Jira (PUP-11692) Apt package installs sometimes fail silently

[Daniel Parks (Jira)]

Daniel Parks created an issue

Puppet / PUP-11692 Apt package installs sometimes fail silently Issue Type: Bug Assignee: Unassigned Created: 2022/12/14 9:30 PM Priority: Normal Reporter: Daniel Parks Puppet Version: 7.21.0 Puppet Server Version: N/A OS Name/Version: Ubuntu 22.04.1 Jammy Apparently apt-get install interprets the package name as a regular expression if it can’t find the exact package name. This causes Puppet to incorrectly register a success when installing a package name that doesn’t exist, but matches a different package. Desired Behavior: resource fails Actual Behavior: resource succeeds as a change on every run ❯ docker run -it ubuntu:22.04 root@10d181367a3d:/# apt-get update -qq && apt-get install -y curl >/dev/null debconf: delaying package configuration, since apt-utils is not installed root@10d181367a3d:/# curl -OsS https://apt.puppet.com/puppet7-release-jammy.deb root@10d181367a3d:/# dpkg -i puppet7-release-jammy.deb >/dev/null root@10d181367a3d:/# apt-get update -qq && apt-get install -y puppet-agent >/dev/null debconf: delaying package configuration, since apt-utils is not installed root@10d181367a3d:/# dpkg -l | grep python3.9 root@10d181367a3d:/# /opt/puppetlabs/bin/puppet apply --debug -e 'package { "python3.9": ensure => present }' . . . stripped for readability . . . Info: Applying configuration version '1671081429' Debug: Prefetching apt resources for package Debug: Executing '/usr/bin/dpkg-query -W --showformat '${Status} ${Package} ${Version}\n'' Debug: Executing: '/usr/bin/apt-mark showmanual' Debug: Executing: '/usr/bin/dpkg-query -W --showformat '${Status} ${Package} ${Version}\n' python3.9' Debug: Executing: '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install python3.9' Notice: /Stage[main]/Main/Package[python3.9]/ensure: created Debug: Executing: '/usr/bin/apt-mark manual python3.9' Debug: /Package[python3.9]: The container Class[Main] will propagate my refresh event . . . root@10d181367a3d:/# echo $? 0 root@10d181367a3d:/# dpkg -l | grep python3.9 root@10d181367a3d:/# /opt/puppetlabs/bin/puppet apply -e 'package { "python3.9": ensure => present }' Notice: Compiled catalog for 10d181367a3d in environment production in 0.23 seconds Notice: /Stage[main]/Main/Package[python3.9]/ensure: created Notice: Applied catalog in 2.83 seconds As you can see, installing the invalid package appears to work on each run. Trying to install it manually shows the problem: root@10d181367a3d:/# apt-get install -y python3.9 Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'python3.9-llfuse' for regex 'python3.9' Note, selecting 'python3-llfuse' instead of 'python3.9-llfuse' python3-llfuse is already the newest version (1.3.8+dfsg-2build1). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. apt-get.8 explains: If no package matches the given expression and the expression contains one of '.', '?' or '*' then it is assumed to be a POSIX regular expression, and it is applied to all package names in the database. Any matches are then installed (or removed). Note that matching is done by substring so 'lo.*' matches 'how-lo' and 'lowest'. If this is undesired, anchor the regular expression with a '^' or '$' character, or create a more specific regular expression. I didn’t see an option to disable this behavior when I scanned the man page, which is… frustrating. Presumably Puppet could work around this by querying to see if the exact package existed in the Apt cache first. Add Comment

This message was sent by Atlassian Jira (v8.20.11#820011-sha1:0629dd8)