Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WSL 18.04 apt upgrade failure #3274

Closed
macxfadz opened this issue Jun 2, 2018 · 32 comments
Closed

WSL 18.04 apt upgrade failure #3274

macxfadz opened this issue Jun 2, 2018 · 32 comments
Labels
external Issue exists outside of WSL components

Comments

@macxfadz
Copy link

macxfadz commented Jun 2, 2018

I recently downloaded Ubuntu 18.04 App from Microsoft App Store.
Subsequently, I update app packages through sudo apt-get update and then, sudo apt-get upgrade
then I the following message came up with errors (just fresh WSL system nothing has been installed),

upgrade

and, there are after I installed GCC, clang, gdb, and python3 also it's getting same upgrading error saying -

Error: insufficient privileges to access the ebtables rulesets.

Errors were encountered while processing:
/var/cache/apt/archives/ebtables_2.0.10.4-3.5ubuntu2.18.04.1_amd64.deb

Please help me to resolve this issue.
Thank you.

@shoffmeister
Copy link

shoffmeister commented Jun 2, 2018

https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/1774120

Ubuntu are taking action by changing the package management script.

@zippaaa
Copy link

zippaaa commented Jun 2, 2018

#1761 (comment)

@therealkenc
Copy link
Collaborator

#1761 (comment)

Which in turn is ref #767

@macxfadz
Copy link
Author

macxfadz commented Jun 3, 2018

@therealkenc Do we have an exact fix for this issue? or do we have to wait for next Ubuntu release?

@sirredbeard
Copy link
Contributor

@macxfadz A temporary workaround is here: #1761 (comment)

@therealkenc
Copy link
Collaborator

Or maybe someone can confirm whether just purging the thing is a viable solution (I haven't looked).

@sirredbeard
Copy link
Contributor

sirredbeard commented Jun 3, 2018

@therealkenc Preliminary testing shows that simply purging doesn't work, but it was worth a shot.

Unpacking libcurl4:amd64 (7.58.0-2ubuntu3.1) over (7.58.0-2ubuntu3) ...
Preparing to unpack .../16-ebtables_2.0.10.4-3.5ubuntu2.18.04.1_amd64.deb ...
invoke-rc.d: could not determine current runlevel
 * Error: insufficient privileges to access the ebtables rulesets.
invoke-rc.d: initscript ebtables, action "stop" failed.
dpkg: warning: old ebtables package pre-removal script subprocess returned error exit status 1
dpkg: trying script from the new package instead ...
invoke-rc.d: could not determine current runlevel
 * Error: insufficient privileges to access the ebtables rulesets.
invoke-rc.d: initscript ebtables, action "stop" failed.
dpkg: error processing archive /tmp/apt-dpkg-install-sFNodb/16-ebtables_2.0.10.4-3.5ubuntu2.18.04.1_amd64.deb (--unpack):
 new ebtables package pre-removal script subprocess returned error exit status 1
dmesg: read kernel buffer failed: Function not implemented
                                                          update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
invoke-rc.d: could not determine current runlevel
Preparing to unpack .../17-libcurl3-gnutls_7.58.0-2ubuntu3.1_amd64.deb ...
Unpacking libcurl3-gnutls:amd64 (7.58.0-2ubuntu3.1) over (7.58.0-2ubuntu3) ...
Preparing to unpack .../18-software-properties-common_0.96.24.32.3_all.deb ...
Unpacking software-properties-common (0.96.24.32.3) over (0.96.24.32.1) ...
Preparing to unpack .../19-python3-software-properties_0.96.24.32.3_all.deb ...
Unpacking python3-software-properties (0.96.24.32.3) over (0.96.24.32.1) ...
Preparing to unpack .../20-snapd_2.32.9+18.04_amd64.deb ...
Unpacking snapd (2.32.9+18.04) over (2.32.5+18.04) ...
Preparing to unpack .../21-cloud-init_18.2-27-g6ef92c98-0ubuntu1~18.04.1_all.deb ...
Unpacking cloud-init (18.2-27-g6ef92c98-0ubuntu1~18.04.1) over (18.2-14-g6d48d265-0ubuntu1) ...
Preparing to unpack .../22-ssh-import-id_5.7-0ubuntu1.1_all.deb ...
Unpacking ssh-import-id (5.7-0ubuntu1.1) over (5.7-0ubuntu1) ...
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)
hayden@t470s:~$ echo "export DISPLAY=:0" >> .bashrc
hayden@t470s:~$ echo "export LIBGL_ALWAYS_INDIRECT=1" >> .bashrc
hayden@t470s:~$ sudo apt-get remove ebtables --purge
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfreetype6
Use 'sudo apt autoremove' to remove it.
The following packages will be REMOVED:
  ebtables* lxd*
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
22 not fully installed or removed.
After this operation, 20.2 MB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 28478 files and directories currently installed.)
Removing lxd (3.0.0-0ubuntu4) ...
invoke-rc.d: could not determine current runlevel
Stopping Container hypervisor based on LXC: (not running).
invoke-rc.d: could not determine current runlevel
Removing lxd dnsmasq configuration
Removing ebtables (2.0.10.4-3.5ubuntu2) ...
invoke-rc.d: could not determine current runlevel
 * Error: insufficient privileges to access the ebtables rulesets.
invoke-rc.d: initscript ebtables, action "stop" failed.
dpkg: error processing package ebtables (--remove):
 installed ebtables package pre-removal script subprocess returned error exit status 1
Errors were encountered while processing:
 ebtables
E: Sub-process /usr/bin/dpkg returned an error code (1)
hayden@t470s:~$

@macxfadz
Copy link
Author

macxfadz commented Jun 4, 2018

sudo -s also not working :( what cause this privelledge issue ?
capture

@sirredbeard
Copy link
Contributor

sirredbeard commented Jun 4, 2018

@macxfadz

When the ebtables upgrade script invokes the ebtables stop init script ebtables tries to open a socket and fails. Either because ebtables is at fault for misinterpreting the socket response or because WSL hasn't fully implemented iptables (although it seem to suggest WSL should support the syscalls in question here), why it fails is not entirely clear. Either way it ends up throwing a permissions error and the upgrade script shuts the whole show down. It doesn't matter what you run as or what runlevel.

The workaround linked above works. The patch coming to the init script similarly just ignores the error.

The patch works well in Cosmic, should be backported to Bionic shortly.

@therealkenc
Copy link
Collaborator

therealkenc commented Jun 4, 2018

why it fails is not entirely clear

No, why it fails is entirely clear. WSL does not implement all Linux ABI surface. Doesn't even pretend to, per the FAQ. Aspires to, hopefully.

#1451 is AF_NETLINK. Which is not AF_UNIX. Which is not AF_PACKET. And, is not AF_INET per #767.

@sirredbeard
Copy link
Contributor

sirredbeard commented Jun 4, 2018

@therealkenc

You may be correct. Could you please explain why this is wrong or misplaced though?

And why EPROTONOSUPPORT appears to have been added here, the syscalls in question?

I may have misunderstood.

@therealkenc
Copy link
Collaborator

Could you please explain why this is wrong or misplaced though?

Well, anything I could say would be speaking for Balint, which I don't. All I think he is trying to say is that etables could deal better with the error returned by WSL, which makes etables technically more correct, and thus addresses the hard fail. EPROTONOSUPPORT depends entirely on the PROTO in question. Some are SUPPORT. Some are NOSUPPORT.

And why EPROTONOSUPPORT appears to have been added here, the syscalls in question?

In the #1451 OP, nmap never even made it to a EPROTONOTSUPPORT return from socket(AF_INET, ...) to begin with. It was dying with EOPNOTSUPP on sndmsg() on an AF_NETLINK socket. The latter was addressed (narrowly, because not all NETLINK_ROUTE messages are implemented in WSL either). The former is not (or, at least not enough to make etables happy).

@sirredbeard
Copy link
Contributor

I see. Thank you for clearing that up.

@macxfadz
Copy link
Author

macxfadz commented Jun 5, 2018

@therealkenc @sirredbeard - guys any elegant fix for this issue please ? :|

@sirredbeard
Copy link
Contributor

@macxfadz

I mentioned a workaround above.

You can also simply hold ebtables using apt:

sudo apt-mark hold ebtables

@akshaybabloo
Copy link

by holding/disabling ebtables will it cause any problem with the network bridge between Windows and Linux? Looking at their website (http://ebtables.netfilter.org/), ebtables does a lot of stuff

@macxfadz
Copy link
Author

macxfadz commented Jun 6, 2018

@akshaybabloo sounds like we have to next release of WSL ? is n't it ?

@akshaybabloo
Copy link

@macxfadz yep. Looks like that. Or even a patch would be enough

@sirredbeard
Copy link
Contributor

@akshaybabloo

ebtables is old software that few actually use any more. It is maintained as legacy software by the developers that inherited it who only provide the most basic security patches and updates.

ebtables is also not compatible with WSL yet because the WSL layer hasn't fully implemented all the advanced networking calls that ebtables and it's parent software iptables uses. So no one is really using ebtables on WSL.

@macxfadz

This bug, in the upgrade script on Ubuntu 18.04, only affects Ubuntu 18.04 images. So Ubuntu 16.04, OpenSUSE, SEL, and Kali users are unaffected. The fix is for the upgrade script in Ubuntu 18.04 to ignore the error when ebtables tries something not yet supported by WSL as part of the upgrade process. The second post on this thread contains a link to the Ubuntu bug report. If you look you will see a patch in Ubuntu has been generated, pushed to Cosmic, which is 18.10 in progress, for testing, and will filter down to Bionic, 18.04, in due time.

Windows or WSL itself will not need a patch, although it's possible eventually WSL will support the network calls ebtables is flunking out on during the upgrade.

@macxfadz
Copy link
Author

macxfadz commented Jun 6, 2018

@sirredbeard Thanks for the info ...if we holding/disabling ebtables in ubuntu 18.04 if you don't mind , can you please tell me what are the side effects we can expect? and one thing though, why is it working with 16.04 fine? as you mentioned here

This bug, in the upgrade script on Ubuntu 18.04, only affects Ubuntu 18.04 images. So Ubuntu 16.04, OpenSUSE, SEL, and Kali users are unaffected

due to 18.04 upgrade script update?

@sirredbeard
Copy link
Contributor

sirredbeard commented Jun 6, 2018

@macxfadz

can you please tell me what are the side effects we can expect?

Very little actually relies on ebtables these days, it's just there for legacy support on some servers.

Given that ebtables doesn't work on WSL at this time, holding ebtables upgrades in WSL will have no real effect.

Holding it means it simply won't get any updates via apt-get -upgrade.

WSL is rolling out support for iptables which it means it's possible ebtables could, by extension, be supported too, there's no real demand for it though.

Ebtables is legacy software in maintenance mode, there are modern more secure tools for performing it's functionality. Ubuntu is even working on a layer to wrangle iptables.

I imagine eventually upstream distros like Debian will deprecate ebtables in time.

why is it working with 16.04 fine

The issue occurs when the ebtables upgrade script calls ebtables to stop it and ebtables fails.

The issue only occurs when ebtables is upgraded via apt.

It is working fine in 16.04 because 16.04 does not ever upgrade ebtables, there's really no need to.

ebtables itself won't work on 16.04, SLES, Kali, or Debian either.

@akshaybabloo
Copy link

Thanks @sirredbeard can confirm that the patch has been pushed for 18.10.

@macxfadz
Copy link
Author

macxfadz commented Jun 7, 2018

@sirredbeard Thank you for the explanation really helpful.

@MVoz
Copy link

MVoz commented Jun 15, 2018

@sirredbeard как вариант удалить после установочный скрипт

as an option to delete after the installation script

ls /var/lib/dpkg/info/qemu-user-static*

ls /var/lib/dpkg/info/ebtables*

rm /var/lib/dpkg/info/ebtables.postinst

apt-get -o Dpkg::Options::="--force-all" install -f

http://kde5.blogspot.com/2017/03/linux-apt-get-force.html

@macxfadz
Copy link
Author

macxfadz commented Jul 2, 2018

This solved the issue temporarily I guess. 💃
Microsoft Link

@Hypnoes
Copy link

Hypnoes commented Jul 4, 2018

capture

Still not fix at this time....

@macxfadz
Copy link
Author

macxfadz commented Jul 5, 2018

@Hypnoes but mine fix for the time... that's why I mentioned "temporarily" ...sorry

@tralston
Copy link

Interesting. Updated ebtables today (via aptitude ui) and it didn't error out.

@macxfadz
Copy link
Author

@tralston Couldn't get you, can you mentioned what do you mean by "aptitude ui"? and what modification have you carried out in order to error wipe away?

@MVoz
Copy link

MVoz commented Jul 14, 2018

@macxfadz
sudo aptitude
Ctrl + T

@onomatopellan
Copy link

onomatopellan commented Jul 14, 2018

The ebtables problem has been fixed. No need to hold the package anymore on Ubuntu 18.04.
https://launchpad.net/ubuntu/+source/ebtables/2.0.10.4-3.5ubuntu2.18.04.3

sudo apt-mark unhold ebtables
sudo apt update && sudo apt upgrade -y

@therealkenc
Copy link
Collaborator

Good to know. Closing external. [Contrast #767 and friends.]

@therealkenc therealkenc added the external Issue exists outside of WSL components label Jul 14, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
external Issue exists outside of WSL components
Projects
None yet
Development

No branches or pull requests

10 participants