Debian Bug report logs - #895342
suricata: new version fails to start if eth0 not present

Full log

🔗 View this message in rfc822 format

X-Loop: [email protected]
Subject: Bug#895342: suricata: new version fails to start if eth0 not present
Reply-To: Steve Langasek <[email protected]>, [email protected]
Resent-From: Steve Langasek <[email protected]>
Resent-To: [email protected]
Resent-CC: Pierre Chifflier <[email protected]>
X-Loop: [email protected]
Resent-Date: Wed, 18 Apr 2018 17:33:03 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
X-Debian-PR-Message: followup 895342
X-Debian-PR-Package: suricata
X-Debian-PR-Keywords: 
References: <CAOkSjBgir+Vri7m+b1nrxY76VhkBNm3_qA2rLQHYa4F98DL8Fg@mail.gmail.com> <[email protected]>
X-Debian-PR-Source: suricata
Received: via spool by [email protected] id=B895342.152407266115997
          (code B ref 895342); Wed, 18 Apr 2018 17:33:03 +0000
Received: (at 895342) by bugs.debian.org; 18 Apr 2018 17:31:01 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.1-bugs.debian.org_2005_01_02
	(2015-04-28) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-18.9 required=4.0 tests=BAYES_00,FOURLA,PGPSIGNATURE,
	TXREP,URIBL_CNKR autolearn=ham autolearn_force=no
	version=3.4.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 14; hammy, 149; neutral, 172; spammy,
	1. spammytokens:0.993-+--bed hammytokens:0.000-+--H*c:pgp-sha512,
	0.000-+--langasek, 0.000-+--Langasek, 0.000-+--autopkgtest, 0.000-+--U*vorlon
Received: from becquer.dodds.net ([207.224.24.209])
	by buxtehude.debian.org with esmtp (Exim 4.89)
	(envelope-from <[email protected]>)
	id 1f8qv7-00049p-D8
	for [email protected]; Wed, 18 Apr 2018 17:31:01 +0000
Received: from virgil.dodds.net (unknown [192.168.15.71])
	by becquer.dodds.net (Postfix) with ESMTPA id 5EF57250BA;
	Wed, 18 Apr 2018 10:30:57 -0700 (PDT)
Received: by virgil.dodds.net (Postfix, from userid 1000)
	id 2E86961EBD; Wed, 18 Apr 2018 10:30:56 -0700 (PDT)
Date: Wed, 18 Apr 2018 10:30:56 -0700
From: Steve Langasek <[email protected]>
To: Arturo Borrero Gonzalez <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="Ns7jmDPpOpCD+GE/"
Content-Disposition: inline
In-Reply-To: <CAOkSjBgir+Vri7m+b1nrxY76VhkBNm3_qA2rLQHYa4F98DL8Fg@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)

[Message part 1 (text/plain, inline)]

Control: reopen -1

Hi Arturo,

On Wed, Apr 18, 2018 at 11:07:32AM +0200, Arturo Borrero Gonzalez wrote:
> If you check debian/tests/systemd-service-test.sh [0], the interface
> in use by the config file is decided at runtime.

This code runs only for one of the tests.  It doesn't change the fact that
the suricata service as a whole is broken on install when eth0 is not
present, and all commands which try to talk to the daemon prior to that
point in the tests will fail.

You could fix the autopkgtests to not depend on eth0 if you moved the
systemd-service-test.sh to run before all other tests.  But I don't think
that would fix this bug, because I think the behavior of the package itself
is still wrong.

> What autopkgtest tests are you running?

The ones shipped in your package.

> This seem like an ubuntu specific issue. All tests in debian are going
> fine, both in unstable and in testing [1].

The tests work fine in Debian because the testbed HAPPENS TO HAVE AN eth0
INTERFACE, as I said in the original bug report.  I know the difference
between Debian and Ubuntu and am not in the habit of gratuitously
overinflating the severity of bugs filed in Debian for Ubuntu-specific
issues.

> This Debian bug may result in the package being removed from Debian
> testing for no actual reason.

I wrote the reason in my original bug report:

  I'm filing this as serious because it seems to me that neither of these
  behaviors - either starting up and being ineffective because it's running on
  the wrong interface, or failing to start up because the interface is
  hard-coded and not present - is a reasonable default behavior for an IDS.  I
  think the interface should either be autodetected or prompted for at install
  time.

I also wrote:

  Feel free to downgrade if you disagree.

It's not clear to me that you disagree.  It's not clear to me that you even
read my bug report.  So, reopening at original severity.

> Closing this bug now as it seems totally bogus.

There is at least one bug here in the package, which is that the
autopkgtests make a brittle assumption that eth0 will be available in the
test bed.  eth0 is a legacy interface name in the kernel, and despite the
fact that eth0 is currently present on the ci.debian.net testbeds, this is
not a robust assumption.  If you want to reorder the tests so that the
config file setup is done first, then that would address the bug in the
autopkgtests.

I still also think it's a bug that the package installs successfully but the
daemon fails to start if there is no eth0 interface.  I think best practice
is that a package ensures its daemons can be started before the package is
configured, because it's better to surface a failure to the admin than to
consider a package "configured" without providing core functionality to
reverse-dependencies.  This was in my view the issue that warranted a
'serious' severity, but you are free to disagree and downgrade the bug.


> [0] https://salsa.debian.org/pkg-suricata-team/pkg-suricata/blob/master/debian/tests/systemd-service-test.sh
> [1] https://ci.debian.net/packages/s/suricata/

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
[email protected]                                     [email protected]

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.