Univention Bugzilla – Bug 56046
Error while unpacking "univention-server-master" package: syntax error in pre-installation script.
Last modified: 2023-12-12 11:31:15 CET
During the installation process on a fresh machine, dpkg is returning an error. less /var/log/apt/term.log ``` ... Preparing to unpack .../068-univention-server-master_15.0.7-2A~5.0.0.202302061607_all.deb ... /var/lib/dpkg/tmp.ci/preinst: 94: /usr/share/univention-ssl/make-certificates.sh: Syntax error: redirection unexpected dpkg: error processing archive /tmp/apt-dpkg-install-JtajED/068-univention-server-master_15.0.7-2A~5.0.0.202302061607_all.deb (--unpack): new univention-server-master package pre-installation script subprocess returned error exit status 2 ... ``` I found that line in: base/univention-server/debian/univention-server-master.preinst The shebang is important, ... because it includes a shell script, which is a bash script, which want to be included in a sh script. ``` #!/bin/sh ... if [ -n "$hostname" -a -n "$domainname" ]; then # generate ssl certificate if ! test -e "/etc/univention/ssl/$hostname/cert.pem"; then . /usr/share/univention-ssl/make-certificates.sh #<<<< bash script gencert "$hostname.$domainname" "$hostname.$domainname" ln -snf "$hostname.$domainname" "/etc/univention/ssl/$hostname" fi fi ... ``` The problem start at line 94 in the script: base/univention-ssl/make-certificates.sh ``` #!/bin/bash ... gencert () { ... mk_config "$name/openssl.cnf" "" "$days" "$cn" "$fqdn $hostname $san" ... mk_config () { local outfile="${1:?Missing argument: outfile}" local password="${2?Missing argument: password}" local days="${3:?Missing argument: days}" local name="${4:?Missing argument: common name}" local subjectAltName="${5:-}" check_ssl_parameters "$name" || return $? declare -a subjectAltNameArray IFS=', ' read -r -a subjectAltNameArray <<< "$subjectAltName" #<<<< Problematic code in sh local SAN_txt='' san ... ```
The interesting question is, why does UCS work non the less? https://git.knut.univention.de/univention/ucs/-/blob/5.0-3/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh#L224
(In reply to Arvid Requate from comment #1) > The interesting question is, why does UCS work non the less? > > https://git.knut.univention.de/univention/ucs/-/blob/5.0-3/base/univention- > system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh#L224 What Arvid is trying to tell us here is that USS creates the certificate itself *before* the UCS role package `univention-server-master` is installed, so `/var/lib/dpkg/info/univention-server-master.preinst:54` is not triggered: > if ! test -e "/etc/univention/ssl/$hostname/cert.pem"; then The UCS role packages are not mend to be installed manually, only by USS when initially provisioning the system. Nevertheless the hash-bang should be changed from `#!/bin/sh` to `#!/bin/bash`.
FYI: It is the only script having a wrong has-bang line: # git grep -El '(source|[.]) +/usr/share/univention-ssl/make-certificates.sh' -- ':!packaging/ucslint/testframework/' | xargs head -n1 ==> base/univention-server/debian/univention-server-master.preinst <== #!/bin/sh ==> base/univention-ssl/debian/univention-ssl.cron.daily <== #!/bin/bash ==> base/univention-ssl/debian/univention-ssl.postinst <== #!/bin/bash ==> base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl <== #!/bin/bash ==> base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh <== #!/bin/bash ==> services/univention-radius/usr/lib/univention-freeradius/setupCA.sh <== #!/bin/bash
Fixed in MR https://git.knut.univention.de/univention/ucs/-/merge_requests/763 awaiting QA
This happens while running `univention-backup2master`: At that point the old Primary is already lost and the admin is doing an emergency switch-over. An additional failure to then perform that is critical as it prevent the admin from returning the domain back into a working state.
[5.0-6] 0d498f2f4a style(server): shell code base/univention-server/debian/univention-server-backup.postinst | 2 +- base/univention-server/debian/univention-server-master.postinst | 2 +- base/univention-server/debian/univention-server-master.preinst | 15 ++++++++++----- 3 files changed, 12 insertions(+), 7 deletions(-) [5.0-6] 127315c643 fix(server): Use bash for SSL create base/univention-server/debian/changelog | 5 +++-- base/univention-server/debian/univention-server-master.preinst | 2 +- doc/changelog/index.rst | 3 +++ 3 files changed, 7 insertions(+), 3 deletions(-) Package: univention-server Version: 15.0.8-1 Branch: ucs_5.0-0 Scope: ucs5.0-6