Trisuel AIDE Package Upgrade Snag And Rant

tech-volunteer-meeting
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Trisuel AIDE Package Upgrade Snag And Rant

From:	Bob Proulx
Subject:	Trisuel AIDE Package Upgrade Snag And Rant
Date:	Sat, 29 Oct 2022 13:39:34 -0600
The recent Trisquel 10 to 11 upgrade caught a small snag for the AIDE
package upgrade.  This might be considered a daily rant.

    AIDE -- Advanced Intrusion Detection Environment.

It is useful to notify in the case of changes to system files.  This
is one of the standard packages which does this.  Just one cog in the
machine.

I upgraded frontend2 to the latest Trisuel 11 release candidate (equiv
to Ubuntu 22.04) and hit another one of those times when you can't
believe that it is completely broken and hasn't been fixed.  These
packages of aide and aide-common should be passthrough packages from
Ubuntu into Trisquel so probably broken in Ubuntu too but don't know
as I didn't verify it there.

This is the Trisquel 10 equiv Ubuntu 20.04 version of the file.

    root@frontend1:~# ll /etc/aide/aide.conf.d/31_aide_smokeping
    -rwxr-xr-x 1 root root 476 Dec 16  2013
    /etc/aide/aide.conf.d/31_aide_smokeping

    root@frontend1:~# cat /etc/aide/aide.conf.d/31_aide_smokeping
    #!/bin/bash

    if [ -d "/var/lib/smokeping" ]; then
      find /var/lib/smokeping -type f -name '*.rrd' | \
           sed 's/^\(.*\)/\1$ VarFile/'
    fi
    if [ -d "/var/www/smokeping" ]; then
      find /var/www/smokeping -type f -name '*.png' | \
           sed 's/^\(.*\)/\1$ VarFile/'
      find /var/www/smokeping -type f -name '*.maxhight' | \
           sed 's/^\(.*\)/\1$ VarFile/'
    fi

    cat <<EOF
    /@@{RUN}/smokeping/smokeping\.pid$ VarFile
    /@@{RUN}/smokeping$ VarDirInode
    !/tmp/speedy\.6\.21\.F$
    EOF

Okay.  It's executable.  It's a bash script.  It works.  Because it is
executable it is invoked and the output is included in the built up
configuration file.  That's the way the previous version worked.
Let's upgrade to the current version.

Here is the next version in Trisquel 11 equiv Ubuntu 22.04 version.

    root@frontend2:~# ll /etc/aide/aide.conf.d/31_aide_smokeping
    -rwxr-xr-x 1 root root 523 Oct 25 18:53 
/etc/aide/aide.conf.d/31_aide_smokeping

    root@frontend2:~# cat /etc/aide/aide.conf.d/31_aide_smokeping
    @@define VLS var/lib/smokeping
    @@define VCS var/cache/smokeping
    /@@{VLS}/Local/LocalMachine\\.rrd$ f VarFile
    /@@{VLS}/__sortercache$ d VarDir
    /@@{VLS}/__sortercache/data\\.FPing6?\\.storable$ f VarFile
    /@@{VLS}/[a-z-]+(/[-a-z0-9_]+)?/[-a-z0-9_]+(_[0-9a-f_]+)?\\.rrd$ f VarFile
    
/@@{VCS}/images/([-[:alnum:]_]+/)+[-[:alnum:]_]+(_(last_(108000?|31104000|864000?)|mini)\\.png|\\.maxheight)$
 f VarFile
    /@@{VCS}/images/__navcache$ d VarDir
    
!/@@{VCS}/images/__navcache/[[:digit:]]{13,15}_[[:digit:]]{10}_[[:digit:]]{10}\\.png$
 f

What?  Huh?  What?  Needless to say this breaks everything, unable to
create a config file, death and destruction, dogs and cats living
together, AIDE is completely broken.

    root@frontend2:~# aideinit
    Running aide --init...
      ERROR: /etc/aide/aide.conf.d/31_aide_smokeping: stderr>   ERROR: 
/etc/aide/aide.conf.d/31_aide_smokeping: execl failed: Exec format error
      ERROR: /etc/aide/aide.conf.d/31_aide_smokeping: execution failed (exit 
status: 1)
    AIDE --init return code 20

I look in the aide-common.postinst script and find this snippet.

    # in aide 0.17.2-1, the smokeping snippet has been made static
    # instead of being a executable snippet. Remove x bits on an unchanged
    # file
    if [ "$(sha256sum /etc/aide/aide.conf.d/31_aide_smokeping)" = 
"99f11d04cf33318cef28cb71c252ee0f7b5c37e91893e813973ee120f301a5a7 
/etc/aide/aide.conf.d/31_aide_smokeping" ]; then
        chmod 0644 /etc/aide/aide.conf.d/31_aide_smokeping
    fi

    root@frontend1:~# dpkg -l |grep aide
    ii aide         0.16.1-1ubuntu0.1 amd64  AIDE - static binary
    ii aide-common  0.16.1-1ubuntu0.1 all    AIDE - Common files

    root@frontend2:~# dpkg -l |grep aide
    ii aide         0.17.4-1 amd64  AIDE - dynamic binary
    ii aide-common  0.17.4-1 all    AIDE - Common files

I abbreviated this above slightly.

    root@frontend2:~# sha256sum /etc/aide/aide.conf.d/31_aide_smokeping
    38da62161e480becd5eac8373058bbe25f78a2cfe46e116aebe44cf1060393f5 
/etc/aide/aide.conf.d/31_aide_smokeping

    root@frontend1:~# sha256sum /etc/aide/aide.conf.d/31_aide_smokeping
    cdd755947d2847e96290b675f95fd2b67f13a5e861f49c0d4e6bbc3bf6d18923 
/etc/aide/aide.conf.d/31_aide_smokeping

It was 0.16.1-1ubuntu0.1 in the previous version.  So they are
assuming that this will match that particular signature.  But it
doesn't.  That's the bug.  Fix it manually.

    root@frontend2:~# chmod a-x /etc/aide/aide.conf.d/31_aide_smokeping

I look at a Debian system and it has the right file hash.

    root@despair:~# sha256sum /etc/aide/aide.conf.d/31_aide_smokeping
    99f11d04cf33318cef28cb71c252ee0f7b5c37e91893e813973ee120f301a5a7  
/etc/aide/aide.conf.d/31_aide_smokeping

    despair: ii aide         0.17.3-4+deb11u1  i386  AIDE - static binary
    despair: ii aide-common  0.17.3-4+deb11u1  all   AIDE - Common files

So the problem is that Ubuntu took the Debian package directly.  Which
is usually okay.  Except that the OS releases have different release
points containing different versions from Ubuntu.  Effectly Ubuntu,
and therefore Trisquel, skipped the Debian release containing the file
with exactly that file content hash signature.  And as we all know it
is not supported to skip releases!  This is one example of why.

I don't want to bury this in the noise.  I'll say it again to
emphasize.  Trisquel skips a release point.  And skipping release
points is not supported.  Trisquel should have forked for a different
hash signature in the postinst script.  Or even better improved the
postinst script.

Instead of the rigid file checksum signature they could have looked to
see if it was the previous shell script or not.

    root@frontend1:~# sed 1q /etc/aide/aide.conf.d/31_aide_smokeping
    #!/bin/bash

    root@frontend2:~# sed 1q /etc/aide/aide.conf.d/31_aide_smokeping
    @@define VLS var/lib/smokeping

And then base the action upon it being a script or not.  Because any
change will break the hash signature.  This snag was hit with pristine
copies of the file.  It was NOT modified locally.  There is the
possible issue that someone might want the file to be broken, might
have modified the file, and might argue that as a local change the
postinst script should not change the file mode in the more flexible
method I describe.  I only know one person that pedantic who routinely
argues this point and I think the greater good out weighs.

The postinst author simply created a rigid system, rigid systems are
fragile, and it broke due to lacking flexibility.  This is an example
of why rigid systems are bad and more flexible systems are better.

The crazy thing is that it is still broken?  Ubuntu upgrades are
always like moving from one unfinished house into another unfinished
house.

This has been, A Daily Rant!

Bob
[Prev in Thread]
Current Thread
[Next in Thread]
Trisuel AIDE Package Upgrade Snag And Rant, Bob Proulx <=
Prev by Date: Google needs slow delivery
Previous by thread: Google needs slow delivery
Index(es):
- Date
- Thread