Bug #10867: squidGuard Package Hangs on Uninstall or Upgrade - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #10867

closed

squidGuard Package Hangs on Uninstall or Upgrade

Added by Kris Phillips over 3 years ago. Updated 10 months ago.

Status:

Resolved

Priority:

Normal

Assignee:

Christian McDonald

Category:

squidguard

Target version:

Start date:

09/05/2020

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

2.4.5-p1

Affected Plus Version:

Affected Architecture:

All

Description

Tested on two different appliances (SG-1100 and XG-7100), but likely affects all appliances. If you try to upgrade squidGuard from a previous version to the latest or attempt to uninstall the current version after successfully installing, it will hang on "Deinstall commands....done" and never move forward. The pkg-static process will hang (left without killing the process for 20 minutes without change), leaving the package database locked. Killing the processes can sometimes also leave the database in a locked state, requiring a reboot to resolve. Trying to run the uninstall process again after running pkill -9 pkg-static also fails at the same point.

The package will persist in the System --> Package Manager --> Installed Packages menu, but will have disappeared from the Services menu structure, leaving it in a "half uninstalled" state.

Output of "ps aux | grep pkg" showing the pkg-static process hung (tested waiting for 30 minutes and these processes remain):

root 26671 0.0 0.5 9552 4884 - I 11:29 0:00.01 pkg-static -
root 26749 0.0 0.3 9552 3032 - I 11:29 0:00.03 pkg-static -

System Log Output:
Sep 5 11:29:42 php /etc/rc.packages: [squid] - squid_resync function call pr:1 bp: rpc:no
Sep 5 11:29:44 php /etc/rc.packages: [squid] Adding cronjobs ...
Sep 5 11:29:44 php /etc/rc.packages: [squid] Antivirus features disabled.
Sep 5 11:29:44 php /etc/rc.packages: [squid] Removing freshclam cronjob.
Sep 5 11:29:44 php /etc/rc.packages: [squid] Stopping any running proxy monitors
Sep 5 11:29:45 php /etc/rc.packages: [squid] Reloading for configuration sync...
Sep 5 11:29:46 php /etc/rc.packages: [squid] Starting a proxy monitor script

After reboot, if you try to uninstall the package again, it still fails until you disable the squid service. Upon stopping the squid service, the uninstall goes through just fine.

It seems that the squid service isn't being stopped properly during the uninstall process of squidguard, since its dependent on it, so it's failing to uninstall.

Actions

Copy link

Updated by Jim Pingle over 3 years ago

Project changed from pfSense to pfSense Packages
Category set to squidguard
Status changed from New to Duplicate

Same root issue as #10610, it's a problem in pkg that Renato is already investigating.

Actions

Copy link

Updated by Steve Wheeler over 2 years ago

Still seeing this in 21.05. The packahe reinstall process stops at Squidguard with:

[5/15] Upgrading pfSense-pkg-squidGuard from 1.16.18_18 to 1.16.18_19...
[5/15] Extracting pfSense-pkg-squidGuard-1.16.18_19: .......... done
Removing squidGuard components...
Menu items... done.
Services... done.
Loading package instructions...
Deinstall commands...

Processes show as:

root       33   0.0  0.0  11756   2248 u0  Is+  14:50     0:00.01 |-- sh /etc/rc autoboot
root    38976   0.0  0.0  11412   3036 u0  I+   14:52     0:00.00 | `-- /bin/sh /usr/local/sbin/pfSense-upgrade -y -U -b 3
root    40376   0.0  0.0  10584   2220 u0  I+   14:52     0:00.00 |   `-- /usr/bin/lockf -s -t 5 /tmp/pfSense-upgrade.lock /usr/local/libexec/pfSense-upgrade -y -U -b 3
root    40698   0.0  0.0  12052   3280 u0  I+   14:52     0:00.01 |     `-- /bin/sh /usr/local/libexec/pfSense-upgrade -y -U -b 3
root    94250   0.0  0.0  12052   3276 u0  I+   14:52     0:00.00 |       `-- /bin/sh /usr/local/libexec/pfSense-upgrade -y -U -b 3
root    94500   0.0  0.0  12052   3276 u0  I+   14:52     0:00.00 |         |-- /bin/sh /usr/local/libexec/pfSense-upgrade -y -U -b 3
root    94856   0.0  0.1  16124   7692 u0  I+   14:52     0:00.00 |         | `-- pkg-static upgrade -U
root    95173   0.0  0.3  41460  23628 u0  S+   14:52     0:00.83 |         |   `-- pkg-static upgrade -U
clamav   3438   0.0  0.0      0      0  -  Z    14:53     0:09.14 |         |     |-- <defunct>
clamav   3466   0.0  0.0      0      0  -  Z    14:53     0:00.00 |         |     |-- <defunct>
clamav   3480   0.0  0.0      0      0  -  Z    14:53     0:00.00 |         |     |-- <defunct>
clamav   3829   0.0  0.0      0      0  -  Z    14:53     0:00.00 |         |     |-- <defunct>
root     4162   0.0  0.0      0      0  -  Z    14:53     0:00.00 |         |     |-- <defunct>
squid    4526   0.0  0.0      0      0  -  Z    14:53     0:00.11 |         |     |-- <defunct>
root     1693   0.0  0.0      0      0 u0  Z+   14:53     0:00.00 |         |     |-- <defunct>
clamav   2014   0.0  0.0      0      0 u0  Z+   14:53     0:00.01 |         |     |-- <defunct>
root     2233   0.0  0.0      0      0 u0  Z+   14:53     0:00.01 |         |     |-- <defunct>
root     6918   0.0  0.0      0      0 u0  Z+   14:53     0:00.00 |         |     |-- <defunct>
root     7201   0.0  0.0      0      0 u0  Z+   14:53     0:00.06 |         |     |-- <defunct>
root    73287   0.0  0.7  66516  53768 u0  I+   14:56     0:00.91 |         |     |-- /usr/local/bin/php -f /etc/rc.packages pfSense-pkg-squidGuard DEINSTALL
root    99680   0.0  0.0      0      0 u0  Z+   14:56     0:00.00 |         |     | `-- <defunct>
root    73640   0.0  0.0      0      0 u0  ZC+  14:54     0:00.00 |         |     |-- <defunct>
root    99272   0.0  0.0      0      0 u0  Z+   14:56     0:00.01 |         |     |-- <defunct>
root    99943   0.0  0.0  11508   3052 u0  I+   14:56     0:00.00 |         |     `-- sh -c /usr/bin/nohup /bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl > /dev/null 2>&1 & echo $!
root    94847   0.0  0.0  10668   2244 u0  IC+  14:52     0:00.01 |         `-- tee -a /cf/conf/upgrade_log.txt

Killing the deinstall process (73287) allows it to continue but then stops again at:

Saving updated package information...
overwrite!
Loading package configuration... done.
Configuring package components...
Loading package instructions...
Custom commands...
Executing custom_php_install_command()...

root       33   0.0  0.0  11756   2248 u0  Is+  14:50     0:00.01 |-- sh /etc/rc autoboot
root    38976   0.0  0.0  11412   3036 u0  I+   14:52     0:00.00 | `-- /bin/sh /usr/local/sbin/pfSense-upgrade -y -U -b 3
root    40376   0.0  0.0  10584   2220 u0  I+   14:52     0:00.00 |   `-- /usr/bin/lockf -s -t 5 /tmp/pfSense-upgrade.lock /usr/local/libexec/pfSense-upgrade -y -U -b 3
root    40698   0.0  0.0  12052   3280 u0  I+   14:52     0:00.01 |     `-- /bin/sh /usr/local/libexec/pfSense-upgrade -y -U -b 3
root    94250   0.0  0.0  12052   3276 u0  I+   14:52     0:00.00 |       `-- /bin/sh /usr/local/libexec/pfSense-upgrade -y -U -b 3
root    94500   0.0  0.0  12052   3276 u0  I+   14:52     0:00.00 |         |-- /bin/sh /usr/local/libexec/pfSense-upgrade -y -U -b 3
root    94856   0.0  0.1  16124   7692 u0  I+   14:52     0:00.00 |         | `-- pkg-static upgrade -U
root    95173   0.0  0.3  41460  23628 u0  S+   14:52     0:00.84 |         |   `-- pkg-static upgrade -U
clamav   3438   0.0  0.0      0      0  -  Z    14:53     0:09.14 |         |     |-- <defunct>
clamav   3466   0.0  0.0      0      0  -  Z    14:53     0:00.00 |         |     |-- <defunct>
clamav   3480   0.0  0.0      0      0  -  Z    14:53     0:00.00 |         |     |-- <defunct>
clamav   3829   0.0  0.0      0      0  -  Z    14:53     0:00.00 |         |     |-- <defunct>
root     4162   0.0  0.0      0      0  -  Z    14:53     0:00.00 |         |     |-- <defunct>
squid    4526   0.0  0.0      0      0  -  Z    14:53     0:00.11 |         |     |-- <defunct>
root     1693   0.0  0.0      0      0 u0  Z+   14:53     0:00.00 |         |     |-- <defunct>
clamav   2014   0.0  0.0      0      0 u0  Z+   14:53     0:00.01 |         |     |-- <defunct>
root     2233   0.0  0.0      0      0 u0  Z+   14:53     0:00.01 |         |     |-- <defunct>
root     2580   0.0  0.0      0      0 u0  Z+   15:26     0:00.01 |         |     |-- <defunct>
root     2984   0.0  0.0  11508   3052 u0  I+   15:26     0:00.00 |         |     |-- sh -c /usr/bin/nohup /bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl > /dev/null 2>&1 & echo $!
root     6918   0.0  0.0      0      0 u0  Z+   14:53     0:00.00 |         |     |-- <defunct>
root     7201   0.0  0.0      0      0 u0  Z+   14:53     0:00.06 |         |     |-- <defunct>
root    16892   0.0  0.0      0      0 u0  ZN+  15:26     0:00.01 |         |     |-- <defunct>
root    60570   0.0  0.6  66468  53628 u0  I+   15:26     0:00.94 |         |     |-- /usr/local/bin/php -f /etc/rc.packages pfSense-pkg-squidGuard POST-INSTALL
root     2718   0.0  0.0      0      0 u0  Z+   15:26     0:00.00 |         |     | `-- <defunct>
root    73640   0.0  0.0      0      0 u0  ZC+  14:54     0:00.00 |         |     |-- <defunct>
root    99272   0.0  0.0      0      0 u0  Z+   14:56     0:00.01 |         |     |-- <defunct>
root    99680   0.0  0.0      0      0 u0  Z+   14:56     0:00.00 |         |     |-- <defunct>
root    99943   0.0  0.0      0      0 u0  Z+   14:56     0:00.00 |         |     `-- <defunct>
root    94847   0.0  0.0  10668   2244 u0  IC+  14:52     0:00.01 |         `-- tee -a /cf/conf/upgrade_log.txt

Killing that allows the package reinstall process to complete for other packages.

Actions

Copy link

Updated by Christian McDonald over 1 year ago

Status changed from Duplicate to Feedback
Assignee set to Christian McDonald
Target version set to 2.7.0
Plus Target Version set to 23.01

Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl to change the default process repear from init to itself, which means any processes that pkg starts are not going to be adopted by init which is standard operating procedure for daemons.

I have patched pkg in our ports tree to work around this limitation while we continue to investigate a better service management solution.

Actions

Copy link