Ubuntu
openssl package

installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10

Bug #1832919 reported by Amine Raounak
144
This bug affects 30 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Cosmic
Won't Fix
Undecided
Unassigned
Disco
Fix Released
Undecided
Unassigned
Eoan
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

 * Systems that have in error removed debconf database fail to upgrade libssl1.1 (as e.g. is known to be done in some vagrant boxes)

 * libssl1.1 tries to use debconf template from libc6 package, but doesn't ship one by itself as it should for shared templates. As it is not guaranteed that template will be available.

[TestCase]

# DO NOT DO THIS ON PRODUCTION MACHINES #
# echo PURGE | debconf-communicate libpam0g:amd64
0
# echo PURGE | debconf-communicate libpam0g
0
# echo PURGE | debconf-communicate libc6:amd64
0
# echo PURGE | debconf-communicate libc6
0

Then upgrade from bionic-release to the -proposed package and it should work.

It should not fail with exit code 10.

[Regression Potential]

 * A new template is added, an identical import from glibc without any further changes. This registers the template in debconf, for this package, preventing the above describe error. This has no codechanges, only metadata.

[Other Info]

 * Original bug report

The error happens when trying to configure libssl1.1:amd64 (dpkg --configure -D 20000 libssl1.1)

dpkg: error processing package libssl1.1:amd64 (--configure):
 installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
D020000: post_script_tasks - ensure_diversions
D020000: post_script_tasks - trig_incorporate
D020000: check_triggers_cycle pnow=libc-bin:amd64 first
Processing triggers for libc-bin (2.27-3ubuntu1) ...
D020000: post_postinst_tasks - trig_incorporate
Errors were encountered while processing:
 libssl1.1:amd64

[ WORKAROUND TO RECOVER YOUR SYSTEM ]

$ sudo dpkg-reconfigure libc6
$ sudo dpkg --configure libssl1.1

See original description
Revision history for this message
Amine Raounak (netvisao) wrote :

Version 1.1.1-1ubuntu2.1~18.04.2

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssl (Ubuntu):
status: New → Confirmed
Revision history for this message
Stephen Davidson (i-ste6e-l) wrote :

During system upgrade:
sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  firefox firefox-locale-en gir1.2-xapp-1.0 libxapp1 openssl xapps-common
6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 0 B/50.6 MB of archives.
After this operation, 106 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) ...
Checking for services that may need to be restarted...done.
Checking for services that may need to be restarted...done.
Checking init scripts...
dpkg: error processing package libssl1.1:amd64 (--configure):
 installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
Errors were encountered while processing:
 libssl1.1:amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)

Amine Raounak (netvisao)
summary: installed libssl1.1:amd64 package post-installation script subprocess
- returned error exit status
+ returned error exit status 10
Revision history for this message
Stephen Davidson (i-ste6e-l) wrote :

Note: My system in question is an x86_64 (Intel CPU) so not sure why AMD packages are showing up here.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Stephen, AMD invented the 64 bit extensions to the x86 instruction set and brought their processors to market well before Intel brought theirs to market. Thus AMD won a huge amount of name recognition. Debian standardized on "amd64" to name packages for the architecture many years ago.

Thanks

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Can you please paste the output of below two commands:

debconf-get-selections | grep restart-without-asking

dpkg-query -W libc6

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

if `db_get libraries/restart-without-asking` fails with exit code 10, it means this templates is not in the debconf database.

However, libc6 should be installed and configured on the system, with that template registered.

I wonder, if your debconf database is corrupted / destroyed? Does

$ dpkg-reconfigure libc6

help?

tags: added: bionic
tags: added: regression-update
Changed in openssl (Ubuntu):
status: Confirmed → Incomplete
Dimitri John Ledkov (xnox)
description: updated
description: updated
description: updated
Revision history for this message
Amine Raounak (netvisao) wrote :

@Dimitri

sudo debconf-get-selections | grep restart-without-asking yeilds no output and returns code 1

sudo dpkg-query -W libc6 yields
libc6:amd64 2.27-3ubuntu1

Revision history for this message
Amine Raounak (netvisao) wrote :

sudo dpkg-reconfigure libc6
sudo dpkg-reconfigure libssl1.1

yields no errors

Thanks

Revision history for this message
X Zun (xzun) wrote :

It works:
sudo dpkg-reconfigure libc6
sudo dpkg --configure libssl1.1
sudo dpkg-reconfigure libssl1.1
___________________________________
I did:
sudo dpkg-reconfigure libc6
sudo dpkg-reconfigure libssl1.1

happened:
/usr/sbin/dpkg-reconfigure: libssl1.1 is broken or not fully installed

than:
sudo dpkg --configure libssl1.1

happened:
Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) ...
Checking for services that may need to be restarted...done.
Checking for services that may need to be restarted...done.
Checking init scripts...
Restarting services possibly affected by the upgrade:
Services restarted successfully.
Processing triggers for libc-bin (2.27-3ubuntu1) ...

than:
sudo dpkg-reconfigure libssl1.1

Revision history for this message
Stephen Davidson (i-ste6e-l) wrote :

Workaround recovered me as well, thanks!

Revision history for this message
budgester (budgester) wrote :

I am using a bento/ubuntu18.04 box on vagrant/kitchen-ci with the kitchen-ansible provisioner and can reproduce this bug.

       Setting up python-idna (2.6-1) ...
       Setting up python-yaml (3.12-1build2) ...
       Setting up python-asn1crypto (0.24.0-1) ...
       Setting up python-pyasn1 (0.4.2-3) ...
       Setting up python-pkg-resources (39.0.1-2) ...
       Setting up python-markupsafe (1.0-1build1) ...
       Setting up python-httplib2 (0.9.2+dfsg-1ubuntu0.1) ...
       Setting up python-cffi-backend (1.11.5-1) ...
       Setting up python-six (1.11.0-2) ...
       Processing triggers for libc-bin (2.27-3ubuntu1) ...
       Setting up sshpass (1.06-1) ...
       Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.2) ...
       Checking for services that may need to be restarted...done.
       Checking for services that may need to be restarted...done.
       Checking init scripts...
       dpkg: error processing package libssl1.1:amd64 (--configure):
        installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
       Setting up python-enum34 (1.1.6-2) ...
       dpkg: dependency problems prevent configuration of python-cryptography:
        python-cryptography depends on libssl1.1 (>= 1.1.1); however:
         Package libssl1.1:amd64 is not configured yet.

       dpkg: error processing package python-cryptography (--configure):
        dependency problems - leaving unconfigured
       Processing triggers for man-db (2.8.3-2ubuntu0.1) ...No apport report written because the error message indicates its a followup error from a previous failure.

       Setting up python-ipaddress (1.0.17-1) ...
       Setting up python-setuptools (39.0.1-2) ...
       Setting up python-jinja2 (2.10-1ubuntu0.18.04.1) ...
       dpkg: dependency problems prevent configuration of libssl-dev:amd64:
        libssl-dev:amd64 depends on libssl1.1 (= 1.1.1-1ubuntu2.1~18.04.2); however:
         Package libssl1.1:amd64 is not configured yet.

       dpkg: error processing package libssl-dev:amd64 (--configure):
        dependency problems - leaving unconfigured
       dpkg: dependency problems prevent configuration of python-paramiko:No apport report written because the error message indicates its a followup error from a previous failure

The fix works, this has only been an issue since 14th July 2019.

budgester (budgester)
Changed in openssl (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssl (Ubuntu Bionic):
status: New → Confirmed
Changed in openssl (Ubuntu Cosmic):
status: New → Confirmed
Changed in openssl (Ubuntu Disco):
status: New → Confirmed
Dimitri John Ledkov (xnox)
description: updated
Changed in openssl (Ubuntu Eoan):
status: Confirmed → Fix Committed
Changed in openssl (Ubuntu Disco):
status: Confirmed → In Progress
Changed in openssl (Ubuntu Cosmic):
status: Confirmed → In Progress
Changed in openssl (Ubuntu Bionic):
status: Confirmed → In Progress
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

downgraded bionic lxd container to bionic release / security packages only.
installing libssl1.1 from -updates fails with:
dpkg: error processing package libssl1.1:amd64 (--configure):
 installed libssl1.1:amd64 package post-installation script subprocess returned error exit status 10
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Errors were encountered while processing:
 libssl1.1:amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)

Upgrading back to libssl1.1 from bionic-updates fails.
Upgrading from bionic-security to the CI train ppa succeeds.

Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Amine, or anyone else affected,

Accepted openssl into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in openssl (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Amine, or anyone else affected,

Accepted openssl into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in openssl (Ubuntu Cosmic):
status: In Progress → Fix Committed
tags: added: verification-needed-cosmic
Changed in openssl (Ubuntu Disco):
status: In Progress → Fix Committed
tags: added: verification-needed-disco
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Amine, or anyone else affected,

Accepted openssl into disco-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1b-1ubuntu2.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-disco to verification-done-disco. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-disco. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.1.1c-1ubuntu3

---------------
openssl (1.1.1c-1ubuntu3) eoan; urgency=medium

  * Import libraries/restart-without-asking as used in postinst, to
    prevent failure to configure the package without debconf database. LP:
    #1832919

 -- Dimitri John Ledkov <email address hidden> Thu, 20 Jun 2019 17:59:55 +0100

Changed in openssl (Ubuntu Eoan):
status: Fix Committed → Fix Released
Revision history for this message
budgester (budgester) wrote :

Get:1 http://ppa.launchpad.net/ansible/ansible/ubuntu bionic/main amd64 ansible all 2.8.1-1ppa~bionic [5,140 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libssl-dev amd64 1.1.1-1ubuntu2.1~18.04.4 [1,566 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-proposed/main amd64 libssl1.1 amd64 1.1.1-1ubuntu2.1~18.04.4 [1,300 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-markupsafe amd64 1.0-1build1 [13.0 kB]
Get:5 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-jinja2 all 2.10-1ubuntu0.18.04.1 [94.8 kB]
Get:6 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-yaml amd64 3.12-1build2 [115 kB]
Get:7 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-asn1crypto all 0.24.0-1 [72.7 kB]
Get:8 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-cffi-backend amd64 1.11.5-1 [63.4 kB]
Get:9 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-enum34 all 1.1.6-2 [34.8 kB]
Get:10 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-idna all 2.6-1 [32.4 kB]
Get:11 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-ipaddress all 1.0.17-1 [18.2 kB]
Get:12 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-six all 1.11.0-2 [11.3 kB]
Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-cryptography amd64 2.1.4-1ubuntu1.3 [221 kB]
Get:14 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-pyasn1 all 0.4.2-3 [46.7 kB]
Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-paramiko all 2.0.0-1ubuntu1.2 [110 kB]
Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-httplib2 all 0.9.2+dfsg-1ubuntu0.1 [34.7 kB]
Get:17 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-pkg-resources all 39.0.1-2 [128 kB]
Get:18 http://archive.ubuntu.com/ubuntu bionic/main amd64 python-setuptools all 39.0.1-2 [329 kB]
Get:19 http://archive.ubuntu.com/ubuntu bionic/universe amd64 sshpass amd64 1.06-1 [10.5 kB]
Fetched 9,342 kB in 5s (1,812 kB/s)
       Preconfiguring packages ...
(Reading database ... 42089 files and directories currently installed.)
       Preparing to unpack .../00-libssl-dev_1.1.1-1ubuntu2.1~18.04.4_amd64.deb ...
       Unpacking libssl-dev:amd64 (1.1.1-1ubuntu2.1~18.04.4) over (1.1.0g-2ubuntu4.3) ...
       Preparing to unpack .../01-libssl1.1_1.1.1-1ubuntu2.1~18.04.4_amd64.deb ...
       Unpacking libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.4) over (1.1.0g-2ubuntu4.3) ...
.
.
 Setting up libssl1.1:amd64 (1.1.1-1ubuntu2.1~18.04.4) ...
       Checking for services that may need to be restarted...done.
       Checking for services that may need to be restarted...done.
       Checking init scripts...

       Restarting services possibly affected by the upgrade:

       Services restarted successfully.

       Setting up python-enum34 (1.1.6-2) ...
       Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
       Setting up python-ipaddress (1.0.17-1) ...
       Setting up python-setuptools (39.0.1-2) ...
       Setting up python-jinja2 (2.10-1ubuntu0.18.04.1) ...
       Setting up libssl-dev:amd64 (1.1.1-1ubuntu2.1~18.04.4) ...

Fix confirmed.

(Ubuntu Bionic):
tags: verification-done-bionic

Marc Deslauriers (mdeslaur)
tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for openssl has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.1.1-1ubuntu2.1~18.04.4

---------------
openssl (1.1.1-1ubuntu2.1~18.04.4) bionic; urgency=medium

  * Import libraries/restart-without-asking as used in postinst, to
    prevent failure to configure the package without debconf database.
    LP: #1832919

 -- Dimitri John Ledkov <email address hidden> Thu, 20 Jun 2019 18:36:28 +0100

Changed in openssl (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Peter (kzqdnsw4i20a5pz94-peter) wrote :

We seem to be still affected by this even with 1.1.1-1ubuntu2.1~18.04.4 installed. Though our use case is during a PXE install, but we will get prompted to restart services where is before that was never the case. bionic LTS is the only LTS we are seeing on it. I can repo the issue and send any logs that you may need

Revision history for this message
Robie Basak (racb) wrote :

@Peter

I think you might be facing a subtly different bug. To avoid confusion, please could you send us steps to reproduce in a separate bug against the openssl package, and tag that bug regression-update? If it turns out to be the same issue, we can always mark it is a duplicate later.

Revision history for this message
Steve Langasek (vorlon) wrote :

This bug report is about the package postinst crashing with error code 10, not about being prompted on package upgrade about service restart.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Using bionic as a base, and upgrading all the way to disco:
(bionic-amd64)root@ottawa:~# echo PURGE | debconf-communicate libpam0g:amd64
0
(bionic-amd64)root@ottawa:~# echo PURGE | debconf-communicate libpam0g
0
(bionic-amd64)root@ottawa:~# echo PURGE | debconf-communicate libc6:amd64
0
(bionic-amd64)root@ottawa:~# echo PURGE | debconf-communicate libc6
0
(bionic-amd64)root@ottawa:~# echo PURGE | debconf-communicate libssl1.1
0
(bionic-amd64)root@ottawa:~# echo PURGE | debconf-communicate libssl1.1:amd64
0
(bionic-amd64)root@ottawa:~# dpkg-query -W libssl1.1
libssl1.1:amd64 1.1.0g-2ubuntu4

(upgrade)
(got promted for restarting services, meaning template got initiated correctly)

Services restarted successfully.

Setting up openssl (1.1.1b-1ubuntu2.4) ...

tags: added: verification-done verification-done-cosmic verification-done-disco
removed: verification-needed verification-needed-cosmic verification-needed-disco
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.1.1b-1ubuntu2.4

---------------
openssl (1.1.1b-1ubuntu2.4) disco; urgency=medium

  * Import libraries/restart-without-asking as used in postinst, to
    prevent failure to configure the package without debconf database.
    LP: #1832919

 -- Dimitri John Ledkov <email address hidden> Thu, 20 Jun 2019 18:31:25 +0100

Changed in openssl (Ubuntu Disco):
status: Fix Committed → Fix Released
Mathew Hodson (mhodson)
Changed in openssl (Ubuntu Cosmic):
status: Fix Committed → Won't Fix
tags: removed: libssl1.1 verification-done
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.