Ubuntu
upstart package

postinst: SIGTERM for re-exec causes problems if Upstart isn't /sbin/init

Bug #92177 reported by Martin Pool
12
Affects Status Importance Assigned to Milestone
upstart
Fix Released
High
Unassigned
Trunk
Won't Fix
High
Unassigned
upstart (Ubuntu)
Fix Released
High
Unassigned

Bug Description

I was doing a dist-upgrade from the recovery mode of the 20070313 alternate i386 disk to get my machine working again. I saw something come up on the screen about upgrading upstart and restarting upstart, and then the machine rebooted.

This happened because the upstart postinst sent init SIGTERM, which is the instruction for upstart to reexec itself. However the recovery CD just has a basic shell for /sbin/init, and the TERM signal killed it.

Reexec should be performed, as sysvinit, via initctl; then the postinst would just get a Connection Refused and be able to carry on. (Make sure we || true it)

See original description
Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

Which version of Ubuntu/Upstart were you upgrading from, and which version were you upgrading to?

Changed in upstart:
status: Unconfirmed → Needs Info
Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

Random thought ... the recovery mode might not have a real init for a /bin/sh; the upstart upgrade would send SIGTERM to it ...

Revision history for this message
Martin Pool (mbp) wrote :

I'll have a look in dpkg.log tomorrow, but it would be from whatever
was current a week ago to whatever was on archive.u.c at about 20070314T1200Z.

I think you are probably right that upstart is sending a signal or message that's not understood by init on the alternate cd. Since upgrading from a boot cd is not an incredibly uncommon operation maybe it should guard against this...

--
Martin

Scott James Remnant (Canonical) (canonical-scott)
Changed in upstart:
importance: Undecided → High
description: updated
Changed in upstart:
importance: Undecided → High
status: Unconfirmed → Confirmed
status: Needs Info → Confirmed
Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote : Re: SIGTERM for re-exec causes problems if Upstart isn't /sbin/init

Proposed solution is to use the initctl protocol to request a re-exec from Upstart, rather than a signal. That way this will fail nicely if Upstart is not the running init, rather than killing whatever is init at the moment.

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

upstream: use of TERM for re-exec is a mis-feature
Ubuntu: use of kill in postinst causes this bug

Changed in upstart:
status: Confirmed → Rejected
Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

Since we just got bitten by this by an upstart package in edgy-updates, it's worth explaining here why we didn't fix this bug at the same time.

There is currently no initctl command for "re-exec yourself", since that relies on code currently in main.c; to add it would involve adding the command itself, and then moving much of the re-exec handling from main.c into control.c -- or a separate module, with both the signal and the control command calling that function.

Also since re-exec is largely empty at the moment, and state isn't transferred, making it a user-visible option would mean more people would try and do it -- which would cause them issues later on. We really need to get state transferrance working.

Not re-exec'ing is also an issue, because the initctl protocol isn't stable (we may just use D-BUS) -- so after an upgrade, initctl would be unable to tell Upstart to reboot or shutdown.

This is still very much on the radar.

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :
Scott James Remnant (Canonical) (canonical-scott)
Changed in upstart:
status: Invalid → Confirmed
Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

We have "telinit u" for this, we can use that in postinst for now until we have proper re-exec support (bug #348455)

Changed in upstart (Ubuntu):
status: Confirmed → Triaged
Scott James Remnant (Canonical) (canonical-scott)
summary: - SIGTERM for re-exec causes problems if Upstart isn't /sbin/init
+ postinst: SIGTERM for re-exec causes problems if Upstart isn't
+ /sbin/init
Scott James Remnant (Canonical) (canonical-scott)
Changed in upstart (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package upstart - 0.3.10-2

---------------
upstart (0.3.10-2) karmic; urgency=low

  * debian/upstart.postinst: Use telinit u to re-exec, rather than
    kill just in case it's not Upstart that's running. LP: #92177.
  * debian/event.d/system-services/tty*: Run getty in 8-bit clean
    mode. LP: #273189.
  * debian/event.d/upstart-compat-sysv/rc-default:
    - Don't use grep -w, instead split on $IFS and iterate. LP: #385911.
    - Check for any valid runlevel, not just S. LP: #85014.
    - Make console owner, since it may spawn sulogin.
  * debian/event.d/upstart-compat-sysv/rcS:
    - Spawn sulogin if given -b or "emergency". LP: #193810.
  * debian/event.d/upstart-compat-sysv/rcS:
    - Make console owner. LP: #211402.
  * debian/event.d/upstart-compat-sysv/rcS-sulogin:
    - Place the telinit code in post-stop, checking $UPSTART_EVENT first so
      we don't change the runlevel if we were stopped due to a runlevel
      change. LP: #66002.

 -- Scott James Remnant <email address hidden> Thu, 18 Jun 2009 16:19:34 +0100

Changed in upstart (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.