[pkg-firebird-general] Old postinstall/config bugs still in all debian (and ubuntu) versions of firebird

Mon Mar 27 19:43:50 UTC 2017

Hi Firebird packagers, Damyan?

I have analyzed two long lasting bugs in all firebird packages (2.5.. 3.0 on any debian dist => wheezy).

1.
The first bug forces the password question to appear during an *upgrade* or a *preconfig*-install (running debconf-set-selections before the actual invocation of apt-get install). I believe this has been reported before somewhere but was never reproducable (but now it is - see instructions below)

2.
The second bug is a timing problem during installation (while setting the password) and therefore happens only at 50% of installation attempts. *If* it happens, you can see a typical error output of gsec being unable to connect to the server.

I have attached a patch against the current wheezy package *just for reference - not intended as a concrete fix* which illustrates the bugs.

Explanation and fix of bug #1:
Have a look at hunk #2 of debian.org/server-config.master (resp. the appropriate .config of newer packages):

The invocation of db_reset ... breaks a very important mandatory config script attribute: Idempotence. In other words: The original author has not considered, that this script can run more than once during an installation. In fact, this is exactly what happens when a preseeded installation is performed. During the first run, everything is ok and no questions are asked, because the answers are already in the debconf database. Then the question is reset and when the script runs the second time, this leads to the question being shown (or worse: in an unattended install, being left unanswered and thus the random password chosen)

This db_reset invocation MUST be removed from the config script!
Instead, the proper place to reset *all* questions is in functions.sh *after* the password has actually been applied. (hunk #2 of debian/functions.sh)

Instructions for reproducing bug #1:

As root, execute the following (and notice that even though the answers are preseeded,
the password-question is shown):
================================= snip ================================
debconf-set-selections <<EOF
firebird2.5-super	shared/firebird/sysdba_password/first_install	password	whatever
firebird2.5-super	shared/firebird/sysdba_password/upgrade_reconfigure	password	whatever
firebird2.5-super	shared/firebird/enabled	boolean	true
EOF
apt-get install firebird2.5-super
================================= snip ================================

Explanation and fix of bug #2
The explanation is pretty easy. Before being able to set the password, the following actions are performed:

1. Stop daemon
2. Copy securitydb into place.
3. Start daemon
4. Use gsec to set the new password

Depending on the load of the system, the time between Steps 3 and 4 is *sometimes* too short to allow for a complete daemon startup.
Result: The password is actually never set. I might add, that in jessie, there is a fix of the *symptom* (using an ERR string and returning *no* error) but *not* of the actual error.

My fix (hunk #1 of debian/functions.sh) is to introduce an additional step between steps 3 and 4:

3a. Wait until the daemon is reachable via the standard port.

Note:
The introduction of the Tool "nc", requires a Pre-Depends: netcat, shown in hunk #1 of debian/control

Finally, this leaves an unexplained hunk #1 in debian/server-config.master: Please ignore that one, because this appears to have been fixed in later versions and someone has finally realized that overriding preset debconf-database settings is a bad idea in general.

I hope, that was not too confusing. Don't hesitate to ask if something is unclear.
Also, please forgive me not filing a formal bug report, since this is so generic and
simply fixed and also applies to multiple packages/versions.

Cheers
 -Fritz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firebird-2.5-and-3.0-debian.patch
Type: text/x-patch
Size: 2951 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20170327/4763111b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-firebird-general/attachments/20170327/4763111b/attachment.sig>