Bionic is not affected ** Changed in: livecd-rootfs (Ubuntu Bionic) Status: New => Invalid
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1917920 Title: magic-proxy broke with iptables 1.8.7-1ubuntu2 Status in launchpad-buildd: Invalid Status in iptables package in Ubuntu: Invalid Status in livecd-rootfs package in Ubuntu: Fix Released Status in lxd package in Ubuntu: Invalid Status in iptables source package in Bionic: Invalid Status in livecd-rootfs source package in Bionic: Invalid Status in lxd source package in Bionic: Invalid Status in iptables source package in Focal: Invalid Status in livecd-rootfs source package in Focal: Fix Committed Status in lxd source package in Focal: Invalid Status in iptables source package in Hirsute: Invalid Status in livecd-rootfs source package in Hirsute: New Status in lxd source package in Hirsute: Invalid Bug description: [Impact] The fixes for this bug (including the fixes for LP:#1944906) need to be backported to hirsute, focal and bionic) to be able to re-enable the "repo-snapshot-stamp" feature for image builds. That feature is important to get consistent image builds (means the same set of packages included in the different images) when doing multiple builds (eg. for AWS, Azure and GCE). [Test Plan] - build a livecd-rootfs image with the changes for every series in a PPA - Do build an image with the livecd-rootfs from the PPA and enable the repo-snapshot-stamp feature - Check that the build did not fail or hang [Where problems could occur] The codepath that will be changed is only executed in livecd-rootfs if the repo-snapshot-stamp feature is enabled. And that feature is currently broken so it shouldn't be enabled anywhere. [Original description] when iptables got upgraded from 1.8.5-3ubuntu4 to 1.8.7-1ubuntu2 magic proxy stopped working in livecd-rootfs. It does very simple thing: iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon -j REDIRECT --to 8080 inside hirsute lxd container, with quite high privileges, in a bionic VM, running 4.15 kernel. With 1.8.5 above worked fine, with 1.8.7 somehow there was no outbound connectivity the very first http networking command after the above call would just hang indefinitely. However, if one does this instead: iptables -vv -t nat -S iptables-legacy -vv -t nat -S iptables -vv -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon -j REDIRECT --to 8080 somehow magically everything starts to work fine. weird. To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad-buildd/+bug/1917920/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp