[Debconf-devel] Bug#845563: apt-get update which ends up in grub-probe loops near Stack.pm uninitialized value

Fri Nov 25 20:05:35 UTC 2016

On 25/11/16 10:47, David Kalnischkies wrote:
> Control: reassign -1 debconf 1.5.56
>
> (version number is a guess from the apt/stable version)
>
> On Thu, Nov 24, 2016 at 04:45:35PM +0000, Graeme Vetterlein wrote:
>> In brief. If I attempt to build a docker container using apt-get install , and that process kicks off a grub-probe. The probe
>> fails (because we are in a container)  not a surprise. However this causes apt-get install to loop, presumably in the grub specific
>> setup scripts.
> apt has no "setup scripts" and no grub specific pieces. The packages
> which are installed carry them with them (if any) and hence any bug with
> them is a bug for them, not for the tool unfortunately enough to be
> tasked with running them (= dpkg ← apt ← user).
>
> So, reassigning to … debconf (which is another tool tasked by others
> with doing stuff…) as "uninitialized value" sounds bad and I have no
> idea if it is debconfs or grubs fault…
>
>
>> yes | apt-get install --force-yes --allow-unauthenticated -y lttng-modules-dkms || echo "Ignore failure, hope that's OK"
> Thanks for the nightmares tonight!
>
> Really, that is some very scary commandline. Are you really sure that
> you want (whatever package actually) so desperately that you completely
> ignore security AND destroy your system (okay, its a container, but
> still) for it? With destroying your system you might be able to live,
> but I guess you want to use the container for something later on… bad if
> an attacker has already infected it with rootkits due to that command.
>
> Also, there are better ways to answer dpkg-conffile questions and to let
> debconf pick the default option than to run 'yes' over them. I can't
> give blank advice on that as it depends on what you want to do and stuff
> but I would highly suggest looking into it! Some pointers:
> DEBIAN_FRONTEND=noninteractive and dpkg --force-conf{new,old,def}.
>
David,

Probably not as bad as you fear. This actual container I don't want 
(it'll be deleted unused)
I produced it just to show the bug. The container I produced used 
several private repos only.
Authentication did not work with these. If there is rogue code in there 
, it's already inside the company
adding it to a container would be the least of our problems :-)

I'm only doing this to reproduce a build environment  used by another 
group. Once I have it working I'll be moving to
a more up-to-date distro (this was wheezy) .

As an interesting aside. I built this OK in an LXC container. I assume 
this is because the way you build an LXC container
has you manually running apt-get at the command line (so stdin is my 
tty) . I think this is an issue in Docker because
it requires to run "unattended" in a script. I'm guessing as Docker 
popularity grows more of these kind of thing will turn up.

(this is my personal email, I'll forward your notes to work and read the 
hints&tips there, thanks for those)
> Anway: On to the actual bug:
>
>>   ... < elided>.....
>>
>> debconf: falling back to frontend: Teletype
>>
>> Creating config file /etc/default/grub with new version
>> grub-probe: error: cannot find a device for / (is /dev mounted?).
>> grub-probe: error: cannot find a device for /boot (is /dev mounted?).
>> grub-probe: error: cannot find a device for /boot/grub (is /dev mounted?).
>> Configuring grub-pc
>> -------------------
>>
>> You chose not to install GRUB to any devices. If you continue, the boot loader
>> may not be properly configured, and when this computer next starts up it will
>> use whatever was previously in the boot sector. If there is an earlier version
>> of GRUB 2 in the boot sector, it may be unable to load modules or handle the
>> current configuration file.
>>
>> If you are already using a different boot loader and want to carry on doing so,
>> or if this is a special environment where you do not need a boot loader, then
>> you should continue anyway. Otherwise, you should install GRUB somewhere.
>>
>> Continue without installing GRUB?
>> Use of uninitialized value $_[1] in join or string at /usr/share/perl5/Debconf/DbDriver/Stack.pm line 111.
>> grub-probe: error: cannot find a device for / (is /dev mounted?).
>> grub-probe: error: cannot find a device for /boot (is /dev mounted?).
>> grub-probe: error: cannot find a device for /boot/grub (is /dev mounted?).
>> Use of uninitialized value $_[1] in join or string at /usr/share/perl5/Debconf/DbDriver/Stack.pm line 111.
>> You chose not to install GRUB to any devices. If you continue, the boot loader
>> may not be properly configured, and when this computer next starts up it will
>> use whatever was previously in the boot sector. If there is an earlier version
>> of GRUB 2 in the boot sector, it may be unable to load modules or handle the
>> current configuration file.
>>
>> If you are already using a different boot loader and want to carry on doing so,
>> or if this is a special environment where you do not need a boot loader, then
>> you should continue anyway. Otherwise, you should install GRUB somewhere.
>>
>> Continue without installing GRUB?
>> grub-probe: error: cannot find a device for / (is /dev mounted?).
>> grub-probe: error: cannot find a device for /boot (is /dev mounted?).
>> grub-probe: error: cannot find a device for /boot/grub (is /dev mounted?).
>> Use of uninitialized value $_[1] in join or string at /usr/share/perl5/Debconf/DbDriver/Stack.pm line 111.
>> You chose not to install GRUB to any devices. If you continue, the boot loader
>> may not be properly configured, and when this computer next starts up it will
>> use whatever was previously in the boot sector. If there is an earlier version
>> of GRUB 2 in the boot sector, it may be unable to load modules or handle the
>> current configuration file.
>>
>> ....
> That is why I am reassigning to debconf as it seems to loop with the
> uninitialized variable, but that might also be due to a grub
> maintainerscript… I don't know/haven't checked.
>
> The original message contains a docker file with which it might be
> reproducible, I just haven't quoted it to keep the mail relatively
> manageable.
>
>
>> gvetterlein at lyster:~/work/obsidian-1.0/infrastructure/HSPbuild$ cat 98localmirror
>> Acquire
>> {
>> 	Check-Valid-Until "false";
>> }
> Tip: Consider setting the option Acquire::Min-ValidTime with a high
> enough value instead as that helps with figuring out then your local
> mirror is hopelessly out of date/stale. If you don't get updates for
> a month, that might be a very serious red flag…
>
> You should also follow the manpage advice and append the label of the
> repository to the option to have it not effect all your sources, but
> just those with that label (l= in apt policy output).  btw: In stretch
> you are able to just mark the sources line(s) for your local mirror(s)
> directly with those options.
>
>
> Best regards
>
> David Kalnischkies