[Bug 1971650] Re: wrong check for "server" in libssl3.postinst

Tue Aug 29 15:06:58 UTC 2023

I had an actual look at the (scary) postinst: the code you've quoted is
the only live code left (the rest can only be triggered when upgrading
from 18.04).

The good^Wgreat news is that I will delete ".
/usr/share/debconf/confmodule" from the script, and it probably should
have been behind a conditional.

Now, I'm not sure what we want here in general. If I understand the code
right, it will only show the notification when X is not running but
avoids servers (due to the check against needrestart). That seems quite
inconsistent. Or do I misunderstand something? The code looks like it
has grown organically over a fairly long timeframe.

Shall we assume on both desktops and servers that an openssl update
always requires a reboot? At least until we do anything related to
needrestart.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1971650

Title:
  wrong check for "server" in libssl3.postinst

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  A security update has just been applied to my system for openssl, and
  the 'reboot required' message just popped on my desktop.  I looked to
  see why this was, and found the following code in the libssl3
  postinst:

          # Here we issue the reboot notification for upgrades and
          # security updates. We do want services to be restarted when we
          # update for a security issue, but planned by the sysadmin, not
          # automatically.

          # Only issue the reboot notification for servers; we proxy this by
          # testing that the X server is not running (LP: #244250)
          if ! pidof /usr/lib/xorg/Xorg > /dev/null && [ -x /usr/share/update-notifier/notify-reboot-required ]; then
                  /usr/share/update-notifier/notify-reboot-required
          fi

  Now, AFAIK this is the only package that interfaces with notify-
  reboot-required but omits the notification on desktops, so that seems
  to be an inconsistent policy; but even if we thought that was the
  correct policy to apply, the above check for a desktop is not because
  it doesn't match in the case the user is running Xwayland, which most
  users not using the nvidia driver will be doing now by default.

  Also, this is now inside a block that checks for the presence of
  needrestart, which is part of the server seed; so in effect this
  notification now *never* fires on servers, it *only* fires on
  desktops.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: openssl 3.0.2-0ubuntu1.1
  ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30
  Uname: Linux 5.15.0-27-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Thu May  5 05:39:06 2022
  InstallationDate: Installed on 2019-12-23 (863 days ago)
  InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
  RebootRequiredPkgs: Error: path contained symlinks.
  SourcePackage: openssl
  UpgradeStatus: Upgraded to jammy on 2022-04-15 (19 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1971650/+subscriptions