Mythbuntu Install hangs at 90% due to & in password

I can confirm this behaviour. My password contained a space. After the change of password into a one-word phrase the installation was successful. I as well tried twice before finding this entry so thanx for the tipp!

I tried the released version, not the beta.

Thank you for reporting the issue you had. Marking as confirmed.

(Un)fortunately enough this can actually break in several places.

The password can (and will be) used for:

 * system password
 * vnc password
 * mythweb password
 * root mysql user's password

So depending on what type of install, it's possible you may not have had one of these services installed.

Looking at the problem it seems that user input strings (ie: passwords) need to be encapsulated in double quotes in order to protect special characters like ampersands (&).

For instance, I'm looking in the ubiquity package source code: scripts/mythbuntu/mythbuntu-install.py and we see the password read in:

self.passwd=self.db.get('passwd/user-password')

Subsequently, self.passwd is then passed in several functions throughout the script. Can't this be protected if we change the readin of the password to include double quotes? For example:

self.passwd='\"'+self.db.get('passwd/user-password')+'\"'

Is this the concept correct, and if so, how do I test the ubiquity package after making the changes?

This doesnt appear that it would provide the expectetd result. You are
tacking the "" into the user password rather than wrapping it in it. I would
think that anywhere that uses the self.passwd would need to wrapped in "".
This is the similar thing I changed in the VNC handler.

-Nick

On Mon, Apr 27, 2009 at 5:45 PM, barney_1 <email address hidden> wrote:

> Looking at the problem it seems that user input strings (ie: passwords)
> need to be encapsulated in double quotes in order to protect special
> characters like ampersands (&).
>
> For instance, I'm looking in the ubiquity package source code:
> scripts/mythbuntu/mythbuntu-install.py and we see the password read in:
>
> self.passwd=self.db.get('passwd/user-password')
>
> Subsequently, self.passwd is then passed in several functions throughout
> the script. Can't this be protected if we change the readin of the
> password to include double quotes? For example:
>
> self.passwd='\"'+self.db.get('passwd/user-password')+'\"'
>
> Is this the concept correct, and if so, how do I test the ubiquity
> package after making the changes?
>
> --
> Mythbuntu Install hangs at 90% due to & in password
> https://bugs.launchpad.net/bugs/363153
> You received this bug notification because you are a member of Mythbuntu
> Developers, which is subscribed to Mythbuntu.
>

I'd doubt the actual bug is the python handling. To start out, you
need to figure out which place (of those I listed) is causing the
trouble. Then, look closer at the underlying code to see if the
underlying code is the trouble.

On 04/27/2009, Nick Fox <email address hidden> wrote:
> This doesnt appear that it would provide the expectetd result. You are
> tacking the "" into the user password rather than wrapping it in it. I would
> think that anywhere that uses the self.passwd would need to wrapped in "".
> This is the similar thing I changed in the VNC handler.
>
> -Nick
>
> On Mon, Apr 27, 2009 at 5:45 PM, barney_1 <email address hidden> wrote:
>
>> Looking at the problem it seems that user input strings (ie: passwords)
>> need to be encapsulated in double quotes in order to protect special
>> characters like ampersands (&).
>>
>> For instance, I'm looking in the ubiquity package source code:
>> scripts/mythbuntu/mythbuntu-install.py and we see the password read in:
>>
>> self.passwd=self.db.get('passwd/user-password')
>>
>> Subsequently, self.passwd is then passed in several functions throughout
>> the script. Can't this be protected if we change the readin of the
>> password to include double quotes? For example:
>>
>> self.passwd='\"'+self.db.get('passwd/user-password')+'\"'
>>
>> Is this the concept correct, and if so, how do I test the ubiquity
>> package after making the changes?
>>
>> --
>> Mythbuntu Install hangs at 90% due to & in password
>> https://bugs.launchpad.net/bugs/363153
>> You received this bug notification because you are a member of Mythbuntu
>> Developers, which is subscribed to Mythbuntu.
>>
>
> --
> Mythbuntu Install hangs at 90% due to & in password
> https://bugs.launchpad.net/bugs/363153
> You received this bug notification because you are a member of Ubuntu
> Installer Team, which is subscribed to ubiquity in ubuntu.
>

--
Sent from my mobile device

Mario Limonciello
<email address hidden>

I have tracked down where the bug actually occurs. This hang is caused when VNC is being set up. The mythbuntu_install.py script that is part of ubiquity calls a python module in mythbuntu-common.

The actual script called is /var/lib/python-support/python2.6/mythbuntu_common/vnc.py

Line 56 of this file calls this command:
        os.system(SCRIPTDIR + "/create_vnc_passwd " + password)

That launches a bash script which would look like this (let's say the password was "pass&word"):

        /usr/share/mythbuntu-common/scripts/create_vnc_passwd pass&word

At which point you should get an error because bash sees the "&" as showing that another command is coming. This is where the installer freezes and the ubiquity debug log shows:

May 4 20:24:30 debconf (filter): <-- GET mythbuntu/x11vnc
debconf (developer): <-- GET mythbuntu/x11vnc
debconf (developer): --> 1 true
May 4 20:24:31 debconf (filter): <-- SPAWN vncpasswd /root/.vnc/passwd
May 4 20:24:31 debconf (filter): ignoring unknown (multi-line?) command
May 4 20:24:31 debconf (filter): <-- PASSWORD:
May 4 20:24:31 debconf (filter): ignoring unknown (multi-line?) command
May 4 20:24:31 debconf (filter): <-- PASSWORD must be at least 6 characters - try again
May 4 20:24:31 debconf (filter): ignoring unknown (multi-line?) command
May 4 20:24:31 debconf (filter): <-- PASSWORD:PROGRESS STOP
May 4 20:24:31 debconf (filter): ignoring unknown (multi-line?) command

The fix:

If the vnc.py script from mythbuntu-common passed this password encapsulated in single quotes it should prevent this bug from occurring.

I'll do some testing. I know I can boot the live cd, make the change to the file, and then do a test install. I am uncertain of how to test this change when made to the mythbuntu-common source package (how do I repackage the change into the liveCD for testing?)

So I think a more proper solution would be to switch to py-expect instead of
using the bash script that calls expect. Hopefully that would take care of
the problem dead in it's tracks since everything is then passed around as
strings instead.

On Mon, May 4, 2009 at 18:43, barney_1 <email address hidden> wrote:

> I have tracked down where the bug actually occurs. This hang is caused
> when VNC is being set up. The mythbuntu_install.py script that is part
> of ubiquity calls a python module in mythbuntu-common.
>
> The actual script called is /var/lib/python-
> support/python2.6/mythbuntu_common/vnc.py
>
> Line 56 of this file calls this command:
> os.system(SCRIPTDIR + "/create_vnc_passwd " + password)
>
> That launches a bash script which would look like this (let's say the
> password was "pass&word"):
>
> /usr/share/mythbuntu-common/scripts/create_vnc_passwd pass&word
>
> At which point you should get an error because bash sees the "&" as
> showing that another command is coming. This is where the installer
> freezes and the ubiquity debug log shows:
>
> May 4 20:24:30 debconf (filter): <-- GET mythbuntu/x11vnc
> debconf (developer): <-- GET mythbuntu/x11vnc
> debconf (developer): --> 1 true
> May 4 20:24:31 debconf (filter): <-- SPAWN vncpasswd /root/.vnc/passwd
> May 4 20:24:31 debconf (filter): ignoring unknown (multi-line?) command
> May 4 20:24:31 debconf (filter): <-- PASSWORD:
> May 4 20:24:31 debconf (filter): ignoring unknown (multi-line?) command
> May 4 20:24:31 debconf (filter): <-- PASSWORD must be at least 6
> characters - try again
> May 4 20:24:31 debconf (filter): ignoring unknown (multi-line?) command
> May 4 20:24:31 debconf (filter): <-- PASSWORD:PROGRESS STOP
> May 4 20:24:31 debconf (filter): ignoring unknown (multi-line?) command
>
> The fix:
>
> If the vnc.py script from mythbuntu-common passed this password
> encapsulated in single quotes it should prevent this bug from occurring.
>
> I'll do some testing. I know I can boot the live cd, make the change to
> the file, and then do a test install. I am uncertain of how to test
> this change when made to the mythbuntu-common source package (how do I
> repackage the change into the liveCD for testing?)
>
> --
> Mythbuntu Install hangs at 90% due to & in password
> https://bugs.launchpad.net/bugs/363153
> You received this bug notification because you are a member of Ubuntu
> Installer Team, which is subscribed to ubiquity in ubuntu.
>

--
Mario Limonciello
<email address hidden>

Yes, that seems like a good idea. But, I don't think the module (python-pexpect) is installed by default and this would make mythbuntu-common depend on it. Is that a problem? I don't know how to address the issue of the python-pexpect dependency. Can anyone assist with this?

In the mythbuntu-common package I used grep:
        "create_" -r *
Which shows me that the create_vnc_password script is only called by vnc.py. create_user_vnc_password is called by nothing... is it depricated?

It's easy enough to write the python replacement for the code that uses "expect". I've attached the diff file for vnc.py. There is no error handling (but there wasn't before either!).

I'll give it a try with a liveCD and see where I get.

Adding a dependency in a future version is no problem. the
create_vnc_password script is used by ubiquity only I believe. If your
tests work out well, that'd be great.

On Mon, May 4, 2009 at 22:46, barney_1 <email address hidden> wrote:

> Yes, that seems like a good idea. But, I don't think the module
> (python-pexpect) is installed by default and this would make mythbuntu-
> common depend on it. Is that a problem? I don't know how to address
> the issue of the python-pexpect dependency. Can anyone assist with
> this?
>
> In the mythbuntu-common package I used grep:
> "create_" -r *
> Which shows me that the create_vnc_password script is only called by
> vnc.py. create_user_vnc_password is called by nothing... is it depricated?
>
> It's easy enough to write the python replacement for the code that uses
> "expect". I've attached the diff file for vnc.py. There is no error
> handling (but there wasn't before either!).
>
> I'll give it a try with a liveCD and see where I get.
>
> ** Attachment added: "Patch to switch to using pexpect"
>
> http://launchpadlibrarian.net/26337127/patch_mythbuntu-common-pexpect.diff
>
> --
> Mythbuntu Install hangs at 90% due to & in password
> https://bugs.launchpad.net/bugs/363153
> You received this bug notification because you are a member of Ubuntu
> Installer Team, which is subscribed to ubiquity in ubuntu.
>

--
Mario Limonciello
<email address hidden>
Sent from Austin, Texas, United States

Yes, I've just confirmed the patch. I did so with these steps:

1) boot to liveCD
2) install pexport module: sudo apt-get install python-pexport
3) apply patch to /usr/share/python-support/mythbuntu-common/mythbuntu_common/vnc.py
4) run install with: ubiquity --debug
5) use a password with and ampersand in it (&)
6) Choose an option that installs the mythbackend and make sure to select vnc as an option

With this patch vnc is installed with the correct password throwing no errors.

I'd love to know more about the development... like how the deprecated bash scripts are removed (I'm assuming this is done with a debdiff?) and how the new dependency is added. Also, should the "affects" of this bug be changed to include mythbuntu-common since that is the package causing the bug?

For mythbuntu packages, what you did is great. Thanks for the patch!
So if you are interested in how these changes get rolled in, you'll want to download the bzr branch for mythbuntu-common:

bzr get lp:~mythbuntu/mythbuntu/mythbuntu-common

You can look at the history of commits to see what else had to get changed to reflect your patch. You can even create commits yourself and push to a personal tree of any package. You can then request us to merge those changes. A developer (such as myself) would then review them and if they are suitable, push them into the Ubuntu archive.

This bug was fixed in the package mythbuntu-common - 0.27-0ubuntu1

---------------
mythbuntu-common (0.27-0ubuntu1) karmic; urgency=low

  [ Mario Limonciello ]
  * debian/control:
    - Drop depends on expect
    - Add depends on python-pexpect
  * scripts/create_vnc_passwd:
    - Drop, now unnecessary.

  [ Mike ( <email address hidden> ) ]
  * vnc.py:
    - Use python-pexpect instead to prevent errors from passwords that need
      to be escaped. (LP: #363153)

 -- Mario Limonciello <email address hidden> Tue, 05 May 2009 01:25:27 -0500

http://laroyaleseresienne.be/product.php?page=6fa