Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: contain...@packages.debian.org, team+pkg...@tracker.debian.org, siret...@tauware.de, j...@debian.org Control: affects -1 + src:containerd
[ Reason ] containerd in bookworm FTBFS on the buildds since unshare became the default. [ Impact ] Policy violation for containerd (must build on the autobuild network) and inability to fix any other issues since it can't be built. [ Tests ] The issue is in a test anyway. Manual comparison of building 1.6.20~ds1-1 and +deb12u1 verifies that the build is fixed in an sbuild unshare environment. [ Risks ] Low. Backports a single patch to the test suite which has been in sid for some time (as part of 1.6.24~ds1-2). This is effectively an NMU, package maintainers and patch author in CC - please shout if you have any objections. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] diff -Nru containerd-1.6.20~ds1/debian/changelog containerd-1.6.20~ds1/debian/changelog --- containerd-1.6.20~ds1/debian/changelog 2023-03-31 18:27:11.000000000 +0100 +++ containerd-1.6.20~ds1/debian/changelog 2025-01-15 12:18:21.000000000 +0000 @@ -1,3 +1,11 @@ +containerd (1.6.20~ds1-1+deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * Backport 0011-allow-test-run-in-userns.patch to fix FTBFS + on builders with unshare (closes: #1070411) + + -- Jonathan Wiltshire <j...@debian.org> Wed, 15 Jan 2025 12:18:21 +0000 + containerd (1.6.20~ds1-1) unstable; urgency=medium * New upstream version 1.6.20~ds1 diff -Nru containerd-1.6.20~ds1/debian/patches/0011-allow-test-run-in-userns.patch containerd-1.6.20~ds1/debian/patches/0011-allow-test-run-in-userns.patch --- containerd-1.6.20~ds1/debian/patches/0011-allow-test-run-in-userns.patch 1970-01-01 01:00:00.000000000 +0100 +++ containerd-1.6.20~ds1/debian/patches/0011-allow-test-run-in-userns.patch 2025-01-15 12:18:21.000000000 +0000 @@ -0,0 +1,29 @@ +From: Reinhard Tartler +Description: Allow running tests with unshare(1) +Last-Updated: 2024-06-11 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070411 +Forwarded: https://github.com/containerd/containerd/pull/10323 + +Index: containerd/pkg/cri/server/sandbox_run_linux_test.go +=================================================================== +--- containerd.orig/pkg/cri/server/sandbox_run_linux_test.go ++++ containerd/pkg/cri/server/sandbox_run_linux_test.go +@@ -33,6 +33,7 @@ import ( + "github.com/containerd/containerd/pkg/cri/annotations" + "github.com/containerd/containerd/pkg/cri/opts" + ostesting "github.com/containerd/containerd/pkg/os/testing" ++ "github.com/containerd/containerd/pkg/userns" + ) + + func getRunPodSandboxTestData() (*runtime.PodSandboxConfig, *imagespec.ImageConfig, func(*testing.T, string, *runtimespec.Spec)) { +@@ -121,7 +122,9 @@ func TestLinuxSandboxContainerSpec(t *te + Type: runtimespec.IPCNamespace, + }) + assert.Contains(t, spec.Linux.Sysctl["net.ipv4.ip_unprivileged_port_start"], "0") +- assert.Contains(t, spec.Linux.Sysctl["net.ipv4.ping_group_range"], "0 2147483647") ++ if !userns.RunningInUserNS() { ++ assert.Contains(t, spec.Linux.Sysctl["net.ipv4.ping_group_range"], "0 2147483647") ++ } + }, + }, + "host namespace": { diff -Nru containerd-1.6.20~ds1/debian/patches/series containerd-1.6.20~ds1/debian/patches/series --- containerd-1.6.20~ds1/debian/patches/series 2023-03-31 18:27:11.000000000 +0100 +++ containerd-1.6.20~ds1/debian/patches/series 2025-01-15 12:17:38.000000000 +0000 @@ -6,3 +6,4 @@ 0006-Fix-build-with-gccgo.patch 0007-cri-fix-integration-test-on-cgroupsv2-system.patch 0008-Add-Debian-specific-CNI-bin-dir-to-ctr-run-command.patch +0011-allow-test-run-in-userns.patch
