[Bug 1832522] Re: openssl maintainer scripts do not trigger services restart

Dimitri John Ledkov launchpad at surgut.co.uk
Wed Jun 12 18:38:24 UTC 2019 

Launched lxd container, with sshd & apache2 running and old ssl still
installed

# dpkg-query -W libssl1.1
libssl1.1:amd64	1.1.0g-2ubuntu4.3

Started journal monitoring to notice services restarts:

# journalctl -f &

Enabled -proposed, and checked that new libssl1.1 from proposed is
available

# apt list --upgradable 2>/dev/null | grep ssl
libssl1.1/bionic-proposed 1.1.1-1ubuntu2.1~18.04.2 amd64 [upgradable from: 1.1.0g-2ubuntu4.3]
openssl/bionic-proposed 1.1.1-1ubuntu2.1~18.04.2 amd64 [upgradable from: 1.1.0g-2ubuntu4.3]

And started the upgrade:

# apt full-upgrade

Eventually at libssl1.1 configure time, received debconf prompt about
restarting services. Chose to restart them.

Checking journal I could see that apache2 and ssh got restarted, ie.:

Jun 12 18:35:33 nearby-osprey systemd[1]: Started OpenBSD Secure Shell server.
Jun 12 18:35:34 nearby-osprey systemd[1]: Started The Apache HTTP Server.

Messages were seen and present in the logs.

** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1832522

Title:
  openssl maintainer scripts do not trigger services restart

Status in openssl package in Ubuntu:
  New
Status in openssl source package in Bionic:
  Fix Committed

Bug description:
  [Impact]

   * Major libssl ugprades require services to be restarted, for them to continue to function correctly at runtime.
   * The maintainer scripts were not adjusted to trigger.

  [Test Case]

   * Install bionic from release pocket and install ssl using daemon e.g. openssh-server libapache-mod-ssl
   * Upgrade libssl1.1
   * Ensure that services that use openssl are offered to be restarted.

  [Regression Potential]

   * We are rebuilding libssl1.1 and changing maintainer scripts. Given
  that we have missed upgrade trigger, we will ask users to restart
  services again even if they may have restarted them already.

  [Other Info]
   
   * Previous major libssl upgrade issue of similar nature was
     https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743889

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832522/+subscriptions

More information about the foundations-bugs mailing list