ProHoster > Blog > Administration > Where is this config from? [Debian/Ubuntu]

Where is this config from? [Debian/Ubuntu]

The purpose of this post is to show debian/ubuntu debugging techniques related to "find source" in the system config file.

Test example: after long mockery of the tar.gz copy of the installed OS and after its restoration and installation of updates, we get the message:

update-initramfs: Generating /boot/initrd.img-4.15.0-54-generic
W: initramfs-tools configuration sets RESUME=/dev/mapper/U1563304817I0-swap
W: but no matching swap device is available.
I: The initramfs will attempt to resume from /dev/dm-1
I: (/dev/mapper/foobar-swap)
I: Set the RESUME variable to override this.

Purpose: to understand where this value (U1563304817I0) came from and how to change it correctly. This is the first example I came across, not very interesting in itself, but handy to show practical methods of working with Linux..

Step number 1: Where did RESUME come from?

# cd /etc
# grep -r RESUME
initramfs-tools/conf.d/resume:RESUME=/dev/mapper/U1563304817I0-swap

We recursively (-r) we are looking for a mention of this variable in the /etc directory (where most configs are). We find a conf.d snippet that is explicitly used by the initramfs-tools package.

Where is this snippet from?

There are three options:

  1. Magic artifact (someone put and forgot)
  2. config from the package
  3. Config generated by some script from system packages

Check #2 (as the easiest one):

 dpkg -S initramfs-tools/conf.d/resume
dpkg-query: no path found matching pattern *initramfs-tools/conf.d/resume*

dpkg -S allows us to search the database of installed files and find which package the file belongs to. Here is an example of a successful search: 

dpkg -S resolv.conf
manpages: /usr/share/man/man5/resolv.conf.5.gz
systemd: /lib/systemd/resolv.conf

Back to our task: the file initramfs-tools/conf.d/resume is not installed into the system from the package. Maybe it is generated in the postinst/preinst package script? Checking version number 3.

# cd /var/lib/dpkg/info/
# grep -r initramfs-tools/conf.d/resume *
initramfs-tools-core.postrm:    rm -f /etc/initramfs-tools/conf.d/resume

In the catalog /var/lib/dpkg/info/ there are unpacked versions of all "metafiles" of packages (installation/removal scripts, package descriptions, etc.). Surprisingly, this file is removed in the postrm (when uninstalling) of the initramfs-tools-core package. Let's see the contents of his postinst... Nothing to do with the conf.d directory.

Let's look at the files in the package initramfs-tools-core.

# dpkg -L initramfs-tools-core
...
/usr/share/initramfs-tools/hooks/resume
...

Team dpkg -L allows you to view all the files that are in the system from the specified package. I have highlighted an interesting file to study. Examining the file shows how this variable is used, but does not answer where it comes from.

debconf

It turns out that this is someone's artifact. Whose? Before diving into the installer, let's take a look at another important Debian infrastructure - answering questions. Every time a package asks a question, and in many cases when it doesn't ask a question but uses the default, both the question and the answer are recorded in a special database in Debian called debconf. We can look at the database of responses (and even expose them before installing the package itself - debconf-set-selections), for this we need a utility debconf-get-selections from the composition debconf-utils. Unfortunately, nothing interesting was found :(debconf-get-selections |grep -i resume returned empty).

debian-installer

The installer has its own database of answers to questions: /var/log/installer/cdebconf/questions.dat. Unfortunately, there is also no word about our resume.
But there are logs nearby, incl. syslog, where the entire installation log is written. It mentions the base-installer package, and it page we can see the link to raws.

Inside them, we can easily find the answer to our question:

  resume="$(mapdevfs "$resume_devfs")"; then
...
    if [ "$do_initrd" = yes ]; then
     ...
            resumeconf=$IT_CONFDIR/resume
....
                echo "RESUME=$resume" >> $resumeconf

mapdevfs is a utility with a clear purpose, and the function we are interested in is get_resume_partition, which reads /proc/swaps and selects the largest one there. Swap comes from partman.

The answer to our test task is: the file is created by the installer in /target at the time of installation, i.e. we are talking about well-known, but an artifact. There is nobody and nothing in the existing packages in the system to change this file.

Summing up

  1. dpkg and debconf are the main methods for finding file providers.
  2. searching /var/lib/dpkg/info allows you to see file operations during the installation phase.
  3. The installer can create artifact files that are never changed by anyone (except the user), and this can be seen in the installer code.

Source: habr.com

Add a comment