[Bug 1917920] Re: magic-proxy broke with iptables 1.8.7-1ubuntu2
Launchpad Bug Tracker
1917920 at bugs.launchpad.net
Mon Nov 8 09:27:52 UTC 2021
This bug was fixed in the package livecd-rootfs - 2.664.33
---------------
livecd-rootfs (2.664.33) focal; urgency=medium
* Install cloud-initramfs-growroot to actually enable rootfs resize.
* Fix a grub error by making sure the unicode.pf2 font is installed in the
right path for preinstalled amd64 desktop images.
livecd-rootfs (2.664.32) focal; urgency=medium
* 099-ubuntu-image-customization.chroot: fix a typo in it.
livecd-rootfs (2.664.31) focal; urgency=medium
[ Łukasz 'sil2100' Zemczak ]
* Add the 099-ubuntu-image-customization.chroot for
desktop-preinstalled images similar to what we have in groovy+ (for the pi
desktop), but improved for amd64 platforms. We need it to generate a valid
grub.cfg on the rootfs (similar to ubuntu-cpc) and then use that instead
of a static configuration locked on the boot partition (LP: #1949102).
[ Brian Murray ]
* Properly check ARCH when setting the intel-iot model.
livecd-rootfs (2.664.30) focal; urgency=medium
[ Thomas Bechtold ]
* magic-proxy: Replace http.client with urllib calls. live-build/auto/build:
change iptables calls to query rules and quickly check that connectivity
works after transparent proxy has been installed. (LP: #1917920)
* magic-proxy: fix TypeError when trying to call get_uri() (LP: #1944906)
-- Łukasz 'sil2100' Zemczak <lukasz.zemczak at ubuntu.com> Fri, 29 Oct
2021 15:33:34 +0200
** Changed in: livecd-rootfs (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1917920
Title:
magic-proxy broke with iptables 1.8.7-1ubuntu2
Status in launchpad-buildd:
Invalid
Status in iptables package in Ubuntu:
Invalid
Status in livecd-rootfs package in Ubuntu:
Fix Released
Status in lxd package in Ubuntu:
Invalid
Status in iptables source package in Bionic:
Invalid
Status in livecd-rootfs source package in Bionic:
Invalid
Status in lxd source package in Bionic:
Invalid
Status in iptables source package in Focal:
Invalid
Status in livecd-rootfs source package in Focal:
Fix Released
Status in lxd source package in Focal:
Invalid
Status in iptables source package in Hirsute:
Invalid
Status in livecd-rootfs source package in Hirsute:
Fix Committed
Status in lxd source package in Hirsute:
Invalid
Bug description:
[Impact]
The fixes for this bug (including the fixes for LP:#1944906) need to be backported to hirsute, focal and bionic) to be able to re-enable the "repo-snapshot-stamp" feature for image builds. That feature is important to get consistent image builds (means the same set of packages included in the different images) when doing multiple builds (eg. for AWS, Azure and GCE).
[Test Plan]
- build a livecd-rootfs image with the changes for every series in a PPA
- Do build an image with the livecd-rootfs from the PPA and enable the repo-snapshot-stamp feature
- Check that the build did not fail or hang
[Where problems could occur]
The codepath that will be changed is only executed in livecd-rootfs if the repo-snapshot-stamp feature is enabled. And that feature is currently broken so it shouldn't be enabled anywhere.
[Original description]
when iptables got upgraded from 1.8.5-3ubuntu4 to 1.8.7-1ubuntu2 magic
proxy stopped working in livecd-rootfs.
It does very simple thing:
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner
daemon -j REDIRECT --to 8080
inside hirsute lxd container, with quite high privileges, in a bionic
VM, running 4.15 kernel.
With 1.8.5 above worked fine, with 1.8.7 somehow there was no outbound
connectivity the very first http networking command after the above
call would just hang indefinitely.
However, if one does this instead:
iptables -vv -t nat -S
iptables-legacy -vv -t nat -S
iptables -vv -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon -j REDIRECT --to 8080
somehow magically everything starts to work fine.
weird.
To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad-buildd/+bug/1917920/+subscriptions
More information about the foundations-bugs
mailing list