First Last Prev Next    This bug is not in your last search results.
Bug 56046 - Error while unpacking "univention-server-master" package: syntax error in pre-installation script.
Error while unpacking "univention-server-master" package: syntax error in pre...
Status: RESOLVED FIXED
Product: UCS
Classification: Unclassified
Component: System setup
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-6
Assigned To: Philipp Hahn
UCS maintainers
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-05-08 18:10 CEST by Lukas Rettler
Modified: 2023-12-12 11:31 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.143
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): bitesize
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lukas Rettler univentionstaff 2023-05-08 18:10:46 CEST 
During the installation process on a fresh machine, dpkg is returning an error.


less /var/log/apt/term.log
```
...
Preparing to unpack .../068-univention-server-master_15.0.7-2A~5.0.0.202302061607_all.deb ...
/var/lib/dpkg/tmp.ci/preinst: 94: /usr/share/univention-ssl/make-certificates.sh: Syntax error: redirection unexpected
dpkg: error processing archive /tmp/apt-dpkg-install-JtajED/068-univention-server-master_15.0.7-2A~5.0.0.202302061607_all.deb (--unpack):
 new univention-server-master package pre-installation script subprocess returned 
error exit status 2
...
```

I found that line in: base/univention-server/debian/univention-server-master.preinst

The shebang is important, ... because it includes a shell script, which is a bash script, which want to be included in a sh script.

```
#!/bin/sh
...
if [ -n "$hostname" -a -n "$domainname" ]; then
	# generate ssl certificate
	if ! test -e "/etc/univention/ssl/$hostname/cert.pem"; then
		. /usr/share/univention-ssl/make-certificates.sh #<<<< bash script
		gencert "$hostname.$domainname" "$hostname.$domainname"
		ln -snf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
	fi
fi
...
```

The problem start at line 94 in the script: base/univention-ssl/make-certificates.sh

```
#!/bin/bash
...
gencert () {
...
		mk_config "$name/openssl.cnf" "" "$days" "$cn" "$fqdn $hostname $san"
...
mk_config () {
	local outfile="${1:?Missing argument: outfile}"
	local password="${2?Missing argument: password}"
	local days="${3:?Missing argument: days}"
	local name="${4:?Missing argument: common name}"
	local subjectAltName="${5:-}"

	check_ssl_parameters "$name" || return $?

	declare -a subjectAltNameArray
	IFS=', ' read -r -a subjectAltNameArray <<< "$subjectAltName" #<<<< Problematic code in sh
	local SAN_txt='' san
...
```
Comment 2 Philipp Hahn univentionstaff 2023-05-11 11:09:06 CEST 
(In reply to Arvid Requate from comment #1)
> The interesting question is, why does UCS work non the less?
> 
> https://git.knut.univention.de/univention/ucs/-/blob/5.0-3/base/univention-
> system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh#L224

What Arvid is trying to tell us here is that USS creates the certificate itself *before* the UCS role package `univention-server-master` is installed, so `/var/lib/dpkg/info/univention-server-master.preinst:54` is not triggered:
> if ! test -e "/etc/univention/ssl/$hostname/cert.pem"; then


The UCS role packages are not mend to be installed manually, only by USS when initially provisioning the system.

Nevertheless the hash-bang should be changed from `#!/bin/sh` to `#!/bin/bash`.
Comment 3 Philipp Hahn univentionstaff 2023-05-11 11:12:12 CEST 
FYI: It is the only script having a wrong has-bang line:

# git grep -El '(source|[.]) +/usr/share/univention-ssl/make-certificates.sh' -- ':!packaging/ucslint/testframework/' | xargs head -n1
==> base/univention-server/debian/univention-server-master.preinst <==
#!/bin/sh

==> base/univention-ssl/debian/univention-ssl.cron.daily <==
#!/bin/bash

==> base/univention-ssl/debian/univention-ssl.postinst <==
#!/bin/bash

==> base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl <==
#!/bin/bash

==> base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh <==
#!/bin/bash

==> services/univention-radius/usr/lib/univention-freeradius/setupCA.sh <==
#!/bin/bash
Comment 4 Philipp Hahn univentionstaff 2023-11-22 18:31:59 CET 
Fixed in MR https://git.knut.univention.de/univention/ucs/-/merge_requests/763 awaiting QA
Comment 5 Philipp Hahn univentionstaff 2023-12-09 15:00:13 CET 
This happens while running `univention-backup2master`: At that point the old Primary is already lost and the admin is doing an emergency switch-over. An additional failure to then perform that is critical as it prevent the admin from returning the domain back into a working state.
Comment 6 Philipp Hahn univentionstaff 2023-12-12 11:31:15 CET 
[5.0-6] 0d498f2f4a style(server): shell code
 base/univention-server/debian/univention-server-backup.postinst |  2 +-
 base/univention-server/debian/univention-server-master.postinst |  2 +-
 base/univention-server/debian/univention-server-master.preinst  | 15 ++++++++++-----
 3 files changed, 12 insertions(+), 7 deletions(-)

[5.0-6] 127315c643 fix(server): Use bash for SSL create
 base/univention-server/debian/changelog                        | 5 +++--
 base/univention-server/debian/univention-server-master.preinst | 2 +-
 doc/changelog/index.rst                                        | 3 +++
 3 files changed, 7 insertions(+), 3 deletions(-)

Package: univention-server
Version: 15.0.8-1
Branch: ucs_5.0-0
Scope: ucs5.0-6
First Last Prev Next    This bug is not in your last search results.