arsing
commented
9 months ago Yes.
Needs to be fixed in iotedge too since its postrm does the same thing. (It shouldn't rely on pulling it in via a-i-s's deps.)
Closed gri6507 closed 9 months ago
arsing
commented
9 months ago Yes.
Needs to be fixed in iotedge too since its postrm does the same thing. (It shouldn't rely on pulling it in via a-i-s's deps.)
arsing
commented
9 months ago It doesn't help actually. psmisc is purged before aziot-identity-service is.
$ apt purge --autoremove aziot-identity-service
...
The following packages will be REMOVED:
aziot-identity-service* libkmod2* libtss2-esys-3.0.2-0* libtss2-mu0* libtss2-rc0* libtss2-sys1* libtss2-tcti-cmd0* libtss2-tcti-device0* libtss2-tcti-mssim0* libtss2-tcti-swtpm0*
libtss2-tctildr0* psmisc* tpm-udev* udev*
0 upgraded, 0 newly installed, 14 to remove and 0 not upgraded.
...
Processing triggers for libc-bin (2.31-13+deb11u7) ...
(Reading database ... 6677 files and directories currently installed.)
Purging configuration files for psmisc (23.4-2) ...
Purging configuration files for aziot-identity-service (1.4.7-1) ...
/var/lib/dpkg/info/aziot-identity-service.postrm: 26: killall: not found
/var/lib/dpkg/info/aziot-identity-service.postrm: 27: killall: not found
/var/lib/dpkg/info/aziot-identity-service.postrm: 28: killall: not found
/var/lib/dpkg/info/aziot-identity-service.postrm: 29: killall: not found
Purging configuration files for udev (247.3-7+deb11u4) ...Finally, the
Dependsfield should be used if the depended-on package is needed by the postrm script to fully clean up after the package removal. There is no guarantee that package dependencies will be available whenpostrmis run, but the depended-on package is more likely to be available if the package declares a dependency (particularly in the case ofpostrm remove). Thepostrmscript must gracefully skip actions that require a dependency if that dependency isn’t available.
So it is good to add the Depends, but it's not going to solve the original problem.
We do run it with || true, and realistically it's not going to kill anything because the systemd units will be stopped anyway, so it should be okay to ignore.
gri6507
commented
9 months ago lintian reports a number of errors and warnings for the DEBs (see full list below). One of those is for use of killall, albeit for a different reason. Between the lintian concern and the fact that postrm purge cannot rely on control file's Depends specification, perhaps a better approach is to move away from using killall altogether?
$ lintian /tmp/q/aziot-edge_1.4.27-1_amd64.deb
E: aziot-edge: bogus-mail-host-in-debian-changelog "Azure IoT Edge Devs" <> (for version 1.4.27-1) [usr/share/doc/aziot-edge/changelog.Debian.gz:1]
E: aziot-edge: depends-on-essential-package-without-using-version Depends: hostname
E: aziot-edge: depends-on-essential-package-without-using-version Depends: sed
E: aziot-edge: malformed-contact Maintainer Azure
E: aziot-edge: missing-dependency-on-libc needed by usr/bin/iotedge and 1 others
W: aziot-edge: command-with-path-in-maintainer-script /usr/sbin/userdel (plain script) [postrm:22]
W: aziot-edge: command-with-path-in-maintainer-script /usr/sbin/userdel (plain script) [postrm:25]
W: aziot-edge: command-with-path-in-maintainer-script /usr/sbin/userdel (plain script) [postrm:26]
W: aziot-edge: copyright-without-copyright-notice
W: aziot-edge: debian-changelog-has-wrong-day-of-week 2020-12-01 was a Tuesday [usr/share/doc/aziot-edge/changelog.Debian.gz:1]
W: aziot-edge: initial-upload-closes-no-bugs [usr/share/doc/aziot-edge/changelog.Debian.gz:1]
W: aziot-edge: killall-is-dangerous [postrm:7]
W: aziot-edge: maintainer-script-empty [prerm]
W: aziot-edge: priority-extra-is-replaced-by-priority-optional
$ lintian /tmp/q/aziot-identity-service_1.4.7-1_amd64.deb
E: aziot-identity-service: bogus-mail-host-in-debian-changelog "Azure IoT Edge Devs" <> (for version 1.4.7-1) [usr/share/doc/aziot-identity-service/changelog.Debian.gz:1]
E: aziot-identity-service: malformed-contact Maintainer Azure
E: aziot-identity-service: sharedobject-in-library-directory-missing-soname [usr/lib/libaziot_keys.so]
W: aziot-identity-service: command-with-path-in-maintainer-script /usr/bin/getent (plain script) [preinst:21]
W: aziot-identity-service: command-with-path-in-maintainer-script /usr/bin/getent (plain script) [preinst:24]
W: aziot-identity-service: command-with-path-in-maintainer-script /usr/bin/getent (plain script) [preinst:29]
W: aziot-identity-service: command-with-path-in-maintainer-script ... use "--tag-display-limit 0" to see all (or pipe to a file/program)
W: aziot-identity-service: copyright-without-copyright-notice
W: aziot-identity-service: extended-description-line-too-long line 1
W: aziot-identity-service: extended-description-line-too-long line 10
W: aziot-identity-service: extended-description-line-too-long line 11
W: aziot-identity-service: extended-description-line-too-long ... use "--tag-display-limit 0" to see all (or pipe to a file/program)
W: aziot-identity-service: initial-upload-closes-no-bugs [usr/share/doc/aziot-identity-service/changelog.Debian.gz:1]
W: aziot-identity-service: killall-is-dangerous [postrm:26]
W: aziot-identity-service: killall-is-dangerous [postrm:27]
W: aziot-identity-service: killall-is-dangerous [postrm:28]
W: aziot-identity-service: killall-is-dangerous ... use "--tag-display-limit 0" to see all (or pipe to a file/program)
W: aziot-identity-service: no-manual-page [usr/bin/aziotctl]
W: aziot-identity-service: possible-unindented-list-in-extended-description line 5One of those is for use of killall, albeit for a different reason.
Server is down but I checked the archive.org copy.
The maintainer script seems to call
killall. Since the program terminates processes by name, it may accidentally affect unrelated processes.Most uses of
killallshould useinvoke-rc.dinstead.
Our use is killall -u $USER, not a process name, so it doesn't apply.
The suggestion to use invoke-rc.d is just saying "stop your services using the service manager", which we don't need to do since that is already handled by the debhelper snippet to stop the systemd services, like I said in my last comment. Specifically the prerm snippet does deb-systemd-invoke stop 'aziot-certd.socket' 'aziot-identityd.socket' 'aziot-keyd.socket' 'aziot-tpmd.socket' >/dev/null || true which in turn will cause the corresponding service units to stop because they each have Requires= on their socket units.
perhaps a better approach is to move away from using
killallaltogether?
It was added as a last resort in case stopping the services fails. I don't know why that would happen, and gordonwang0 is out of office right now, so I'd rather not remove it.
Host OS: Debian 11 amd64, minimalistic install.
When I try to purge aziot-edge with autoremove, which also purges aziot-identity-service, I get the following output.
On all Debian/Ubuntu systems,
killallis provided bypsmiscpackage. This should be listed as aDependsin https://github.com/Azure/iot-identity-service/blob/main/contrib/debian/control#L13C1-L13C44