from:"Aleksandr Mikhalitsyn"

It's worth mentioning that this debdiff includes not only tests
disabling but also fix that allows to build source package on Ubuntu.

If you do:

pull-lp-source liblxc-dev noble-proposed
cd lxc-5.0.3
debuild -S -d

you will see something like this:

 dpkg-source -b .
dpkg-source: info: using source format '3.0 (quilt)'
dpkg-source: info: building lxc using existing ./lxc_5.0.3.orig.tar.gz
dpkg-source: info: building lxc using existing ./lxc_5.0.3.orig.tar.gz.asc
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: local changes detected, the modified files are:
 lxc-5.0.3/config/apparmor/abstractions/start-container.in
 lxc-5.0.3/config/apparmor/usr.bin.lxc-copy
 lxc-5.0.3/config/apparmor/usr.bin.lxc-start
dpkg-source: error: aborting due to unexpected upstream changes, see 
/tmp/lxc_5.0.3-2ubuntu3.diff.21HvOc
dpkg-source: info: Hint: make sure the version in debian/changelog matches the 
unpacked source tree
dpkg-source: info: you can integrate the local changes with dpkg-source --commit
dpkg-buildpackage: error: dpkg-source -b . subprocess returned exit status 2
debuild: fatal error at line 1182:
dpkg-buildpackage -us -uc -ui -S -d failed

It's because of the way how we apply custom Ubuntu patches.

This debian diff file contains fix for this too.

** Summary changed:

- autopkgtest failures on 1:5.0.3-2ubuntu2 (Noble)
+ autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2059550

Title:
  autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

Status in lxc package in Ubuntu:
  New

Bug description:
  We can see autopkgtest failures on Noble:
  https://autopkgtest.ubuntu.com/packages/lxc
  1:5.0.3-2ubuntu2 from noble-proposed/universe

  Details from log 
(https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/l/lxc/20240327_203000_ce7d4@/log.gz):
  =
  3266s Removing autopkgtest-satdep (0) ...
  3269s autopkgtest [20:29:48]: test no-devel: [---
  3269s + grep LXC_DEVEL /usr/include/lxc/version.h
  3269s + grep 0
  3269s #define LXC_DEVEL 0
  3269s autopkgtest [20:29:48]: test no-devel: ---]
  3269s autopkgtest [20:29:48]: test no-devel:  - - - - - - - - - - results - - 
- - - - - - - -
  3269s no-devel PASS
  3269s autopkgtest [20:29:48]:  summary
  3269s exercise FAIL non-zero exit status 1
  3269s unprivileged-containers FAIL non-zero exit status 1
  3269s basics-create-destroy PASS (superficial)
  3269s no-devel PASS
  =

  
  unprivileged-containers
  =
  1896s Unpacking the rootfs
  1900s 
  1900s ---
  1900s You just created an Ubuntu mantic amd64 (20240326_07:42) container.
  1900s 
  1900s To enable SSH, run: apt install openssh-server
  1900s No default root or user password are set by LXC.
  1900s + systemd-run --scope --quiet --user --property=Delegate=yes lxc-start 
-n mycontainer
  1900s Failed to connect to bus: No medium found

  =

  exercise
  =
  1113s FAIL: lxc-tests: /usr/bin/lxc-test-unpriv
  1113s ---
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52927
  1113s Link:   veth1001_HZ75
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52994
  1113s Link:   veth1001_ujGT
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s lxc-copy: c1: ../src/lxc/utils.c: lxc_drop_groups: 1365 Operation not 
permitted - Failed to drop supplimentary groups
  <...>
  1113s info: Removing crontab ...
  1113s info: Removing user `lxcunpriv' ...
  1113s FAIL
  1113s ---
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernic
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernsexec
  1114s PASS: lxc-tests: /usr/bin/lxc-test-utils
  1114s 
  1114s SUMMARY: pass=55, fail=1, ignored=0
  1115s autopkgtest [19:53:54]: test exercise: ---]
  1115s autopkgtest [19:53:54]: test exercise:  - - - - - - - - - - results - - 
- - - - - - - -
  1115s exercise FAIL non-zero exit status 1
  =

  
  In the previous version we had no unprivileged-containers testsuite because 
it was inherited from Debian.

  lxc-test-unpriv was a skipped test too because we had this piece of code:
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/exercise?h=applied/ubuntu/noble#n129
  =
  # Skip some tests due to cgroup v2 incompatibility
  if [ -e /sys/fs/cgroup/system.slice/memory.current ]; then

  [ "$testbin" = "lxc-test-apparmor-mount" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-au

[Touch-packages] [Bug 2059550] Re: autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

Thanks, Julian!

Once this version pass all tests and reach archives I'll prepare PRs for
https://salsa.debian.org/lxc-team/lxc to be in sync with Debian.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2059550

Title:
  autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

Status in lxc package in Ubuntu:
  Fix Committed

Bug description:
  We can see autopkgtest failures on Noble:
  https://autopkgtest.ubuntu.com/packages/lxc
  1:5.0.3-2ubuntu2 from noble-proposed/universe

  Details from log 
(https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/l/lxc/20240327_203000_ce7d4@/log.gz):
  =
  3266s Removing autopkgtest-satdep (0) ...
  3269s autopkgtest [20:29:48]: test no-devel: [---
  3269s + grep LXC_DEVEL /usr/include/lxc/version.h
  3269s + grep 0
  3269s #define LXC_DEVEL 0
  3269s autopkgtest [20:29:48]: test no-devel: ---]
  3269s autopkgtest [20:29:48]: test no-devel:  - - - - - - - - - - results - - 
- - - - - - - -
  3269s no-devel PASS
  3269s autopkgtest [20:29:48]:  summary
  3269s exercise FAIL non-zero exit status 1
  3269s unprivileged-containers FAIL non-zero exit status 1
  3269s basics-create-destroy PASS (superficial)
  3269s no-devel PASS
  =

  
  unprivileged-containers
  =
  1896s Unpacking the rootfs
  1900s 
  1900s ---
  1900s You just created an Ubuntu mantic amd64 (20240326_07:42) container.
  1900s 
  1900s To enable SSH, run: apt install openssh-server
  1900s No default root or user password are set by LXC.
  1900s + systemd-run --scope --quiet --user --property=Delegate=yes lxc-start 
-n mycontainer
  1900s Failed to connect to bus: No medium found

  =

  exercise
  =
  1113s FAIL: lxc-tests: /usr/bin/lxc-test-unpriv
  1113s ---
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52927
  1113s Link:   veth1001_HZ75
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52994
  1113s Link:   veth1001_ujGT
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s lxc-copy: c1: ../src/lxc/utils.c: lxc_drop_groups: 1365 Operation not 
permitted - Failed to drop supplimentary groups
  <...>
  1113s info: Removing crontab ...
  1113s info: Removing user `lxcunpriv' ...
  1113s FAIL
  1113s ---
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernic
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernsexec
  1114s PASS: lxc-tests: /usr/bin/lxc-test-utils
  1114s 
  1114s SUMMARY: pass=55, fail=1, ignored=0
  1115s autopkgtest [19:53:54]: test exercise: ---]
  1115s autopkgtest [19:53:54]: test exercise:  - - - - - - - - - - results - - 
- - - - - - - -
  1115s exercise FAIL non-zero exit status 1
  =

  
  In the previous version we had no unprivileged-containers testsuite because 
it was inherited from Debian.

  lxc-test-unpriv was a skipped test too because we had this piece of code:
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/exercise?h=applied/ubuntu/noble#n129
  =
  # Skip some tests due to cgroup v2 incompatibility
  if [ -e /sys/fs/cgroup/system.slice/memory.current ]; then

  [ "$testbin" = "lxc-test-apparmor-mount" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-autostart" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-no-new-privs" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-unpriv" ] && \
  ignore "$STRING" && continue

  fi
  =

  Just compare:
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/control?h=applied/ubuntu/noble
  and
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/control?h=applied/ubuntu/noble-devel

  We want to fix all of this for sure, but it would be awesome to get an
  updated and actual version of LXC in the upcoming Ubuntu Noble release
  too. So, may be it makes sense to skip this tests for the sake of
  having LXC updated.

  What I found in Debian, is that autopkgtests are skipped too:
  https://ci.debian.net/packages/l/lxc/unstable/amd64/

  Taking this into account it (probably) reasonable to skip this tests
  too for now.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2059550/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://hel

[Touch-packages] [Bug 2059550] Re: autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

Ok, lxc/1:5.0.3-2ubuntu4 was uploaded and it's getting better but,
unfortunately, "lxc-test-unpriv" test wasn't skipped really.

Despite this bug
(https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/2056461) I
was able to make my local autopkgtest environment to work:

autopkgtest \
  --apt-upgrade \
  --shell-fail \
  --output-dir dep8-lxc-pkg-ubuntu \
lxc-5.0.3/ \
  -- lxd --vm ubuntu-daily:noble -c limits.cpu=10 -c limits.memory=15GiB

==
PASS: lxc-tests: /usr/bin/lxc-test-snapshot
PASS: lxc-tests: /usr/bin/lxc-test-startone
PASS: lxc-tests: /usr/bin/lxc-test-state-server
PASS: lxc-tests: /usr/bin/lxc-test-symlink
PASS: lxc-tests: /usr/bin/lxc-test-sys-mixed
PASS: lxc-tests: /usr/bin/lxc-test-sysctls
IGNORED: lxc-tests: /usr/bin/lxc-test-unpriv
PASS: lxc-tests: /usr/bin/lxc-test-usernic
PASS: lxc-tests: /usr/bin/lxc-test-usernsexec
PASS: lxc-tests: /usr/bin/lxc-test-utils

SUMMARY: pass=55, fail=0, ignored=1
autopkgtest [17:46:01]: test exercise: ---]
autopkgtest [17:46:02]: test exercise:  - - - - - - - - - - results - - - - - - 
- - - -
exercise PASS
autopkgtest [17:46:02]: test basics-create-destroy: preparing testbed


Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
(Reading database ... 69249 files and directories currently installed.)
Removing autopkgtest-satdep (0) ...
autopkgtest [17:50:16]: test no-devel: [---
+ grep LXC_DEVEL /usr/include/lxc/version.h
+ grep 0
#define LXC_DEVEL 0
autopkgtest [17:50:17]: test no-devel: ---]
no-devel PASS
autopkgtest [17:50:17]: test no-devel:  - - - - - - - - - - results - - - - - - 
- - - -
autopkgtest [17:50:18]:  summary
exercise PASS
basics-create-destroy PASS (superficial)
no-devel PASS
==

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2059550

Title:
  autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

Status in lxc package in Ubuntu:
  Fix Committed

Bug description:
  We can see autopkgtest failures on Noble:
  https://autopkgtest.ubuntu.com/packages/lxc
  1:5.0.3-2ubuntu2 from noble-proposed/universe

  Details from log 
(https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/l/lxc/20240327_203000_ce7d4@/log.gz):
  =
  3266s Removing autopkgtest-satdep (0) ...
  3269s autopkgtest [20:29:48]: test no-devel: [---
  3269s + grep LXC_DEVEL /usr/include/lxc/version.h
  3269s + grep 0
  3269s #define LXC_DEVEL 0
  3269s autopkgtest [20:29:48]: test no-devel: ---]
  3269s autopkgtest [20:29:48]: test no-devel:  - - - - - - - - - - results - - 
- - - - - - - -
  3269s no-devel PASS
  3269s autopkgtest [20:29:48]:  summary
  3269s exercise FAIL non-zero exit status 1
  3269s unprivileged-containers FAIL non-zero exit status 1
  3269s basics-create-destroy PASS (superficial)
  3269s no-devel PASS
  =

  
  unprivileged-containers
  =
  1896s Unpacking the rootfs
  1900s 
  1900s ---
  1900s You just created an Ubuntu mantic amd64 (20240326_07:42) container.
  1900s 
  1900s To enable SSH, run: apt install openssh-server
  1900s No default root or user password are set by LXC.
  1900s + systemd-run --scope --quiet --user --property=Delegate=yes lxc-start 
-n mycontainer
  1900s Failed to connect to bus: No medium found

  =

  exercise
  =
  1113s FAIL: lxc-tests: /usr/bin/lxc-test-unpriv
  1113s ---
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52927
  1113s Link:   veth1001_HZ75
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52994
  1113s Link:   veth1001_ujGT
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s lxc-copy: c1: ../src/lxc/utils.c: lxc_drop_groups: 1365 Operation not 
permitted - Failed to drop supplimentary groups
  <...>
  1113s info: Removing crontab ...
  1113s info: Removing user `lxcunpriv' ...
  1113s FAIL
  1113s ---
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernic
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernsexec
  1114s PASS: lxc-tests: /usr/bin/lxc-test-utils
  1114s 
  1114s SUMMARY: pass=55, fail=1, ignored=0
  1115s autopkgtest [19:53:54]: test exercise: ---]
  1115s autopkgtest [19:53:54]: test exercise:  - - - - - -

[Touch-packages] [Bug 2059550] Re: autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

** Patch added: "debdiff.diff"
   
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2059550/+attachment/5763468/+files/debdiff.diff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2059550

Title:
  autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

Status in lxc package in Ubuntu:
  Fix Committed

Bug description:
  We can see autopkgtest failures on Noble:
  https://autopkgtest.ubuntu.com/packages/lxc
  1:5.0.3-2ubuntu2 from noble-proposed/universe

  Details from log 
(https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/l/lxc/20240327_203000_ce7d4@/log.gz):
  =
  3266s Removing autopkgtest-satdep (0) ...
  3269s autopkgtest [20:29:48]: test no-devel: [---
  3269s + grep LXC_DEVEL /usr/include/lxc/version.h
  3269s + grep 0
  3269s #define LXC_DEVEL 0
  3269s autopkgtest [20:29:48]: test no-devel: ---]
  3269s autopkgtest [20:29:48]: test no-devel:  - - - - - - - - - - results - - 
- - - - - - - -
  3269s no-devel PASS
  3269s autopkgtest [20:29:48]:  summary
  3269s exercise FAIL non-zero exit status 1
  3269s unprivileged-containers FAIL non-zero exit status 1
  3269s basics-create-destroy PASS (superficial)
  3269s no-devel PASS
  =

  
  unprivileged-containers
  =
  1896s Unpacking the rootfs
  1900s 
  1900s ---
  1900s You just created an Ubuntu mantic amd64 (20240326_07:42) container.
  1900s 
  1900s To enable SSH, run: apt install openssh-server
  1900s No default root or user password are set by LXC.
  1900s + systemd-run --scope --quiet --user --property=Delegate=yes lxc-start 
-n mycontainer
  1900s Failed to connect to bus: No medium found

  =

  exercise
  =
  1113s FAIL: lxc-tests: /usr/bin/lxc-test-unpriv
  1113s ---
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52927
  1113s Link:   veth1001_HZ75
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52994
  1113s Link:   veth1001_ujGT
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s lxc-copy: c1: ../src/lxc/utils.c: lxc_drop_groups: 1365 Operation not 
permitted - Failed to drop supplimentary groups
  <...>
  1113s info: Removing crontab ...
  1113s info: Removing user `lxcunpriv' ...
  1113s FAIL
  1113s ---
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernic
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernsexec
  1114s PASS: lxc-tests: /usr/bin/lxc-test-utils
  1114s 
  1114s SUMMARY: pass=55, fail=1, ignored=0
  1115s autopkgtest [19:53:54]: test exercise: ---]
  1115s autopkgtest [19:53:54]: test exercise:  - - - - - - - - - - results - - 
- - - - - - - -
  1115s exercise FAIL non-zero exit status 1
  =

  
  In the previous version we had no unprivileged-containers testsuite because 
it was inherited from Debian.

  lxc-test-unpriv was a skipped test too because we had this piece of code:
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/exercise?h=applied/ubuntu/noble#n129
  =
  # Skip some tests due to cgroup v2 incompatibility
  if [ -e /sys/fs/cgroup/system.slice/memory.current ]; then

  [ "$testbin" = "lxc-test-apparmor-mount" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-autostart" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-no-new-privs" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-unpriv" ] && \
  ignore "$STRING" && continue

  fi
  =

  Just compare:
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/control?h=applied/ubuntu/noble
  and
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/control?h=applied/ubuntu/noble-devel

  We want to fix all of this for sure, but it would be awesome to get an
  updated and actual version of LXC in the upcoming Ubuntu Noble release
  too. So, may be it makes sense to skip this tests for the sake of
  having LXC updated.

  What I found in Debian, is that autopkgtests are skipped too:
  https://ci.debian.net/packages/l/lxc/unstable/amd64/

  Taking this into account it (probably) reasonable to skip this tests
  too for now.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2059550/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListH

[Touch-packages] [Bug 2060965] Re: liblxc is missing in 24.04

2024-04-11 Thread Aleksandr Mikhalitsyn

Hi!

I would suggest to way 1-2 days, because right now we are trying to get
https://launchpad.net/ubuntu/+source/lxc/1:5.0.3-2ubuntu5 in Noble. This
should solve this problem too.

I can only guess that your problem connected with that 1:5.0.1-0ubuntu8
was early replaced by 1:5.0.3-2ubuntu1, but this change was reverted at
some point (it happened 2 days ago).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2060965

Title:
  liblxc is missing in 24.04

Status in lxc package in Ubuntu:
  New

Bug description:
  For about a week liblxc is missing in 24.04

  # apt search liblxc
  Sorting... Done
  Full Text Search... Done
  golang-gopkg-lxc-go-lxc.v2-dev/noble,noble 0.0+git20230621.be98af2-1 all
Go bindings for liblxc

  lxc-dev/noble 1:5.0.1-0ubuntu8 all
Transitional package - lxc-dev -> liblxc-dev

  
  # apt install lxc-dev
  The following packages have unmet dependencies:
   lxc-dev : Depends: liblxc-dev (>= 1:5.0.1-0ubuntu8) but it is not installable

  # apt-cache policy liblxc-dev
  liblxc-dev:
Installed: (none)
Candidate: (none)
Version table:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2060965/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2059550] Re: autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

2024-04-12 Thread Aleksandr Mikhalitsyn

https://autopkgtest.ubuntu.com/packages/l/lxc

all tests are green, except i386 (which is broken for years :-( and this
should not block a migration).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2059550

Title:
  autopkgtest failures on 1:5.0.3-2ubuntu3 (Noble)

Status in lxc package in Ubuntu:
  Fix Committed

Bug description:
  We can see autopkgtest failures on Noble:
  https://autopkgtest.ubuntu.com/packages/lxc
  1:5.0.3-2ubuntu2 from noble-proposed/universe

  Details from log 
(https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/l/lxc/20240327_203000_ce7d4@/log.gz):
  =
  3266s Removing autopkgtest-satdep (0) ...
  3269s autopkgtest [20:29:48]: test no-devel: [---
  3269s + grep LXC_DEVEL /usr/include/lxc/version.h
  3269s + grep 0
  3269s #define LXC_DEVEL 0
  3269s autopkgtest [20:29:48]: test no-devel: ---]
  3269s autopkgtest [20:29:48]: test no-devel:  - - - - - - - - - - results - - 
- - - - - - - -
  3269s no-devel PASS
  3269s autopkgtest [20:29:48]:  summary
  3269s exercise FAIL non-zero exit status 1
  3269s unprivileged-containers FAIL non-zero exit status 1
  3269s basics-create-destroy PASS (superficial)
  3269s no-devel PASS
  =

  
  unprivileged-containers
  =
  1896s Unpacking the rootfs
  1900s 
  1900s ---
  1900s You just created an Ubuntu mantic amd64 (20240326_07:42) container.
  1900s 
  1900s To enable SSH, run: apt install openssh-server
  1900s No default root or user password are set by LXC.
  1900s + systemd-run --scope --quiet --user --property=Delegate=yes lxc-start 
-n mycontainer
  1900s Failed to connect to bus: No medium found

  =

  exercise
  =
  1113s FAIL: lxc-tests: /usr/bin/lxc-test-unpriv
  1113s ---
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52927
  1113s Link:   veth1001_HZ75
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s Name:   c1
  1113s State:  RUNNING
  1113s PID:52994
  1113s Link:   veth1001_ujGT
  1113s  TX bytes:  0 bytes
  1113s  RX bytes:  0 bytes
  1113s  Total bytes:   0 bytes
  1113s lxc-copy: c1: ../src/lxc/utils.c: lxc_drop_groups: 1365 Operation not 
permitted - Failed to drop supplimentary groups
  <...>
  1113s info: Removing crontab ...
  1113s info: Removing user `lxcunpriv' ...
  1113s FAIL
  1113s ---
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernic
  1114s PASS: lxc-tests: /usr/bin/lxc-test-usernsexec
  1114s PASS: lxc-tests: /usr/bin/lxc-test-utils
  1114s 
  1114s SUMMARY: pass=55, fail=1, ignored=0
  1115s autopkgtest [19:53:54]: test exercise: ---]
  1115s autopkgtest [19:53:54]: test exercise:  - - - - - - - - - - results - - 
- - - - - - - -
  1115s exercise FAIL non-zero exit status 1
  =

  
  In the previous version we had no unprivileged-containers testsuite because 
it was inherited from Debian.

  lxc-test-unpriv was a skipped test too because we had this piece of code:
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/exercise?h=applied/ubuntu/noble#n129
  =
  # Skip some tests due to cgroup v2 incompatibility
  if [ -e /sys/fs/cgroup/system.slice/memory.current ]; then

  [ "$testbin" = "lxc-test-apparmor-mount" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-autostart" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-no-new-privs" ] && \
  ignore "$STRING" && continue

  [ "$testbin" = "lxc-test-unpriv" ] && \
  ignore "$STRING" && continue

  fi
  =

  Just compare:
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/control?h=applied/ubuntu/noble
  and
  
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/tests/control?h=applied/ubuntu/noble-devel

  We want to fix all of this for sure, but it would be awesome to get an
  updated and actual version of LXC in the upcoming Ubuntu Noble release
  too. So, may be it makes sense to skip this tests for the sake of
  having LXC updated.

  What I found in Debian, is that autopkgtests are skipped too:
  https://ci.debian.net/packages/l/lxc/unstable/amd64/

  Taking this into account it (probably) reasonable to skip this tests
  too for now.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2059550/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.la

[Touch-packages] [Bug 2060965] Re: liblxc is missing in 24.04

2024-04-15 Thread Aleksandr Mikhalitsyn

Hi!

Couldn't you check if this is fixed for you?

This is what I see now on Noble:

root@lxc-test-noble:~# apt search liblxc
Sorting... Done
Full Text Search... Done
golang-gopkg-lxc-go-lxc.v2-dev/noble 0.0+git20230621.be98af2-1 all
  Go bindings for liblxc

liblxc-common/noble,now 1:5.0.3-2ubuntu5 amd64 [installed,automatic]
  Linux Containers userspace tools (library)

liblxc-dev/noble 1:5.0.3-2ubuntu5 all
  Transitional package - liblxc-dev -> lxc-dev

liblxc1/noble,now 1:5.0.3-2ubuntu5 amd64 [installed,automatic]
  Linux Containers userspace tools (library)

root@lxc-test-noble:~# apt install lxc-dev
...

root@lxc-test-noble:~# lxc-start --version
5.0.3

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2060965

Title:
  liblxc is missing in 24.04

Status in lxc package in Ubuntu:
  New

Bug description:
  For about a week liblxc is missing in 24.04

  # apt search liblxc
  Sorting... Done
  Full Text Search... Done
  golang-gopkg-lxc-go-lxc.v2-dev/noble,noble 0.0+git20230621.be98af2-1 all
Go bindings for liblxc

  lxc-dev/noble 1:5.0.1-0ubuntu8 all
Transitional package - lxc-dev -> liblxc-dev

  
  # apt install lxc-dev
  The following packages have unmet dependencies:
   lxc-dev : Depends: liblxc-dev (>= 1:5.0.1-0ubuntu8) but it is not installable

  # apt-cache policy liblxc-dev
  liblxc-dev:
Installed: (none)
Candidate: (none)
Version table:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2060965/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers

2024-07-30 Thread Aleksandr Mikhalitsyn

https://github.com/canonical/lxd/pull/13820

** Changed in: lxd (Ubuntu)
 Assignee: (unassigned) => Aleksandr Mikhalitsyn (mihalicyn)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2046486

Title:
  units with credentials fail in LXD containers

Status in cloud-images:
  Confirmed
Status in lxd:
  New
Status in lxd package in Ubuntu:
  Confirmed
Status in samba package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Triaged

Bug description:
  Many units shipped by systemd use credentials in some way by default
  now (in v256). So this issue is now about much more than the original
  test case failure.

  For example,

  root@oracular:~# apt policy systemd
  systemd:
    Installed: 256-1ubuntu1
    Candidate: 256-1ubuntu1
    Version table:
   *** 256-1ubuntu1 100
  100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 
Packages
  100 /var/lib/dpkg/status
   255.4-1ubuntu8 500
  500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
  root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 
-name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo 
"$service"; done
  /usr/lib/systemd/system/systemd-sysusers.service
  /usr/lib/systemd/system/systemd-resolved.service
  /usr/lib/systemd/system/systemd-firstboot.service
  /usr/lib/systemd/system/systemd-network-generator.service
  /usr/lib/systemd/system/systemd-journald.service
  /usr/lib/systemd/system/systemd-sysctl.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup.service
  /usr/lib/systemd/system/systemd-udev-load-credentials.service
  /usr/lib/systemd/system/systemd-tmpfiles-clean.service
  /usr/lib/systemd/system/systemd-networkd.service

  root@oracular:~# systemctl status systemd-sysusers.service 
systemd-resolved.service systemd-firstboot.service 
systemd-network-generator.service systemd-journald.service 
systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service 
systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service 
systemd-udev-load-credentials.service systemd-tmpfiles-clean.service 
systemd-networkd.service
  ○ systemd-sysusers.service - Create System Users
   Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static)
   Active: inactive (dead)
Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago
   ├─ ConditionNeedsUpdate=|/etc was not met
   └─ ConditionCredential=|sysusers.extra was not met
 Docs: man:sysusers.d(5)
   man:systemd-sysusers.service(8)

  × systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; 
enabled; preset: enabled)
   Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 
59s ago
   Invocation: b1aaa662750f48868fe3388e4524c462
 Docs: man:systemd-resolved.service(8)
   man:org.freedesktop.resolve1(5)
   https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS
   https://systemd.io/WRITING_RESOLVER_CLIENTS
  Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, 
status=243/CREDENTIALS)
 Main PID: 258 (code=exited, status=243/CREDENTIALS)

  ○ systemd-firstboot.service - First Boot Wizard
   Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; 
static)
   Active: inactive (dead)
Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago
   └─ ConditionFirstBoot=yes was not met
 Docs: man:systemd-firstboot(1)

  ○ systemd-network-generator.service - Generate network units from Kernel 
command line
   Loaded: loaded 
(/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: 
enabled)
   Active: inactive (dead)
 Docs: man:systemd-network-generator.service(8)

  × systemd-journald.service - Journal Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static)
  Drop-In: /usr/lib/systemd/system/systemd-journald.service.d
   └─nice.conf
   Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 
1min 0s ago
   Invocation: 7caace7a15c749f3a86fb15fcfb94dff
  TriggeredBy: × systemd-journald-dev-log.socket
   × systemd-journald.socket
   ○ systemd-journald-audit.socket
 Docs: man:systemd-journald.service(8)
   man:journald.conf(5)
  Process: 124 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, 
status=243/CREDENTIALS)
 Main PID: 124 (code=exited, status=243/CREDENTIALS)
 FD Store: 0 (limit: 4224)

  × systemd-sysctl.service - Apply Kerne

[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers

2024-07-30 Thread Aleksandr Mikhalitsyn

see also
https://github.com/canonical/lxd/issues/13810

** Changed in: lxd (Ubuntu)
   Status: Confirmed => Fix Committed

** Bug watch added: github.com/canonical/lxd/issues #13810
   https://github.com/canonical/lxd/issues/13810

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2046486

Title:
  units with credentials fail in LXD containers

Status in cloud-images:
  Confirmed
Status in lxd:
  New
Status in lxd package in Ubuntu:
  Fix Committed
Status in samba package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Triaged

Bug description:
  Many units shipped by systemd use credentials in some way by default
  now (in v256). So this issue is now about much more than the original
  test case failure.

  For example,

  root@oracular:~# apt policy systemd
  systemd:
    Installed: 256-1ubuntu1
    Candidate: 256-1ubuntu1
    Version table:
   *** 256-1ubuntu1 100
  100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 
Packages
  100 /var/lib/dpkg/status
   255.4-1ubuntu8 500
  500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
  root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 
-name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo 
"$service"; done
  /usr/lib/systemd/system/systemd-sysusers.service
  /usr/lib/systemd/system/systemd-resolved.service
  /usr/lib/systemd/system/systemd-firstboot.service
  /usr/lib/systemd/system/systemd-network-generator.service
  /usr/lib/systemd/system/systemd-journald.service
  /usr/lib/systemd/system/systemd-sysctl.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup.service
  /usr/lib/systemd/system/systemd-udev-load-credentials.service
  /usr/lib/systemd/system/systemd-tmpfiles-clean.service
  /usr/lib/systemd/system/systemd-networkd.service

  root@oracular:~# systemctl status systemd-sysusers.service 
systemd-resolved.service systemd-firstboot.service 
systemd-network-generator.service systemd-journald.service 
systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service 
systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service 
systemd-udev-load-credentials.service systemd-tmpfiles-clean.service 
systemd-networkd.service
  ○ systemd-sysusers.service - Create System Users
   Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static)
   Active: inactive (dead)
Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago
   ├─ ConditionNeedsUpdate=|/etc was not met
   └─ ConditionCredential=|sysusers.extra was not met
 Docs: man:sysusers.d(5)
   man:systemd-sysusers.service(8)

  × systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; 
enabled; preset: enabled)
   Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 
59s ago
   Invocation: b1aaa662750f48868fe3388e4524c462
 Docs: man:systemd-resolved.service(8)
   man:org.freedesktop.resolve1(5)
   https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS
   https://systemd.io/WRITING_RESOLVER_CLIENTS
  Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, 
status=243/CREDENTIALS)
 Main PID: 258 (code=exited, status=243/CREDENTIALS)

  ○ systemd-firstboot.service - First Boot Wizard
   Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; 
static)
   Active: inactive (dead)
Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago
   └─ ConditionFirstBoot=yes was not met
 Docs: man:systemd-firstboot(1)

  ○ systemd-network-generator.service - Generate network units from Kernel 
command line
   Loaded: loaded 
(/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: 
enabled)
   Active: inactive (dead)
 Docs: man:systemd-network-generator.service(8)

  × systemd-journald.service - Journal Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static)
  Drop-In: /usr/lib/systemd/system/systemd-journald.service.d
   └─nice.conf
   Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 
1min 0s ago
   Invocation: 7caace7a15c749f3a86fb15fcfb94dff
  TriggeredBy: × systemd-journald-dev-log.socket
   × systemd-journald.socket
   ○ systemd-journald-audit.socket
 Docs: man:systemd-journald.service(8)
   man:journald.conf(5)
  Process: 124 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, 
status=243/CREDENTIALS)
 Main PID: 124 (code=exited, status=243/CREDENTIALS)
 FD Store: 0 (limit: 42

[Touch-packages] [Bug 2046486] Re: units with credentials fail in LXD containers

2024-07-30 Thread Aleksandr Mikhalitsyn

>Ill need to check with mihalicyn if the fix relies on a thr lxd snap
switching base to core24.

no, but we need https://github.com/canonical/lxd-pkg-snap/pull/477

Full details:
https://github.com/canonical/lxd/issues/13810#issuecomment-2253259452

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2046486

Title:
  units with credentials fail in LXD containers

Status in cloud-images:
  Confirmed
Status in lxd:
  New
Status in lxd package in Ubuntu:
  Fix Committed
Status in samba package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Triaged

Bug description:
  Many units shipped by systemd use credentials in some way by default
  now (in v256). So this issue is now about much more than the original
  test case failure.

  For example,

  root@oracular:~# apt policy systemd
  systemd:
    Installed: 256-1ubuntu1
    Candidate: 256-1ubuntu1
    Version table:
   *** 256-1ubuntu1 100
  100 http://archive.ubuntu.com/ubuntu oracular-proposed/main amd64 
Packages
  100 /var/lib/dpkg/status
   255.4-1ubuntu8 500
  500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
  root@oracular:~# for service in $(find /usr/lib/systemd/system -maxdepth 1 
-name "systemd-*.service"); do grep -q "Credential.*=" "$service" && echo 
"$service"; done
  /usr/lib/systemd/system/systemd-sysusers.service
  /usr/lib/systemd/system/systemd-resolved.service
  /usr/lib/systemd/system/systemd-firstboot.service
  /usr/lib/systemd/system/systemd-network-generator.service
  /usr/lib/systemd/system/systemd-journald.service
  /usr/lib/systemd/system/systemd-sysctl.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup-dev-early.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup-dev.service
  /usr/lib/systemd/system/systemd-tmpfiles-setup.service
  /usr/lib/systemd/system/systemd-udev-load-credentials.service
  /usr/lib/systemd/system/systemd-tmpfiles-clean.service
  /usr/lib/systemd/system/systemd-networkd.service

  root@oracular:~# systemctl status systemd-sysusers.service 
systemd-resolved.service systemd-firstboot.service 
systemd-network-generator.service systemd-journald.service 
systemd-sysctl.service systemd-tmpfiles-setup-dev-early.service 
systemd-tmpfiles-setup-dev.service systemd-tmpfiles-setup.service 
systemd-udev-load-credentials.service systemd-tmpfiles-clean.service 
systemd-networkd.service
  ○ systemd-sysusers.service - Create System Users
   Loaded: loaded (/usr/lib/systemd/system/systemd-sysusers.service; static)
   Active: inactive (dead)
Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 1min 0s ago
   ├─ ConditionNeedsUpdate=|/etc was not met
   └─ ConditionCredential=|sysusers.extra was not met
 Docs: man:sysusers.d(5)
   man:systemd-sysusers.service(8)

  × systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/usr/lib/systemd/system/systemd-resolved.service; 
enabled; preset: enabled)
   Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:49 UTC; 
59s ago
   Invocation: b1aaa662750f48868fe3388e4524c462
 Docs: man:systemd-resolved.service(8)
   man:org.freedesktop.resolve1(5)
   https://systemd.io/WRITING_NETWORK_CONFIGURATION_MANAGERS
   https://systemd.io/WRITING_RESOLVER_CLIENTS
  Process: 258 ExecStart=/usr/lib/systemd/systemd-resolved (code=exited, 
status=243/CREDENTIALS)
 Main PID: 258 (code=exited, status=243/CREDENTIALS)

  ○ systemd-firstboot.service - First Boot Wizard
   Loaded: loaded (/usr/lib/systemd/system/systemd-firstboot.service; 
static)
   Active: inactive (dead)
Condition: start condition unmet at Mon 2024-06-24 18:58:48 UTC; 59s ago
   └─ ConditionFirstBoot=yes was not met
 Docs: man:systemd-firstboot(1)

  ○ systemd-network-generator.service - Generate network units from Kernel 
command line
   Loaded: loaded 
(/usr/lib/systemd/system/systemd-network-generator.service; disabled; preset: 
enabled)
   Active: inactive (dead)
 Docs: man:systemd-network-generator.service(8)

  × systemd-journald.service - Journal Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-journald.service; static)
  Drop-In: /usr/lib/systemd/system/systemd-journald.service.d
   └─nice.conf
   Active: failed (Result: exit-code) since Mon 2024-06-24 18:58:48 UTC; 
1min 0s ago
   Invocation: 7caace7a15c749f3a86fb15fcfb94dff
  TriggeredBy: × systemd-journald-dev-log.socket
   × systemd-journald.socket
   ○ systemd-journald-audit.socket
 Docs: man:systemd-journald.service(8)
   man:journald.conf(5)
  Process: 124 ExecStart=/usr/lib/systemd/systemd-journald (code=exited, 
status=243/CREDENTIALS)
 Main PID: 124 (code=exited, status=243/CREDENTIALS)
 FD Store

[Touch-packages] [Bug 2077413] Re: apparmor unconfined profile blocks signal sending

2024-08-20 Thread Aleksandr Mikhalitsyn

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2077413

Title:
  apparmor unconfined profile blocks signal sending

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New

Bug description:
  Dear friends,

  if I'm not missing anything it looks like we have one more bug with
  unconfined AppArmor profiles.

  Reproducer description.

  

  1. Create 4 files with the following content:

  # cat apparmor_signal_test_wrap.sh 
  #!/bin/sh

  cat /proc/self/attr/apparmor/current

  ./apparmor_signal_test.sh

  kill -9 $(cat test.pid)

  # cat apparmor_signal_test.sh 
  #!/bin/sh

  cat /proc/self/attr/apparmor/current

  sleep 1000 &
  echo $! > test.pid

  # cat /etc/apparmor.d/home.ubuntu.apparmor_signal_test_wrap

  #include 

  "/home/ubuntu/apparmor_signal_test_wrap.sh" flags=(unconfined) {
#include 

capability,
dbus,
file,
network,
  }

  # cat /etc/apparmor.d/home.ubuntu.apparmor_signal_test

  #include 

  "/home/ubuntu/apparmor_signal_test.sh" {
#include 

capability,
dbus,
file,
network,
  }

  2. Load AppArmor profiles:

  apparmor_parser -r /etc/apparmor.d/home.ubuntu.apparmor_signal_test
  apparmor_parser -r /etc/apparmor.d/home.ubuntu.apparmor_signal_test_wrap

  3. run program

  # ./apparmor_signal_test_wrap.sh 
  /home/ubuntu/apparmor_signal_test_wrap.sh (unconfined)
  /home/ubuntu/apparmor_signal_test.sh (enforce)
  ./apparmor_signal_test_wrap.sh: 7: kill: Permission denied

  4. check dmesg:

  [ 4043.092218] audit: type=1400 audit(1724153768.037:191):
  apparmor="DENIED" operation="signal" class="signal"
  profile="/home/ubuntu/apparmor_signal_test.sh" pid=10561
  comm="apparmor_signal" requested_mask="receive" denied_mask="receive"
  signal=kill peer="/home/ubuntu/apparmor_signal_test_wrap.sh"

  Expected behavior:
  ./apparmor_signal_test_wrap.sh should exit without any errors.

  

  This bug affects LXD when we enable a new unconfined mode (in lxd-support 
snapd interface).
  Originally, this problem was reported as a comment in another LP bug for 
AppArmor:
  https://bugs.launchpad.net/apparmor/+bug/2067900/comments/2
  but it looks like problem is deeper in this case.

  We had to revert:
  https://github.com/canonical/lxd-pkg-snap/pull/489
  because of this and a few other issues.

  System info:

  # cat /etc/os-release 
  PRETTY_NAME="Ubuntu 24.04 LTS"
  NAME="Ubuntu"
  VERSION_ID="24.04"
  VERSION="24.04 LTS (Noble Numbat)"

  # uname -a
  Linux ubuntu 6.8.0-40-generic #40-Ubuntu SMP PREEMPT_DYNAMIC Fri Jul  5 
10:34:03 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

  # apt info apparmor
  Package: apparmor
  Version: 4.0.1really4.0.0-beta3-0ubuntu0.1

  # apparmor_parser -V
  AppArmor parser version 4.0.0~beta3
  Copyright (C) 1999-2008 Novell Inc.
  Copyright 2009-2018 Canonical Ltd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2077413/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2077413] Re: apparmor unconfined profile blocks signal sending

2024-08-20 Thread Aleksandr Mikhalitsyn

Hey Christian!

thanks a lot for your fast reaction on this report!

>In other words: this looks like normal and expected behaviour to me.
You'll need to add a rule

ok, that makes sense.

>Note that abstractions/base allows signal (receive) peer=unconfined, -
and "unconfined" does not match your profile name.

but if we have this specific rule just for unconfined label, why we
don't have analogical rule for profiles with flags=(unconfined)? Because
this "unconfined" profile flag was presented as a drop-in replacement
for an old unconfined label. Isn't it?

The problem with your proposal of adding an extra rule in a profile is
that, it's a painful for existing software to step from old "unconfined"
label to a new "flags=(unconfined)" profile, because this will require
revisiting and modification of many existing and stable apparmor
profiles. Which is not acceptable.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2077413

Title:
  apparmor unconfined profile blocks signal sending

Status in AppArmor:
  New
Status in apparmor package in Ubuntu:
  New

Bug description:
  Dear friends,

  if I'm not missing anything it looks like we have one more bug with
  unconfined AppArmor profiles.

  Reproducer description.

  

  1. Create 4 files with the following content:

  # cat apparmor_signal_test_wrap.sh 
  #!/bin/sh

  cat /proc/self/attr/apparmor/current

  ./apparmor_signal_test.sh

  kill -9 $(cat test.pid)

  # cat apparmor_signal_test.sh 
  #!/bin/sh

  cat /proc/self/attr/apparmor/current

  sleep 1000 &
  echo $! > test.pid

  # cat /etc/apparmor.d/home.ubuntu.apparmor_signal_test_wrap

  #include 

  "/home/ubuntu/apparmor_signal_test_wrap.sh" flags=(unconfined) {
#include 

capability,
dbus,
file,
network,
  }

  # cat /etc/apparmor.d/home.ubuntu.apparmor_signal_test

  #include 

  "/home/ubuntu/apparmor_signal_test.sh" {
#include 

capability,
dbus,
file,
network,
  }

  2. Load AppArmor profiles:

  apparmor_parser -r /etc/apparmor.d/home.ubuntu.apparmor_signal_test
  apparmor_parser -r /etc/apparmor.d/home.ubuntu.apparmor_signal_test_wrap

  3. run program

  # ./apparmor_signal_test_wrap.sh 
  /home/ubuntu/apparmor_signal_test_wrap.sh (unconfined)
  /home/ubuntu/apparmor_signal_test.sh (enforce)
  ./apparmor_signal_test_wrap.sh: 7: kill: Permission denied

  4. check dmesg:

  [ 4043.092218] audit: type=1400 audit(1724153768.037:191):
  apparmor="DENIED" operation="signal" class="signal"
  profile="/home/ubuntu/apparmor_signal_test.sh" pid=10561
  comm="apparmor_signal" requested_mask="receive" denied_mask="receive"
  signal=kill peer="/home/ubuntu/apparmor_signal_test_wrap.sh"

  Expected behavior:
  ./apparmor_signal_test_wrap.sh should exit without any errors.

  

  This bug affects LXD when we enable a new unconfined mode (in lxd-support 
snapd interface).
  Originally, this problem was reported as a comment in another LP bug for 
AppArmor:
  https://bugs.launchpad.net/apparmor/+bug/2067900/comments/2
  but it looks like problem is deeper in this case.

  We had to revert:
  https://github.com/canonical/lxd-pkg-snap/pull/489
  because of this and a few other issues.

  System info:

  # cat /etc/os-release 
  PRETTY_NAME="Ubuntu 24.04 LTS"
  NAME="Ubuntu"
  VERSION_ID="24.04"
  VERSION="24.04 LTS (Noble Numbat)"

  # uname -a
  Linux ubuntu 6.8.0-40-generic #40-Ubuntu SMP PREEMPT_DYNAMIC Fri Jul  5 
10:34:03 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

  # apt info apparmor
  Package: apparmor
  Version: 4.0.1really4.0.0-beta3-0ubuntu0.1

  # apparmor_parser -V
  AppArmor parser version 4.0.0~beta3
  Copyright (C) 1999-2008 Novell Inc.
  Copyright 2009-2018 Canonical Ltd.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2077413/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2067900] Re: apparmor unconfined profile blocks pivot_root

2024-08-30 Thread Aleksandr Mikhalitsyn

AFAIK, fix was landed
https://gitlab.com/apparmor/apparmor/-/commit/4bb134e4bb950a8c9a1f70a27eb2acd2a35df412

But changelog
https://changelogs.ubuntu.com/changelogs/pool/main/a/apparmor/apparmor_4.0.1really4.0.0-beta3-0ubuntu0.1/changelog
says that everything was reverted back to 4.0.0~beta.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2067900

Title:
  apparmor unconfined profile blocks pivot_root

Status in AppArmor:
  Confirmed
Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  LXD team have got a report
  (https://github.com/canonical/lxd/issues/13389) from our user that on
  the Ubuntu Noble host it's not possible to run Docker containers
  inside a LXC container.

  After some investigation, it was discovered that problem connected
  with AppArmor profile which is shipped by default /etc/apparmor.d/runc
  (comes from
  
https://git.launchpad.net/ubuntu/+source/apparmor/commit/profiles/apparmor.d/runc?h=ubuntu/noble-
  devel&id=997aea8111bfa1e03960ae3a40321da73f0a6d96 )

  This profile is unconfined and should give all permissions to the runc
  daemon. But it does not work.

  Manual adding of "pivot_root," line and executing "systemctl reload
  apparmor.service" makes it work.

  After some further investigation it was found that on upstream Linux
  kernel problem is not reproducible.

  Our team was able to find a problematic commit:
  
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=dc757a645cfa82f6ac252365df20a36a9ff82760

  The following (partial) revert helps to solve the issue on Ubuntu
  kernel:

  diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
  index 74b7293ab971..b12e6bdfefb2 100644
  --- a/security/apparmor/mount.c
  +++ b/security/apparmor/mount.c
  @@ -678,7 +678,7 @@ static struct aa_label *build_pivotroot(const struct cred 
*subj_cred,
  AA_BUG(!new_path);
  AA_BUG(!old_path);
   
  -   if (!RULE_MEDIATES(rules, AA_CLASS_MOUNT))
  +   if (profile_unconfined(profile) || !RULE_MEDIATES(rules, 
AA_CLASS_MOUNT))
  return aa_get_newest_label(&profile->label);
   
  error = aa_path_name(old_path, path_flags(profile, old_path),

  System info:

  # uname -a
  Linux ubuntu 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 
00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

  # cat /etc/os-release 
  PRETTY_NAME="Ubuntu 24.04 LTS"
  

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2067900/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2067900] Re: apparmor unconfined profile blocks pivot_root

2024-09-12 Thread Aleksandr Mikhalitsyn

We have another problem which disappears when I revert
dc757a645cfa82f6ac252365df20a36a9ff82760 ("UBUNTU: SAUCE: apparmor4.0.0
[81/90]: apparmor: convert easy uses of unconfined() to
label_mediates()") commit.

Now it is not connected with unconfined profiles at all, it involves Ubuntu 
Noble (host) + LXD (any version) + Ubuntu 12.04 container. And that container 
fails to get an IPv4 address using dhcp client with the following error:
dhclient3 eth0
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted

On the host side we can see a following AppArmor denial:
Sep 05 12:01:09  kernel: audit: type=1400 audit(1725534069.603:228): 
apparmor="DENIED" operation="capable" class="cap" 
namespace="root//lxd-c1_" profile="/sbin/dhclient" pid=28122 
comm="ip" capability=12  capname="net_admin"

Precisely the same user space works well with upstream kernels 6.8.12
and 6.11.0-rc7. But fails on 6.8.12-based Ubuntu Noble's kernel.
Reverting of dc757a645cfa82f6ac252365df20a36a9ff82760 makes things to
work again.

Reproducer is as simple as lxc launch ubuntu:12.04 myct and check if
myct gets an IPv4 address (it won't).

External link: https://discourse.ubuntu.com/t/containers-with-
ubuntu-12-04-5-lts-are-not-getting-ipv4s-anymore

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2067900

Title:
  apparmor unconfined profile blocks pivot_root

Status in AppArmor:
  Confirmed
Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  LXD team have got a report
  (https://github.com/canonical/lxd/issues/13389) from our user that on
  the Ubuntu Noble host it's not possible to run Docker containers
  inside a LXC container.

  After some investigation, it was discovered that problem connected
  with AppArmor profile which is shipped by default /etc/apparmor.d/runc
  (comes from
  
https://git.launchpad.net/ubuntu/+source/apparmor/commit/profiles/apparmor.d/runc?h=ubuntu/noble-
  devel&id=997aea8111bfa1e03960ae3a40321da73f0a6d96 )

  This profile is unconfined and should give all permissions to the runc
  daemon. But it does not work.

  Manual adding of "pivot_root," line and executing "systemctl reload
  apparmor.service" makes it work.

  After some further investigation it was found that on upstream Linux
  kernel problem is not reproducible.

  Our team was able to find a problematic commit:
  
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/noble/commit/?id=dc757a645cfa82f6ac252365df20a36a9ff82760

  The following (partial) revert helps to solve the issue on Ubuntu
  kernel:

  diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
  index 74b7293ab971..b12e6bdfefb2 100644
  --- a/security/apparmor/mount.c
  +++ b/security/apparmor/mount.c
  @@ -678,7 +678,7 @@ static struct aa_label *build_pivotroot(const struct cred 
*subj_cred,
  AA_BUG(!new_path);
  AA_BUG(!old_path);
   
  -   if (!RULE_MEDIATES(rules, AA_CLASS_MOUNT))
  +   if (profile_unconfined(profile) || !RULE_MEDIATES(rules, 
AA_CLASS_MOUNT))
  return aa_get_newest_label(&profile->label);
   
  error = aa_path_name(old_path, path_flags(profile, old_path),

  System info:

  # uname -a
  Linux ubuntu 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 
00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

  # cat /etc/os-release 
  PRETTY_NAME="Ubuntu 24.04 LTS"
  

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/2067900/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] [NEW] liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

2023-10-19 Thread Aleksandr Mikhalitsyn

Public bug reported:

Dear colleagues,

As I can see from:
-
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/jammy
-
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/kinetic

LXC 5.0.0 was built with LXC_DEVEL=1 set. But for release build we
should have LXC_DEVEL=0.

LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
and then can be (and actually it is) used by other projects to detect if
liblxc-dev is a development build or stable.

Having LXC_DEVEL=1 makes problems for the users who want to build projects
those are depend on liblxc
from source (for example, LXD, go-lxc:
https://github.com/canonical/lxd/pull/12420).

Q: Why it was not a problem for so long?
A: Because LXC API was stable for a long time, but recently we have extended
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc
was updated too (https://github.com/lxc/go-lxc/pull/166).
This change was developed properly to be backward compatible with the old
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro
check VERSION_AT_LEAST
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release
build of LXC.

And also, as I can see the source code that was used to build LXC 5.0.0
in Jammy/Kinetic is not precisely the same as in the official LXC 5.0.0
tag (https://github.com/lxc/lxc/tree/lxc-5.0.0).

I understand that Jammy is a LTS release and making any changes is a
problem and we should go through the SRU process. But I believe that we
have to do something at least with LXC_DEVEL to make things work
properly.

Kind regards,
Alex

** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
New

Bug description:
Dear colleagues,

As I can see from:
-
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/jammy
-
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/kinetic

LXC 5.0.0 was built with LXC_DEVEL=1 set. But for release build we
should have LXC_DEVEL=0.

LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
and then can be (and actually it is) used by other projects to detect
if liblxc-dev is a development build or stable.

Having LXC_DEVEL=1 makes problems for the users who want to build projects
those are depend on liblxc
from source (for example, LXD, go-lxc:
https://github.com/canonical/lxd/pull/12420).

And also, as I can see the source code that was used to build LXC
5.0.0 in Jammy/Kinetic is not precisely the same as in the official
LXC 5.0.0 tag (https://github.com/lxc/lxc/tree/lxc-5.0.0).

I understand that Jammy is a LTS release and making any changes is a
problem and we should go through the SRU process. But I believe that
we have to do something at least with LXC_DEVEL to make things work
properly.

Kind regards,
Alex

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions

--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

We have discussed that in the #lxd-dev IRC with Simon but I decided to
post it here for others.

It looks like we need to patch 3 places:
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure.ac?h=applied/ubuntu/jammy#n3
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/jammy#n3498
https://git.launchpad.net/ubuntu/+source/lxc/tree/src/lxc/version.h?h=applied/ubuntu/jammy#n6

For some reason, the sources which are used for Jammy LXC 5.0.0 use
autoconf/automake build system, at the same time upstream
https://github.com/lxc/lxc/tree/lxc-5.0.0 uses meson.

removing
https://git.launchpad.net/ubuntu/+source/lxc/tree/debian/patches/0003-meson-
Set-DEVEL-flag-post-release.patch won't help as we don't use meson.

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
New

Bug description:
Dear colleagues,

As I can see from:
-
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/jammy
-
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/kinetic

LXC 5.0.0 was built with LXC_DEVEL=1 set. But for release build we
should have LXC_DEVEL=0.

LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
and then can be (and actually it is) used by other projects to detect
if liblxc-dev is a development build or stable.

Having LXC_DEVEL=1 makes problems for the users who want to build projects
those are depend on liblxc
from source (for example, LXD, go-lxc:
https://github.com/canonical/lxd/pull/12420).

And also, as I can see the source code that was used to build LXC
5.0.0 in Jammy/Kinetic is not precisely the same as in the official
LXC 5.0.0 tag (https://github.com/lxc/lxc/tree/lxc-5.0.0).

I understand that Jammy is a LTS release and making any changes is a
problem and we should go through the SRU process. But I believe that
we have to do something at least with LXC_DEVEL to make things work
properly.

Kind regards,
Alex

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions

--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Simon wanted to make a debdiff for this issue because he has an
experience with that.

This is debdiff from me but this is the 1st debdiff in my life. Most
likely I did something wrong :-)

What I did:

1. set email and name

$ export DEBEMAIL="y...@email.com"
$ export DEBFULLNAME="Your Name"

2. pull source package

$ pull-lp-source liblxc-dev jammy

3. make required source modifications

4. edit debian/changelog file properly and not forget to add LP issue
link

$ debchange

5. form local source changes into patch

$ dpkg-source --commit

6. create a source package from sources

$ debuild -S -d

7. build a binary package and test it

$ debuild
$ dpkg -i your_package.deb

8. create a debdiff:

$ debdiff lxc_5.0.0~git2209-g5a7b9ce67-0ubuntu1.dsc
lxc_5.0.0~git2209-g5a7b9ce67-0ubuntu2.dsc > debdiff.diff

Huge thanks to Stéphane Graber for initial instructions about the
procedure.

** Patch added: "set LXC_DEVEL to 0"
   
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+attachment/5711815/+files/debdiff.diff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
  New

Bug description:
  Dear colleagues,

  As I can see from:
  - 
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/jammy
  - 
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/kinetic

  LXC 5.0.0 was built with LXC_DEVEL=1 set. But for release build we
  should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  And also, as I can see the source code that was used to build LXC
  5.0.0 in Jammy/Kinetic is not precisely the same as in the official
  LXC 5.0.0 tag (https://github.com/lxc/lxc/tree/lxc-5.0.0).

  I understand that Jammy is a LTS release and making any changes is a
  problem and we should go through the SRU process. But I believe that
  we have to do something at least with LXC_DEVEL to make things work
  properly.

  Kind regards,
  Alex

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

** Patch removed: "set LXC_DEVEL to 0"
   
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+attachment/5711815/+files/debdiff.diff

** Patch added: "set LXC_DEVEL to 0"
   
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+attachment/5711843/+files/debdiff.diff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
  New

Bug description:
  Dear colleagues,

  As I can see from:
  - 
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/jammy
  - 
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/kinetic

  LXC 5.0.0 was built with LXC_DEVEL=1 set. But for release build we
  should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  And also, as I can see the source code that was used to build LXC
  5.0.0 in Jammy/Kinetic is not precisely the same as in the official
  LXC 5.0.0 tag (https://github.com/lxc/lxc/tree/lxc-5.0.0).

  I understand that Jammy is a LTS release and making any changes is a
  problem and we should go through the SRU process. But I believe that
  we have to do something at least with LXC_DEVEL to make things work
  properly.

  Kind regards,
  Alex

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

I have updated a debdiff and removed the boilerplate comment in
`0002-Ubuntu-set-LXC_DEVEL-to-0.patch as suggested by Simon Déziel

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
New

Bug description:
Dear colleagues,

As I can see from:
-
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/jammy
-
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/kinetic

LXC 5.0.0 was built with LXC_DEVEL=1 set. But for release build we
should have LXC_DEVEL=0.

LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
and then can be (and actually it is) used by other projects to detect
if liblxc-dev is a development build or stable.

Having LXC_DEVEL=1 makes problems for the users who want to build projects
those are depend on liblxc
from source (for example, LXD, go-lxc:
https://github.com/canonical/lxd/pull/12420).

And also, as I can see the source code that was used to build LXC
5.0.0 in Jammy/Kinetic is not precisely the same as in the official
LXC 5.0.0 tag (https://github.com/lxc/lxc/tree/lxc-5.0.0).

I understand that Jammy is a LTS release and making any changes is a
problem and we should go through the SRU process. But I believe that
we have to do something at least with LXC_DEVEL to make things work
properly.

Kind regards,
Alex

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions

--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

2023-10-22 Thread Aleksandr Mikhalitsyn

I have just added SRU template

** Description changed:

- Dear colleagues,
- 
- As I can see from:
- - 
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/jammy
- - 
https://git.launchpad.net/ubuntu/+source/lxc/tree/configure?h=applied/ubuntu/kinetic
+ [ Impact ]
  
  LXC 5.0.0 was built with LXC_DEVEL=1 set. But for release build we
  should have LXC_DEVEL=0.
  
  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect if
  liblxc-dev is a development build or stable.
  
  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).
  
  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.
  
- And also, as I can see the source code that was used to build LXC 5.0.0
- in Jammy/Kinetic is not precisely the same as in the official LXC 5.0.0
- tag (https://github.com/lxc/lxc/tree/lxc-5.0.0).
+ [ Test Plan ]
  
- I understand that Jammy is a LTS release and making any changes is a
- problem and we should go through the SRU process. But I believe that we
- have to do something at least with LXC_DEVEL to make things work
- properly.
+ Install liblxc-dev package and check /usr/include/lxc/version.h file
+ LXC_DEVEL should be 0
  
- Kind regards,
- Alex
+ [ Where problems could occur ]
+ 
+ Theoretically, build of a software which depends on liblxc-dev may start to 
fail
+ if it assumes that LXC_DEVEL is 1.
+ 
+ [ Other Info ]
+  
+ -

** Description changed:

  [ Impact ]
  
- LXC 5.0.0 was built with LXC_DEVEL=1 set. But for release build we
- should have LXC_DEVEL=0.
+ LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
+ build we should have LXC_DEVEL=0.
  
  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect if
  liblxc-dev is a development build or stable.
  
  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).
  
  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.
  
  [ Test Plan ]
  
  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0
  
  [ Where problems could occur ]
  
  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.
  
  [ Other Info ]
-  
+ 
  -

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
  New

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

2023-10-23 Thread Aleksandr Mikhalitsyn

Dear Robie,

thanks for paying attention to this bug!

>Has this been fixed in the development release, and if so, how?

LXC_DEVEL is 1 in the development release:
https://github.com/lxc/lxc/blob/main/meson.build#L36

But LXC_DEVEL is 0 in *any* stable tag:
https://github.com/lxc/lxc/blob/lxc-5.0.3/meson.build#L36

And this is correct.

>It's not clear to me that making this change is the appropriate thing
to do in an SRU. How is LXC_DEVEL used in practice?

LXC_DEVEL is used to determine if the liblxc is a cutting-edge development
snapshot of the LXC or not.
So, it should be 1 *only* for the main branch of lxc. But in all stable version
it is 0.

> Have you analysed known reverse dependencies to understand the impact
of making this change? What did you find?

I have analyzed well-known reverse dependency go-lxc. It's used by LXD
to communicate with liblxc C API.

>The only impact to users that I can understand from your explanation is
that VERSION_AT_LEAST is disabled, causing builds outside the archive
that use that macro to fail. Everything else seems to make the
assumption that the correct way to fix this is to change LXC_DEVEL from
1 to 0, but without explaining why this is the minimal change possible.

Speaking honestly, I have no idea about other good ways to fix this. And
this change seems to be a "minimal" for me because it does not change
LXC code (and should not) it's just a matter of having proper build
configuration.

>Is there any other actual real world impact?

I don't think that changing LXC_DEVEL to 0 can break any properly written code.
For example, Debian folks have it disabled:
https://git.launchpad.net/ubuntu/+source/lxc/tree/meson.build?h=applied/debian/bookworm#n36

>Could you just patch to make VERSION_AT_LEAST work instead, for SRU
purposes, to minimise regression risk?

Of course, we can patch go-lxc (go-lxc also part of the LXC project).
But this will be a hacky and incorrect way to fix things.

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
Confirmed

Bug description:
[ Impact ]

LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
build we should have LXC_DEVEL=0.

LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
and then can be (and actually it is) used by other projects to detect
if liblxc-dev is a development build or stable.

Having LXC_DEVEL=1 makes problems for the users who want to build projects
those are depend on liblxc
from source (for example, LXD, go-lxc:
https://github.com/canonical/lxd/pull/12420).

[ Test Plan ]

Install liblxc-dev package and check /usr/include/lxc/version.h file
LXC_DEVEL should be 0

[ Where problems could occur ]

Theoretically, build of a software which depends on liblxc-dev may start to
fail
if it assumes that LXC_DEVEL is 1.

[ Other Info ]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions

--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

2023-10-23 Thread Aleksandr Mikhalitsyn

>I meant the *Ubuntu* development release, not an upstream development
>release.

Ugh. If applied/ubuntu/devel is the right branch to check it then it is
not fixed in the Ubuntu development release too.

See:
https://git.launchpad.net/ubuntu/+source/lxc/tree/meson.build?h=applied/ubuntu/devel#n33

At the same time in Debian:
https://git.launchpad.net/ubuntu/+source/lxc/tree/meson.build?h=applied/debian/bookworm#n36

>I understand that, but that's not my question. You explained how it is
>intended to be used. But how is it actually used?

It is used precisely as it intended to be used (at least in the go-lxc)
:)

>Sure, but it is insufficient to consider just the reverse dependency
>involved in the use case you're trying to fix. We must consider all
>other reasonable use cases as well.

Ok, let's take https://github.com/search?q=LXC_DEVEL&type=code
As I can see from the search results there is no any other use cases for 
LXC_DEVEL
anywhere except go-lxc.

>For SRU purposes, it is not sufficient to rely on your "properly written
>software" condition. We must also avoid regressing "improperly written
>software" as much as we can in any change we make to a stable release.

Sure, I agree. But I'm 99.999% sure that this change is safe :)

>But this also suggests that there isn't actually a bug that impacts a
>binary that is shipped by Ubuntu in Jammy

It does not impacts a *binary*. But it impacts /usr/include/lxc/version.h file 
contents which is a
part of a liblxc-dev package.

>1) What use cases might be regressed as a result of this change, even
>for software that is not "properly written". This is a hard requirement
>for any stable release update in Ubuntu.

Have done using https://github.com/search?q=LXC_DEVEL&type=code

>2) In light of the above, what is an appropriate minimal way to fix the
>issue.

I believe that my fix is the minimal appropriate way to fix the issue.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

2023-10-24 Thread Aleksandr Mikhalitsyn

Sure, I will do that.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu Jammy/Kinetic

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases

2023-11-25 Thread Aleksandr Mikhalitsyn

Ok, I'm attaching a debdiff for Noble.

Changelog:
Import LXC 5.0.3

- imported LXC 5.0.3 original sources
- dropped all debian/patches which are present in the LXC 5.0.3 already
- added autopkgtest to ensure that LXC_DEVEL is always 0
- aligned package names with the Debian ones:
 * lxc-utils and lxc1 are now transitional to lxc
 * lxc takes a place of lxc-utils and ships lxc-* utilities
 * liblxc-dev is now transitional to lxc-dev
 * lxc-dev takes a place of liblxc-dev and ships liblxc headers
 * upgrade path fixes by Simon Deziel

Big thanks to Simon Deziel and Stéphane Graber for advices and help.


Tested by Simon Déziel and me using PPA:
https://launchpad.net/~mihalicyn/+archive/ubuntu/lxc-test-ppa

Git tree (both are equal):
https://git.launchpad.net/~mihalicyn/ubuntu/+source/lxc/log/?h=ubuntu/noble-devel
https://github.com/mihalicyn/lxc-pkg-ubuntu/commits/ubuntu/noble-devel

** Patch added: "debdiff for noble"
   
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+attachment/5723397/+files/noble_5.0.1_to_5.0.3_debdiff.diff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later
  releases

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases

2023-12-07 Thread Aleksandr Mikhalitsyn

The ubuntu-sponsors team has been subscribed to the bug

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later
  releases

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases

2023-12-11 Thread Aleksandr Mikhalitsyn

Hello, Dave!

Huge thanks for your attention to this bug!

>The major thing that I think needs correction is that this patch is
built on top of ubuntu/noble-devel by importing the upstream 5.0.3, but
what Stéphane suggested in comment 14 was to take the Debian upstream
(currently 5.0.3-2) and build on top of that.

Ah, yes. My bad. I guess that I can easily fix that. Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later
  releases

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases

2023-12-14 Thread Aleksandr Mikhalitsyn

Ok, I have tried to do that but get stuck and have a few questions about
the process.

>In this case, the commits in the repo would be based on debian/sid
rather than ubuntu/noble-devel. This >would ensure we incorporate the
changes Debian has placed on top of lxc, as well as our own (and means
in >future we can follow the git-ubuntu merge process for this package).

Does this mean that I have to drop our (ubuntu-specific) changelog file
and just replace it with the changelog file from the debian source
package?

Even more, do I need to take only source code from debian source package
or packaging metadata too (debian/ directory)?

I can see two options:
1. take debian/sid source package, unpack, add Ubuntu-specific patches, add a 
changelog entry, add transition packages entries to the debian/control file. In 
this case we loosing all the changelog from Ubuntu LXC package.

2. take debian/sid source package, unpack, drop debian/ directory and
replace it with the debian/ directory from the Ubuntu package from
ubuntu/noble-devel, ...

Which option is a correct and preferred one?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later
  releases

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases

Dear colleagues,

I have taken a look on this ubuntu-import/rebase thing, thanks a lot for
your suggestions and advice.

Unfortunately, I can't see any possibility to follow this Ubuntu-import
way. Because the last Debian-based version of the LXC package was in
2012 (!) [
https://git.launchpad.net/ubuntu/+source/lxc/commit/?id=b0c54a19dda57a37294b244982bcfd425db8dbd8
].

As I can see from https://github.com/canonical/ubuntu-maintainers-
handbook/blob/main/PackageMerging.md#identify-logical-changes I have to
go through *all* the git history from 2012 and split all the changes to
a separate commits, then do a lot of other stuff. I can barely imagine
doing all of that without making a single mistake in the middle which,
effectively, will make all the rest of the a rebase job completely wrong
(and I'll have to start everything from the beginning).

>In the debian/tests/control file you need to add a comma (',') between
the two restriction names. A comment here is that if you merge the
changes from Debian we will get 2 more DEP-8 tests (autopkgtest) in the
package.

Thanks, will do.

>Nitpick: you committed the debian/files file which is not necessary.

Thanks, I'll remove it.

So, my question is, that if it's possible just to take a clean
debian/sid branch, then merge *only* debian/changelog somehow and
*manually* put all the necessary Ubuntu-specific patches on top without
using all of this heavy machinery with rebasing and editing thousands of
commits?

I understand that we have a very strict processes around importing
packages, and I understand why. But it looks like this processes are
suitable for regularly sync-able packages. Which is not the case for
LXC, because most of LXC developers used to be a Canonical employees and
Ubuntu LXC package was an independent from the Debian one (for 12
years!).

And another question is that if it would be possible to me to *only* fix
the LXC_DEVEL issue without rebasing anything and updating anything to
make things just work. Then one day, when we decide how to sort this
rebase stuff out with such an deeply out-of-sync package I'll be happy
to do a rebase on the debian/sid. I want to avoid Noble to be released
with this LXC_DEVEL issue because it bothers developers/users of
LXC/LXD.

Kind regards,
Alex

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later
  releases

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases

Alternatively, I can just pull a new upstream LXC sources and we keep
the Ubuntu-specific package as it is without switching to a Debian base
if it's so complex procedure. WDYT?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later
  releases

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases

debdiff for mantic/noble (they have the same version 1:5.0.1-0ubuntu7
currently)

+lxc (1:5.0.1-0ubuntu8) mantic; urgency=medium
+
+  * Fix the LXC_DEVEL value to be 0
+- d/p/0003-meson-Set-DEVEL-flag-post-release.patch was dropped
+  as it should not be in the production builds
+  * Added autopkgtest to ensure that LXC_DEVEL is always 0
+- debian/tests/build: add "build" autopkgtest script
+- debian/tests/control: declare "build" autopkgtest
+
+ -- Alexander Mikhalitsyn   Thu, 18 Jan 
2024 16:20:47 +0100

** Patch added: "debdiff for mantic/noble (they have the same version 
1:5.0.1-0ubuntu7)"
   
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+attachment/5740489/+files/debdiff_for_mantic_and_noble.diff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later
  releases

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases

debdiff for Jammy

PPA:
https://launchpad.net/~mihalicyn/+archive/ubuntu/lxc-test-ppa-for-jammy

** Patch added: "debdiff for jammy"
   
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+attachment/5740492/+files/debdiff_for_jammy.diff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/2039873

Title:
  liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later
  releases

Status in lxc package in Ubuntu:
  Confirmed

Bug description:
  [ Impact ]

  LXC 5.0.0 was built with LXC_DEVEL=1 set for Jammy. But for release
  build we should have LXC_DEVEL=0.

  LXC_DEVEL is a variable that appears in the /usr/include/lxc/version.h
  and then can be (and actually it is) used by other projects to detect
  if liblxc-dev is a development build or stable.

  Having LXC_DEVEL=1 makes problems for the users who want to build projects 
those are depend on liblxc
  from source (for example, LXD, go-lxc: 
https://github.com/canonical/lxd/pull/12420).

  Q: Why it was not a problem for so long?
  A: Because LXC API was stable for a long time, but recently we have extended 
liblxc API (https://github.com/lxc/lxc/pull/4260) and dependant package go-lxc 
was updated too (https://github.com/lxc/go-lxc/pull/166).
  This change was developed properly to be backward compatible with the old 
versions of liblxc. But, there is a problem. If LXC_DEVEL=1 then the macro 
check VERSION_AT_LEAST 
(https://github.com/lxc/go-lxc/blob/ccae595aa49e779f7ecc9250329967aa546acd31/lxc-binding.h#L7)
 is disabled. That's why we should *not* have LXC_DEVEL=1 for *any* release 
build of LXC.

  [ Test Plan ]

  Install liblxc-dev package and check /usr/include/lxc/version.h file
  LXC_DEVEL should be 0

  [ Where problems could occur ]

  Theoretically, build of a software which depends on liblxc-dev may start to 
fail
  if it assumes that LXC_DEVEL is 1.

  [ Other Info ]

  -

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/2039873/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039873] Re: liblxc-dev was built with LXC_DEVEL=1 in Ubuntu 22.04 and later releases