Skip to content

Fix Debian postinst hang in preseed late_command chroot (#68269)#69427

Open
dwoz wants to merge 1 commit into
saltstack:3006.xfrom
dwoz:fix/issue-68269
Open

Fix Debian postinst hang in preseed late_command chroot (#68269)#69427
dwoz wants to merge 1 commit into
saltstack:3006.xfrom
dwoz:fix/issue-68269

Conversation

@dwoz

@dwoz dwoz commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

The Debian salt-minion (and salt-api, salt-cloud, salt-master,
salt-syndic) postinst scripts source /usr/share/debconf/confmodule
in their configure branch but never tear down the debconf protocol
before the auto-generated #DEBHELPER# section runs. confmodule
opens fd 3 as the debconf passthrough; without a matching db_stop
and exec 3>&-, fd 3 leaks into the debhelper-added
deb-systemd-helper invocations. In non-interactive Debian preseed
late_command chroots (no reachable parent debconf frontend) that
leak produces "Bad file descriptor" errors and can hang the install
entirely.

This PR adds the canonical debconf teardown (db_stop + exec 3>&-) on the configure branch of all five salt-*.postinst scripts,
and adds a regression test that stubs confmodule and replaces the
#DEBHELPER# token with an fd-3 leak probe.

What issues does this PR fix or reference?

Fixes #68269

Previous Behavior

apt-get install salt-minion invoked from a Debian preseed
late_command chroot hangs and reports
/var/lib/dpkg/info/salt-minion.postinst: 66: 3: Bad file descriptor,
breaking unattended Debian provisioning that installs the salt-minion
package.

New Behavior

The configure branch terminates the debconf protocol cleanly with
db_stop and explicitly closes fd 3 with exec 3>&- before the
debhelper-generated section runs. deb-systemd-helper no longer
inherits a stale fd 3, and the postinst completes whether or not the
parent debconf frontend is reachable.

Merge requirements satisfied?

  • Used a documented testing strategy
  • Includes tests
  • Includes documentation (changelog/68269.fixed.md)

Commits signed with GPG?

No (matches base branch tip)

@dwoz dwoz requested a review from a team as a code owner June 12, 2026 00:20
@dwoz dwoz added this to the Sulphur v3006.26 milestone Jun 12, 2026
@dwoz dwoz added the test:full Run the full test suite label Jun 12, 2026
@dwoz dwoz force-pushed the fix/issue-68269 branch from db2366a to 79804cd Compare June 14, 2026 02:05
@dwoz
Fix Debian postinst hang/Bad-fd in preseed late_command chroot
ec54f2d 
The salt-minion (and salt-api, salt-cloud, salt-master, salt-syndic)
postinst scripts source /usr/share/debconf/confmodule in their
configure branch but never tear down the debconf protocol before the
auto-generated #DEBHELPER# section runs.

confmodule sets up fd 3 as the debconf passthrough (exec 3>&1).
Without a matching db_stop + exec 3>&- pair, fd 3 leaks into the
debhelper-added deb-systemd-helper invocations. In a normal
interactive apt-get install this is mostly invisible, but in a
non-interactive Debian preseed late_command chroot (where the parent
debconf frontend is not reachable) it produces "Bad file descriptor"
errors and can hang the install entirely.

Add the standard debconf teardown after the case block in all five
salt-*.postinst scripts. Only run it on the configure branch, since
that's the only path that sources confmodule.

Regression test in tests/pytests/unit/pkg/ stubs confmodule and
substitutes the #DEBHELPER# token with an fd-3-leak probe; the test
exercises all five postinst scripts and confirms fd 3 is closed and
db_stop is called before #DEBHELPER# runs.

Fixes saltstack#68269
@dwoz dwoz force-pushed the fix/issue-68269 branch from 79804cd to ec54f2d Compare June 15, 2026 05:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

test:full Run the full test suite

Projects

None yet

Milestone

Sulphur v3006.26

Development

Successfully merging this pull request may close these issues.

1 participant

@dwoz