[Bug 1974177] Re: Please merge sbuild 0.83.1 from Debian unstable
Dave Jones
1974177 at bugs.launchpad.net
Wed Jun 15 12:44:04 UTC 2022
> 1) Following line in debian/tests/unshare will break Debian (since
> the script runs with "set -e"):
>
> [ "$distro" = ubuntu ] && umask 022
>
> Either use || or an if-clause. Besides that, you can just source
> /etc/os-release and then use the ID variable.
It only breaks Debian if the distro=$(...) line (22) isn't
incorporated (which, were this change to be upstreamed, it should be).
As to sourcing /etc/os-release, that's effectively what it's doing in
that line (admittedly via lsb_release, but that seems to me a
reasonably standard means of querying os-release).
> 2) Running the unshare autopkgtest with a kinetic schroot fails:
>
> autopkgtest [12:48:47]: test unshare: [-----------------------
> + [ -z x ]
> + grep -q ^1$ /proc/sys/kernel/unprivileged_userns_clone
> + dpkg --print-architecture
> [...]
> + mmdebstrap --mode=unshare --variant=apt kinetic /tmp/autopkgtest.4hxHnh/autopkgtest_tmp/chroot.tar
> W: unshare syscall failed: Operation not permitted
>
> Does it need more checks or does it need to declare to be better
> isolated?
Good point, it needs more isolation. Knowing that the unshare-wrapper
test involved isolation-machine I'd only tested under qemu.
Incidentally, that one winds up skipped on Ubuntu because
linux-image-amd64 is not installable (and skip-not-installable is
set), which is presumably why we added the (unwrapped) unshare test in
the first place. Still, that test works happily with a Debian qemu
setup.
I've subsequently tested with LXD as well, and that works with the
(unwrapped) unshare test, but requires a privileged container with
nesting to execute successfully:
$ autopkgtest-build-lxd images:ubuntu/kinetic/amd64
$ autopkgtest . -- lxd autopkgtest/ubuntu/kinetic/amd64 -c security.privileged=true -c security.nesting=true
So perhaps isolation-machine is more appropriate there anyway. I'll
amend d/t/control accordingly.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sbuild in Ubuntu.
https://bugs.launchpad.net/bugs/1974177
Title:
Please merge sbuild 0.83.1 from Debian unstable
Status in sbuild package in Ubuntu:
Confirmed
Bug description:
Please merge sbuild 0.83.1 from Debian unstable.
Updated changelog and diff against Debian unstable to be attached
below.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbuild/+bug/1974177/+subscriptions
More information about the foundations-bugs
mailing list