Your message dated Thu, 8 Aug 2024 09:49:39 +0100 with message-id <[email protected]> and subject line Re: Bug#1033147: accountsservice: autopkgtest fails when using a bookworm kernel has caused the Debian Bug report #1033147, regarding accountsservice: autopkgtest fails when using a bookworm kernel to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 1033147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033147 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: accountsservice Version: 22.08.8-6 Severity: serious Dear maintainers, I recently started to upgrade hosts that are used by ci.debian.net to bookworm. I do that architecture by architecture (i386, ppc64el and s390x by now; riscv64 isn't a release architecture so it runs bookworm since the beginning). Recently (aligned with that change) your package started to fail and timeout on those architectures. I triggered the tests on amd64 on ci.debian.net again, both in unstable and testing, they pass. I ran the test (lxc backend, just like on ci.d.n) on my own laptop running bookworm and the test hangs like on the other architectures. I spotted this during the package installation phase: """ Created symlink /etc/systemd/system/graphical.target.wants/accounts-daemon.service → /lib/systemd/system/accounts-daemon.service. Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 145. """ which is absent in the logs run on a bullseye host. The integration.py test fails like: """ autopkgtest [01:17:41]: test integration.py: [----------------------- Adding 'local diversion of /usr/sbin/usermod to /usr/sbin/usermod.distrib' Adding 'local diversion of /usr/sbin/chpasswd to /usr/sbin/chpasswd.distrib' test_library_api (__main__.AccountsServiceTest.test_library_api) ... ** accountsservice:ERROR:../src/libaccountsservice/act-user-manager.c:2883:act_user_manager_uncache_user: assertion failed: (priv->accounts_proxy != NULL) Bail out! accountsservice:ERROR:../src/libaccountsservice/act-user-manager.c:2883:act_user_manager_uncache_user: assertion failed: (priv->accounts_proxy != NULL) Aborted autopkgtest [01:18:07]: test integration.py: -----------------------] """ Paul
--- End Message ---
--- Begin Message ---On Thu, 08 Aug 2024 at 08:28:04 +0200, Paul Gevers wrote: > I confirm that on ci.d.n the test in unstable now passes on a bookworm > kernel on amd64, armel, armhf, i386 and ppc64el and I have lifted the block. > The other architectures don't run on a bookworm kernel, but I assume those > would be fine too. So, from my point of view it's fine to close this bug. Thanks, doing so now. There is a genuine bug in accountsservice's debian/tests/, which is that it doesn't declare the isolation-container restriction; but that doesn't affect a-v-lxc, a-v-qemu, or a-v-podman --init, only a-v-podman without --init, and the fix is so easy that I'm going to team-upload it instead of reporting the bug separately. > > The test failure I saw under a-v-podman is concerning, but probably > > ought to be a separate bug report This turns out to be #1078205 in systemd. >From the accountsservice side, I'm testing a workaround that can be included in accountsservice's tests (gracefully skipping integration.py if we don't have CAP_SYS_ADMIN in the capability bounding set). >From the autopkgtest/debci side, if it's consistent with debci's security model, running the test with autopkgtest ... -- podman --init autopkgtest/systemd/debian:sid -- --cap-add=CAP_SYS_ADMIN instead of just autopkgtest ... -- podman --init autopkgtest/systemd/debian:sid should provide the same coverage as with lxc. (It would probably be best to check with the podman team what the security impact of that option is - I'm unsure whether it implies a sandbox escape, or whether it just weakens hardening.) smcv
--- End Message ---
