntu. This can of course have very unexpected
consequences.

I did some digging and found that the postinst you are using is not the
same as ours and appears to start all the systemd services including
startup and shutdown scripts when it runs.

if [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload >/dev/null || true
        deb-systemd-invoke start google-accounts-daemon.service google-clock-skew-daemon.service google-instance-setup.service google-ip-forwarding-daemon.service google-network-setup.service google-shutdown-scripts.service google-startup-scripts.service >/dev/null || true

We have a postinst that works on other systemd platforms which you are
welcome to use or mimic here: https://github.com/GoogleCloudPlatform
/compute-image-
packages/blob/master/google_compute_engine_init/systemd/postinst.sh

** Affects: gce-compute-image-packages (Ubuntu)
     Importance: Undecided
     Assignee: Philip Roche (philroche)
         Status: Confirmed

-- 
Startup scripts get run when guest packages are updated
https://bugs.launchpad.net/bugs/1668327
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list