From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id A70721FF2AA
	for <inbox@lore.proxmox.com>; Wed,  3 Jul 2024 14:57:52 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 37FB682AF;
	Wed,  3 Jul 2024 14:58:09 +0200 (CEST)
Message-ID: <a1e95989-9f9a-415c-aa27-3b9c40d64512@proxmox.com>
Date: Wed, 3 Jul 2024 14:58:05 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: pve-devel@lists.proxmox.com
References: <20240627150132.265982-1-s.hanreich@proxmox.com>
Content-Language: en-US
From: Stefan Hanreich <s.hanreich@proxmox.com>
In-Reply-To: <20240627150132.265982-1-s.hanreich@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.644 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH ifupdown2 1/1] fix #5197: do not run scripts
 ending with .dpkg-{old, new, tmp, dist}
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

superseded by
https://lists.proxmox.com/pipermail/pve-devel/2024-July/064404.html

On 6/27/24 17:01, Stefan Hanreich wrote:
> This can lead to issue when upgrading from ifupdown to ifupdown2. The
> particular issue this fixes occurs in the following scenario:
> 
> * Suppose there is a legacy Debian host with ifupdown and ifenslave
>   installed that has a bond configured in /etc/network/interfaces.
> * ifenslave installs a script /etc/network/if-pre-up.d/ifenslave.
> * Now, an upgrade creates a second script
>   /etc/network/if-pre-up.d/ifenslave.dpkg-new. As ifupdown executes
>   network scripts via run-parts which ignores scripts with . in their
>   name, ifenslave.dpkg-new has no effect.
> * If the host switches over to ifupdown2 by installing it (removing
>   ifupdown, keeping ifenslave) and reboots, the network will not come
>   up:
>   /etc/network/if-pre-up.d/ifenslave still exists, but is ignored
>   by ifupdown2's bond addon [1]
>   /etc/network/if-pre-up.d/ifenslave.dpkg-new is executed by ifupdown2
>   because it executes all scripts in /etc/network/if-pre-up.d, even if
>   their name contains a dot
> 
> This leads to ifreload failing on upgrades, which in turn causes
> issues with the networking of upgraded hosts.
> 
> Also submitted upstream at [2]
> 
> [1] https://github.com/CumulusNetworks/ifupdown2/blob/ccdc386cfab70703b657fe7c0ffceb95448a9c2b/ifupdown2/addons/bond.py#L45
> [2] https://github.com/CumulusNetworks/ifupdown2/pull/304
> 
> Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> ---
>  ...dpkg-files-when-running-hook-scripts.patch | 54 +++++++++++++++++++
>  debian/patches/series                         |  1 +
>  2 files changed, 55 insertions(+)
>  create mode 100644 debian/patches/pve/0010-main-ignore-dpkg-files-when-running-hook-scripts.patch
> 
> diff --git a/debian/patches/pve/0010-main-ignore-dpkg-files-when-running-hook-scripts.patch b/debian/patches/pve/0010-main-ignore-dpkg-files-when-running-hook-scripts.patch
> new file mode 100644
> index 0000000..eea615f
> --- /dev/null
> +++ b/debian/patches/pve/0010-main-ignore-dpkg-files-when-running-hook-scripts.patch
> @@ -0,0 +1,54 @@
> +From dbb759a1383cf736a0fa769c5c5827e1e7f8145c Mon Sep 17 00:00:00 2001
> +From: Stefan Hanreich <s.hanreich@proxmox.com>
> +Date: Tue, 4 Jun 2024 16:17:54 +0200
> +Subject: [PATCH] main: ignore dpkg files when running hook scripts
> +
> +Currently ifupdown2 executes scripts that are backed up by dpkg (e.g.
> +foo.dpkg-old). This can lead to issues with hook scripts getting
> +executed after upgrading ifupdown2 via dpkg, even though they should
> +not be executed.
> +
> +This also brings ifupdown2 closer on par with the behavior of
> +ifupdown, which did not execute hook scripts with dpkg suffixes.
> +
> +Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
> +---
> + ifupdown2/ifupdown/ifupdownmain.py | 4 +++-
> + ifupdown2/ifupdown/utils.py        | 6 ++++++
> + 2 files changed, 9 insertions(+), 1 deletion(-)
> +
> +diff --git a/ifupdown2/ifupdown/ifupdownmain.py b/ifupdown2/ifupdown/ifupdownmain.py
> +index 51f5460..e6622f0 100644
> +--- a/ifupdown2/ifupdown/ifupdownmain.py
> ++++ b/ifupdown2/ifupdown/ifupdownmain.py
> +@@ -1540,7 +1540,9 @@ class ifupdownMain:
> +             try:
> +                 module_list = os.listdir(msubdir)
> +                 for module in module_list:
> +-                    if self.modules.get(module) or module in self.overridden_ifupdown_scripts:
> ++                    if (self.modules.get(module)
> ++                        or module in self.overridden_ifupdown_scripts
> ++                        or utils.is_dpkg_file(module)):
> +                         continue
> +                     self.script_ops[op].append(msubdir + '/' + module)
> +             except Exception:
> +diff --git a/ifupdown2/ifupdown/utils.py b/ifupdown2/ifupdown/utils.py
> +index 05c7e48..3085e82 100644
> +--- a/ifupdown2/ifupdown/utils.py
> ++++ b/ifupdown2/ifupdown/utils.py
> +@@ -212,6 +212,12 @@ class utils():
> +         # what we have in the cache (data retrieved via a netlink dump by
> +         # nlmanager). nlmanager return all macs in lower-case
> + 
> ++    _dpkg_suffixes = (".dpkg-old", ".dpkg-dist", ".dpkg-new", ".dpkg-tmp")
> ++
> ++    @staticmethod
> ++    def is_dpkg_file(name):
> ++        return any(name.endswith(suffix) for suffix in utils._dpkg_suffixes)
> ++
> +     @classmethod
> +     def importName(cls, modulename, name):
> +         """ Import a named object """
> +-- 
> +2.39.2
> +
> diff --git a/debian/patches/series b/debian/patches/series
> index 557aa7f..d5772c9 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -7,6 +7,7 @@ pve/0006-openvswitch-ovs-ports-condone-regex-exclude-tap-veth.patch
>  pve/0007-allow-vlan-tag-inside-vxlan-tunnel.patch
>  pve/0008-lacp-bond-remove-bond-min-links-0-warning.patch
>  pve/0009-gvgeb-fix-python-interpreter-shebang.patch
> +pve/0010-main-ignore-dpkg-files-when-running-hook-scripts.patch
>  upstream/0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch
>  upstream/0001-addons-ethtool-add-rx-vlan-filter.patch
>  upstream/0001-scheduler-import-traceback.patch


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel