File: //proc/self/root/proc/thread-self/root/var/lib/dpkg/info/cloud-init.postinst
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
set -f # disable pathname expansion
db_capb escape # to support carriage return / multi-line values
debug() {
[ "${_CI_UPGRADE_DEBUG:-0}" = "0" ] && return 0
echo "$@" 1>&2 || :
}
update_cfg() {
# takes filename, header, new object (in yaml), optionally 'remover'
# and merges new into existing object in filename, and then updates file
# remover a string that means "delete existing entry"
python3 -c '
import sys, yaml
def update(src, cand):
if not (isinstance(src, dict) and isinstance(cand, dict)):
return cand
for k, v in cand.items():
# if the candidate has _ as value, delete source
if v == REMOVER:
if k in src:
del src[k]
continue
if k not in src:
src[k] = v
else:
src[k] = update(src[k], v)
return src
(fname, header, newyaml) = sys.argv[1:4]
REMOVER = object
if len(sys.argv) == 5:
REMOVER = sys.argv[4]
newcfg = yaml.load(newyaml)
with open(fname, "r") as fp:
cfg = yaml.load(fp)
if not cfg: cfg = {}
cfg = update(cfg, newcfg)
with open(fname, "w") as fp:
fp.write(header + "\n")
fp.write(yaml.dump(cfg))' "$@"
}
handle_preseed_maas() {
local cfg_file="/etc/cloud/cloud.cfg.d/90_dpkg_maas.cfg"
local md_url="" creds_all="" c_key="" t_key="" t_sec="" c_sec="";
db_get "cloud-init/maas-metadata-url" && md_url="$RET" || :
db_get "cloud-init/maas-metadata-credentials" && creds_all="$RET" || :
# nothing to do
[ -n "$md_url" -o -n "$creds_all" ] || return 0
# change a url query string format into : delimited
if [ -n "$creds_all" -a "${creds_all#*&}" != "${creds_all}" ]; then
# the command here ends up looking like:
# python3 -c '...' 'oauth_consumer_key=v1&oauth_token_key=v2...' \
# oauth_consumer_key oauth_token_key oauth_token_secret
creds_all=$(python3 -c 'from six.moves.urllib.parse import parse_qs;
import sys;
keys = parse_qs(sys.argv[1])
for k in sys.argv[2:]:
sys.stdout.write("%s:" % keys.get(k,[""])[0])' "$creds_all" \
oauth_consumer_key oauth_token_key oauth_token_secret
)
fi
# now, if non-empty creds_all is: consumer_key:token_key:token_secret
if [ -n "$creds_all" ]; then
OIFS="$IFS"; IFS=:; set -- $creds_all; IFS="$OIFS"
c_key=$1; t_key=$2; t_sec=$3
fi
if [ "$md_url" = "_" -a "${c_key}:${t_key}:${t_sec}" = "_:_:_" ]; then
# if all these values were '_', the delete value, just delete the file.
rm -f "$cfg_file"
else
local header="# written by cloud-init debian package per preseed entries
# cloud-init/{maas-metadata-url,/maas-metadata-credentials}"
local pair="" k="" v="" pload="" orig_umask=""
for pair in "metadata_url:$md_url" "consumer_key:${c_key}" \
"token_key:${t_key}" "token_secret:$t_sec"; do
k=${pair%%:*}
v=${pair#${k}:}
[ -n "$v" ] && pload="${pload} $k: \"$v\","
done
# '_' would indicate "delete", otherwise, existing entries are left
orig_umask=$(umask)
umask 066
: >> "$cfg_file" && chmod 600 "$cfg_file"
update_cfg "$cfg_file" "$header" "datasource: { MAAS: { ${pload%,} } }" _
umask ${orig_umask}
fi
# now clear the database of the values, as they've been consumed
db_unregister "cloud-init/maas-metadata-url" || :
db_unregister "cloud-init/maas-metadata-credentials" || :
}
handle_preseed_local_cloud_config() {
local ccfg="" debconf_name="cloud-init/local-cloud-config"
local cfg_file="/etc/cloud/cloud.cfg.d/90_dpkg_local_cloud_config.cfg"
local header="# written by cloud-init debian package per preseed entry
# $debconf_name"
db_get "${debconf_name}" && ccfg="$RET" || :
if [ "$ccfg" = "_" ]; then
rm -f "$cfg_file"
elif [ -n "$ccfg" ]; then
{ echo "$header"; echo "$ccfg"; } > "$cfg_file"
fi
db_unregister "${debconf_name}" || :
}
fix_1978422_redact_sensitive_logs_on_invalid_userdata_schema() {
local oldver="$1" last_bad_ver="22.2-0ubuntu1~22.04.2"
dpkg --compare-versions "$oldver" le "$last_bad_ver" || return 0
MSG="Redacting sensitive logs due to invalid cloud-config user-data from"
REMOTE_LOG_MSG="Sensitive logs containing 'Invalid cloud-config provided:' exist in journalctl and any remote log aggregators. Please manually redact such logs as necessary."
INVALID_USERDATA_LOG="Invalid cloud-config provided:$"
if [ -f /var/log/cloud-init.log ]; then
if grep -q "${INVALID_USERDATA_LOG}" /var/log/cloud-init.log; then
echo "${MSG} /var/log/cloud-init.log"
echo "${REMOTE_LOG_MSG}"
# Replace generic warning about invalid user-data
sed -i "s/Invalid cloud-config provided:/Invalid cloud-config provided: Please run 'sudo cloud-init schema --system' to see the schema errors./" /var/log/cloud-init.log
# Redact any lines until the next DEBUG, WARNING, ERROR or Info log
sed -i '/Invalid cloud-config provided:.*/,/DEBUG\|WARNING\|ERROR\|INFO\|Traceback/{/DEBUG\|WARNING\|ERROR\|INFO\|Traceback/b; /.*/d};' /var/log/cloud-init.log
fi
fi
if [ -f /var/log/cloud-init-output.log ]; then
if grep -q "${INVALID_USERDATA_LOG}" /var/log/cloud-init-output.log; then
echo "${MSG} /var/log/cloud-init-output.log"
# Replace generic warning about invalid user-data
sed -i "s/Invalid cloud-config provided:/Invalid cloud-config provided: Please run 'sudo cloud-init schema --system' to see the schema errors./" /var/log/cloud-init-output.log
# Redact any logs between Invalid cloud-config and 'Generating' or 'Cloud' log lines
sed -i '/Invalid cloud-config provided:.*/,/Generating\|Cloud/{/Generating\|Cloud\|WARNING\|ERROR\|INFO\|Traceback/b; /.*/d};' /var/log/cloud-init-output.log
fi
fi
}
fix_1336855() {
### Begin fix for LP: 1336855
# fix issue where cloud-init misidentifies the location of grub and
# where grub misidentifies the location of the device
# if cloud-init's grub module did not run, then it did not break anything.
[ -f /var/lib/cloud/instance/sem/config_grub_dpkg ] || return 0
# This bug only happened on /dev/xvda devices
[ -b /dev/xvda ] || return 0
# we can't fix the system without /proc/cmdline
[ -r /proc/cmdline ] || return 0
# Don't do anything unless we have grub
command -v grub-install > /dev/null || return 0
# First, identify the kernel device for the parent.
for parm in $(cat /proc/cmdline); do
dev=$(echo $parm | awk -F\= '{print$NF}')
case $parm in
root=UUID*) [ -d /dev/disk/by-uuid ] &&
root_dev=$(readlink -f /dev/disk/by-uuid/$dev);;
root=LABEL*) [ -d /dev/disk/by-label ] &&
root_dev=$(readlink -f /dev/disk/by-label/$dev);;
root=/dev*) [ -d /dev ] &&
root_dev=$(readlink -f $dev);;
esac
[ -n "$root_dev" ] && break
done
# Don't continue if we don't have a root directive
[ -z "$root_dev" ] && return 0
# Only deal with simple, cloud-based devices
case $root_dev in
/dev/vda*|/dev/xvda*|/dev/sda*) ;;
*) return 0;;
esac
# Make sure that we are not chrooted.
[ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ] && return 0
# Check if we are in a container, i.e. LXC
if systemd-detect-virt --quiet --container || lxc-is-container 2>/dev/null; then
return 0
fi
# Find out where grub thinks the root device is. Only continue if
# grub postinst would install/reinstall grub
db_get grub-pc/install_devices && grub_cfg_dev=${RET} || return 0
db_get grub-pc/install_devices_empty && grub_dev_empty=${RET} || return 0
# Find out the parent device for the root device.
# example output: sda/sda1
block_path=$(udevadm info -q path -n $root_dev | awk '-Fblock/' '{print$NF}') || return 0
# Extract the parent device name. This works where the device is a block device
# example output: /dev/sda
parent_dev=$(echo $block_path | awk '-F/' '$1 { if ( $1 ) {print"/dev/"$1}}')
[ -b "${parent_dev}" ] || return 0
# Do nothing if the device that the grub postinst would install is already used
[ "$grub_cfg_dev" = "$parent_dev" -o "$grub_cfg_dev" = "$root_dev" ] && return 0
# If we get here, do the installation
echo "Reconfiguring grub install device due to mismatch (LP: #1336855)"
echo " Grub should use $parent_dev but is configured for $grub_cfg_dev"
db_set grub-pc/install_devices "$parent_dev"
grub-install $parent_dev &&
echo "Reinstalled grub" ||
echo "WARNING! Unable to fix grub device mismatch. You may be broken."
}
cleanup_lp1552999() {
local oldver="$1" last_bad_ver="0.7.7~bzr1178"
dpkg --compare-versions "$oldver" le "$last_bad_ver" || return 0
local edir="/etc/systemd/system/multi-user.target.wants"
rm -f "$edir/cloud-config.service" "$edir/cloud-final.service" \
"$edir/cloud-init-local.service" "$edir/cloud-init.service"
}
disable_network_config_on_upgrade() {
local oldver="$1" last_without_net="0.7.7~bzr1182-0ubuntu1"
if [ ! -f /var/lib/cloud/instance/obj.pkl ]; then
# this is a fresh system not one that has been booted.
return 0
fi
if dpkg --compare-versions "$oldver" le "$last_without_net"; then
echo "dpkg upgrade from $oldver" > /var/lib/cloud/data/upgraded-network
fi
}
fix_azure_upgrade_1611074() {
# adjust /etc/fstab on azure so boot after resize does not mount
# /mnt as ntfs and stop re-formatting.
local fixed_ver="0.7.8-49-1" dspath="/var/lib/cloud/instance/datasource"
local oldver="$1" tmpf="" r="" wmsg="" me="cloud-init postinst"
# if not on azure, or not booted with instance/ skip out.
if [ ! -e "$dspath" ]; then
debug "no $dspath"
return 0
fi
if ! grep -qi azure "$dspath"; then
debug "not on azure per $dspath"
return 0
fi
# if there is no /etc/fstab, then nothing to fix.
if [ ! -e /etc/fstab ]; then
debug "no /etc/fstab"
return 0
fi
if dpkg --compare-versions "$oldver" ge "$fixed_ver"; then
debug "previous version was fixed"
return 0
fi
wmsg="WARN: $me failed."
wmsg="$wmsg Subsequent resize may not update ephemeral correctly."
tmpf=$(mktemp "${TMPDIR:-/tmp}/cloud-init-upgrade.XXXXXX") || {
echo "$wmsg (mktemp failed with $?)" 1>&2
return 0;
}
awk '{
if ($4 !~ /x-systemd.requires/ && $4 ~ /comment=cloudconfig/) {
sub(/comment=cloudconfig/, "x-systemd.requires=cloud-init.service,comment=cloudconfig")
}
printf("%s\n", $0)}' /etc/fstab > "$tmpf" || {
echo "$wmsg (awk reading of /etc/fstab failed with $?)" 1>&2
rm -f "$tmpf"
return 0;
}
if cmp /etc/fstab "$tmpf" >/dev/null 2>&1; then
debug "no changes needed."
else
cat "$tmpf" > /etc/fstab || {
r=$?
echo "$wmsg (cp $tmpf /etc/fstab failed with $r)"
echo ==== expected to write the following to /etc/fstab =====
cat "$tmpf"
echo ========================================================
return $r
} 1>&2
echo "$me fixed /etc/fstab for x-systemd.requires" 1>&2
fi
rm "$tmpf" || :
}
cleanup_ureadahead() {
local oldver="$1" last_bad_ver="0.7.9-243-ge74d775-0ubuntu2~"
dpkg --compare-versions "$oldver" le "$last_bad_ver" || return 0
dpkg-divert --package cloud-init --remove --rename --divert \
/etc/init/ureadahead.conf.disabled /etc/init/ureadahead.conf
}
fix_lp1889555() {
local oldver="$1" last_bad_ver="20.3-2-g371b392c-0ubuntu1"
dpkg --compare-versions "$oldver" le-nl "$last_bad_ver" || return 0
# if cloud-init's grub module did not run, then it did not break anything.
[ -f /var/lib/cloud/instance/sem/config_grub_dpkg ] || return 0
# Don't do anything unless we have grub
command -v grub-install > /dev/null || return 0
# Make sure that we are not chrooted.
[ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ] && return 0
# Check if we are in a container, i.e. LXC
if systemd-detect-virt --quiet --container || lxc-is-container 2>/dev/null; then
return 0
fi
# This bug only applies to NVMe devices
[ -e /dev/nvme0 ] || return 0
db_get grub-pc/install_devices && grub_cfg_dev=${RET} || return 0
# If the current setting is not the (potentially-incorrect) default we
# expect, this implies user intervention so leave things alone
[ "$grub_cfg_dev" = "/dev/sda" ] || return 0
correct_idev="$(python3 -c "import logging; from cloudinit.config.cc_grub_dpkg import fetch_idevs; print(fetch_idevs(logging.getLogger()))")" || return 0
# If correct_idev is the empty string, we failed to determine the correct
# install device; do nothing
[ -z "$correct_idev" ] && return 0
# If the correct_idev is already configured, do nothing
[ "$grub_cfg_dev" = "$correct_idev" ] && return 0
echo "Reconfiguring grub install device due to mismatch (LP: #1889555)"
echo " grub should use $correct_idev but is configured for $grub_cfg_dev"
db_set grub-pc/install_devices "$correct_idev"
db_set grub-pc/install_devices_empty "false"
}
change_cloud_init_output_log_permissions() {
# As a consequence of LP: #1918303
local oldver="$1" last_bad_ver="21.1-0ubuntu1"
dpkg --compare-versions "$oldver" le-nl "$last_bad_ver" || return 0
output_file="/var/log/cloud-init-output.log"
if [ -f "$output_file" ]; then
if getent group adm > /dev/null; then
chown root:adm $output_file
else
chown root $output_file
fi
chmod 640 $output_file
fi
}
rename_hook_hotplug_udev_rule() {
# Avoids LP: #1946003 see commit: b519d861aff8b44a0610c176cb34adcbe28df144
if [ -f /etc/udev/rules.d/10-cloud-init-hook-hotplug.rules ]; then
mv -f /etc/udev/rules.d/10-cloud-init-hook-hotplug.rules \
/etc/udev/rules.d/90-cloud-init-hook-hotplug.rules
fi
}
move_socket_fifo_to_share_dir() {
# This change arrived in cloud-init 25.1.3
local old_fifo_dir="/run/cloud-init/"
local new_fifo_dir="/run/cloud-init/share/"
# Move the socket fifo to /run/cloud-init/share
# The old location was /run/cloud-init/hook-hotplug-cmd
if [ -p "${old_fifo_dir}hook-hotplug-cmd" ]; then
# Ensure the share directory exists
mkdir -p "${new_fifo_dir}"
chmod 700 "${new_fifo_dir}"
mv -f "${old_fifo_dir}hook-hotplug-cmd" "${new_fifo_dir}"
chmod 600 "${new_fifo_dir}hook-hotplug-cmd"
invoke-rc.d cloud-init-hotplugd.socket restart || true
fi
}
if [ "$1" = "configure" ]; then
if db_get cloud-init/datasources; then
values="$RET"
if [ "${values#*MaaS}" != "${values}" ]; then
# if db had old MAAS spelling, fix it.
values=$(echo "$values" | sed 's,MaaS,MAAS,g')
db_set cloud-init/datasources "$values"
fi
cat > /etc/cloud/cloud.cfg.d/90_dpkg.cfg <<EOF
# to update this file, run dpkg-reconfigure cloud-init
datasource_list: [ $values ]
EOF
fi
# if there are maas settings pre-seeded apply them
handle_preseed_maas
# if there is generic cloud-config preseed, apply them
handle_preseed_local_cloud_config
# fix issue where cloud-init misidentifies the location of grub
fix_1336855
# make upgrades disable network changes by cloud-init
disable_network_config_on_upgrade "$2"
fix_azure_upgrade_1611074 "$2"
cleanup_ureadahead "$2"
fix_lp1889555 "$2"
change_cloud_init_output_log_permissions "$2"
# Redact schema sensitive warning logs on invalid user-data
fix_1978422_redact_sensitive_logs_on_invalid_userdata_schema "$2"
rename_hook_hotplug_udev_rule
move_socket_fifo_to_share_dir
fi
# Automatically added by dh_python3
if command -v py3compile >/dev/null 2>&1; then
py3compile -p cloud-init
fi
if command -v pypy3compile >/dev/null 2>&1; then
pypy3compile -p cloud-init || true
fi
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/init/cloud-config.conf 0.7.9-243-ge74d775-0ubuntu2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/init/cloud-final.conf 0.7.9-243-ge74d775-0ubuntu2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/init/cloud-init-blocknet.conf 0.7.9-243-ge74d775-0ubuntu2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/init/cloud-init-container.conf 0.7.9-243-ge74d775-0ubuntu2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/init/cloud-init-local.conf 0.7.9-243-ge74d775-0ubuntu2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/init/cloud-init-nonet.conf 0.7.9-243-ge74d775-0ubuntu2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/init/cloud-init.conf 0.7.9-243-ge74d775-0ubuntu2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/init/cloud-log-shutdown.conf 0.7.9-243-ge74d775-0ubuntu2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/NetworkManager/dispatcher.d/hook-network-manager 23.3.1-0ubuntu1\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/cloud/clean.d/README 24.1-0ubuntu0\~22.04.1\~ -- "$@"
# End automatically added section
# Automatically added by dh_installsystemd/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'cloud-config.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'cloud-config.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'cloud-config.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'cloud-config.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'cloud-final.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'cloud-final.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'cloud-final.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'cloud-final.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'cloud-init-hotplugd.socket' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'cloud-init-hotplugd.socket'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'cloud-init-hotplugd.socket' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'cloud-init-hotplugd.socket' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'cloud-init-local.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'cloud-init-local.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'cloud-init-local.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'cloud-init-local.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'cloud-init.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'cloud-init.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'cloud-init.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'cloud-init.service' >/dev/null || true
fi
fi
# End automatically added section
if [ "$1" = "configure" ]; then
oldver="$2"
cleanup_lp1552999 "$oldver"
fi