[Bug 2068529] [NEW] Focal: Reverse proxy POST with with body length >1000 is missing body
Public bug reported:
POST requests to an apache2 server with the below configuration do not
forward the message body.
Affected versions:
apache2 2.4.41-4ubuntu3.17 in focal
Steps to reproduce:
sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http
Add /etc/apache2/sites-enabled/test_proxy.conf
```
Listen 9443
ServerName focal.cld.lan
ProxyRequests Off
ProxyPass "/" "http://127.0.0.1:8899/";
ProxyPassReverse "/" "http://127.0.0.1:8899/";
ErrorLog ${APACHE_LOG_DIR}/testproxy-error.log
CustomLog ${APACHE_LOG_DIR}/testproxy-access.log combined
```
sudo systemctl restart apache2
nc -k -l 8899
wget http://archive.ubuntu.com/ubuntu/dists/jammy-proposed/InRelease
curl -d "@InRelease" -H "Content-type: text/plain" -X POST
http://127.0.0.1:9443/
Curl hangs for a while until the request times out.
** Affects: apache2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068529
Title:
Focal: Reverse proxy POST with with body length >1000 is missing body
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2068529/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2068529] Re: Focal: Reverse proxy POST with with body length >1000 is missing body
Thanks for the note Mauricio.
The bug is not present in Jammy.
I've edited the bug description to include a reproducer that reflects
the message length limit.
** Description changed:
POST requests to an apache2 server with the below configuration do not
- forward the message body.
+ forward the message body if it is larger than 1024 bytes.
Affected versions:
apache2 2.4.41-4ubuntu3.17 in focal
Steps to reproduce:
sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http
Add /etc/apache2/sites-enabled/test_proxy.conf
```
Listen 9443
- ServerName focal.cld.lan
+ ServerName focal.cld.lan
- ProxyRequests Off
- ProxyPass "/" "http://127.0.0.1:8899/";
- ProxyPassReverse "/" "http://127.0.0.1:8899/";
+ ProxyRequests Off
+ ProxyPass "/" "http://127.0.0.1:8899/";
+ ProxyPassReverse "/" "http://127.0.0.1:8899/";
- ErrorLog ${APACHE_LOG_DIR}/testproxy-error.log
- CustomLog ${APACHE_LOG_DIR}/testproxy-access.log combined
+ ErrorLog ${APACHE_LOG_DIR}/testproxy-error.log
+ CustomLog ${APACHE_LOG_DIR}/testproxy-access.log combined
```
sudo systemctl restart apache2
nc -k -l 8899
wget http://archive.ubuntu.com/ubuntu/dists/jammy-proposed/InRelease
curl -d "@InRelease" -H "Content-type: text/plain" -X POST
http://127.0.0.1:9443/
Curl hangs for a while until the request times out.
+
+ EDIT: The first curl here succeeds, the second does not:
+
+ DATA=`tr -dc A-Za-z0-9 http://127.0.0.1:9443 -vvv
+
+ DATA=`tr -dc A-Za-z0-9 http://127.0.0.1:9443 -vvv
** Summary changed:
- Focal: Reverse proxy POST with with body length >1000 is missing body
+ Focal: Reverse proxy POST with with body length >1024 is missing body
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2068529
Title:
Focal: Reverse proxy POST with with body length >1024 is missing body
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2068529/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064176] [NEW] LXD fan bridge causes blocked tasks
Public bug reported: Hi, cross posting this from https://github.com/canonical/lxd/issues/12161 I've got a lxd cluster running across 3 VMs using the fan bridge. I'm using a dev revision of LXD based on 6413a948. Creating a container causes the trace in the attached syslog snippet; this causes the container creation process to hang indefinitely. ssh logins, `lxc shell cluster1`, and `ps -aux` also hang. Apr 29 17:15:01 cluster1 kernel: [ 161.250951] [ cut here ] Apr 29 17:15:01 cluster1 kernel: [ 161.250957] Voluntary context switch within RCU read-side critical section! Apr 29 17:15:01 cluster1 kernel: [ 161.250990] WARNING: CPU: 2 PID: 510 at kernel/rcu/tree_plugin.h:320 rcu_note_context_switch+0x2a7/0x2f0 Apr 29 17:15:01 cluster1 kernel: [ 161.251003] Modules linked in: nft_masq nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 vxlan ip6_udp_tunnel udp_tunnel dummy br idge stp llc zfs(PO) spl(O) nf_tables libcrc32c nfnetlink vhost_vsock vhost vhost_iotlb binfmt_misc nls_iso8859_1 intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass crct10dif _pclmul crc32_pclmul virtio_gpu polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 virtio_dma_buf aesni_intel vmw_vsock_virtio_transport 9pnet_virtio xhci_ pci drm_shmem_helper i2c_i801 ahci 9pnet vmw_vsock_virtio_transport_common xhci_pci_renesas drm_kms_helper libahci crypto_simd joydev virtio_input cryptd lpc_ich virtiofs i2c_smbus vsock psmouse input_leds mac_hid serio_raw rapl qemu_fw_cfg vmgenid nfsd dm_multipath auth_rpcgss scsi_dh_rdac nfs_acl lockd scsi_dh_emc scsi_dh_alua grace sch_fq_codel drm sunrpc efi_pstore virtio_rng ip_tables x_tables autofs4 Apr 29 17:15:01 cluster1 kernel: [ 161.251085] CPU: 2 PID: 510 Comm: nmbd Tainted: P O 6.5.0-28-generic #29~22.04.1-Ubuntu Apr 29 17:15:01 cluster1 kernel: [ 161.251089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)/LXD, BIOS unknown 2/2/2022 Apr 29 17:15:01 cluster1 kernel: [ 161.251091] RIP: 0010:rcu_note_context_switch+0x2a7/0x2f0 Apr 29 17:15:01 cluster1 kernel: [ 161.251095] Code: 08 f0 83 44 24 fc 00 48 89 de 4c 89 f7 e8 d1 af ff ff e9 1e fe ff ff 48 c7 c7 d0 60 56 88 c6 05 e6 27 40 02 01 e8 79 b2 f2 ff <0f> 0b e9 bd fd ff ff a9 ff ff ff 7f 0f 84 75 fe ff ff 65 48 8b 3c Apr 29 17:15:01 cluster1 kernel: [ 161.251098] RSP: 0018:b9cbc11dbbc8 EFLAGS: 00010046 Apr 29 17:15:01 cluster1 kernel: [ 161.251101] RAX: RBX: 941ef7cb3f80 RCX: Apr 29 17:15:01 cluster1 kernel: [ 161.251103] RDX: RSI: RDI: Apr 29 17:15:01 cluster1 kernel: [ 161.251104] RBP: b9cbc11dbbe8 R08: R09: Apr 29 17:15:01 cluster1 kernel: [ 161.251106] R10: R11: R12: Apr 29 17:15:01 cluster1 kernel: [ 161.25] R13: 941d893e9980 R14: R15: 941d80ad7a80 Apr 29 17:15:01 cluster1 kernel: [ 161.251113] FS: 7c7dcbdb8a00() GS:941ef7c8() knlGS: Apr 29 17:15:01 cluster1 kernel: [ 161.251115] CS: 0010 DS: ES: CR0: 80050033 Apr 29 17:15:01 cluster1 kernel: [ 161.251117] CR2: 5a30877ae488 CR3: 000105888003 CR4: 00170ee0 Apr 29 17:15:01 cluster1 kernel: [ 161.251122] Call Trace: Apr 29 17:15:01 cluster1 kernel: [ 161.251128] Apr 29 17:15:01 cluster1 kernel: [ 161.251133] ? show_regs+0x6d/0x80 Apr 29 17:15:01 cluster1 kernel: [ 161.251145] ? __warn+0x89/0x160 Apr 29 17:15:01 cluster1 kernel: [ 161.251152] ? rcu_note_context_switch+0x2a7/0x2f0 Apr 29 17:15:01 cluster1 kernel: [ 161.251155] ? report_bug+0x17e/0x1b0 Apr 29 17:15:01 cluster1 kernel: [ 161.251172] ? handle_bug+0x46/0x90 Apr 29 17:15:01 cluster1 kernel: [ 161.251187] ? exc_invalid_op+0x18/0x80 Apr 29 17:15:01 cluster1 kernel: [ 161.251190] ? asm_exc_invalid_op+0x1b/0x20 Apr 29 17:15:01 cluster1 kernel: [ 161.251202] ? rcu_note_context_switch+0x2a7/0x2f0 Apr 29 17:15:01 cluster1 kernel: [ 161.251205] ? rcu_note_context_switch+0x2a7/0x2f0 Apr 29 17:15:01 cluster1 kernel: [ 161.251208] __schedule+0xcc/0x750 Apr 29 17:15:01 cluster1 kernel: [ 161.251218] schedule+0x63/0x110 Apr 29 17:15:01 cluster1 kernel: [ 161.251222] schedule_hrtimeout_range_clock+0xbc/0x130 Apr 29 17:15:01 cluster1 kernel: [ 161.251238] ? __pfx_hrtimer_wakeup+0x10/0x10 Apr 29 17:15:01 cluster1 kernel: [ 161.251245] schedule_hrtimeout_range+0x13/0x30 Apr 29 17:15:01 cluster1 kernel: [ 161.251248] ep_poll+0x33f/0x390 Apr 29 17:15:01 cluster1 kernel: [ 161.251254] ? __pfx_ep_autoremove_wake_function+0x10/0x10 Apr 29 17:15:01 cluster1 kernel: [ 161.251257] do_epoll_wait+0xdb/0x100 Apr 29 17:15:01 cluster1 kernel: [ 161.251259] __x64_sys_epoll_wait+0x6f/0x110 Apr 29 17:15:01 cluster1 kernel: [ 161.251265] do_syscall_64+0x5b/0x90 Apr 29 17:15:01 cluster1 kernel: [ 161.251270] ? do_
[Bug 2064176] Re: LXD fan bridge causes blocked tasks
** Attachment added: "apport.linux-image-6.5.0-28-generic._9l2i4n1.apport" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2064176/+attachment/5772647/+files/apport.linux-image-6.5.0-28-generic._9l2i4n1.apport -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064176 Title: LXD fan bridge causes blocked tasks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2064176/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1597017] Re: mount rules grant excessive permissions
Hi, gentle ping on this; is there an ETA for this to land in 22.04? Let me know if I can help with testing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1597017 Title: mount rules grant excessive permissions To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1597017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064717] Re: ceph-volume needs "packaging" module
This also affects ceph-volume 19.2.0~git20240301.4c76c50-0ubuntu6 in Noble. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064717 Title: ceph-volume needs "packaging" module To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/2064717/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2052661] Re: numba 0.58 is not compatible with python 3.12
Hi friends, Since Numba 0.59 has been released with support for python 3.12, are there plans to include numba in noble-updates/universe? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2052661 Title: numba 0.58 is not compatible with python 3.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/esda/+bug/2052661/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2081231] [NEW] kernel 6.8.0-40: ext4 online resize on thin-provisioned storage gives 'invalid opcode'
Public bug reported: Hi, We're seeing failures of an ext4 resize on LVM and Ceph block devices in the LXD CI; the following call trace happens during resize2fs of an ext4 FS on an LVM lv. I'll also upload an apport report. Let me know if there's anything else I can provide! --- [ 54.268802] EXT4-fs (dm-8): mounted filesystem 210714a1-4375-4524-ab2e-019d0859cf5f r/w with ordered data mode. Quota mode: none. [ 54.273065] EXT4-fs (dm-8): resizing filesystem from 7168 to 786432 blocks [ 54.274006] [ cut here ] [ 54.274012] kernel BUG at fs/ext4/resize.c:324! [ 54.274773] invalid opcode: [#1] PREEMPT SMP NOPTI [ 54.275841] CPU: 10 PID: 1397 Comm: resize2fs Tainted: P O 6.8.0-40-generic #40~22.04.3-Ubuntu [ 54.282782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)/LXD, BIOS unknown 2/2/2022 [ 54.285284] RIP: 0010:ext4_alloc_group_tables+0x532/0x540 [ 54.286769] Code: c2 f7 da 44 01 e0 8d 48 ff 89 4d c8 44 31 e1 85 d1 75 17 b9 fd ff ff ff 66 89 4d cc e9 32 fb ff ff 44 8b 45 a0 e9 a8 fe ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 [ 54.291216] RSP: 0018:b691c3c53b78 EFLAGS: 00010202 [ 54.292109] RAX: 0018 RBX: 9bce87f5b000 RCX: 0016 [ 54.293312] RDX: fff0 RSI: 9bce8186d560 RDI: 9bce822a7800 [ 54.294433] RBP: b691c3c53bd8 R08: 0010 R09: [ 54.295551] R10: R11: R12: 0001 [ 54.296515] R13: 9bce822a7800 R14: 9bce8186d560 R15: fffc3fe7 [ 54.297393] FS: 75726aea3b80() GS:9bcf79d0() knlGS: [ 54.298382] CS: 0010 DS: ES: CR0: 80050033 [ 54.299197] CR2: 75726ac5a230 CR3: 0001192b4000 CR4: 00750ef0 [ 54.300157] PKRU: 5554 [ 54.300520] Call Trace: [ 54.300734] [ 54.300910] ? show_regs+0x6d/0x80 [ 54.301191] ? die+0x37/0xa0 [ 54.301674] ? do_trap+0xd4/0xf0 [ 54.302163] ? do_error_trap+0x71/0xb0 [ 54.302675] ? ext4_alloc_group_tables+0x532/0x540 [ 54.303151] ? exc_invalid_op+0x52/0x80 [ 54.303728] ? ext4_alloc_group_tables+0x532/0x540 [ 54.304445] ? asm_exc_invalid_op+0x1b/0x20 [ 54.305092] ? ext4_alloc_group_tables+0x532/0x540 [ 54.305833] ext4_resize_fs+0x378/0x6d0 [ 54.306434] __ext4_ioctl+0x34e/0x1160 [ 54.307028] ? filename_lookup+0xe4/0x200 [ 54.307625] ? xa_load+0x87/0xf0 [ 54.308168] ext4_ioctl+0xe/0x20 [ 54.308697] __x64_sys_ioctl+0xa0/0xf0 [ 54.309328] x64_sys_call+0xa68/0x24b0 [ 54.30] do_syscall_64+0x81/0x170 [ 54.310715] ? mntput+0x24/0x50 [ 54.311339] ? path_put+0x1e/0x30 [ 54.311982] ? do_faccessat+0x1c2/0x2f0 [ 54.312720] ? syscall_exit_to_user_mode+0x89/0x260 [ 54.313640] ? do_syscall_64+0x8d/0x170 [ 54.314424] ? handle_mm_fault+0xad/0x380 [ 54.315080] ? do_user_addr_fault+0x337/0x670 [ 54.315484] ? irqentry_exit_to_user_mode+0x7e/0x260 [ 54.315875] ? irqentry_exit+0x43/0x50 [ 54.316172] ? clear_bhb_loop+0x15/0x70 [ 54.316483] ? clear_bhb_loop+0x15/0x70 [ 54.317223] ? clear_bhb_loop+0x15/0x70 [ 54.317869] entry_SYSCALL_64_after_hwframe+0x78/0x80 [ 54.318699] RIP: 0033:0x75726ad1a94f [ 54.319434] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00 [ 54.323404] RSP: 002b:7ffd784e7a80 EFLAGS: 0246 ORIG_RAX: 0010 [ 54.324609] RAX: ffda RBX: 0001 RCX: 75726ad1a94f [ 54.325304] RDX: 7ffd784e7b80 RSI: 40086610 RDI: 0004 [ 54.325933] RBP: 5b0d59a2c990 R08: R09: 7ffd784e79b7 [ 54.326570] R10: R11: 0246 R12: 0004 [ 54.327122] R13: 5b0d59a2ca40 R14: 5b0d59a2eb00 R15: [ 54.327672] [ 54.327974] Modules linked in: dm_snapshot vhost_vsock vhost vhost_iotlb nft_masq ipmi_devintf ipmi_msghandler nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables nfnetlink binfmt_misc nls_iso8859_1 zfs(PO) spl(O) intel_rapl_msr intel_rapl_common intel_uncore_frequency_common intel_pmc_core intel_vsec pmt_telemetry pmt_class kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 dm_thin_pool sha1_ssse3 dm_persistent_data aesni_intel dm_bio_prison crypto_simd dm_bufio cryptd libcrc32c joydev rapl input_leds psmouse serio_raw ahci vmw_vsock_virtio_transport 9pnet_virtio lpc_ich virtio_gpu i2c_i801 vmw_vsock_virtio_transport_common libahci xhci_pci i2c_smbus 9pnet virtio_input xhci_pci_renesas virtiofs virtio_dma_buf vsock mac_hid qemu_fw_cfg vmgenid dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua nfsd auth_rpcgss nfs_acl sch_fq_codel lockd grace efi_pstore sunrpc
[Bug 2095203] Re: `netplan apply` fails in LXD container with physical NIC passthrough
** Description changed: Hello, When using physical NIC passthrough in LXD containers [1], netplan fails when trying to run `udevadm`. Using these LXD devices for the container, where enp6s0 is a spare physical NIC: ``` devices: - eth0: - name: eth0 - nictype: physical - parent: enp6s0 - type: nic - root: - path: / - pool: default - type: disk + eth0: + name: eth0 + nictype: physical + parent: enp6s0 + type: nic + root: + path: / + pool: default + type: disk + ``` + + Netplan config (the default): + ``` + network: + version: 2 + ethernets: + eth0: + dhcp4: true ``` This happens when netplan is run in the container: ``` $ sudo netplan apply eth0: Failed to write 'move' to '/sys/devices/pci:00/:00:01.5/:06:00.0/virtio11/net/eth0/uevent': Permission denied Traceback (most recent call last): - File "/usr/sbin/netplan", line 23, in - netplan.main() - File "/usr/share/netplan/netplan_cli/cli/core.py", line 58, in main - self.run_command() - File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command - self.func() - File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 62, in run - self.run_command() - File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command - self.func() - File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 255, in command_apply - subprocess.check_call(['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle']) - File "/usr/lib/python3.12/subprocess.py", line 413, in check_call - raise CalledProcessError(retcode, cmd) + File "/usr/sbin/netplan", line 23, in + netplan.main() + File "/usr/share/netplan/netplan_cli/cli/core.py", line 58, in main + self.run_command() + File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command + self.func() + File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 62, in run + self.run_command() + File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command + self.func() + File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 255, in command_apply + subprocess.check_call(['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle']) + File "/usr/lib/python3.12/subprocess.py", line 413, in check_call + raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle']' returned non-zero exit status 1. $ apt-cache policy netplan.io netplan.io: - Installed: 1.1.1-1~ubuntu24.04.1 - Candidate: 1.1.1-1~ubuntu24.04.1 - Version table: - *** 1.1.1-1~ubuntu24.04.1 500 - 500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages - 100 /var/lib/dpkg/status - 1.0-2ubuntu1.2 500 - 500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages - 1.0-2ubuntu1 500 - 500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages + Installed: 1.1.1-1~ubuntu24.04.1 + Candidate: 1.1.1-1~ubuntu24.04.1 + Version table: + *** 1.1.1-1~ubuntu24.04.1 500 + 500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages + 100 /var/lib/dpkg/status + 1.0-2ubuntu1.2 500 + 500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages + 1.0-2ubuntu1 500 + 500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages ``` This occurs in Jammy and Noble containers. A few things here: udevadm changed its return code logic in Feb 2021 to return errors when it fails to trigger devices. LXD does not handle udev in containers the way systemd upstream recommends [2][3] (/sys is mounted rw), so udevadm will trigger some devices and fail on others in a LXD container. Snapd ran into this problem when the udevadm change made its way into Ubuntu 21.10. They have a reasonable summary of the issue & their fix [4]. This boils down to snapd simply ignoring errors from `udevadm trigger`. It should be pretty straightforward to do the same fix for netplan [5], but I'd like someone with a little more exposure to the codebase to weigh in on this. Thanks! [1] https://documentation.ubuntu.com/lxd/en/latest/reference/devices_nic/#nictype-physical [2] https://github.com/systemd/systemd/issues/14431#issuecomment-570198194 [3] https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ [4] https://github.com/canonical/snapd/pull/11056#pullrequestreview-806332045 [5] https://github.com/canonical/netplan/blob/main/netplan_cli/cli/commands/apply.py#L255 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095203 Title: `netplan apply` fails in LXD container with phys
[Bug 2095203] Re: `netplan apply` fails in LXD container with physical NIC passthrough
Hi Danilo, thanks for the note. I've updated the description with the netplan yaml and opened https://github.com/canonical/netplan/pull/539 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095203 Title: `netplan apply` fails in LXD container with physical NIC passthrough To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2095203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2095203] [NEW] `netplan apply` fails in LXD container with physical NIC passthrough
Public bug reported: Hello, When using physical NIC passthrough in LXD containers [1], netplan fails when trying to run `udevadm`. Using these LXD devices for the container, where enp6s0 is a spare physical NIC: ``` devices: eth0: name: eth0 nictype: physical parent: enp6s0 type: nic root: path: / pool: default type: disk ``` This happens when netplan is run in the container: ``` $ sudo netplan apply eth0: Failed to write 'move' to '/sys/devices/pci:00/:00:01.5/:06:00.0/virtio11/net/eth0/uevent': Permission denied Traceback (most recent call last): File "/usr/sbin/netplan", line 23, in netplan.main() File "/usr/share/netplan/netplan_cli/cli/core.py", line 58, in main self.run_command() File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command self.func() File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 62, in run self.run_command() File "/usr/share/netplan/netplan_cli/cli/utils.py", line 332, in run_command self.func() File "/usr/share/netplan/netplan_cli/cli/commands/apply.py", line 255, in command_apply subprocess.check_call(['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle']) File "/usr/lib/python3.12/subprocess.py", line 413, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle']' returned non-zero exit status 1. $ apt-cache policy netplan.io netplan.io: Installed: 1.1.1-1~ubuntu24.04.1 Candidate: 1.1.1-1~ubuntu24.04.1 Version table: *** 1.1.1-1~ubuntu24.04.1 500 500 http://archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.0-2ubuntu1.2 500 500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages 1.0-2ubuntu1 500 500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages ``` This occurs in Jammy and Noble containers. A few things here: udevadm changed its return code logic in Feb 2021 to return errors when it fails to trigger devices. LXD does not handle udev in containers the way systemd upstream recommends [2][3] (/sys is mounted rw), so udevadm will trigger some devices and fail on others in a LXD container. Snapd ran into this problem when the udevadm change made its way into Ubuntu 21.10. They have a reasonable summary of the issue & their fix [4]. This boils down to snapd simply ignoring errors from `udevadm trigger`. It should be pretty straightforward to do the same fix for netplan [5], but I'd like someone with a little more exposure to the codebase to weigh in on this. Thanks! [1] https://documentation.ubuntu.com/lxd/en/latest/reference/devices_nic/#nictype-physical [2] https://github.com/systemd/systemd/issues/14431#issuecomment-570198194 [3] https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ [4] https://github.com/canonical/snapd/pull/11056#pullrequestreview-806332045 [5] https://github.com/canonical/netplan/blob/main/netplan_cli/cli/commands/apply.py#L255 ** Affects: netplan Importance: Undecided Status: New ** Affects: netplan.io (Ubuntu) Importance: Undecided Status: New ** Affects: netplan.io (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: netplan.io (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095203 Title: `netplan apply` fails in LXD container with physical NIC passthrough To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2095203/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083029] Re: Try does not recover network
I've done some more looking at this and the bug runs pretty deep. During `netplan try`, netplan backs up both its configuration in /etc/netplan and the backend configurations for systemd-networkd and NetworkManager [1]. The problem with this is that the restored config files aren't picked up by systemd-networkd (even with `networkctl reload`), because a `systemctl daemon-reload` is required in order to detect the changed files. I stat'ed /run/systemd/network during a `netplan try`; the inode numbers change after the revert since the backup directory was moved. ``` $ stat network File: network Size: 60 Blocks: 0 IO Block: 4096 directory Device: 0,26Inode: 5739Links: 2 Access: (0755/drwxr-xr-x) Uid: (0/root) Gid: (0/root) Access: 2025-03-21 10:43:06.922283238 -0500 Modify: 2025-03-21 10:43:06.703278532 -0500 Change: 2025-03-21 10:43:06.703278532 -0500 Birth: 2025-03-21 10:14:58.081808256 -0500 $ stat network File: network Size: 60 Blocks: 0 IO Block: 4096 directory Device: 0,26Inode: 6005Links: 2 Access: (0755/drwxr-xr-x) Uid: (0/root) Gid: (0/root) Access: 2025-03-21 10:43:13.057415020 -0500 Modify: 2025-03-21 10:42:28.856463577 -0500 Change: 2025-03-21 10:43:13.055414977 -0500 Birth: 2025-03-21 10:43:13.055414977 -0500 ``` It was a nice idea to avoid running the netplan generator during revert [2]; it just doesn't work. Indeed, writing a static IP for an interface that was using dhcp and `netplan try`ing it doesn't revert the static IP. Working on a PR to address this in netplan upstream. [1] https://github.com/canonical/netplan/blob/main/netplan_cli/configmanager.py#L126 [2] https://github.com/canonical/netplan/blob/main/netplan_cli/cli/commands/try_command.py#L145 ** Also affects: netplan.io (Ubuntu) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Plucky) Importance: Undecided Status: New ** Also affects: netplan.io (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: netplan Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
** Description changed:
[ Impact ]
Starting in OpenStack 2022.2 (Zed), compressing static assets with
django-compressor fails around 5-10% of the time (see also the Debian bug [1]).
This is done during the Horizon postinst and prevents the package from
installing when the race occurs.
This affects Noble & Oracular, and UCA Zed through Epoxy. Hitting a parse
error in pyscss:
```
Looking for 'dashboard/scss/serial_console.scss' in storage
Traceback (most recent call last):
File "/usr/share/openstack-dashboard/manage.py", line 25, in
execute_from_command_line(sys.argv)
File "/usr/lib/python3/dist-packages/django/core/management/__init__.py",
line 419, in execute_from_command_line
utility.execute()
File "/usr/lib/python3/dist-packages/django/core/management/__init__.py",
line 413, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/lib/python3/dist-packages/django/core/management/base.py", line
354, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/lib/python3/dist-packages/django/core/management/base.py", line
398, in execute
output = self.handle(*args, **options)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 296, in handle
self.handle_inner(**options)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 319, in handle_inner
offline_manifest, block_count, results = self.compress(engine,
extensions, verbosity, follow_links, log)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 227, in compress
raise errors[0]
django.core.management.base.CommandError: An error occurred during rendering
serial_console.html: Syntax error: Found 'inline-blo' but expected one of ADD,
ALPHA_FUNCTION, BANG_IMPORTANT, BAREWORD, COLOR, DOUBLE_QUOTE, FNCT,
IF_FUNCTION, INTERP_START, LITERAL_FUNCTION, LPAR, NOT, NUM, SIGN,
SINGLE_QUOTE, URL_FUNCTION, VAR
```
Debian had little luck in finding the root cause and uploaded a
workaround that simply retries failed compressions 5 times, dramatically
reducing the liklihood that the failure breaks installation [2].
django-compressor introduced threaded compression in 3.0 [3], which was
released in UCA Zed and Ubuntu Noble. I opened [4] in django-compressor
to troubleshoot. The investigation there points to pyscss failing with
correct input from django-compressor, indicating that the root cause is
likely in pyscss.
Horizon (Flamingo+) has switched from pyscss to libsass [5]. This bug is
not present in Ubuntu Plucky containing that commit.
Since the bug is no longer present in devel, I'd like to SRU the Debian
workaround to the affected Ubuntu & UCA packages without knowing the
root cause of the race in pyscss.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069097
[2]
https://salsa.debian.org/openstack-team/services/horizon/-/commit/9802ded2ab24cab767d0c91dfcabea117ec5fd9d
[3] https://github.com/django-compressor/django-compressor/pull/912
[4] https://github.com/django-compressor/django-compressor/issues/1291
[5]
https://opendev.org/openstack/horizon/commit/283219ab5ef4344e3808cd61b4cc0821886acffb
[ Test Plan ]
Install horizon and an affected version of python3-django-compressor
(>=3.0).
The Debian bug indicates that this fails between 5-10% of the time.
Running `dpkg-reconfigure openstack-dashboard` in a loop on ~10
containers at once usually reproduces it in a couple of minutes, at most
30 minutes. The bug can be considered fixed if the loop runs for 1 hour
with no occurances.
I use the following scripts against my LXD cluster:
```
#!/bin/bash
#
# /usr/local/bin/horizon-reconfigure.sh in each test container
set -ex
while true; do
dpkg-reconfigure openstack-dashboard
done
```
Start and check if running:
```
lxc exec -t "${inst}" -- nohup bash -c "horizon-reconfigure.sh &>>
/var/log/dpkg-horizon &"
lxc exec "${inst}" -- ps -aux | grep horizon-reconfigure
```
For reference, compress can be run with the following to get more output and
a traceback on failure:
```
python3 /usr/share/openstack-dashboard/manage.py compress -v 3 --traceback
```
[ Where problems could occur ]
* The workaround does not fix the race; the package may still fail to
install if the race occurs 5 times in a row.
* If the change is wrong/broken, it risks regressions during openstack-
dashboard install/reconfigure. This is covered by `dpkg-reconfigure` in
the test plan.
[ Other info ]
* As this change affects upgrades between OpenStack versions via the
UCA, I'm opening MPs against all affected versions, even those that are
past EOL (Zed+).
- * The patch I've proposed drops the scss change from the Debian commit
+ * The patch I've proposed drops the css change from the Debian commit
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
** Summary changed: - Installation of openstack-dashboard fails because of command failure + Installation of openstack-dashboard fails during asset compression -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails during asset compression To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Description changed: [ Impact ] Starting in OpenStack 2023.1 (Antelope), compressing static assets with django-compressor fails around 5-10% of the time (see also the Debian bug [1]). Hitting a parse error in sass: ``` Looking for 'dashboard/scss/serial_console.scss' in storage Traceback (most recent call last): - File "/usr/share/openstack-dashboard/manage.py", line 25, in - execute_from_command_line(sys.argv) - File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 419, in execute_from_command_line - utility.execute() - File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 413, in execute - self.fetch_command(subcommand).run_from_argv(self.argv) - File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 354, in run_from_argv - self.execute(*args, **cmd_options) - File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 398, in execute - output = self.handle(*args, **options) - File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 296, in handle - self.handle_inner(**options) - File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 319, in handle_inner - offline_manifest, block_count, results = self.compress(engine, extensions, verbosity, follow_links, log) - File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 227, in compress - raise errors[0] + File "/usr/share/openstack-dashboard/manage.py", line 25, in + execute_from_command_line(sys.argv) + File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 419, in execute_from_command_line + utility.execute() + File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 413, in execute + self.fetch_command(subcommand).run_from_argv(self.argv) + File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 354, in run_from_argv + self.execute(*args, **cmd_options) + File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 398, in execute + output = self.handle(*args, **options) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 296, in handle + self.handle_inner(**options) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 319, in handle_inner + offline_manifest, block_count, results = self.compress(engine, extensions, verbosity, follow_links, log) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 227, in compress + raise errors[0] django.core.management.base.CommandError: An error occurred during rendering serial_console.html: Syntax error: Found 'inline-blo' but expected one of ADD, ALPHA_FUNCTION, BANG_IMPORTANT, BAREWORD, COLOR, DOUBLE_QUOTE, FNCT, IF_FUNCTION, INTERP_START, LITERAL_FUNCTION, LPAR, NOT, NUM, SIGN, SINGLE_QUOTE, URL_FUNCTION, VAR ``` This code is only called in the debian postinst. I've opened an upstream bug at [2] which references a change introducing concurrent compression . It looks like upstream was aware that the change may cause races. Debian had little luck in finding the root cause of this and merged a workaround that simply retries failed compressions a few times, dramatically reducing the liklihood that this causes a failure to install [3]. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069097 [2] https://github.com/django-compressor/django-compressor/issues/1291 [3] https://salsa.debian.org/openstack-team/services/horizon/-/commit/9802ded2ab24cab767d0c91dfcabea117ec5fd9d [ Test Plan ] To reproduce the bug, install an affected version of python3-django- compressor (UCA zed+ in Jammy or newer Ubuntu). `dpkg-reconfigure` can be used to invoke the package's postinst (which runs the compressor), or it can be run manually with the following to get more output and a traceback on failure: ``` - python3 /usr/share/openstack-dashboard/manage.py compress -v 3 --traceback + sudo python3 /usr/share/openstack-dashboard/manage.py compress -v 3 --traceback ``` [ Original Description ] We have seen that the puppet integration job with Ubuntu 22.04 and UCA Bobcat consistently fails. Looking into the error it seems something is wrong with installation of openstack-dashboard package. 2023-12-01 07:13:16 + Puppet (err): Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install openstack-dashboard' returned 100: Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: openstack-dashboard-common python3-asgiref python3-csscompressor python3-django python3-django-appconf python3-django-compressor python3-django-debreach python3-django-horizon pyt
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Description changed: + [ Impact ] + Starting in OpenStack 2023.1 (Antelope), compressing static assets with django-compressor fails around 5-10% of the time (see also the Debian bug [1]). Hitting a parse error in sass: + ``` + Looking for 'dashboard/scss/serial_console.scss' in storage + Traceback (most recent call last): + File "/usr/share/openstack-dashboard/manage.py", line 25, in + execute_from_command_line(sys.argv) + File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 419, in execute_from_command_line + utility.execute() + File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 413, in execute + self.fetch_command(subcommand).run_from_argv(self.argv) + File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 354, in run_from_argv + self.execute(*args, **cmd_options) + File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 398, in execute + output = self.handle(*args, **options) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 296, in handle + self.handle_inner(**options) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 319, in handle_inner + offline_manifest, block_count, results = self.compress(engine, extensions, verbosity, follow_links, log) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 227, in compress + raise errors[0] + django.core.management.base.CommandError: An error occurred during rendering serial_console.html: Syntax error: Found 'inline-blo' but expected one of ADD, ALPHA_FUNCTION, BANG_IMPORTANT, BAREWORD, COLOR, DOUBLE_QUOTE, FNCT, IF_FUNCTION, INTERP_START, LITERAL_FUNCTION, LPAR, NOT, NUM, SIGN, SINGLE_QUOTE, URL_FUNCTION, VAR + ``` + + This code is only called in the debian postinst. I've opened an upstream + bug at [2] which references a change introducing concurrent compression + . It looks like upstream was aware that the change may cause races. + + Debian had little luck in finding the root cause of this and merged a + workaround that simply retries failed compressions a few times, + dramatically reducing the liklihood that this causes a failure to + install [3]. + + [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069097 + [2] https://github.com/django-compressor/django-compressor/issues/1291 + [3] https://salsa.debian.org/openstack-team/services/horizon/-/commit/9802ded2ab24cab767d0c91dfcabea117ec5fd9d + + [ Test Plan ] + + To reproduce the bug, install an affected version of python3-django- + compressor (UCA zed+ in Jammy or newer Ubuntu). + + `dpkg-reconfigure` can be used to invoke the package's postinst (which runs the compressor), or it can be run manually with the following to get more output and a traceback on failure: + ``` + python3 /usr/share/openstack-dashboard/manage.py compress -v 3 --traceback + ``` + + [ Original Description ] + We have seen that the puppet integration job with Ubuntu 22.04 and UCA Bobcat consistently fails. Looking into the error it seems something is wrong with installation of openstack-dashboard package. 2023-12-01 07:13:16 + Puppet (err): Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install openstack-dashboard' returned 100: Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: - openstack-dashboard-common python3-asgiref python3-csscompressor - python3-django python3-django-appconf python3-django-compressor - python3-django-debreach python3-django-horizon python3-django-openstack-auth - python3-django-pyscss python3-pint python3-pyscss python3-rcssmin - python3-rjsmin + openstack-dashboard-common python3-asgiref python3-csscompressor + python3-django python3-django-appconf python3-django-compressor + python3-django-debreach python3-django-horizon python3-django-openstack-auth + python3-django-pyscss python3-pint python3-pyscss python3-rcssmin + python3-rjsmin Suggested packages: - bpython3 geoip-database-contrib gettext ipython3 libgdal20 - libsqlite3-mod-spatialite python-django-doc python3-flup python3-mysqldb - python3-pil python3-selenium python3-sqlite python-django-appconf-doc - python3-calmjs python-django-debreach-doc + bpython3 geoip-database-contrib gettext ipython3 libgdal20 + libsqlite3-mod-spatialite python-django-doc python3-flup python3-mysqldb + python3-pil python3-selenium python3-sqlite python-django-appconf-doc + python3-calmjs python-django-debreach-doc The following NEW packages will be installed: - openstack-dashboard openstack-dashboard-common python3-asgiref - python3-csscompressor python3-django python3-django-appconf - python3-django-compressor python3-django-debreach python3-django-horizon - python3-django-openstack-auth python3-django-pyscss pyt
[Bug 2104201] [NEW] LXD installer attempts to install when LXD snap is installed & disabled
Public bug reported: Install and disable LXD in Ubuntu 24.04 ``` sudo snap install lxd sudo snap disable lxd ``` Then run a command with lxc: ``` $ lxc ls Installing LXD snap, please be patient. ``` ** Affects: lxd-installer (Ubuntu) Importance: Low Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104201 Title: LXD installer attempts to install when LXD snap is installed & disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd-installer/+bug/2104201/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083029] Re: Try does not recover network
** Description changed: + [ Impact ] + + `netplan try` fails to roll back network changes after an edit to + /etc/netplan/50-cloud-init.yaml. This occurs using both networkd and + NetworkManager backends. + + A user makes changes to their netplan configuration over ssh, expecting + that if the ssh connection is lost, `netplan try` will roll back the + change. Failure to do so may be highly inconvenient as a user may not + have physical or console access to the machine they are configuring. + + There are two bugs represented here. + + In the networkd backend, networkd will only read new .netdev and + .network files when their ownership is `root:systemd-network`. When + `netplan try` backs up the generated networkd configuration, it ignores + the ownership of the original file, using `root:root` instead. When + `netplan try` rolls back the configuration, networkd does not load them. + + Since Ubuntu 23.10, NetworkManager stores automatically generated + configuration in netplan yaml instead of GLib keyfiles [1]. + NetworkManager is patched in Ubuntu to support this functionality. The + patches run `netplan generate` (via DBus) when NetworkManager reloads + its configuration. When `netplan try` attempts to roll back to the old + configuration, it restarts NetworkManager, which re-runs `netplan + generate` with the new (unconfirmed configuration). + + [1] https://netplan.readthedocs.io/en/stable/netplan-everywhere/ + + [ Test Plan ] + + `netplan apply` the default netplan configuration in a LXD instance + (`/etc/netplan/50-cloud-init.yaml`): + + ``` + network: + version: 2 + ethernets: + enp5s0: + dhcp4: true + ``` + + Replace the configuration with a static IP: + + ``` + network: + version: 2 + ethernets: + enp5s0: + dhcp4: false + addresses: + - 10.58.215.80/24 + ``` + + Run `netplan try --timeout 3` and allow the timeout to elapse. + + The IP assigned to the interface from `ip a` should be restored to the + DHCP address. + + [ Where problems could occur ] + + The change that preserves file ownership for networkd affects code that + is only used in `netplan try`; there are unlikely to be issues in + netplan itself related to this change. + + The netplan generator change will block the netplan generator from + running if `/run/netplan/netplan-try.ready` exists. If that file is not + cleaned up, `netplan apply` will fail when it would not otherwise have + done. The error message from the failure states that the file should be + removed to force the apply to succeed. + + `/run/netplan/netplan-try.ready` is only created by netplan during + `netplan try`; users using netplan without `netplan try` are unlikely to + be affected. + + [Original Description] + Netplan try fails to rollback network changes after an edit to /etc/netplan/50-cloud-init.yaml ``` network: - ethernets: - eno1: - addresses: - - 10.1.0.221/23 - - 10.1.1.181/23 + ethernets: + eno1: + addresses: + - 10.1.0.221/23 + - 10.1.1.181/23 ``` I removed an IP address and ran "netplan try" and lost ssh. Connection should return after 2min, but that doesn't happen. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083029] Re: Try does not recover network
** Changed in: netplan.io (Ubuntu Focal) Status: New => Confirmed ** Changed in: netplan.io (Ubuntu Jammy) Status: New => Confirmed ** Changed in: netplan.io (Ubuntu Noble) Status: New => Confirmed ** Changed in: netplan.io (Ubuntu Oracular) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104201] Re: LXD installer attempts to install when LXD snap is installed & disabled
** Tags added: seg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104201 Title: LXD installer attempts to install when LXD snap is installed & disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd-installer/+bug/2104201/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104201] Re: LXD installer attempts to install when LXD snap is installed & disabled
I ran into this with autopkgtest (man 1 autopkgtest-virt-lxd), so it hung for a while and then failed as the first lxc command it ran didn't do anything. I haven't looked at the code but an early return (with some kind of descriptive error message) when LXD is disabled would be great. :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104201 Title: LXD installer attempts to install when LXD snap is installed & disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd-installer/+bug/2104201/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104201] Re: LXD installer attempts to install when LXD snap is installed & disabled
Looks good to me, thanks for hopping on this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104201 Title: LXD installer attempts to install when LXD snap is installed & disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd-installer/+bug/2104201/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104201] Re: LXD installer attempts to install when LXD snap is installed & disabled
A reminder that the snap is disabled would be ideal, but "not found" is also appropriate here IMO. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104201 Title: LXD installer attempts to install when LXD snap is installed & disabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd-installer/+bug/2104201/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104840] [NEW] sudo_logsrvd TLS log transport in Jammy
Public bug reported:
[ Impact ]
Users of sudo_logsrvd in Jammy are unable to configure TLS transport as
sudo was built without OpenSSL in Jammy.
This functionality is available in Noble and above as OpenSSL was inadvertantly
included in sudo builds: 564d6d7f in cyrus-sasl2 introduced an indirect
libssl-dev build-dep to sudo [1]. sudo's build system automatically enables
openssl when it is present in the build environment:
```
--enable-openssl[=DIR]
Use OpenSSL's TLS and SHA-2 message digest functions. If
it is detected, OpenSSL will be used by default unless the
sudo log client and server are disabled via the
--disable-log-client and --disable-log-server options. To
explicitly disable the use of OpenSSL, the --disable-openssl
option can be used. OpenSSL versions prior to 1.0.1 will
not be used as they do not support TLS 1.2. If specified,
DIR should contain the OpenSSL include and lib directories.
```
I reported this in Debian as an MR to make the dependency explicit [2].
The Debian sudo team would prefer that `sudo` not link against OpenSSL
and is considering dropping logsrvd altogether unless they are able to
find a maintainer [3].
I'm opening this bug for two reasons:
- To guage the feasibility of an SRU of TLS support for `sudo` in Jammy
- To raise the issue of logsrvd in Ubuntu more generally
I have verified that a rebuild of the package with the libssl-dev
dependency does allow TLS log transport to function, although I have not
thoroughly tested it.
It is my feeling that this does not meet the requirements for an SRU for several
reasons:
- It is not a regression from Focal (logsrvd was introduced in Jammy) [4]
- It is not a minimal change (the debdiff is trivial but the flag enables
several
hundred lines of code, a few of which modify routines in the logging plugin)
[5]
- It affects a core package with potential security implications [6]
I'd appreciate a second opinion regarding the feasibility of SRU here.
Thanks!
[1]
https://salsa.debian.org/debian/cyrus-sasl2/-/commit/564d6d7f17bc7afbb124af06ac11d4ba4b5d73bf
[2] https://salsa.debian.org/sudo-team/sudo/-/merge_requests/18
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101451
[4]
https://documentation.ubuntu.com/sru/en/latest/reference/requirements/#what-is-acceptable-to-sru
[5]
https://documentation.ubuntu.com/sru/en/latest/explanation/requirements/#minimal-changes-only
[6]
https://documentation.ubuntu.com/sru/en/latest/reference/requirements/#other-safe-cases
[ Reproduction ]
In a Jammy container/VM, add the following lines to /etc/sudoers:
```
Defaultsiolog_dir=/var/log/sudo-io/%{user}, log_input, log_output
Defaultslog_servers = 192.168.0.243:30344(tls)
```
```
$ sudo echo hello
sudo: 192.168.0.243:30344(tls): Protocol not supported
sudo: unable to connect to log server
sudo: error initializing I/O plugin sudoers_io
```
With a libssl-dev enabled sudo build, set up a sudo_logsrvd server and
verify that a configuration equivalent to the above results in logs
being shipped over TLS [1].
[1]
https://manpages.ubuntu.com/manpages/jammy/en/man8/sudo_logsrvd.8.html
** Affects: sudo (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2104840
Title:
sudo_logsrvd TLS log transport in Jammy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2104840/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056187] Re: fails to configure BOOTIF when using iscsi
Hi, just checking in on the status of this since LP#2093164 is waiting on it. Is this still blocked? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056187 Title: fails to configure BOOTIF when using iscsi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2056187/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104840] Re: sudo_logsrvd TLS log transport in Jammy
** Tags added: sts ** Also affects: sudo (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104840 Title: sudo_logsrvd TLS log transport in Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2104840/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104948] Re: Security regression on focal for opensc
We released a temporary package 0.20.0-3ubuntu0.1~esm3 without the affected patches; this morning 0.20.0-3ubuntu0.1~esm4 was released [1]. I've verified that the new version does not fail with `pkcs11-tool -l -t`; I'll go ahead and close this as Fix Released. Please feel free to reopen if the esm version of opensc in Focal is still causing issues. [1] https://ubuntu.com/security/notices/USN-7346-3 ** Tags added: sts ** Changed in: opensc (Ubuntu) Status: Confirmed => Fix Released ** Changed in: opensc (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104948 Title: Security regression on focal for opensc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2104948/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
** Description changed: [ Impact ] pkcs11-tool in Jammy (opensc=0.22.0-1ubuntu2) fails with `-t` while testing digests: ``` $ sudo pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` This works in Focal and Noble. The test command provides users with a more firm indication that their smartcard is compatible/functional with OpenSC; it is often used while troubleshooting other issues with smartcards. This particular error occurs because the RIPEMD160 hash function is not included in OpenSSL's default provider in Jammy [1][2]. OpenSC 0.22 does not contain patches that update deprecated usage of OpenSSL 3; they were merged for 0.23 [3][4]. This bug was fixed in that PR (discussed in [5]). It looks to me like this bug showed up in #1972753, although that issue was resolved with a change of OpenSSH configuration. I'm opening this bug report to deal specifically with pkcs11-tool. A backport of [6] is sufficient to resolve the C_DigestInit failure. [1] https://docs.openssl.org/master/man7/EVP_MD-RIPEMD160/ [2] https://docs.openssl.org/master/man7/provider/ [3] https://github.com/OpenSC/OpenSC/issues/2308 [4] https://github.com/OpenSC/OpenSC/pull/2438 [5] https://github.com/OpenSC/OpenSC/issues/2571 [6] https://github.com/OpenSC/OpenSC/commit/c3dcab8b237d42961c0dc12ab2105f3df9073116 [ Test Plan ] Create CA & certificates for a virtual smart card as found at [1]. When creating the CA certificate, include `-2` and answer yes for CA: ``` certutil -S -d sql:$PWD -s "CN=Fake Smart Card CA" -x -2 -t TC,TC,TC -n fake-smartcard-ca ``` Export the CA cert as PEM so that it can be added to the VM later: ``` certutil -L -r -d sql:$PWD -o fake-smartcard-ca.cer -n fake-smartcard-ca openssl x509 -in fake-smartcard-ca.cer -out fake-smartcard-ca.crt -outform pem ``` Follow the instructions at [2] to create a cloud-init config drive `seed.img`. Add `fake-smartcard-ca.crt` to `seed.img` and use the following user-data: ``` #cloud-config chpasswd: expire: false users: - name: ubuntu password: password type: text ``` Launch a qemu VM with emulated smart card: ``` sudo qemu-system-x86_64 \ -enable-kvm \ -m 1024 \ -nic user,model=virtio \ -drive file=jammy-server-cloudimg-amd64.img,media=disk,index=0,if=virtio \ -drive file=seed.img,index=1,media=cdrom \ -usb -device usb-ccid -device ccid-card-emulated,backend=certificates,db=sql:$PWD,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert \ + -device virtio-rng-pci -nographic ``` - Log in, install opensc, copy the certificate and import it: + Log in, install opensc, copy the certificate and trust it: ``` sudo mount /dev/sr0 /mnt sudo cp /mnt/fake-smartcard-ca.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates ``` - test the card with: + Test the card with: ``` sudo pkcs11-tool --test --login ``` Authenticating with the card (with `-l`) is not needed to reproduce the failure; testing should be done with `-l` as the last hunk of this patch is only executed when using `-l`. + + I've seen intermittent failures doing this in the qemu environment; this + is likely an issue with `ccid-card-emulated` (pcscd logs report + intermittent `commands.c:1571:CCID_Receive Command not supported or not + allowed`). I will perform verification with both the virtual environment + described here and a VM with a physically passed-through Yubikey. [1] https://www.qemu.org/docs/master/system/devices/ccid.html#using-ccid-card-emulated-with-certificates-stored-in-files [2] https://cloudinit.readthedocs.io/en/latest/howto/launch_qemu.html [ Where problems could occur ] * These changes only affect the pkcs11-tool binary, specifically only the code that is invoked with `-t` (see p11_test() defined on pkcs11-tool.c#6394). Since `-t` is already broken, it's assumed that additional breakage to this option would be low impact. * As noted in the upstream issues, OpenSC 0.22 was not audited for compatibility with OpenSSL 3.0, so there are possibly some remaining issues (some fixed in [1]) that this SRU does not address. [1] https://github.com/OpenSC/OpenSC/pull/2438 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106434 Title: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2106434/+subscriptions
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
** Merge proposal linked: https://code.launchpad.net/~whershberger/ubuntu/+source/opensc/+git/opensc/+merge/484178 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106434 Title: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2106434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
** Description changed: [ Impact ] pkcs11-tool in Jammy (opensc=0.22.0-1ubuntu2) fails with `-t` while testing digests: ``` $ sudo pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): - seeding (C_SeedRandom) not supported - seems to be OK + seeding (C_SeedRandom) not supported + seems to be OK Digests: - all 4 digest functions seem to work - MD5: OK - SHA-1: OK + all 4 digest functions seem to work + MD5: OK + SHA-1: OK error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` This works in Focal and Noble. The test command provides users with a more firm indication that their smartcard is compatible/functional with OpenSC; it is often used while troubleshooting other issues with smartcards. This particular error occurs because the RIPEMD160 hash function is not included in OpenSSL's default provider in Jammy [1][2]. OpenSC 0.22 does not contain patches that update deprecated usage of OpenSSL 3; they were merged for 0.23 [3][4]. This bug was fixed in that PR (discussed in [5]). It looks to me like this bug showed up in #1972753, although that issue was resolved with a change of OpenSSH configuration. I'm opening this bug report to deal specifically with pkcs11-tool. A backport of [6] is sufficient to resolve the C_DigestInit failure. [1] https://docs.openssl.org/master/man7/EVP_MD-RIPEMD160/ [2] https://docs.openssl.org/master/man7/provider/ [3] https://github.com/OpenSC/OpenSC/issues/2308 [4] https://github.com/OpenSC/OpenSC/pull/2438 [5] https://github.com/OpenSC/OpenSC/issues/2571 [6] https://github.com/OpenSC/OpenSC/commit/c3dcab8b237d42961c0dc12ab2105f3df9073116 [ Test Plan ] - Create CA & certificates for a virtual smart card as found at [1]. + Create CA & certificates for a virtual smart card as found at [1]. When creating the CA certificate, include `-2` and answer yes for CA: + ``` + certutil -S -d sql:$PWD -s "CN=Fake Smart Card CA" -x -2 -t TC,TC,TC -n fake-smartcard-ca + ``` - Follow the instructions at [2] to create a cloud-init config drive `seed.img` with the following user-data: + Export the CA cert as PEM so that it can be added to the VM later: + ``` + certutil -L -r -d sql:$PWD -o fake-smartcard-ca.cer -n fake-smartcard-ca + openssl x509 -in fake-smartcard-ca.cer -out fake-smartcard-ca.crt -outform pem + ``` + + Follow the instructions at [2] to create a cloud-init config drive `seed.img`. Add `fake-smartcard-ca.crt` to `seed.img` and use the following user-data: ``` #cloud-config chpasswd: - expire: false - users: - - name: ubuntu - password: password - type: text + expire: false + users: + - name: ubuntu + password: password + type: text ``` Launch a qemu VM with emulated smart card: ``` sudo qemu-system-x86_64 \ - -enable-kvm \ - -m 1024 \ - -nic user,model=virtio \ - -drive file=jammy-server-cloudimg-amd64.img,media=disk,index=0,if=virtio \ - -drive file=seed.img,index=1,media=cdrom \ - -usb -device usb-ccid -device ccid-card-emulated,backend=certificates,db=sql:$PWD,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert \ - -nographic + -enable-kvm \ + -m 1024 \ + -nic user,model=virtio \ + -drive file=jammy-server-cloudimg-amd64.img,media=disk,index=0,if=virtio \ + -drive file=seed.img,index=1,media=cdrom \ + -usb -device usb-ccid -device ccid-card-emulated,backend=certificates,db=sql:$PWD,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert \ + -nographic ``` - Log in, install opensc and test the card with: + Log in, install opensc, copy the certificate and import it: ``` - sudo pkcs11-tool -t + sudo mount /dev/sr0 /mnt + sudo cp /mnt/fake-smartcard-ca.crt /usr/local/share/ca-certificates/ + sudo update-ca-certificates + ``` + + test the card with: + ``` + sudo pkcs11-tool --test --login ``` Authenticating with the card (with `-l`) is not needed to reproduce the failure; testing should be done with `-l` as the last hunk of this patch is only executed when using `-l`. + [1] https://www.qemu.org/docs/master/system/devices/ccid.html#using-ccid-card-emulated-with-certificates-stored-in-files + [2] https://cloudinit.readthedocs.io/en/latest/howto/launch_qemu.html + [ Where problems could occur ] - * These changes only affect the pkcs11-tool binary, specifically only the code - that is invoked with `-t` (see p11_test() defined on pkcs11-tool.c#6394). - Since `-t` is already broken, it's assumed that additional breakage to this - option would be low impact. + * These changes only affect the pkcs11-tool binary, specifically only the code +that is invoked with `-t` (see p11_test() defined on pkcs11-tool.c#6394). +Since `-t` is already broken, it's assumed that additional breakage to this +option would be
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Changed in: cloud-archive/antelope Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Changed in: cloud-archive/epoxy Status: New => Confirmed ** Changed in: horizon (Ubuntu Oracular) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Also affects: horizon (Ubuntu) Importance: Undecided Status: New ** Also affects: horizon (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: horizon (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: horizon (Ubuntu Plucky) Importance: Undecided Status: New ** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/epoxy Importance: Undecided Status: New ** Also affects: cloud-archive/bobcat Importance: Undecided Status: New ** Also affects: cloud-archive/dalmatian Importance: Undecided Status: New ** Also affects: cloud-archive/antelope Importance: Undecided Status: New ** Also affects: cloud-archive/caracal Importance: Undecided Status: New ** Changed in: horizon (Ubuntu Plucky) Assignee: (unassigned) => Wesley Hershberger (whershberger) ** Changed in: cloud-archive/epoxy Assignee: (unassigned) => Wesley Hershberger (whershberger) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
I've opened an issue upstream to discuss this [1]. [1] https://github.com/django-compressor/django-compressor/issues/1291 ** Bug watch added: github.com/django-compressor/django-compressor/issues #1291 https://github.com/django-compressor/django-compressor/issues/1291 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
Confirmed in jammy-antelope and oracular-epoxy. This is a failure in python-django-compressor, almost certainly introduced by [1]. UCA in jammy pulls in python3-django-compressor=4.0-1ubuntu1~cloud0, containing the bug. Still looking. [1] https://github.com/django-compressor/django-compressor/pull/912 ** Also affects: python-django-compressor (Ubuntu) Importance: Undecided Status: New ** Changed in: horizon (Ubuntu Plucky) Status: New => Invalid ** Changed in: horizon (Ubuntu Plucky) Assignee: Wesley Hershberger (whershberger) => (unassigned) ** Changed in: python-django-compressor (Ubuntu Oracular) Status: New => Confirmed ** Changed in: python-django-compressor (Ubuntu Plucky) Assignee: (unassigned) => Wesley Hershberger (whershberger) ** Changed in: horizon Status: New => Invalid ** Changed in: horizon (Ubuntu Oracular) Status: Confirmed => Invalid ** Changed in: horizon (Ubuntu Noble) Status: New => Invalid ** Changed in: cloud-archive/epoxy Status: Confirmed => Invalid ** Changed in: cloud-archive/epoxy Assignee: Wesley Hershberger (whershberger) => (unassigned) ** Changed in: cloud-archive/dalmatian Status: New => Invalid ** Changed in: cloud-archive/caracal Status: New => Invalid ** Changed in: cloud-archive/bobcat Status: New => Invalid ** Changed in: cloud-archive/antelope Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
** Description changed: [ Impact ] pkcs11-tool in Jammy (opensc=0.22.0-1ubuntu2) fails with `-t` while testing digests: ``` $ sudo pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` This works in Focal and Noble. The test command provides users with a more firm indication that their smartcard is compatible/functional with OpenSC; it is often used while troubleshooting other issues with smartcards. This particular error occurs because the RIPEMD160 hash function is not included in OpenSSL's default provider in Jammy [1][2]. OpenSC 0.22 does not contain patches that update deprecated usage of OpenSSL 3; they were merged for 0.23 [3][4]. This bug was fixed in that PR (discussed in [5]). It looks to me like this bug showed up in #1972753, although that issue was resolved with a change of OpenSSH configuration. I'm opening this bug report to deal specifically with pkcs11-tool. A backport of [6] is sufficient to resolve the C_DigestInit failure. [1] https://docs.openssl.org/master/man7/EVP_MD-RIPEMD160/ [2] https://docs.openssl.org/master/man7/provider/ [3] https://github.com/OpenSC/OpenSC/issues/2308 [4] https://github.com/OpenSC/OpenSC/pull/2438 [5] https://github.com/OpenSC/OpenSC/issues/2571 [6] https://github.com/OpenSC/OpenSC/commit/c3dcab8b237d42961c0dc12ab2105f3df9073116 [ Test Plan ] Create CA & certificates for a virtual smart card as found at [1]. Follow the instructions at [2] to create a cloud-init config drive `seed.img` with the following user-data: ``` #cloud-config chpasswd: expire: false users: - name: ubuntu password: password type: text ``` Launch a qemu VM with emulated smart card: ``` sudo qemu-system-x86_64 \ -enable-kvm \ -m 1024 \ -nic user,model=virtio \ - -drive file=root.img,media=disk,index=0,if=virtio \ + -drive file=jammy-server-cloudimg-amd64.img,media=disk,index=0,if=virtio \ -drive file=seed.img,index=1,media=cdrom \ -usb -device usb-ccid -device ccid-card-emulated,backend=certificates,db=sql:$PWD,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert \ -nographic ``` Log in, install opensc and test the card with: ``` sudo pkcs11-tool -t ``` - Authenticating with the card (with -l) is not needed to reproduce the - failure. + Authenticating with the card (with `-l`) is not needed to reproduce the + failure; testing should be done with -l as the last hunk of this patch + is only executed when using `-l`. + + [ Where problems could occur ] + + * These changes only affect the pkcs11-tool binary, specifically only the code +that is invoked with `-t` (see p11_test() defined on pkcs11-tool.c#6394). +Since `-t` is already broken, it's assumed that additional breakage to this +option would be low impact. + + * As noted in the upstream issues, OpenSC 0.22 was not audited for compatibility +with OpenSSL 3.0, so there are possibly some remaining issues (some fixed in [3]) +that this SRU does not address. [1] https://www.qemu.org/docs/master/system/devices/ccid.html#using-ccid-card-emulated-with-certificates-stored-in-files [2] https://cloudinit.readthedocs.io/en/latest/howto/launch_qemu.html + [3] https://github.com/OpenSC/OpenSC/pull/2438 ** Description changed: [ Impact ] pkcs11-tool in Jammy (opensc=0.22.0-1ubuntu2) fails with `-t` while testing digests: ``` $ sudo pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): - seeding (C_SeedRandom) not supported - seems to be OK + seeding (C_SeedRandom) not supported + seems to be OK Digests: - all 4 digest functions seem to work - MD5: OK - SHA-1: OK + all 4 digest functions seem to work + MD5: OK + SHA-1: OK error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` This works in Focal and Noble. The test command provides users with a more firm indication that their smartcard is compatible/functional with OpenSC; it is often used while troubleshooting other issues with smartcards. This particular error occurs because the RIPEMD160 hash function is not included in OpenSSL's default provider in Jammy [1][2]. OpenSC 0.22 does not contain patches that update deprecated usage of OpenSSL 3; they were merged for 0.23 [3][4]. This bug was fixed in that PR (discussed in [5]). It looks to me like this bug showed up in #1972753, although that issue was resolved with a change of OpenSSH configuration. I'm opening
[Bug 2107225] [NEW] Disable cloud-init network config in Desktop ISO
Public bug reported: The Desktop ISO installer enables cloud-init to allow automation with Subiquity autoinstall. Currently, cloud-init probes & configures networking in the live environment. As described in cloud-init#6110, this does not appear to be necessary as NetworkManager should manage network connectivity in this context. To be clear, I am proposing this as a workaround for cloud-init#6110. My understanding of the proposed first steps here are to drop the configuration from [2] and instead write netplan configuration in the ISOs directly. One possible pitfall: I did a little bit of additional testing and found that configuring a static IP on the kernel command line in combination with disabled cloud- init network-config generated DNS issues: vmlinuz ip=10.183.135.99::10.183.135.1:255.255.255.010.183.135.1 network-config=disabled The static IP works alright but `resolvectl status` showed no configured DNS servers. A `netplan apply` was sufficient to fix it, as initramfs- tools converts the cmdline into a netplan configuration. [1] https://github.com/canonical/cloud-init/issues/6110 [2] https://git.launchpad.net/livecd-rootfs/tree/live-build/ubuntu/includes.chroot.minimal.standard.live/etc/cloud/cloud.cfg#n23 ** Affects: livecd-rootfs (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107225 Title: Disable cloud-init network config in Desktop ISO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2107225/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2107225] Re: Disable cloud-init network config in Desktop ISO
** Tags added: seg -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2107225 Title: Disable cloud-init network config in Desktop ISO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2107225/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083029] Re: Try does not recover network
** Patch added: "rm-nocheck.patch" https://bugs.launchpad.net/netplan/+bug/2083029/+attachment/5872546/+files/rm-nocheck.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083029] Re: Try does not recover network
I've reworked the patches using gbp and run the 'scenarios' autopkgtest for each series. The tests pass for all but Jammy; not clear why we have a missing builddep: ``` Program pytest-3 pytest3 found: NO ../meson.build:28:0: ERROR: Program 'pytest-3 pytest3' not found or not executable ``` It may be environment-specific although I don't think my env is particularly special. Removing `` from the python dependencies in d/control allows the tests to pass (see attached diff). I also saw some failures of test_netplan_try_lp2083029 in Jammy; looks like networkd being very slow. My environment is heavily IO-contested nested virt at the moment so I expect that this isn't something to worry about; extending `timeout` in `try_and_settle` lets the test pass. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083029] Re: Try does not recover network
** Merge proposal linked: https://code.launchpad.net/~whershberger/ubuntu/+source/netplan.io/+git/netplan.io/+merge/484438 ** Merge proposal linked: https://code.launchpad.net/~whershberger/ubuntu/+source/netplan.io/+git/netplan.io/+merge/484440 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
** Tags added: sts ** Changed in: dconf (Ubuntu) Assignee: (unassigned) => Wesley Hershberger (whershberger) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072586 Title: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dconf/+bug/2072586/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2104840] Re: sudo_logsrvd TLS log transport in Jammy
Discussed internally; this would likely require an SRU exception which is unlikely to be granted for a feature request. ** Changed in: sudo (Ubuntu) Status: New => Won't Fix ** Changed in: sudo (Ubuntu Jammy) Status: New => Won't Fix ** Changed in: sudo (Ubuntu) Status: Won't Fix => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104840 Title: sudo_logsrvd TLS log transport in Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2104840/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
Thanks for the note; I've opened MRs against that repo: https://salsa.debian.org/gnome-team/glib/-/merge_requests/49 https://salsa.debian.org/gnome-team/glib/-/merge_requests/50 https://salsa.debian.org/gnome-team/glib/-/merge_requests/51 https://salsa.debian.org/gnome-team/glib/-/merge_requests/52 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072586 Title: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/ To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/2072586/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
Thanks for the review; I'll get the branch right in future :) I've added a section with a quick sign+verify; happy to add additional workflows if that isn't sufficient. ** Description changed: [ Impact ] pkcs11-tool in Jammy (opensc=0.22.0-1ubuntu2) fails with `-t` while testing digests: ``` $ sudo pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` This works in Focal and Noble. The test command provides users with a more firm indication that their smartcard is compatible/functional with OpenSC; it is often used while troubleshooting other issues with smartcards. This particular error occurs because the RIPEMD160 hash function is not included in OpenSSL's default provider in Jammy [1][2]. OpenSC 0.22 does not contain patches that update deprecated usage of OpenSSL 3; they were merged for 0.23 [3][4]. This bug was fixed in that PR (discussed in [5]). It looks to me like this bug showed up in #1972753, although that issue was resolved with a change of OpenSSH configuration. I'm opening this bug report to deal specifically with pkcs11-tool. A backport of [6] is sufficient to resolve the C_DigestInit failure. [1] https://docs.openssl.org/master/man7/EVP_MD-RIPEMD160/ [2] https://docs.openssl.org/master/man7/provider/ [3] https://github.com/OpenSC/OpenSC/issues/2308 [4] https://github.com/OpenSC/OpenSC/pull/2438 [5] https://github.com/OpenSC/OpenSC/issues/2571 [6] https://github.com/OpenSC/OpenSC/commit/c3dcab8b237d42961c0dc12ab2105f3df9073116 [ Test Plan ] Create CA & certificates for a virtual smart card as found at [1]. When creating the CA certificate, include `-2` and answer yes for CA: [1] https://www.qemu.org/docs/master/system/devices/ccid.html#using-ccid-card-emulated-with-certificates-stored-in-files ``` sudo apt install libnss3-tools mkdir fake-smartcard cd fake-smartcard certutil -N -d sql:$PWD certutil -S -d sql:$PWD -s "CN=Fake Smart Card CA" -x -2 -t TC,TC,TC -n fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe" -n id-cert -c fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe (signing)" --nsCertType smime -n signing-cert -c fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe (encryption)" --nsCertType sslClient -n encryption-cert -c fake-smartcard-ca ``` Export the CA cert as PEM so that it can be added to the VM later: ``` certutil -L -r -d sql:$PWD -o fake-smartcard-ca.cer -n fake-smartcard-ca openssl x509 -in fake-smartcard-ca.cer -out fake-smartcard-ca.crt -outform pem ``` Follow the instructions at [2] to create a cloud-init config drive `seed.img`. Add `fake-smartcard-ca.crt` to `seed.img` and use the following user-data: [2] https://cloudinit.readthedocs.io/en/latest/howto/launch_qemu.html ``` touch network-config touch meta-data cat >user-data
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
The autopkgtests look like an infra issue rather than a test failure. VM verification coming soon... ### Verification Done Jammy (Yubikey) ### $ apt-cache policy opensc opensc: Installed: 0.22.0-1ubuntu2.1 Candidate: 0.22.0-1ubuntu2.1 Version table: *** 0.22.0-1ubuntu2.1 500 500 http://archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 Packages 100 /var/lib/dpkg/status 0.22.0-1ubuntu2+test0 500 500 https://ppa.launchpadcontent.net/whershberger/opensc-00408323/ubuntu jammy/main amd64 Packages 0.22.0-1ubuntu2+esm1 510 510 https://esm.ubuntu.com/apps/ubuntu jammy-apps-security/main amd64 Packages 0.22.0-1ubuntu2 500 500 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages ubuntu@jammy-desktop:~$ sudo pkcs11-tool --test --login Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only for RSA) testing key 0 (PIV AUTH key) all 4 signature functions seem to work testing signature mechanisms: RSA-X-509: OK RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK SHA256-RSA-PKCS: OK Verify (currently only for RSA) testing key 0 (PIV AUTH key) RSA-X-509: OK RSA-PKCS: OK SHA1-RSA-PKCS: OK MD5-RSA-PKCS: OK RIPEMD160-RSA-PKCS: OK Decryption (currently only for RSA) testing key 0 (PIV AUTH key) RSA-X-509: OK RSA-PKCS: OK No errors ubuntu@jammy-desktop:~$ pkcs11-tool --list-objects --login # ...omitted ubuntu@jammy-desktop:~$ pkcs11-tool --read-object --id 1 --type pubkey > pubkey.der Using slot 0 with a present token (0x0) ubuntu@jammy-desktop:~$ openssl rsa -inform der -outform pem -in pubkey.der -pubin > pubkey.pem writing RSA key ubuntu@jammy-desktop:~$ dd if=/dev/urandom of=data.bin count=1 bs=64 1+0 records in 1+0 records out 64 bytes copied, 0,000181666 s, 352 kB/s ubuntu@jammy-desktop:~$ pkcs11-tool --id 1 --sign --mechanism RSA-PKCS --input-file data.bin --output-file data.sig Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: Using signature algorithm RSA-PKCS ubuntu@jammy-desktop:~$ openssl pkeyutl -verify -pubin -inkey pubkey.pem -in data.bin -sigfile data.sig Signature Verified Successfully ### Verification Done Jammy (Yubikey) ### -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106434 Title: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2106434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
I've been unable to work around the issue described above with the QEMU ccid-card-emulated; I'm going to mark verification complete as the test plan was completed using a Yubikey. ### Verification Done Jammy (ccid-card-emulated) ### $ apt-cache policy opensc opensc: Installed: 0.22.0-1ubuntu2.1 Candidate: 0.22.0-1ubuntu2.1 Version table: *** 0.22.0-1ubuntu2.1 500 500 http://archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 Packages 100 /var/lib/dpkg/status 0.22.0-1ubuntu2 500 500 http://archive.ubuntu.com/ubuntu jammy/universe amd64 Packages $ pkcs11-tool -t -l Using slot 0 with a present token (0x0) error: PKCS11 function C_Login failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. user1@ubuntu:/etc/apt$ pkcs11-tool -t Using slot 0 with a present token (0x0) C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported ERR: C_GenerateRandom failed: CKR_GENERAL_ERROR (0x5) Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK RIPEMD160: OK Signatures (currently only for RSA) Signatures: no private key found in this slot Verify (currently only for RSA) No private key found for testing Decryption (currently only for RSA) 1 errors ### Verification Done Jammy (ccid-card-emulated) ### ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106434 Title: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2106434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
** Description changed: [ Impact ] pkcs11-tool in Jammy (opensc=0.22.0-1ubuntu2) fails with `-t` while testing digests: ``` $ sudo pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` This works in Focal and Noble. The test command provides users with a more firm indication that their smartcard is compatible/functional with OpenSC; it is often used while troubleshooting other issues with smartcards. This particular error occurs because the RIPEMD160 hash function is not included in OpenSSL's default provider in Jammy [1][2]. OpenSC 0.22 does not contain patches that update deprecated usage of OpenSSL 3; they were merged for 0.23 [3][4]. This bug was fixed in that PR (discussed in [5]). It looks to me like this bug showed up in #1972753, although that issue was resolved with a change of OpenSSH configuration. I'm opening this bug report to deal specifically with pkcs11-tool. A backport of [6] is sufficient to resolve the C_DigestInit failure. [1] https://docs.openssl.org/master/man7/EVP_MD-RIPEMD160/ [2] https://docs.openssl.org/master/man7/provider/ [3] https://github.com/OpenSC/OpenSC/issues/2308 [4] https://github.com/OpenSC/OpenSC/pull/2438 [5] https://github.com/OpenSC/OpenSC/issues/2571 [6] https://github.com/OpenSC/OpenSC/commit/c3dcab8b237d42961c0dc12ab2105f3df9073116 [ Test Plan ] Create CA & certificates for a virtual smart card as found at [1]. When creating the CA certificate, include `-2` and answer yes for CA: [1] https://www.qemu.org/docs/master/system/devices/ccid.html#using-ccid-card-emulated-with-certificates-stored-in-files ``` - sudo apt install libnss3-tools + sudo apt install libnss3-tools qemu-system-x86-64 mkdir fake-smartcard cd fake-smartcard certutil -N -d sql:$PWD certutil -S -d sql:$PWD -s "CN=Fake Smart Card CA" -x -2 -t TC,TC,TC -n fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe" -n id-cert -c fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe (signing)" --nsCertType smime -n signing-cert -c fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe (encryption)" --nsCertType sslClient -n encryption-cert -c fake-smartcard-ca ``` Export the CA cert as PEM so that it can be added to the VM later: ``` certutil -L -r -d sql:$PWD -o fake-smartcard-ca.cer -n fake-smartcard-ca openssl x509 -in fake-smartcard-ca.cer -out fake-smartcard-ca.crt -outform pem ``` Follow the instructions at [2] to create a cloud-init config drive `seed.img`. Add `fake-smartcard-ca.crt` to `seed.img` and use the following user-data: [2] https://cloudinit.readthedocs.io/en/latest/howto/launch_qemu.html ``` touch network-config touch meta-data cat >user-data
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
** Description changed: [ Impact ] pkcs11-tool in Jammy (opensc=0.22.0-1ubuntu2) fails with `-t` while testing digests: ``` $ sudo pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` This works in Focal and Noble. The test command provides users with a more firm indication that their smartcard is compatible/functional with OpenSC; it is often used while troubleshooting other issues with smartcards. This particular error occurs because the RIPEMD160 hash function is not included in OpenSSL's default provider in Jammy [1][2]. OpenSC 0.22 does not contain patches that update deprecated usage of OpenSSL 3; they were merged for 0.23 [3][4]. This bug was fixed in that PR (discussed in [5]). It looks to me like this bug showed up in #1972753, although that issue was resolved with a change of OpenSSH configuration. I'm opening this bug report to deal specifically with pkcs11-tool. A backport of [6] is sufficient to resolve the C_DigestInit failure. [1] https://docs.openssl.org/master/man7/EVP_MD-RIPEMD160/ [2] https://docs.openssl.org/master/man7/provider/ [3] https://github.com/OpenSC/OpenSC/issues/2308 [4] https://github.com/OpenSC/OpenSC/pull/2438 [5] https://github.com/OpenSC/OpenSC/issues/2571 [6] https://github.com/OpenSC/OpenSC/commit/c3dcab8b237d42961c0dc12ab2105f3df9073116 [ Test Plan ] Create CA & certificates for a virtual smart card as found at [1]. When creating the CA certificate, include `-2` and answer yes for CA: [1] https://www.qemu.org/docs/master/system/devices/ccid.html#using-ccid-card-emulated-with-certificates-stored-in-files ``` - sudo apt install libnss3-tools qemu-system-x86-64 + sudo apt install libnss3-tools qemu-system-x86-64 genisoimage mkdir fake-smartcard cd fake-smartcard certutil -N -d sql:$PWD certutil -S -d sql:$PWD -s "CN=Fake Smart Card CA" -x -2 -t TC,TC,TC -n fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe" -n id-cert -c fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe (signing)" --nsCertType smime -n signing-cert -c fake-smartcard-ca certutil -S -d sql:$PWD -t ,, -s "CN=John Doe (encryption)" --nsCertType sslClient -n encryption-cert -c fake-smartcard-ca ``` Export the CA cert as PEM so that it can be added to the VM later: ``` certutil -L -r -d sql:$PWD -o fake-smartcard-ca.cer -n fake-smartcard-ca openssl x509 -in fake-smartcard-ca.cer -out fake-smartcard-ca.crt -outform pem ``` Follow the instructions at [2] to create a cloud-init config drive `seed.img`. Add `fake-smartcard-ca.crt` to `seed.img` and use the following user-data: [2] https://cloudinit.readthedocs.io/en/latest/howto/launch_qemu.html ``` touch network-config touch meta-data cat >user-data
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
Per my upstream MR, this is a bug in GLib, not dconf [1]. I've opened & pushed through [2], which has been graciously picked to debian/latest (thanks Jeremy). [1] https://gitlab.gnome.org/GNOME/gvdb/-/merge_requests/27 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4607 [3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4608 ** Changed in: glib2.0 (Ubuntu Oracular) Status: New => Triaged ** Changed in: glib2.0 (Ubuntu Oracular) Assignee: (unassigned) => Wesley Hershberger (whershberger) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072586 Title: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/2072586/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
** Description changed: [ Test Plan ] ``` sudo apt-get install dconf-cli mkdir -p /etc/dconf/db/database.d cat >/etc/dconf/db/database.d/test
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
** Description changed: + [ Impact ] + + This was originally reported by a user applying the DISA-STIG on Ubuntu + desktop [1], which requires a global umask of 077. The global dconf databases + in /etc/dconf/db are intended to be read by many users (mode 644). + + dconf uses g_file_set_contents from GLib to guarantee consistent writes [2][3]. + The function creates a tempfile to rename over the original but does not + guarantee that the permissions of the tempfile to be the same as the original [4]. + With umask 077, this causes a dconf database write to change the permissions of + the db file from 644 to 600. + + This behavior was changed upstream in 45a36e52 to guarantee that the mode of the + original file is preserved [5]. + + The SRU of upstream 45a36e52 to Jammy+ will enable users to modify global GNOME + configuration without losing read access to the changed dconf databases. + + [1] https://ubuntu.com/security/certifications/docs/disa-stig + [2] https://git.launchpad.net/ubuntu/+source/dconf/tree/gvdb/gvdb-builder.c?h=ubuntu/jammy#n518 + [3] https://docs.gtk.org/glib/func.file_set_contents.html + [4] https://docs.gtk.org/glib/func.file_set_contents_full.html#description + [5] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4607 + [ Test Plan ] + Ensure that the patch resolves the original bug: ``` sudo apt-get install dconf-cli mkdir -p /etc/dconf/db/database.d cat >/etc/dconf/db/database.d/test
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
** Changed in: glib2.0 (Ubuntu Jammy) Status: Triaged => In Progress ** Changed in: glib2.0 (Ubuntu Noble) Status: Triaged => In Progress ** Changed in: glib2.0 (Ubuntu Oracular) Status: Triaged => In Progress ** Changed in: glib2.0 (Ubuntu Plucky) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072586 Title: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/2072586/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
** Description changed: [ Impact ] This was originally reported by a user applying the DISA-STIG on Ubuntu desktop [1], which requires a global umask of 077. The global dconf databases in /etc/dconf/db are intended to be read by many users (mode 644). dconf uses g_file_set_contents from GLib to guarantee consistent writes [2][3]. The function creates a tempfile to rename over the original but does not guarantee that the permissions of the tempfile to be the same as the original [4]. With umask 077, this causes a dconf database write to change the permissions of the db file from 644 to 600. This behavior was changed upstream in 45a36e52 to guarantee that the mode of the original file is preserved [5]. + + 45a36e52 has been picked into debian/latest. The SRU of upstream 45a36e52 to Jammy+ will enable users to modify global GNOME configuration without losing read access to the changed dconf databases. [1] https://ubuntu.com/security/certifications/docs/disa-stig [2] https://git.launchpad.net/ubuntu/+source/dconf/tree/gvdb/gvdb-builder.c?h=ubuntu/jammy#n518 [3] https://docs.gtk.org/glib/func.file_set_contents.html [4] https://docs.gtk.org/glib/func.file_set_contents_full.html#description [5] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4607 [ Test Plan ] Ensure that the patch resolves the original bug: ``` sudo apt-get install dconf-cli mkdir -p /etc/dconf/db/database.d cat >/etc/dconf/db/database.d/test
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
** Description changed: [ Impact ] This was originally reported by a user applying the DISA-STIG on Ubuntu desktop [1], which requires a global umask of 077. The global dconf databases in /etc/dconf/db are intended to be read by many users (mode 644). dconf uses g_file_set_contents from GLib to guarantee consistent writes [2][3]. The function creates a tempfile to rename over the original but does not guarantee that the permissions of the tempfile to be the same as the original [4]. With umask 077, this causes a dconf database write to change the permissions of the db file from 644 to 600. This behavior was changed upstream in 45a36e52 to guarantee that the mode of the original file is preserved [5]. 45a36e52 has been picked into debian/latest. The SRU of upstream 45a36e52 to Jammy+ will enable users to modify global GNOME configuration without losing read access to the changed dconf databases. [1] https://ubuntu.com/security/certifications/docs/disa-stig [2] https://git.launchpad.net/ubuntu/+source/dconf/tree/gvdb/gvdb-builder.c?h=ubuntu/jammy#n518 [3] https://docs.gtk.org/glib/func.file_set_contents.html [4] https://docs.gtk.org/glib/func.file_set_contents_full.html#description [5] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4607 [ Test Plan ] Ensure that the patch resolves the original bug: ``` sudo apt-get install dconf-cli mkdir -p /etc/dconf/db/database.d cat >/etc/dconf/db/database.d/test
[Bug 2083029] Re: Try does not recover network
** Changed in: netplan Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106434] [NEW] pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
Public bug reported: [ Impact ] pkcs11-tool in Jammy (opensc=0.22.0-1ubuntu2) fails with `-t` while testing digests: ``` $ sudo pkcs11-tool -l -t Using slot 0 with a present token (0x0) Logging in to "Users". Please enter User PIN: C_SeedRandom() and C_GenerateRandom(): seeding (C_SeedRandom) not supported seems to be OK Digests: all 4 digest functions seem to work MD5: OK SHA-1: OK error: PKCS11 function C_DigestInit failed: rv = CKR_GENERAL_ERROR (0x5) Aborting. ``` This works in Focal and Noble. The test command provides users with a more firm indication that their smartcard is compatible/functional with OpenSC; it is often used while troubleshooting other issues with smartcards. This particular error occurs because the RIPEMD160 hash function is not included in OpenSSL's default provider in Jammy [1][2]. OpenSC 0.22 does not contain patches that update deprecated usage of OpenSSL 3; they were merged for 0.23 [3][4]. This bug was fixed in that PR (discussed in [5]). It looks to me like this bug showed up in #1972753, although that issue was resolved with a change of OpenSSH configuration. I'm opening this bug report to deal specifically with pkcs11-tool. A backport of [6] is sufficient to resolve the C_DigestInit failure. [1] https://docs.openssl.org/master/man7/EVP_MD-RIPEMD160/ [2] https://docs.openssl.org/master/man7/provider/ [3] https://github.com/OpenSC/OpenSC/issues/2308 [4] https://github.com/OpenSC/OpenSC/pull/2438 [5] https://github.com/OpenSC/OpenSC/issues/2571 [6] https://github.com/OpenSC/OpenSC/commit/c3dcab8b237d42961c0dc12ab2105f3df9073116 [ Test Plan ] Create CA & certificates for a virtual smart card as found at [1]. Follow the instructions at [2] to create a cloud-init config drive `seed.img` with the following user-data: ``` #cloud-config chpasswd: expire: false users: - name: ubuntu password: password type: text ``` Launch a qemu VM with emulated smart card: ``` sudo qemu-system-x86_64 \ -enable-kvm \ -m 1024 \ -nic user,model=virtio \ -drive file=root.img,media=disk,index=0,if=virtio \ -drive file=seed.img,index=1,media=cdrom \ -usb -device usb-ccid -device ccid-card-emulated,backend=certificates,db=sql:$PWD,cert1=id-cert,cert2=signing-cert,cert3=encryption-cert \ -nographic ``` Log in, install opensc and test the card with: ``` sudo pkcs11-tool -t ``` Authenticating with the card (with -l) is not needed to reproduce the failure. [1] https://www.qemu.org/docs/master/system/devices/ccid.html#using-ccid-card-emulated-with-certificates-stored-in-files [2] https://cloudinit.readthedocs.io/en/latest/howto/launch_qemu.html ** Affects: opensc (Ubuntu) Importance: Undecided Assignee: Wesley Hershberger (whershberger) Status: In Progress ** Affects: opensc (Ubuntu Jammy) Importance: Undecided Assignee: Wesley Hershberger (whershberger) Status: In Progress ** Tags: sts ** Tags added: sts ** Also affects: opensc (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: opensc (Ubuntu Jammy) Status: New => In Progress ** Changed in: opensc (Ubuntu Jammy) Assignee: (unassigned) => Wesley Hershberger (whershberger) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106434 Title: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2106434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2012261] Re: Timeout not correctly set inside requests session object
I've been asked to put the SRU on hold as the affected user has found an additional issue with the patch. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2012261 Title: Timeout not correctly set inside requests session object To manage notifications about this bug go to: https://bugs.launchpad.net/python-etcd3gw/+bug/2012261/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2012261] Re: Timeout not correctly set inside requests session object
** Also affects: python-etcd3gw (Ubuntu) Importance: Undecided Status: New ** Also affects: python-etcd3gw (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: python-etcd3gw (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: python-etcd3gw (Ubuntu Oracular) Importance: Undecided Status: New ** Changed in: python-etcd3gw (Ubuntu) Status: New => Fix Released ** Changed in: python-etcd3gw (Ubuntu Jammy) Status: New => In Progress ** Changed in: python-etcd3gw (Ubuntu Noble) Status: New => In Progress ** Changed in: python-etcd3gw (Ubuntu Oracular) Status: New => In Progress ** Changed in: python-etcd3gw (Ubuntu Jammy) Assignee: (unassigned) => Wesley Hershberger (whershberger) ** Changed in: python-etcd3gw (Ubuntu Noble) Assignee: (unassigned) => Wesley Hershberger (whershberger) ** Changed in: python-etcd3gw (Ubuntu Oracular) Assignee: (unassigned) => Wesley Hershberger (whershberger) ** Tags added: sts ** Description changed: + [ Impact ] + The current `Etcd3Client` object attempts to set the `timeout` attribute of its requests.Session; requests.Session does not reference `timeout` [1] so the current behavior is a no-op. + + If a caller of `Etcd3Client` makes requests in a loop (expecting dropped + requests to time out), a failed/dropped request may block the loop. An + affected user was performing etcd compaction [2] in such a loop; without + periodic compaction requests the cluster filled its quota and became + unavailable for writes. + + This fix was released in 2.4.0 and is present in Plucky+ [4]. + + I've included a small patch to allow the package's unittests to pass in + Noble/Oracular. + + [1] https://requests.readthedocs.io/en/latest/api/#requests.Session + [2] https://etcd.io/docs/v3.5/op-guide/maintenance/#history-compaction-v3-api-key-value-database + [3] https://etcd.io/docs/v3.5/op-guide/maintenance/#space-quota + [4] https://opendev.org/openstack/etcd3gw/commit/04c7907854bdc66c85147f79058732ed4828e960 + + [ Test Plan ] + + ``` + cat >timeout.py<https://httpbin.org/delay/10";) + print(resp.status_code) + EOF + python3 timeout.py + ``` + + Expected Result: + ``` + etcd3gw.exceptions.ConnectionTimeoutError + ``` + + Observed Result: + ``` + 200 + ``` + + Alternatively, use `https://10.255.255.255/` if httpbin is giving 503s. + + [ Regression Test ] + + Install etcd: + ``` + sudo apt-get install etcd-server etcd-client + ``` + + In Jammy: + ``` + etcdctl --debug cluster-health # expect "cluster is healthy" + ``` + + In Noble+: + ``` + etcdctl --debug endpoint health # expect "127.0.0.1:2379 is healthy" + ``` + + Run the unittests to verify that requests function as expected: + ``` + git-ubuntu clone python-etcd3gw + cd python-etcd3gw && git switch ubuntu/jammy-proposed + sudo apt build-dep . + quilt push -a + debuild -us -uc + ``` + + There is one expected unittest failure in Jammy: + ``` + testtools.testresult.real._StringException: Traceback (most recent call last): + File "/home/wesley/Workspace/ubuntu/python-etcd3gw/etcd3gw/tests/test_etcd3gw.py", line 382, in test_client_locks + lock = self.client.lock(id='xyz-%s' % time.clock(), ttl=60) + AttributeError: module 'time' has no attribute 'clock' + ``` + + [ Where problems could occur ] + + * If +- A timeout is provided by a caller of Etcd3Client +- The client is used to issue a request that routinely takes longer than the timeout _to respond at all_ +The request will fail. This is unlikely as the timeout parameter sets the socket timeout, so a request does not have to complete in order to avoid timing out (e.g. this doesn't threaten large/long downloads). + + [ Original Description ] + There is currently no timeout set in the requests session object, which means it will wait indefinitely and cause the process to hang if no response is received. For more information, see https://pylint.readthedocs.io/en/latest/user_guide/messages/warning/missing-timeout.html. Steps to reproduce this Bug: $ cat >timeout1.py<https://httpbin.org/delay/10";) print(resp.status_code) EOF Expected behavior: requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='httpbin.org', port=443): Read timed out. (read timeout=1) Actual behavior: $ python3 timeout1.py 200 The issue can be resolved utilizing functools - https://github.com/psf/requests/issues/2011#issuecomment-637156626. These are my proposed changes in fixing the timeout issue. diff --git a/etcd3gw/client.py b/etcd3gw/client.py index 43690ce..63fb588 100644 --- a/etcd3gw/client.py +++ b/etcd3gw/client.py @@ -10,6 +10,7 @@ - #License for the specific language governing permissions and limitations - #under the License. + # License
[Bug 2012261] Re: Timeout not correctly set inside requests session object
A few more details on the issue: Calico includes a workaround to this bug that ties our hands [1]. If I proceed with the SRU as it is currently proposed, it will break Calico on Ubuntu 22.04 and 24.04. If I don't, the bug will continue to exist in 22.04 and 24.04. For clarity, I will be referring to the etcd3gw upstream at [2]. It is possible to adjust the patch to keep it from breaking Calico: ```py kwargs['timeout'] = self.timeout resp = getattr(self.session, method)(*args, **kwargs) ``` instead of this: ```py resp = getattr(self.session, method)(*args, timeout=self.timeout, **kwargs) ``` However, that change would be incorrect. The existing code fails when a timeout is passed to `Etcd3Client._request` (or its predecessor `post` in older versions). This is because the semantically correct way of enforcing a timeout on Etcd3Client's requests is to pass the timeout to the client's constructor instead of passing it to each request [3]. If the timeout could be specified for each request (e.g. the `create` or `delete` methods [3]), then there might be an argument that timeouts should be request/transport-scoped in the Etcd3Client as they are in the requests library [4]. This is a conversation that would need to happen with upstream. The change above introduces ambiguity: which timeout takes priority when passed as kwargs to `Etcd3Client._request`? A user might reasonably expect to pass a timeout to the client but allow that value to be overridden on a per-request basis. As it stands, the client's timeout always wins, and a user expecting per-request timeouts will get an error. The change above masks that error. In order to fix this bug properly we'd need to have a conversation with upstream to resolve request/transport-scoped timeouts, and it's far from clear that the result of that coversation would be compatible with the problematic Calico code. [1] https://github.com/projectcalico/calico/blob/master/networking-calico/networking_calico/etcdv3.py#L492-L500 [2] https://opendev.org/openstack/etcd3gw/src/branch/master/etcd3gw/client.py#L115 [3] https://docs.openstack.org/etcd3gw/latest/api/etcd3gw.client.html [4] https://github.com/psf/requests/issues/1130 ** Bug watch added: github.com/psf/requests/issues #1130 https://github.com/psf/requests/issues/1130 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2012261 Title: Timeout not correctly set inside requests session object To manage notifications about this bug go to: https://bugs.launchpad.net/python-etcd3gw/+bug/2012261/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
I've opened 3 merge proposals upstream to begin to address this. [1] https://gitlab.gnome.org/GNOME/gvdb/-/merge_requests/27 [2] https://gitlab.gnome.org/GNOME/gvdb/-/merge_requests/28 [3] https://gitlab.gnome.org/GNOME/dconf/-/merge_requests/89 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072586 Title: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dconf/+bug/2072586/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089411] Re: python perf module missing in realtime kernel
** Tags removed: verification-needed-oracular-linux ** Tags added: verification-failed-oracular-linux -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089411 Title: python perf module missing in realtime kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089411/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089411] Re: python perf module missing in realtime kernel
Hi, I'm still seeing this bug with 6.11.0-1006-realtime, which should contain the patch [1] (thanks for the help Juerg) ``` wesley@oracular2:~$ uname -a Linux oracular2 6.11.0-1006-realtime #6-Ubuntu SMP PREEMPT_RT Mon Feb 17 15:51:31 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux wesley@oracular2:~$ python3 -c 'import perf; [print(c) for c in perf.cpu_map()]' Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3/dist-packages/perf/__init__.py", line 24, in raise KernelNotFoundError() perf.KernelNotFoundError: WARNING: python perf module not found for kernel 6.11.0-1006-realtime You may need to install the following packages for this specific kernel: linux-tools-6.11.0-1006-realtime-generic You may also want to install of the following package to keep up to date: linux-tools-generic wesley@oracular2:~$ apt-cache policy linux-realtime linux-realtime: Installed: 6.11.0-1006.6 Candidate: 6.11.0-1006.6 Version table: *** 6.11.0-1006.6 500 500 https://ppa.launchpadcontent.net/canonical-kernel-team/proposed2/ubuntu oracular/main amd64 Packages 100 /var/lib/dpkg/status 6.11.0-1005.5 500 500 http://archive.ubuntu.com/ubuntu oracular-updates/universe amd64 Packages 500 http://security.ubuntu.com/ubuntu oracular-security/universe amd64 Packages 6.11.0-1001.1 500 500 http://archive.ubuntu.com/ubuntu oracular/universe amd64 Packages ``` [1] https://kernel.ubuntu.com/reports/kernel-stable- board/?cycle=s2025.01.13 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089411 Title: python perf module missing in realtime kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089411/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089411] Re: python perf module missing in realtime kernel
All set, thanks. ``` wesley@oracular2:~$ uname -a Linux oracular2 6.11.0-1006-realtime #6-Ubuntu SMP PREEMPT_RT Mon Feb 17 15:51:31 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux wesley@oracular2:~$ python3 -c 'import perf; [print(c) for c in perf.cpu_map()]' 0 ``` ** Tags removed: verification-failed-oracular-linux ** Tags added: verification-done-oracular-linux -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089411 Title: python perf module missing in realtime kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089411/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089411] Re: python perf module missing in realtime kernel
Thanks Manuel; unfortunately the generic kernel is not affected by this bug, only the variants (aws, azure, realtime, etc), so we can't verify with linux-generic. I don't have permission to access the packages for the RT kernel in the Noble ppa [1] (linked from [2]) but this bug/fix applies to all variants so I tested with linux-azure. 1ecc312 (in noble) is clearly applied but I'm still seeing issues here. I'm going to keep digging into this and will post what I find. ``` $ uname -a Linux noble3 6.8.0-1023-azure #28-Ubuntu SMP Wed Feb 19 17:41:34 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux wesley@noble3:~$ python3 -c 'import perf; [print(c) for c in perf.cpu_map()]' Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3/dist-packages/perf/__init__.py", line 26, in raise KernelNotFoundError() perf.KernelNotFoundError: WARNING: python perf module not found for kernel 6.8.0-1023-azure You may need to install the following package for this specific kernel: linux-tools-6.8.0-1023-azure You may also want to install the following package to keep up to date: linux-tools-azure ``` [1] https://launchpad.net/~ubuntu-advantage/+archive/ubuntu/realtime-updates/ [2] https://kernel.ubuntu.com/reports/kernel-stable-board/?cycle=s2025.01.13 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089411 Title: python perf module missing in realtime kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089411/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089411] Re: python perf module missing in realtime kernel
** Tags removed: verification-done-noble-linux ** Tags added: verification-failed-noble-linux -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089411 Title: python perf module missing in realtime kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089411/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2089411] Re: python perf module missing in realtime kernel
Looks like the symlink described in 1ecc312721 (/usr/lib/linux- tools/6.8.0-1023-azure/lib -> /usr/lib/linux-azure-tools-6.8.0-1023/lib) doesn't exist with package linux-tools-6.8.0-1023-azure, likely because the link's target doesn't exist. I checked the corresponding links in linux-realtime-tools-6.11.0-1006 and they are all present as expected. Can someone with more familiarity speak to why `/usr/lib/linux-azure- tools-6.8.0-1023/lib/perf.cpython-312-x86_64-linux-gnu.so` isn't present in linux-tools-6.8.0-1023-azure? Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089411 Title: python perf module missing in realtime kernel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2089411/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
** Description changed:
[ Impact ]
Starting in OpenStack 2023.1 (Antelope), compressing static assets with
django-compressor fails around 5-10% of the time (see also the Debian bug [1]).
This is done during the Horizon postinst and prevents the package from
installing when the race occurs.
This affects Noble & Oracular, and UCA Antelope through Epoxy. Hitting a
parse error in pyscss:
```
Looking for 'dashboard/scss/serial_console.scss' in storage
Traceback (most recent call last):
File "/usr/share/openstack-dashboard/manage.py", line 25, in
execute_from_command_line(sys.argv)
File "/usr/lib/python3/dist-packages/django/core/management/__init__.py",
line 419, in execute_from_command_line
utility.execute()
File "/usr/lib/python3/dist-packages/django/core/management/__init__.py",
line 413, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/lib/python3/dist-packages/django/core/management/base.py", line
354, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/lib/python3/dist-packages/django/core/management/base.py", line
398, in execute
output = self.handle(*args, **options)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 296, in handle
self.handle_inner(**options)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 319, in handle_inner
offline_manifest, block_count, results = self.compress(engine,
extensions, verbosity, follow_links, log)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 227, in compress
raise errors[0]
django.core.management.base.CommandError: An error occurred during rendering
serial_console.html: Syntax error: Found 'inline-blo' but expected one of ADD,
ALPHA_FUNCTION, BANG_IMPORTANT, BAREWORD, COLOR, DOUBLE_QUOTE, FNCT,
IF_FUNCTION, INTERP_START, LITERAL_FUNCTION, LPAR, NOT, NUM, SIGN,
SINGLE_QUOTE, URL_FUNCTION, VAR
```
Debian had little luck in finding the root cause and uploaded a
workaround that simply retries failed compressions 5 times, dramatically
reducing the liklihood that the failure breaks installation [2].
django-compressor introduced threaded compression in 3.0 [3], which was
released in UCA Zed and Ubuntu Noble. I opened [4] in django-compressor
to troubleshoot. The investigation there points to pyscss failing with
correct input from django-compressor, indicating that the root cause is
likely in pyscss.
Horizon (Flamingo+) has switched from pyscss to libsass [5]. This bug is
not present in Ubuntu Plucky containing that commit.
The bug does not affect pyscss 1.3.7-5build1 or earlier.
Since the bug is no longer present in devel, I'd like to SRU the Debian
workaround to the affected Ubuntu & UCA packages without knowing the
root cause of the race in pyscss.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069097
[2]
https://salsa.debian.org/openstack-team/services/horizon/-/commit/9802ded2ab24cab767d0c91dfcabea117ec5fd9d
[3] https://github.com/django-compressor/django-compressor/pull/912
[4] https://github.com/django-compressor/django-compressor/issues/1291
[5]
https://opendev.org/openstack/horizon/commit/283219ab5ef4344e3808cd61b4cc0821886acffb
[ Test Plan ]
Install horizon and an affected version of python3-django-compressor
(>=3.0).
The Debian bug indicates that this fails between 5-10% of the time.
Running `dpkg-reconfigure openstack-dashboard` in a loop on ~10
containers at once usually reproduces it in a couple of minutes, at most
30 minutes. The bug can be considered fixed if the loop runs for 1 hour
with no occurances.
I use the following scripts against my LXD cluster:
```
#!/bin/bash
#
# /usr/local/bin/horizon-reconfigure.sh in each test container
set -ex
while true; do
dpkg-reconfigure openstack-dashboard
done
```
Start and check if running:
```
lxc exec -t "${inst}" -- nohup bash -c "horizon-reconfigure.sh &>>
/var/log/dpkg-horizon &"
lxc exec "${inst}" -- ps -aux | grep horizon-reconfigure
```
For reference, compress can be run with the following to get more output and
a traceback on failure:
```
python3 /usr/share/openstack-dashboard/manage.py compress -v 3 --traceback
```
[ Where problems could occur ]
* The workaround does not fix the race; the package may still fail to
install if the race occurs 5 times in a row.
* If the change is wrong/broken, it risks regressions during openstack-
dashboard install/reconfigure. This is covered by `dpkg-reconfigure` in
the test plan.
[ Other info ]
* As this change affects upgrades between OpenStack versions via the
UCA, I'm opening MPs against all affected versions, even those that are
- past EOL (Zed+).
+ past EOL (Antelope+).
* The patch I've proposed drops the css change f
[Bug 2104948] Re: Security regression on focal for opensc
** Changed in: opensc (Ubuntu) Assignee: (unassigned) => Wesley Hershberger (whershberger) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2104948 Title: Security regression on focal for opensc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2104948/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
** Description changed:
[ Impact ]
- Starting in OpenStack 2022.2 (Zed), compressing static assets with
django-compressor fails around 5-10% of the time (see also the Debian bug [1]).
This is done during the Horizon postinst and prevents the package from
installing when the race occurs.
-
- This affects Noble & Oracular, and UCA Zed through Epoxy. Hitting a parse
error in pyscss:
+ Starting in OpenStack 2023.1 (Antelope), compressing static assets with
django-compressor fails around 5-10% of the time (see also the Debian bug [1]).
This is done during the Horizon postinst and prevents the package from
installing when the race occurs.
+
+ This affects Noble & Oracular, and UCA Antelope through Epoxy. Hitting a
parse error in pyscss:
```
Looking for 'dashboard/scss/serial_console.scss' in storage
Traceback (most recent call last):
File "/usr/share/openstack-dashboard/manage.py", line 25, in
execute_from_command_line(sys.argv)
File "/usr/lib/python3/dist-packages/django/core/management/__init__.py",
line 419, in execute_from_command_line
utility.execute()
File "/usr/lib/python3/dist-packages/django/core/management/__init__.py",
line 413, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/lib/python3/dist-packages/django/core/management/base.py", line
354, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/lib/python3/dist-packages/django/core/management/base.py", line
398, in execute
output = self.handle(*args, **options)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 296, in handle
self.handle_inner(**options)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 319, in handle_inner
offline_manifest, block_count, results = self.compress(engine,
extensions, verbosity, follow_links, log)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 227, in compress
raise errors[0]
django.core.management.base.CommandError: An error occurred during rendering
serial_console.html: Syntax error: Found 'inline-blo' but expected one of ADD,
ALPHA_FUNCTION, BANG_IMPORTANT, BAREWORD, COLOR, DOUBLE_QUOTE, FNCT,
IF_FUNCTION, INTERP_START, LITERAL_FUNCTION, LPAR, NOT, NUM, SIGN,
SINGLE_QUOTE, URL_FUNCTION, VAR
```
Debian had little luck in finding the root cause and uploaded a
workaround that simply retries failed compressions 5 times, dramatically
reducing the liklihood that the failure breaks installation [2].
django-compressor introduced threaded compression in 3.0 [3], which was
released in UCA Zed and Ubuntu Noble. I opened [4] in django-compressor
to troubleshoot. The investigation there points to pyscss failing with
correct input from django-compressor, indicating that the root cause is
likely in pyscss.
Horizon (Flamingo+) has switched from pyscss to libsass [5]. This bug is
not present in Ubuntu Plucky containing that commit.
+
+ The bug does not affect pyscss 1.3.7-5build1 or earlier.
Since the bug is no longer present in devel, I'd like to SRU the Debian
workaround to the affected Ubuntu & UCA packages without knowing the
root cause of the race in pyscss.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069097
[2]
https://salsa.debian.org/openstack-team/services/horizon/-/commit/9802ded2ab24cab767d0c91dfcabea117ec5fd9d
[3] https://github.com/django-compressor/django-compressor/pull/912
[4] https://github.com/django-compressor/django-compressor/issues/1291
[5]
https://opendev.org/openstack/horizon/commit/283219ab5ef4344e3808cd61b4cc0821886acffb
[ Test Plan ]
Install horizon and an affected version of python3-django-compressor
(>=3.0).
The Debian bug indicates that this fails between 5-10% of the time.
Running `dpkg-reconfigure openstack-dashboard` in a loop on ~10
containers at once usually reproduces it in a couple of minutes, at most
30 minutes. The bug can be considered fixed if the loop runs for 1 hour
with no occurances.
I use the following scripts against my LXD cluster:
```
#!/bin/bash
#
# /usr/local/bin/horizon-reconfigure.sh in each test container
set -ex
while true; do
dpkg-reconfigure openstack-dashboard
done
```
Start and check if running:
```
lxc exec -t "${inst}" -- nohup bash -c "horizon-reconfigure.sh &>>
/var/log/dpkg-horizon &"
lxc exec "${inst}" -- ps -aux | grep horizon-reconfigure
```
For reference, compress can be run with the following to get more output and
a traceback on failure:
```
python3 /usr/share/openstack-dashboard/manage.py compress -v 3 --traceback
```
[ Where problems could occur ]
* The workaround does not fix the race; the package may still fail to
install if the race occurs 5 times in a row.
* If the change is wrong/broken, it risks regressions during openstack-
da
[Bug 2083029] Re: Try does not recover network
Opened a PR: https://github.com/canonical/netplan/pull/548 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Tags added: sts -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
This looks like an issue in pyscss which is no longer in use in Horizon; see the bug report in django-compressor for more details. Preparing the Debian workaround for SRU. ** Description changed: [ Impact ] - Starting in OpenStack 2023.1 (Antelope), compressing static assets with django-compressor fails around 5-10% of the time (see also the Debian bug [1]). Hitting a parse error in sass: + Starting in OpenStack 2022.2 (Zed), compressing static assets with django-compressor fails around 5-10% of the time (see also the Debian bug [1]). This is done during the Horizon postinst and prevents the package from installing when the race occurs. + + This affects Noble & Oracular, and UCA Zed through Dalmation. Hitting a parse error in pyscss: ``` Looking for 'dashboard/scss/serial_console.scss' in storage Traceback (most recent call last): - File "/usr/share/openstack-dashboard/manage.py", line 25, in - execute_from_command_line(sys.argv) - File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 419, in execute_from_command_line - utility.execute() - File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 413, in execute - self.fetch_command(subcommand).run_from_argv(self.argv) - File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 354, in run_from_argv - self.execute(*args, **cmd_options) - File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 398, in execute - output = self.handle(*args, **options) - File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 296, in handle - self.handle_inner(**options) - File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 319, in handle_inner - offline_manifest, block_count, results = self.compress(engine, extensions, verbosity, follow_links, log) - File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 227, in compress - raise errors[0] + File "/usr/share/openstack-dashboard/manage.py", line 25, in + execute_from_command_line(sys.argv) + File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 419, in execute_from_command_line + utility.execute() + File "/usr/lib/python3/dist-packages/django/core/management/__init__.py", line 413, in execute + self.fetch_command(subcommand).run_from_argv(self.argv) + File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 354, in run_from_argv + self.execute(*args, **cmd_options) + File "/usr/lib/python3/dist-packages/django/core/management/base.py", line 398, in execute + output = self.handle(*args, **options) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 296, in handle + self.handle_inner(**options) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 319, in handle_inner + offline_manifest, block_count, results = self.compress(engine, extensions, verbosity, follow_links, log) + File "/usr/lib/python3/dist-packages/compressor/management/commands/compress.py", line 227, in compress + raise errors[0] django.core.management.base.CommandError: An error occurred during rendering serial_console.html: Syntax error: Found 'inline-blo' but expected one of ADD, ALPHA_FUNCTION, BANG_IMPORTANT, BAREWORD, COLOR, DOUBLE_QUOTE, FNCT, IF_FUNCTION, INTERP_START, LITERAL_FUNCTION, LPAR, NOT, NUM, SIGN, SINGLE_QUOTE, URL_FUNCTION, VAR ``` - This code is only called in the debian postinst. I've opened an upstream - bug at [2] which references a change introducing concurrent compression - . It looks like upstream was aware that the change may cause races. - - Debian had little luck in finding the root cause of this and merged a - workaround that simply retries failed compressions a few times, - dramatically reducing the liklihood that this causes a failure to - install [3]. + Debian had little luck in finding the root cause and uploaded a + workaround that simply retries failed compressions 5 times, dramatically + reducing the liklihood that the failure breaks installation [2]. + + django-compressor introduced threaded compression in 3.0 [3], which was + released in UCA Zed and Ubuntu Noble. I opened [4] in django-compressor + to troubleshoot. The investigation there points to pyscss failing with + correct input from django-compressor, indicating that the root cause is + likely in pyscss. + + Horizon (Epoxy+) has switched from pyscss to libsass [5]. This bug is + not present in Ubuntu Plucky containing that commit. + + Since the bug is no longer present in devel, I'd like to SRU the Debian + workaround to the affected Ubuntu & UCA packages without knowing the + root cause of the race in pyscss. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069097 - [2] https://github.com/django-compressor/django-compre
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Changed in: cloud-archive/epoxy Status: Invalid => Triaged ** Changed in: horizon (Ubuntu Oracular) Status: Confirmed => In Progress ** Changed in: horizon (Ubuntu Noble) Status: Triaged => In Progress ** Changed in: cloud-archive/antelope Status: Confirmed => In Progress ** Changed in: cloud-archive/bobcat Status: Triaged => In Progress ** Changed in: cloud-archive/caracal Status: Triaged => In Progress ** Changed in: cloud-archive/dalmatian Status: Triaged => In Progress ** Changed in: cloud-archive/epoxy Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Description changed:
[ Impact ]
Starting in OpenStack 2022.2 (Zed), compressing static assets with
django-compressor fails around 5-10% of the time (see also the Debian bug [1]).
This is done during the Horizon postinst and prevents the package from
installing when the race occurs.
This affects Noble & Oracular, and UCA Zed through Epoxy. Hitting a parse
error in pyscss:
```
Looking for 'dashboard/scss/serial_console.scss' in storage
Traceback (most recent call last):
File "/usr/share/openstack-dashboard/manage.py", line 25, in
execute_from_command_line(sys.argv)
File "/usr/lib/python3/dist-packages/django/core/management/__init__.py",
line 419, in execute_from_command_line
utility.execute()
File "/usr/lib/python3/dist-packages/django/core/management/__init__.py",
line 413, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/lib/python3/dist-packages/django/core/management/base.py", line
354, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/lib/python3/dist-packages/django/core/management/base.py", line
398, in execute
output = self.handle(*args, **options)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 296, in handle
self.handle_inner(**options)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 319, in handle_inner
offline_manifest, block_count, results = self.compress(engine,
extensions, verbosity, follow_links, log)
File
"/usr/lib/python3/dist-packages/compressor/management/commands/compress.py",
line 227, in compress
raise errors[0]
django.core.management.base.CommandError: An error occurred during rendering
serial_console.html: Syntax error: Found 'inline-blo' but expected one of ADD,
ALPHA_FUNCTION, BANG_IMPORTANT, BAREWORD, COLOR, DOUBLE_QUOTE, FNCT,
IF_FUNCTION, INTERP_START, LITERAL_FUNCTION, LPAR, NOT, NUM, SIGN,
SINGLE_QUOTE, URL_FUNCTION, VAR
```
Debian had little luck in finding the root cause and uploaded a
workaround that simply retries failed compressions 5 times, dramatically
reducing the liklihood that the failure breaks installation [2].
django-compressor introduced threaded compression in 3.0 [3], which was
released in UCA Zed and Ubuntu Noble. I opened [4] in django-compressor
to troubleshoot. The investigation there points to pyscss failing with
correct input from django-compressor, indicating that the root cause is
likely in pyscss.
Horizon (Flamingo+) has switched from pyscss to libsass [5]. This bug is
not present in Ubuntu Plucky containing that commit.
Since the bug is no longer present in devel, I'd like to SRU the Debian
workaround to the affected Ubuntu & UCA packages without knowing the
root cause of the race in pyscss.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069097
[2]
https://salsa.debian.org/openstack-team/services/horizon/-/commit/9802ded2ab24cab767d0c91dfcabea117ec5fd9d
[3] https://github.com/django-compressor/django-compressor/pull/912
[4] https://github.com/django-compressor/django-compressor/issues/1291
[5]
https://opendev.org/openstack/horizon/commit/283219ab5ef4344e3808cd61b4cc0821886acffb
[ Test Plan ]
Install horizon and an affected version of python3-django-compressor
(>=3.0).
The Debian bug indicates that this fails between 5-10% of the time.
Running `dpkg-reconfigure openstack-dashboard` in a loop on ~10
containers at once usually reproduces it in a couple of minutes, at most
30 minutes. The bug can be considered fixed if the loop runs for 1 hour
with no occurances.
I use the following scripts against my LXD cluster:
```
#!/bin/bash
#
# /usr/local/bin/horizon-reconfigure.sh in each test container
set -ex
while true; do
dpkg-reconfigure openstack-dashboard
done
```
Start and check if running:
```
lxc exec -t "${inst}" -- nohup bash -c "horizon-reconfigure.sh &>>
/var/log/dpkg-horizon &"
lxc exec "${inst}" -- ps -aux | grep horizon-reconfigure
```
For reference, compress can be run with the following to get more output and
a traceback on failure:
```
python3 /usr/share/openstack-dashboard/manage.py compress -v 3 --traceback
```
[ Where problems could occur ]
* The workaround does not fix the race; the package may still fail to
install if the race occurs 5 times in a row.
* If the change is wrong/broken, it risks regressions during openstack-
dashboard install/reconfigure. This is covered by `dpkg-reconfigure` in
the test plan.
[ Other info ]
* As this change affects upgrades between OpenStack versions via the
UCA, I'm opening MPs against all affected versions, even those that are
past EOL (Zed+).
+
+ * The patch I've proposed drops the scss change from the Debian commit
+ as it is unrelated to the issue described here.
[ Original Descrip
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** No longer affects: python-django-compressor (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1768802] Re: netplan try: ethernet device not reverted
I missed this when working on #2083029; I'm fairly certain this is the same issue. Marking as a dup. [1] https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2083029 ** Tags added: duplicate -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1768802 Title: netplan try: ethernet device not reverted To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/1768802/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails because of command failure
** Changed in: horizon (Ubuntu Oracular) Status: Invalid => Confirmed ** Changed in: horizon (Ubuntu Noble) Status: Invalid => Triaged ** Changed in: cloud-archive/dalmatian Status: Invalid => Triaged ** Changed in: cloud-archive/caracal Status: Invalid => Triaged ** Changed in: cloud-archive/bobcat Status: Invalid => Triaged ** Changed in: cloud-archive/antelope Status: Invalid => Confirmed ** No longer affects: python-django-compressor (Ubuntu Noble) ** No longer affects: python-django-compressor (Ubuntu Oracular) ** No longer affects: python-django-compressor (Ubuntu Plucky) ** Changed in: python-django-compressor (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails because of command failure To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078599] Re: unbound-resolvconf.service fails in LXD
Hi Hadmut, are you seeing the same behavior as in LP#2092779? [1] https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/2092779 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078599 Title: unbound-resolvconf.service fails in LXD To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/2078599/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2106434] Re: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106434 Title: pkcs11-tool 0.22.0 fails in C_DigestInit with CKR_GENERAL_ERROR To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2106434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
I had a few conversations with Heitor, Matthew & Jeremy last week regarding this SRU. Heitor and Matthew (SRU Sponsors for Sustaining Engineering) are both hesitant to sponsor this due to the potential blast radius of a change of semantics in g_file_set_contents (see debian codesearch at [1][2]; this could affect _many_ packages). The alternative is to SRU dconf with the patch I submitted in gvdb (rejected upstream) [3]. That patch has been carried in OpenSUSE for 8 years [4]; a quick review of their bugtracker shows no permissions-related bugs in that package [5]. That patch was rejected because it allows the permissions to be incorrect for a short time until the chmod completes: * An application attempts to read the dconf database between the move of the tempfile & the chmod, resulting in a permissions error * dconf crashes or is killed between the move and the chmod, causing the file to retain incorrect permissions Both of these scenarios are extremely unlikely as dconf changes are uncommon, and they are easy to recover from. Because this bug only impacts DISA-STIG users, I think this is a more reasonable trade-off between risk to Ubuntu users in general and a viable fix for the bug. I will prepare alternative MPs in Launchpad (looks like Ubuntu dconf is not maintained in salsa) with the patch & update the SRU template accordingly. Thanks for your patience. [1] https://codesearch.debian.net/search?q=g_file_set_contents [2] https://codesearch.debian.net/results/4858c71f9ca47f0e/packages.txt [3] https://gitlab.gnome.org/GNOME/gvdb/-/merge_requests/27 [4] https://build.opensuse.org/package/show/openSUSE:Factory/dconf [4] https://bugzilla.opensuse.org/buglist.cgi?quicksearch=dconf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072586 Title: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/ To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/2072586/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
** Description changed: [ Impact ] This was originally reported by a user applying the DISA-STIG on Ubuntu desktop [1], which requires a global umask of 077. The global dconf databases in /etc/dconf/db are intended to be read by many users (mode 644). dconf uses g_file_set_contents from GLib to guarantee consistent writes [2][3]. The function creates a tempfile to rename over the original but does not guarantee that the permissions of the tempfile to be the same as the original [4]. With umask 077, this causes a dconf database write to change the permissions of the db file from 644 to 600. This behavior was changed upstream in 45a36e52 to guarantee that the mode of the original file is preserved [5]. 45a36e52 has been picked into debian/latest and is present in Questing (glib2.0=2.84.1-2). g_file_set_contents is used in over 300 packages in Debian [6]. The potential for a backport of 45a36e52 to break some use-case is rather high. Because this is an easily worked-around issue that has only been relevant for users applying DISA-STIG on Ubuntu, applying the upstream fix is not worth the regression risk. That said, I'd still like to see this fixed in LTS as DISA-STIG users also often have FIPS requirements, so won't be able to take advantage of the upstream fix for several years. The original upstream bug report included a patch for dconf that implements the same semantics as 45a36e52 [7]. That patch was rejected upstream because it has a race condition [8]. However, the race is extremely unlikely and any broken behavior is trivial to correct with chmod (see "What problems could occur"). A modified version of that patch has been carried in OpenSUSE for 8 years with no bugs I was able to find [9][10]. I'm submitting the original patch as its behavior more closely resembles the glib change. As the dconf version in Questing is the same as Plucky (0.40.0-5) and it does not need changes (as the upstream fix is present in Questing), I suspect that Questing needs a no-change bump (0.40.0-5ubuntu1) before Plucky (0.40.0-5ubuntu0.1) is accepted. [1] https://ubuntu.com/security/certifications/docs/disa-stig [2] https://git.launchpad.net/ubuntu/+source/dconf/tree/gvdb/gvdb-builder.c?h=ubuntu/jammy#n518 [3] https://docs.gtk.org/glib/func.file_set_contents.html [4] https://docs.gtk.org/glib/func.file_set_contents_full.html#description [5] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4607 [6] https://codesearch.debian.net/search?q=g_file_set_contents [7] https://bugzilla.gnome.org/show_bug.cgi?id=758066 [8] https://gitlab.gnome.org/GNOME/gvdb/-/merge_requests/27 [9] https://build.opensuse.org/package/show/openSUSE:Factory/dconf [10] https://bugzilla.opensuse.org/buglist.cgi?quicksearch=dconf [ Test Plan ] Ensure that the patch resolves the original bug: ``` sudo apt-get install dconf-cli mkdir -p /etc/dconf/db/database.d cat >/etc/dconf/db/database.d/test
[Bug 2072586] Re: Running "dconf update" with different umask affects the permissions of dconf databases in /etc/dconf/db/
** Description changed:
[ Impact ]
This was originally reported by a user applying the DISA-STIG on Ubuntu
desktop [1], which requires a global umask of 077. The global dconf databases
in /etc/dconf/db are intended to be read by many users (mode 644).
dconf uses g_file_set_contents from GLib to guarantee consistent writes
[2][3].
The function creates a tempfile to rename over the original but does not
guarantee that the permissions of the tempfile to be the same as the original
[4].
With umask 077, this causes a dconf database write to change the permissions
of
the db file from 644 to 600.
This behavior was changed upstream in 45a36e52 to guarantee that the mode of
the
original file is preserved [5].
- 45a36e52 has been picked into debian/latest.
+ 45a36e52 has been picked into debian/latest and is present in Questing
+ (glib2.0=2.84.1-2).
- The SRU of upstream 45a36e52 to Jammy+ will enable users to modify global
GNOME
- configuration without losing read access to the changed dconf databases.
+ g_file_set_contents is used in over 300 packages in Debian [6]. The potential
+ for a backport of 45a36e52 to break some use-case is rather high. Because this
+ is an easily worked-around issue that has only been relevant for users
applying
+ DISA-STIG on Ubuntu, applying the upstream fix is not worth the regression
risk.
+
+ That said, I'd still like to see this fixed in LTS as DISA-STIG users also
often
+ have FIPS requirements, so won't be able to take advantage of the upstream fix
+ for several years.
+
+ The original upstream bug report included a patch for dconf that implements
the
+ same semantics as 45a36e52 [7]. That patch was rejected upstream because it
has
+ a race condition [8]. However, the race is extremely unlikely and any broken
+ behavior is trivial to correct with chmod (see "What problems could occur").
+
+ A modified version of that patch has been carried in OpenSUSE for 8 years with
+ no bugs I was able to find [9][10]. I'm submitting the original patch as its
+ behavior more closely resembles the glib change.
+
+ As the dconf version in Questing is the same as Plucky (0.40.0-5) and it does
+ not need changes (as the upstream fix is present in Questing), I suspect
+ that Questing needs a no-change bump (0.40.0-5ubuntu1) before Plucky
+ (0.40.0-5ubuntu0.1) is accepted.
[1] https://ubuntu.com/security/certifications/docs/disa-stig
[2]
https://git.launchpad.net/ubuntu/+source/dconf/tree/gvdb/gvdb-builder.c?h=ubuntu/jammy#n518
[3] https://docs.gtk.org/glib/func.file_set_contents.html
[4] https://docs.gtk.org/glib/func.file_set_contents_full.html#description
[5] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4607
+ [6] https://codesearch.debian.net/search?q=g_file_set_contents
+ [7] https://bugzilla.gnome.org/show_bug.cgi?id=758066
+ [8] https://gitlab.gnome.org/GNOME/gvdb/-/merge_requests/27
+ [9] https://build.opensuse.org/package/show/openSUSE:Factory/dconf
+ [10] https://bugzilla.opensuse.org/buglist.cgi?quicksearch=dconf
[ Test Plan ]
Ensure that the patch resolves the original bug:
```
sudo apt-get install dconf-cli
mkdir -p /etc/dconf/db/database.d
cat >/etc/dconf/db/database.d/test <http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
- 100 /var/lib/dpkg/status
+ Installed: 0.40.0-3
+ Candidate: 0.40.0-3
+ Version table:
+ *** 0.40.0-3 500
+ 500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
+ 100 /var/lib/dpkg/status
```
Danger of unexpected misconfiguration is great: others require read
access to dconf-databases or their dconf-settings will not update as
expected.
[1] - https://gitlab.gnome.org/GNOME/dconf/-/issues/25
** Also affects: dconf (Ubuntu)
Importance: Undecided
Status: New
** Changed in: dconf (Ubuntu)
Status: New => Invalid
** Changed in: dconf (Ubuntu Jammy)
Status: New => In Progress
** Changed in: dconf (Ubuntu Noble)
Importance: Undecided => Medium
** Changed in: dconf (Ubuntu Noble)
Status: New => In Progress
** Changed in: dconf (Ubuntu Jammy)
Importance: Undecided => Medium
** Changed in: dconf (Ubuntu Jammy)
Assignee: (unassigned) => Wesley Hershberger (whershberger)
** Changed in: dconf (Ubuntu Noble)
Assignee: (unassigned) => Wesley Hershberger (whershberger)
** Changed in: dconf (Ubuntu Oracular)
Importance: Undecided => Medium
** Changed in: dconf (Ubuntu Oracular)
Status: New => In Progress
** Changed in: dconf (Ubuntu Oracular)
Assignee: (unassigned) => Wesley Hershberger (whershberger)
** Changed in: dconf (Ubuntu Plucky)
Importance: Undecided => Medium
** Changed in: dconf (Ubuntu Plucky)
Status: New => In Progress
** Changed in: dconf (Ubuntu Plucky)
Assignee: (unassigned) => Wesley Hershberger (whershberger)
** Changed in: glib2.0 (Ubuntu Jammy)
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
### Verification Done Noble ###
I started horizon-reconfigure.sh on 11 machines and let them run
overnight: no failures.
$ ./do.sh noble ps -aux | grep horizon-reconfigure
+ series=noble
+ args=("$@")
+ for inst in "${series}"{0..10}
+ lxc exec noble0 -- ps -aux
root4298 0.0 0.1 7740 2560 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble1 -- ps -aux
root4291 0.0 0.1 7740 2560 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble2 -- ps -aux
root4290 0.0 0.1 7740 2560 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble3 -- ps -aux
root4281 0.0 0.1 7740 2688 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble4 -- ps -aux
root4306 0.0 0.1 7740 2304 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble5 -- ps -aux
root4300 0.0 0.1 7740 2560 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble6 -- ps -aux
root4297 0.0 0.1 7740 2432 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble7 -- ps -aux
root4298 0.0 0.1 7740 2304 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble8 -- ps -aux
root4292 0.0 0.1 7740 2688 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble9 -- ps -aux
root4298 0.0 0.1 7740 2688 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble10 -- ps -aux
root4298 0.0 0.1 7740 2560 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
### Verification Done Noble ###
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045394
Title:
Installation of openstack-dashboard fails during asset compression
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
### Verification Done Oracular ###
I started horizon-reconfigure.sh on 11 machines and let them run
overnight (14 hrs): no failures.
$ ./do.sh oracular ps -aux | grep horizon-reconfigure
+ series=oracular
+ args=("$@")
+ for inst in "${series}"{0..10}
+ lxc exec oracular0 -- ps -aux
root5205 0.0 0.1 7832 2816 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular1 -- ps -aux
root4392 0.0 0.1 7832 2304 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular2 -- ps -aux
root4392 0.0 0.1 7832 2304 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular3 -- ps -aux
root4384 0.0 0.1 7832 2304 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular4 -- ps -aux
root4400 0.0 0.1 7832 2176 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular5 -- ps -aux
root4387 0.0 0.1 7832 2688 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular6 -- ps -aux
root4389 0.0 0.1 7832 2560 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular7 -- ps -aux
root4383 0.0 0.1 7832 2560 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular8 -- ps -aux
root4385 0.0 0.1 7832 2688 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular9 -- ps -aux
root4378 0.0 0.1 7832 2688 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec oracular10 -- ps -aux
root4902 0.0 0.1 7832 2304 ?SMay22 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
### Verification Done Oracular ###
** Tags removed: verification-needed verification-needed-noble
verification-needed-oracular
** Tags added: verification-done verification-done-noble
verification-done-oracular
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045394
Title:
Installation of openstack-dashboard fails during asset compression
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078599] Re: unbound-resolvconf.service fails in LXD
** Bug watch added: Debian Bug tracker #1106186 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106186 ** Also affects: unbound via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106186 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078599 Title: unbound-resolvconf.service fails in LXD To manage notifications about this bug go to: https://bugs.launchpad.net/unbound/+bug/2078599/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2078599] Re: unbound-resolvconf.service fails in LXD
Added the Debian bug I filed yesterday for reference [1]. @Lukas I'm wondering if "No DNS servers specified" is a result of [2] not coping well with the "@5003" in your unbound config. Using this instead gives the same error as the Debian bug: # cat >> /etc/unbound/unbound.conf<< EOF server: interface: 127.0.0.1 interface: 10.1.2.3@5003 EOF [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106186 [2] https://salsa.debian.org/dns-team/unbound/-/blob/master/debian/unbound-helper?ref_type=heads#L36 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078599 Title: unbound-resolvconf.service fails in LXD To manage notifications about this bug go to: https://bugs.launchpad.net/unbound/+bug/2078599/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
### Verification Done Caracal ###
I started horizon-reconfigure.sh on 11 machines and let them run all day
(7 hrs): no failures.
$ ./do.sh jammy apt-cache policy openstack-dashboard | grep "Installed:
4:24.0.0-0ubuntu1.3~cloud0"
+ series=jammy
+ args=("$@")
+ for inst in "${series}"{0..10}
+ lxc exec jammy0 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy1 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy2 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy3 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy4 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy5 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy6 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy7 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy8 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy9 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec jammy10 -- apt-cache policy openstack-dashboard
Installed: 4:24.0.0-0ubuntu1.3~cloud0
$ ./do.sh jammy ps -aux | grep horizon-reconfigure
+ series=jammy
+ args=("$@")
+ for inst in "${series}"{0..10}
+ lxc exec jammy0 -- ps -aux
root9915 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy1 -- ps -aux
root9488 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy2 -- ps -aux
root9532 0.0 0.1 7764 2432 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy3 -- ps -aux
root9555 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy4 -- ps -aux
root9314 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy5 -- ps -aux
root9507 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy6 -- ps -aux
root9672 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy7 -- ps -aux
root9509 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy8 -- ps -aux
root9423 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy9 -- ps -aux
root 10015 0.0 0.1 7764 2432 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec jammy10 -- ps -aux
root9573 0.0 0.1 7764 2560 ?S10:35 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
### Verification Done Caracal ###
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045394
Title:
Installation of openstack-dashboard fails during asset compression
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
For whoever sponsors the Antelope/Bobcat uploads, please be aware that the git repo for Bobcat is missing/has additional xstatic changes that aren't present in the UCA. The source package should be built based on the `apt-get source` of the package. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails during asset compression To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
### Verification Done Dalmatian ###
I started horizon-reconfigure.sh on 11 machines and let them run all day
(7 hrs): no failures.
$ ./do.sh noble apt-cache policy openstack-dashboard | grep "Installed:
4:25.1.0-0ubuntu1.1~cloud0"
+ series=noble
+ args=("$@")
+ for inst in "${series}"{0..10}
+ lxc exec noble0 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble1 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble2 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble3 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble4 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble5 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble6 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble7 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble8 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble9 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
+ for inst in "${series}"{0..10}
+ lxc exec noble10 -- apt-cache policy openstack-dashboard
Installed: 4:25.1.0-0ubuntu1.1~cloud0
$ ./do.sh noble ps -aux | grep horizon-reconfigure
+ series=noble
+ args=("$@")
+ for inst in "${series}"{0..10}
+ lxc exec noble0 -- ps -aux
root1183 0.0 0.1 7740 2816 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble1 -- ps -aux
root1087 0.0 0.1 7740 2176 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble2 -- ps -aux
root1101 0.0 0.1 7740 2560 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble3 -- ps -aux
root 978 0.0 0.1 7740 2432 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble4 -- ps -aux
root 974 0.0 0.1 7740 2432 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble5 -- ps -aux
root 987 0.0 0.1 7740 2432 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble6 -- ps -aux
root 980 0.0 0.1 7740 2176 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble7 -- ps -aux
root 969 0.0 0.1 7740 2560 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble8 -- ps -aux
root 977 0.0 0.1 7740 2560 ?S15:15 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble9 -- ps -aux
root1092 0.0 0.1 7740 2560 ?S15:16 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
+ for inst in "${series}"{0..10}
+ lxc exec noble10 -- ps -aux
root 972 0.0 0.1 7740 2432 ?S15:16 0:00 /bin/bash
/usr/local/bin/horizon-reconfigure.sh
### Verification Done Dalmatian ###
** Tags removed: verification-caracal-needed verification-dalmatian-needed
** Tags added: verification-caracal-done verification-dalmatian-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2045394
Title:
Installation of openstack-dashboard fails during asset compression
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072492] Re: watcher silently fails when receiving huge data
** Changed in: python-etcd3gw (Ubuntu Jammy) Assignee: Wesley Hershberger (whershberger) => (unassigned) ** Changed in: python-etcd3gw (Ubuntu Oracular) Assignee: Wesley Hershberger (whershberger) => (unassigned) ** Changed in: python-etcd3gw (Ubuntu Oracular) Status: In Progress => Deferred ** Changed in: python-etcd3gw (Ubuntu Noble) Status: In Progress => Deferred ** Changed in: python-etcd3gw (Ubuntu Jammy) Status: In Progress => Deferred ** Changed in: python-etcd3gw (Ubuntu Noble) Assignee: Wesley Hershberger (whershberger) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072492 Title: watcher silently fails when receiving huge data To manage notifications about this bug go to: https://bugs.launchpad.net/python-etcd3gw/+bug/2072492/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2012261] Re: Timeout not correctly set inside requests session object
** Changed in: python-etcd3gw (Ubuntu Jammy) Assignee: Wesley Hershberger (whershberger) => (unassigned) ** Changed in: python-etcd3gw (Ubuntu Noble) Assignee: Wesley Hershberger (whershberger) => (unassigned) ** Changed in: python-etcd3gw (Ubuntu Oracular) Assignee: Wesley Hershberger (whershberger) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2012261 Title: Timeout not correctly set inside requests session object To manage notifications about this bug go to: https://bugs.launchpad.net/python-etcd3gw/+bug/2012261/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2112657] Re: Poor write performance of LXD storage volume with cephfs driver
** Changed in: lxd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112657 Title: Poor write performance of LXD storage volume with cephfs driver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2112657/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2072492] Re: watcher silently fails when receiving huge data
** Also affects: python-etcd3gw (Ubuntu) Importance: Undecided Status: New ** Also affects: python-etcd3gw (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: python-etcd3gw (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: python-etcd3gw (Ubuntu Oracular) Importance: Undecided Status: New ** Changed in: python-etcd3gw (Ubuntu) Status: New => Fix Released ** Changed in: python-etcd3gw (Ubuntu Jammy) Importance: Undecided => Medium ** Changed in: python-etcd3gw (Ubuntu Oracular) Importance: Undecided => Medium ** Changed in: python-etcd3gw (Ubuntu Jammy) Assignee: (unassigned) => Wesley Hershberger (whershberger) ** Changed in: python-etcd3gw (Ubuntu Noble) Importance: Undecided => Medium ** Changed in: python-etcd3gw (Ubuntu Noble) Assignee: (unassigned) => Wesley Hershberger (whershberger) ** Changed in: python-etcd3gw (Ubuntu Oracular) Assignee: (unassigned) => Wesley Hershberger (whershberger) ** Changed in: python-etcd3gw (Ubuntu Noble) Status: New => In Progress ** Changed in: python-etcd3gw (Ubuntu Jammy) Status: New => In Progress ** Changed in: python-etcd3gw (Ubuntu Oracular) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072492 Title: watcher silently fails when receiving huge data To manage notifications about this bug go to: https://bugs.launchpad.net/python-etcd3gw/+bug/2072492/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2071891] Re: tcpdump segv if -Z and -w is specified
** Also affects: tcpdump (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: tcpdump (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: tcpdump (Ubuntu Plucky) Importance: Undecided Status: New ** Also affects: tcpdump (Ubuntu Questing) Importance: High Status: Confirmed ** Changed in: tcpdump (Ubuntu Plucky) Status: New => Confirmed ** Changed in: tcpdump (Ubuntu Oracular) Status: New => Confirmed ** Changed in: tcpdump (Ubuntu Noble) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2071891 Title: tcpdump segv if -Z and -w is specified To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2071891/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2115467] [NEW] Merge tcpdump=4.99.5-2 from Debian unstable for Questing
Public bug reported:
We're still carrying delta from LP#1667016 (got pushback from maintainer
in Debian).
This brings the fix for LP#2071891
### New Debian Changes ###
tcpdump (4.99.5-2) unstable; urgency=medium
* Transfer ownership to pkg-security team.
* Set Vcs-* fields to new locations in Debian group.
-- Romain Francoise Sun, 09 Feb 2025 12:03:02
+0100
tcpdump (4.99.5-1) unstable; urgency=low
* New upstream release.
* Drop upstream patch related to #1035842, now included.
-- Romain Francoise Sun, 01 Sep 2024 12:49:43
+0200
tcpdump (4.99.4-5) unstable; urgency=medium
* Avoid getpwnam(NULL) when called with `-Z root', thanks to Rodney
Dawes for the report and patch (closes: #1078771).
-- Romain Francoise Fri, 23 Aug 2024 18:53:46
+0200
tcpdump (4.99.4-4) unstable; urgency=medium
* debian/watch: switch to .tar.xz URLs as upstream homepage no longer
lists the .tar.gz.
* Mark latest patch as "Forwarded: not-needed".
* Bump Standards-Version to 4.7.0.
-- Romain Francoise Sun, 28 Apr 2024 17:07:15
+0200
** Affects: tcpdump (Ubuntu)
Importance: Undecided
Assignee: Wesley Hershberger (whershberger)
Status: In Progress
** Changed in: tcpdump (Ubuntu)
Status: New => In Progress
** Changed in: tcpdump (Ubuntu)
Assignee: (unassigned) => Wesley Hershberger (whershberger)
** Description changed:
We're still carrying delta from LP#1667016 (got pushback from maintainer
- upstream).
+ in Debian).
This brings the fix for LP#2071891
### New Debian Changes ###
tcpdump (4.99.5-2) unstable; urgency=medium
- * Transfer ownership to pkg-security team.
- * Set Vcs-* fields to new locations in Debian group.
+ * Transfer ownership to pkg-security team.
+ * Set Vcs-* fields to new locations in Debian group.
- -- Romain Francoise Sun, 09 Feb 2025 12:03:02
+ -- Romain Francoise Sun, 09 Feb 2025 12:03:02
+0100
tcpdump (4.99.5-1) unstable; urgency=low
- * New upstream release.
- * Drop upstream patch related to #1035842, now included.
+ * New upstream release.
+ * Drop upstream patch related to #1035842, now included.
- -- Romain Francoise Sun, 01 Sep 2024 12:49:43
+ -- Romain Francoise Sun, 01 Sep 2024 12:49:43
+0200
tcpdump (4.99.4-5) unstable; urgency=medium
- * Avoid getpwnam(NULL) when called with `-Z root', thanks to Rodney
- Dawes for the report and patch (closes: #1078771).
+ * Avoid getpwnam(NULL) when called with `-Z root', thanks to Rodney
+ Dawes for the report and patch (closes: #1078771).
- -- Romain Francoise Fri, 23 Aug 2024 18:53:46
+ -- Romain Francoise Fri, 23 Aug 2024 18:53:46
+0200
tcpdump (4.99.4-4) unstable; urgency=medium
- * debian/watch: switch to .tar.xz URLs as upstream homepage no longer
- lists the .tar.gz.
- * Mark latest patch as "Forwarded: not-needed".
- * Bump Standards-Version to 4.7.0.
+ * debian/watch: switch to .tar.xz URLs as upstream homepage no longer
+ lists the .tar.gz.
+ * Mark latest patch as "Forwarded: not-needed".
+ * Bump Standards-Version to 4.7.0.
- -- Romain Francoise Sun, 28 Apr 2024 17:07:15
+ -- Romain Francoise Sun, 28 Apr 2024 17:07:15
+0200
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115467
Title:
Merge tcpdump=4.99.5-2 from Debian unstable for Questing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2115467/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2045394] Re: Installation of openstack-dashboard fails during asset compression
** Changed in: cloud-archive/epoxy Status: In Progress => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2045394 Title: Installation of openstack-dashboard fails during asset compression To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/2045394/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2112657] Re: Poor write performance of LXD storage volume with cephfs driver
Hi Bartosz, the LXD team tracks issues on Github; could you file this over there? (this package hasn't been in Ubuntu since 18.04) [1] https://github.com/canonical/lxd/issues -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2112657 Title: Poor write performance of LXD storage volume with cephfs driver To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2112657/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2083029] Re: Try does not recover network
** Tags removed: fr-920 ** Tags added: fr-9207 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083029 Title: Try does not recover network To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2083029/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2115467] Re: Merge tcpdump=4.99.5-2 from Debian unstable for Questing
Thanks Nick for bumping those tests. It's apparmor: Jul 16 02:32:44 autopkgtest-lxd-wchruq kernel: audit: type=1400 audit(1752633164.469:182): apparmor="DENIED" operation="open" class="file" profile="curl" name="/etc/stenographer/certs/client_127.0.0.1_client_cert.pem" pid=3360 comm="curl" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Looks like the curl profile was introduced in questing [1]. Stenographer is no longer maintained upstream [2]. The packaging generates ca/client/server certs on install and stores them in /etc/stenographer/certs; upstream's `stenocurl` wrapper is just incompatible with the new curl apparmor profile [3]. I'm wondering if stenographer should just be dropped. Either way, this isn't a regression in tcpdump so the failures should be marked as not regressions and shouldn't block this migration. [1] https://gitlab.com/apparmor/apparmor/-/merge_requests/1560 [2] https://github.com/google/stenographer [3] https://github.com/google/stenographer/blob/master/stenocurl -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2115467 Title: Merge tcpdump=4.99.5-2 from Debian unstable for Questing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/2115467/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
