Bug 45075 - grub-probe return code seems to be ignored
grub-probe return code seems to be ignored
Status: NEW
Product: UCS
Classification: Unclassified
Component: Grub
UCS 4.2
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-26 08:22 CEST by Stefan Gohmann
Modified: 2019-09-20 14:45 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number: 2017071121000557, 2019091621000193
Bug group (optional): External feedback
Max CVSS v3 score:
hahn: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2017-07-26 08:22:08 CEST
A partner reported the following lines in grub.cfg:
 "grub-probe is disabled in docker container mode"

The suggestion is to check the grub-probe return code before writing the cfg file.
Comment 1 Christian Völker univentionstaff 2019-09-20 14:27:25 CEST
Happened on customer.

During an update for another reason important packages have been removed ("univention-server-member") and therefore other packets, too.

After manually installing the packages back the system did not boot any longer with the mentioned error message ("grub-probe is disabled (system is running in docker configuration)").

This message came from an incorrect entry in /boot/grub/grub.cfg. The tool to write this file is grub-mkconfig which executes /etc/grub.d/00_header. 
00_header executes grub-probe and forwards the output to grub-mkconfig which writes it into the /boot/grub/grub.cfg.

Usually grub-probe's output is fine but in this case it simply printed the above error message which went then into grub.cfg but GRUB does not understand (as to be expected). Therefor the boot fails.


During troubleshooting I figured out the /usr/sbin/grub-probe did not have the md5sum which had to be expected. Additionally, there was a file named "grub-probe.debian" which had the correct checksum. (same was for update-initramfs).

Moving the ".debian" files to it's original place resulted the above chain to run fine and updated the grub.cfg fine.
Comment 2 Philipp Hahn univentionstaff 2019-09-20 14:45:35 CEST
(In reply to Christian Völker from comment #1)

> After manually installing the packages back the system did not boot any
> longer with the mentioned error message ("grub-probe is disabled (system is
> running in docker configuration)").
> 
> This message came from an incorrect entry in /boot/grub/grub.cfg. The tool
> to write this file is grub-mkconfig which executes /etc/grub.d/00_header. 
> 00_header executes grub-probe and forwards the output to grub-mkconfig which
> writes it into the /boot/grub/grub.cfg.
> 
> Usually grub-probe's output is fine but in this case it simply printed the
> above error message which went then into grub.cfg but GRUB does not
> understand (as to be expected). Therefor the boot fails.
> 
> 
> During troubleshooting I figured out the /usr/sbin/grub-probe did not have
> the md5sum which had to be expected. Additionally, there was a file named
> "grub-probe.debian" which had the correct checksum. (same was for
> update-initramfs).

The file is diverted by UCR because of ucs/container/univention-docker-container-mode/conffiles/usr/sbin/grub-probe

Error message should go to STDERR - never to STDOUT - exactly for this reason. Someone™ did not learn from the "Ariane 5" accident...
And replacing a script called with lots of different parameters with just a stupid dummy is calling for disaster.
The real fix would be to never install GRUB in a container at all.

diff --git a/container/univention-docker-container-mode/conffiles/usr/sbin/grub-probe b/container/univention-docker-container-mode/conffiles/usr/sbin/grub-probe
index 317258319b..5156c30397 100755
--- a/container/univention-docker-container-mode/conffiles/usr/sbin/grub-probe
+++ b/container/univention-docker-container-mode/conffiles/usr/sbin/grub-probe
@@ -32,4 +32,4 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <https://www.gnu.org/licenses/>.
 
-echo "$(basename "$0") is disabled (system is running in docker configuration)."
+echo "${0##*/} is disabled (system is running in docker configuration)." >&2