Bug#1037478: ca-certificates-java: Loop in the execution of the trigger
Cyril Brulebois
cyril at debamax.com
Thu Nov 16 03:01:50 GMT 2023
Hi,
Matthias Klose <doko at debian.org> (2023-07-12):
> Version: 20230710
>
> Fixed now.
Thanks for the bugfix.
This is a serious issue that still affects at least bookworm (I didn't
check bullseye): applying the update published as DSA-5548-1 makes dpkg
error out. Cc-ing the security team accordingly.
On a bookworm system (freshly deployed and without any weird things done
package-wise) that had openjdk-17-jre-headless installed, upgrading it
to the version that's available in bullseye-security triggered the dpkg
trigger loop. Thankfully that's easily recoverable (e.g. by running
`dpkg --configure -a`, even if there might be better ways to do so), but
that's still something I believe shouldn't be happening on stable
systems with just the matching stable-security suite enabled.
This issue is trivially reproducible there by switching back and forth
between bookworm's version and bookworm-security's. Setting some debug
level in dpkg, I'm getting the attached log for one of those runs.
apt-get install -o dpkg::options::=-D70000 openjdk-17-jre-headless/bookworm
apt-get install -o dpkg::options::=-D70000 openjdk-17-jre-headless/bookworm-security
→ ca-certificates-java-full-debug.txt
At the time of writing, that means switching between 17.0.8+7-1~deb12u1
and 17.0.9+9-1~deb12u1.
Checking whether this was possibly a problem with that particular
system, I tried reproducing the issue with openjdk-17-jre-headless in
a bookworm chroot, but I wasn't successful. Installing openjdk-17-jre
makes it possible to reproduce the issue though.
Shell script to reproduce (adjust DST=/tmp/bookworm if needed):
→ repro-1037478.sh
I'm attaching the log for the failed upgrade, again with dpkg debug:
→ repro-1037478.log
I've verified in both cases (real baremetal system and repro chroot)
that installing ca-certificates-java 20230710 beforehand indeed makes
the problem disappear. Since this release is a fixup for the previous
release which was mainly aimed at fixing this particular issue, I
suppose it would make sense to investigate whether something like
20230710~deb12u1 would be appropriate for bookworm-proposed-updates?
(And maybe bullseye-proposed-updates, but again, I didn't check the
bullseye part.)
Thanks for considering.
Cheers,
--
Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
-------------- next part --------------
root at baremetal:~# apt-get install -o dpkg::options::=-D70000 openjdk-17-jre-headless/bookworm-security
…
Selected version '17.0.9+9-1~deb12u1' for 'openjdk-17-jre-headless'
…
The following packages will be upgraded:
openjdk-17-jre-headless
1 upgraded, 0 newly installed, 0 to remove and 284 not upgraded.
Need to get 0 B/43.7 MB of archives.
After this operation, 487 kB disk space will be freed.
(Reading database ... 30411 files and directories currently installed.)
Preparing to unpack .../openjdk-17-jre-headless_17.0.9+9-1~deb12u1_amd64.deb ...
D020000: trigproc_activate_packageprocessing pkg=openjdk-17-jre-headless:amd64
D020000: post_script_tasks - ensure_diversions
D020000: post_script_tasks - trig_incorporate
Unpacking openjdk-17-jre-headless:amd64 (17.0.9+9-1~deb12u1) over (17.0.8+7-1~deb12u1) ...
D020000: post_script_tasks - ensure_diversions
D020000: post_script_tasks - trig_incorporate
D010000: trigproc_run_deferred
Setting up openjdk-17-jre-headless:amd64 (17.0.9+9-1~deb12u1) ...
D020000: trigproc_activate_packageprocessing pkg=openjdk-17-jre-headless:amd64
Installing new version of config file /etc/java-17-openjdk/security/public_suffix_list.dat ...
D020000: post_postinst_tasks - trig_incorporate
D010000: trigproc_run_deferred
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: check_triggers_cycle pnow=ca-certificates-java:all
D020000: check_triggers_cycle pnow=ca-certificates-java:all first
D010000: trigproc ca-certificates-java:all
D010000: check_triggers_cycle pnow=ca-certificates-java:all
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=/usr/lib/jvm
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=/usr/lib/jvm haretrig=/usr/lib/jvm
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=update-ca-certificates-java
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=update-ca-certificates-java haretrig=/usr/lib/jvm
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=update-ca-certificates-java haretrig=update-ca-certificates-java
dpkg: cycle found while processing triggers:
chain of packages whose triggers are or may be responsible:
ca-certificates-java -> ca-certificates-java
packages' pending triggers which are or may be unresolvable:
ca-certificates-java: /usr/lib/jvm: update-ca-certificates-java
D010000: check_triggers_cycle pnow=ca-certificates-java:all giveup=ca-certificates-java:all
dpkg: error processing package ca-certificates-java (--configure):
triggers looping, abandoned
D010000: trigproc_run_deferred
Errors were encountered while processing:
ca-certificates-java
E: Sub-process /usr/bin/dpkg returned an error code (1)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: repro-1037478.sh
Type: application/x-sh
Size: 431 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20231116/4f449cc9/attachment.sh>
-------------- next part --------------
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
openjdk-17-jre-headless
Suggested packages:
libnss-mdns fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei
| fonts-wqy-zenhei fonts-indic
The following packages will be upgraded:
openjdk-17-jre openjdk-17-jre-headless
2 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
Need to get 43.9 MB of archives.
After this operation, 487 kB disk space will be freed.
Get:1 http://deb.debian.org/debian-security bookworm-security/main amd64 openjdk-17-jre amd64 17.0.9+9-1~deb12u1 [184 kB]
Get:2 http://deb.debian.org/debian-security bookworm-security/main amd64 openjdk-17-jre-headless amd64 17.0.9+9-1~deb12u1 [43.7 MB]
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "",
LC_ALL = (unset),
LANG = "en_GB.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Fetched 43.9 MB in 1s (34.0 MB/s)
E: Can not write log (Is /dev/pts mounted?) - posix_openpt (19: No such device)
(Reading database ... 18700 files and directories currently installed.)
Preparing to unpack .../openjdk-17-jre_17.0.9+9-1~deb12u1_amd64.deb ...
D020000: trigproc_activate_packageprocessing pkg=openjdk-17-jre:amd64
D020000: post_script_tasks - ensure_diversions
D020000: post_script_tasks - trig_incorporate
Unpacking openjdk-17-jre:amd64 (17.0.9+9-1~deb12u1) over (17.0.8+7-1~deb12u1) ...
Preparing to unpack .../openjdk-17-jre-headless_17.0.9+9-1~deb12u1_amd64.deb ...
D020000: trigproc_activate_packageprocessing pkg=openjdk-17-jre-headless:amd64
D020000: post_script_tasks - ensure_diversions
D020000: post_script_tasks - trig_incorporate
Unpacking openjdk-17-jre-headless:amd64 (17.0.9+9-1~deb12u1) over (17.0.8+7-1~deb12u1) ...
D020000: post_script_tasks - ensure_diversions
D020000: post_script_tasks - trig_incorporate
D010000: trigproc_run_deferred
D010000: trigproc hicolor-icon-theme:all
Setting up openjdk-17-jre-headless:amd64 (17.0.9+9-1~deb12u1) ...
D020000: trigproc_activate_packageprocessing pkg=openjdk-17-jre-headless:amd64
Installing new version of config file /etc/java-17-openjdk/security/public_suffix_list.dat ...
D020000: post_postinst_tasks - trig_incorporate
D010000: trigproc_enqueue_deferred pend=ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc hicolor-icon-theme:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc hicolor-icon-theme:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc hicolor-icon-theme:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc hicolor-icon-theme:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc hicolor-icon-theme:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc hicolor-icon-theme:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc hicolor-icon-theme:all
D010000: check_triggers_cycle pnow=hicolor-icon-theme:all
D020000: check_triggers_cycle pnow=hicolor-icon-theme:all first
Processing triggers for hicolor-icon-theme (0.17-2) ...
D020000: post_postinst_tasks - trig_incorporate
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: trigproc ca-certificates-java:all
D010000: check_triggers_cycle pnow=ca-certificates-java:all
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=update-ca-certificates-java
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=update-ca-certificates-java haretrig=update-ca-certificates-java
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=/usr/lib/jvm
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=/usr/lib/jvm haretrig=update-ca-certificates-java
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=/usr/lib/jvm haretrig=/usr/lib/jvm
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=hicolor-icon-theme
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=hicolor-icon-theme tortoisetrig=/usr/share/icons/hicolor
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=hicolor-icon-theme OK
D010000: trigproc ca-certificates-java:all
D010000: check_triggers_cycle pnow=ca-certificates-java:all
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=update-ca-certificates-java
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=update-ca-certificates-java haretrig=update-ca-certificates-java
D020000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=/usr/lib/jvm
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=/usr/lib/jvm haretrig=update-ca-certificates-java
D040000: tortoise_in_hare pnow=ca-certificates-java tortoise=ca-certificates-java tortoisetrig=/usr/lib/jvm haretrig=/usr/lib/jvm
dpkg: cycle found while processing triggers:
chain of packages whose triggers are or may be responsible:
ca-certificates-java -> ca-certificates-java
packages' pending triggers which are or may be unresolvable:
ca-certificates-java: update-ca-certificates-java: /usr/lib/jvm
D010000: check_triggers_cycle pnow=ca-certificates-java:all giveup=ca-certificates-java:all
dpkg: error processing package ca-certificates-java (--configure):
triggers looping, abandoned
Setting up openjdk-17-jre:amd64 (17.0.9+9-1~deb12u1) ...
D020000: trigproc_activate_packageprocessing pkg=openjdk-17-jre:amd64
D020000: post_postinst_tasks - trig_incorporate
D010000: trigproc_run_deferred
Errors were encountered while processing:
ca-certificates-java
E: Sub-process /usr/bin/dpkg returned an error code (1)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20231116/4f449cc9/attachment.sig>
More information about the pkg-java-maintainers
mailing list