Ubuntu – Can’t update nginx because of debconf


I'm on 14.04.5 LTS. I get this error when running a normal apt-get upgrade:

Setting up nginx-common (1.10.1-3+trusty1) ...
dpkg: error processing package nginx-common (--configure):  
 subprocess installed post-installation script returned error exit status 1

I've omitted all the subsequent errors caused by this, "Package nginx-common is not configured yet.", etc.

I followed the process in this answer to debug the .postinst and it never gets beyond the 3rd line: . /usr/share/debconf/confmodule – that's what's returning the 1.

I've tried this solution but it didn't help, debconf is definitely accessible. And these ones (the error persists). I have no ipv6 listen directives in any included conf files as far as I can tell.

I have no clue as to how I'd debug debconf to see why it's failing. Does anyone know what I should try next?

Edit: New updates, they install but I get this error at the end:

Setting up nginx-full (1.10.1-3+trusty2) ...
initctl: invalid command: upgrade
Try `initctl --help' for more information.
invoke-rc.d: initscript nginx, action "upgrade" failed.

Not sure if I should mark as resolved.

Best Answer

This specific issue is fixed, please update your packages!

Ubuntu Repositories (LP Bug #1637058)

In Ubuntu Zesty's proposed repository (this is an in-development release, I hope you aren't using this...), 1.10.1-0ubuntu5 addresses this issue.

In Ubuntu Trusty, Xenial, and Yakkety, the Security team has released updated versions of the packages to address this issue, and is considering it a regression in the package. This information is detailed in the bug and very briefly in the corresponding Ubuntu Security Notice (USN-3114-2), but this issue is fixed in the following versions of the package:

  • Ubuntu Trusty: 1.4.6-1ubuntu3.7 (Security and Updates repositories)
  • Ubuntu Xenial: 1.10.0-0ubuntu0.16.04.4 (Security and Updates repositories)
  • Ubuntu Yakkety: 1.10.1-0ubuntu1.2 (Security and Updates repositories)

The version in the Ubuntu Precise repositories are not affected, as they were never altered in a way which introduced the CVE which prompted the recent updates. (This only applies to the Ubuntu Repositories, not the PPAs.)

PPAs (LP Bug #1637200)

I have uploaded revised packages to the staging PPA that address this issue, and implement a fix. These built without issue, and were copied to the primary Mainline and Stable PPAs on Launchpad as of 12:56 PM on October 27, 2016 (UTC-04:00).

This includes fixes for Precise, Trusty, Xenial, and Yakkety. The PPAs do not yet have Zesty support.

Obligatory disclosure:

I am the primary person on the Ubuntu Server Team in charge of the nginx packages. I also maintain the PPAs that reside under the team at https://launchpad.net/~nginx.

I also have direct knowledge on this issue, and the process of fixes being made available, because I helped to discover the problem affects the recent Security updates done, and also Debian.

Related Question