Bug #15418

Find out what's going on with Exim in our ISO build process

Added by intrigeri 2018-03-16 16:43:36 . Updated 2018-06-28 20:28:52 .

Status:
Resolved
Priority:
Elevated
Assignee:
Category:
Target version:
Start date:
2018-03-16
Due date:
% Done:

100%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

The Debian-exim user has been involved in the two cases where we had UID/GID variation accross releases, which broke automatic upgrades. I think we could do something cheap in order to decrease the chances such problems happen.


Subtasks


Related issues

Related to Tails - Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades Resolved 2018-06-28
Related to Tails - Bug #15690: Stop installing all "Priority: standard" packages only to remove some of them later Resolved 2018-06-29
Blocks Tails - Feature #15334: Core work 2018Q3: Foundations Team Resolved 2018-02-20

History

#1 Updated by intrigeri 2018-03-16 16:44:22

  • Assignee changed from intrigeri to bertagaz
  • Priority changed from Normal to Elevated
  • QA Check set to Info Needed

bertagaz: please send me the full build log for 3.6~rc1 and 3.6 so I can investigate. I probably won’t have time to work on this after the end of March so it would be really nice if you could spend 5 minutes to do this soon.

#2 Updated by intrigeri 2018-03-16 16:45:13

#3 Updated by intrigeri 2018-03-16 16:48:33

  • related to Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades added

#4 Updated by intrigeri 2018-03-30 08:37:41

intrigeri wrote:
> bertagaz: please send me the full build log for 3.6~rc1 and 3.6 so I can investigate. I probably won’t have time to work on this after the end of March so it would be really nice if you could spend 5 minutes to do this soon.

Ping? Thanks in advance.

#5 Updated by intrigeri 2018-04-08 13:55:21

  • blocked by deleted (Feature #13245: Core work 2018Q1: Foundations Team)

#6 Updated by intrigeri 2018-04-08 13:55:27

#7 Updated by bertagaz 2018-05-10 11:09:32

  • Target version changed from Tails_3.7 to Tails_3.8

#8 Updated by intrigeri 2018-05-26 08:58:56

intrigeri wrote:
> intrigeri wrote:
> > bertagaz: please send me the full build log for 3.6~rc1 and 3.6 so I can investigate. I probably won’t have time to work on this after the end of March so it would be really nice if you could spend 5 minutes to do this soon.
>
> Ping? Thanks in advance.

Ping? Note that I’m not asking you do do anything here besides emailing me two build logs for releases you did :)

#9 Updated by intrigeri 2018-06-26 16:28:05

  • Target version changed from Tails_3.8 to Tails_3.9

#10 Updated by intrigeri 2018-06-27 15:43:21

  • Assignee changed from bertagaz to intrigeri
  • QA Check deleted (Info Needed)

I suspect that for some reason, under some constraints exim4-daemon-light is installed, possibly because it Provides: default-mta. This package Depends: exim4-base which creates the Debian-exim user. Note that the exim4-config package also creates that user.

Now, all this is mere speculation and it’ll be easier to understand by looking at the build logs that I’ve requested 3.5 months ago. I’m not convinced that I’ll get these build logs within a reasonable time frame so I’ll try to build from the 3.6 tag and if it still works, this should reproduce the problem. If I don’t manage build from that tag, then we’ll be back to square one i.e. trying to get the logs from bertagaz.

#11 Updated by intrigeri 2018-06-28 13:57:38

  • blocked by deleted (Feature #15139: Core work 2018Q2: Foundations Team)

#12 Updated by intrigeri 2018-06-28 13:57:42

#13 Updated by intrigeri 2018-06-28 19:24:55

No trace of exim in my 3.6 build log. Going to build 3.5.

#14 Updated by intrigeri 2018-06-28 19:26:56

  • Assignee changed from intrigeri to anonym
  • QA Check set to Info Needed

intrigeri wrote:
> No trace of exim in my 3.6 build log. Going to build 3.5.

… except the time-based snapshots needed to build the basebox for 3.5 are gone so I can’t build it.

anonym, can you please send me the 3.5 build log?

#15 Updated by intrigeri 2018-06-28 19:52:05

  • Assignee changed from anonym to intrigeri
  • QA Check deleted (Info Needed)

Actually the last version that got exim mixed in was 3.6~rc1 and it looks like I can actually build this one.

#16 Updated by intrigeri 2018-06-28 20:28:52

  • Status changed from Confirmed to Resolved
  • Assignee deleted (intrigeri)
  • % Done changed from 0 to 100

OK, I think I got it. We install Priority: standard packages with tasksel. These priorities are set in the packages themselves but Debian ftp-masters can override them. In the main Debian archive, exim4 from Stretch is Priority: optional but security.debian.org was out-of-sync at some point early this year: exim4 was still Priority: standard. So when exim4 4.89-2+deb9u3 was uploaded to the Debian security archive (2018-02-14) it was Priority: standard which is why the 3.6~rc1 build picked it up (along with dnsutils, host, and their dependencies, by the way). This archive bug was fixed later and exim4 is back to Priority: optional, as it should be, which is why 3.6 and later did not install it via tasksel.

I’ll think on Bug #15419 about whether we could cheaply detect such issues earlier in the release process, before we’ve invested enough time into QA to feel lazy and ship a broken release as-is.

#17 Updated by intrigeri 2018-06-29 12:37:21

  • related to Bug #15690: Stop installing all "Priority: standard" packages only to remove some of them later added