Re: libldap-common missing in beanbag/reviewboard:6.0 and above
This honestly slipped by, as we’ve all been busy trying to make a deadline. We’ll aim to get new images by this weekend. Christian -- Christian Hammond President/CEO of Beanbag Makers of Review Board On Thu, Mar 21, 2024 at 01:01 'Florian Miedniak' via Review Board Community wrote: > Any news on update of the docker image? > > > > *From:* reviewboard@googlegroups.com *On > Behalf Of *Christian Hammond > *Sent:* Donnerstag, 7. März 2024 10:48 > *To:* reviewboard@googlegroups.com > *Subject:* Re: libldap-common missing in beanbag/reviewboard:6.0 and above > > > > *BeSecure!* > > This email comes from outside of ABB. Make sure you *verify the sender* > before clicking any links or downloading/opening attachments. > If this email looks suspicious, *report it* by clicking 'Report Phishing' > button in Outlook or raising a ticket on MyIS. > > > > It's built from this branch. The problem has to do with when the > libldap-common is being installed. That install is happening in stage 1 of > the build, but that only applies to compilation and initial setup. The > problem is that stage 2 never installs this, so it doesn't end up in the > final image. Stage 2 copies built Python packages and other state out of > stage 1, but doesn't inherit the installed packages, as many of them aren't > necessary beyond compilation. > > > > We'll correct it within the next couple of days. > > > > Christian > > > > On Thu, Mar 7, 2024 at 12:12 AM 'Florian Miedniak' via Review Board > Community wrote: > > Seems that change in Dockerfile didn't make it into the image: > > > > $ docker images --digests | grep beanbag > beanbag/reviewboard latest >sha256:b74f9efcb53d5ed106fcfedc0d3cdd54128d3c6e6ad9ec565c99e5247813b4d9 > 61f6fb5c47b3 *5 hours ago*737MB *-> Image from second attempt* > beanbag/reviewboard 6.0 > sha256:e3a1cb8da75bbb505a6c134d1407deddd71507886f41a9e1b56cc537b576f0ae > b497c4569450 *27 hours ago* 737MB *-> Image from first attempt* > > $ container-diff diff daemon://beanbag/reviewboard:6.0 > daemon://beanbag/reviewboard:latest --type=apt > > -Apt- > > > *Packages found only in beanbag/reviewboard:6.0: None Packages found only > in beanbag/reviewboard:latest: None * > Version differences: None > > > > I don't really know your branching concept, but is the docker image really > made from branch release-6.x, where the commit has been done? > > > > -Florian > > On Thursday, March 7, 2024 at 2:43:35 AM UTC+1 Christian Hammond wrote: > > Hmm, that should have been picked up. Let me take another look. > > > > Christian > > > > > -- > Christian Hammond > President/CEO of Beanbag > Makers of Review Board > > > > On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board Community > wrote: > > Unfortunately, not … :-/ > > > > It seems the change of the Dockerfile ( > https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t > <https://urldefense.com/v3/__https:/github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba*diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn**Bt__;I-KAmQ!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvdhXMLcuA$> > ) > > didn’t make it into the updated docker image: > https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore > <https://urldefense.com/v3/__https:/hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore__;!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvd3ES7ZyE$> > > > > -Florian > > > > On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote: > > Thanks for the report and the patch! We’ve deployed new images with this > library installed, so hopefully that sorts things out. > > > > Christian > > -- > Christian Hammond > President/CEO of Beanbag > Makers of Review Board > > > > > > On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community > wrote: > > https://hellosplat.com/s/beanbag/tickets/5023/ > <https://urldefense.com/v3/__https:/hellosplat.com/s/beanbag/tickets/5023/__;!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvdHwRMPAI$> > &g
RE: libldap-common missing in beanbag/reviewboard:6.0 and above
Any news on update of the docker image? From: reviewboard@googlegroups.com On Behalf Of Christian Hammond Sent: Donnerstag, 7. März 2024 10:48 To: reviewboard@googlegroups.com Subject: Re: libldap-common missing in beanbag/reviewboard:6.0 and above BeSecure! This email comes from outside of ABB. Make sure you verify the sender before clicking any links or downloading/opening attachments. If this email looks suspicious, report it by clicking 'Report Phishing' button in Outlook or raising a ticket on MyIS. It's built from this branch. The problem has to do with when the libldap-common is being installed. That install is happening in stage 1 of the build, but that only applies to compilation and initial setup. The problem is that stage 2 never installs this, so it doesn't end up in the final image. Stage 2 copies built Python packages and other state out of stage 1, but doesn't inherit the installed packages, as many of them aren't necessary beyond compilation. We'll correct it within the next couple of days. Christian On Thu, Mar 7, 2024 at 12:12 AM 'Florian Miedniak' via Review Board Community mailto:reviewboard@googlegroups.com>> wrote: Seems that change in Dockerfile didn't make it into the image: $ docker images --digests | grep beanbag beanbag/reviewboard latest sha256:b74f9efcb53d5ed106fcfedc0d3cdd54128d3c6e6ad9ec565c99e5247813b4d9 61f6fb5c47b3 5 hours ago737MB -> Image from second attempt beanbag/reviewboard 6.0 sha256:e3a1cb8da75bbb505a6c134d1407deddd71507886f41a9e1b56cc537b576f0ae b497c4569450 27 hours ago 737MB -> Image from first attempt $ container-diff diff daemon://beanbag/reviewboard:6.0 daemon://beanbag/reviewboard:latest --type=apt -Apt- Packages found only in beanbag/reviewboard:6.0: None Packages found only in beanbag/reviewboard:latest: None Version differences: None I don't really know your branching concept, but is the docker image really made from branch release-6.x, where the commit has been done? -Florian On Thursday, March 7, 2024 at 2:43:35 AM UTC+1 Christian Hammond wrote: Hmm, that should have been picked up. Let me take another look. Christian -- Christian Hammond President/CEO of Beanbag Makers of Review Board On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board Community mailto:revie...@googlegroups.com>> wrote: Unfortunately, not … :-/ It seems the change of the Dockerfile (https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t<https://urldefense.com/v3/__https:/github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba*diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn**Bt__;I-KAmQ!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvdhXMLcuA$>) didn’t make it into the updated docker image: https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore<https://urldefense.com/v3/__https:/hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore__;!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvd3ES7ZyE$> -Florian On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote: Thanks for the report and the patch! We’ve deployed new images with this library installed, so hopefully that sorts things out. Christian -- Christian Hammond President/CEO of Beanbag Makers of Review Board On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community mailto:revie...@googlegroups.com>> wrote: https://hellosplat.com/s/beanbag/tickets/5023/<https://urldefense.com/v3/__https:/hellosplat.com/s/beanbag/tickets/5023/__;!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvdHwRMPAI$> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: I just stumbled upon this: libldap-common missing in beanbag/reviewboard:6.0 and above. This has a nasty consequence: Verification of LDAPS servers with non-public certificates is not possible anymore! Instead, RB will just report the very unspecific error: Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'} Back-trace down to root-cause: 1. Certificate of LDAP server can't be verified -> No connection possible 2. LDAP client library is not configured to access system-wide certificates as located in /etc/ssl/certs (Should be configured in /etc/ldap/ldap.conf, but whole directory is missing) 3. Directory is missing, because package libl
Re: libldap-common missing in beanbag/reviewboard:6.0 and above
It's built from this branch. The problem has to do with when the libldap-common is being installed. That install is happening in stage 1 of the build, but that only applies to compilation and initial setup. The problem is that stage 2 never installs this, so it doesn't end up in the final image. Stage 2 copies built Python packages and other state out of stage 1, but doesn't inherit the installed packages, as many of them aren't necessary beyond compilation. We'll correct it within the next couple of days. Christian On Thu, Mar 7, 2024 at 12:12 AM 'Florian Miedniak' via Review Board Community wrote: > Seems that change in Dockerfile didn't make it into the image: > > $ docker images --digests | grep beanbag > beanbag/reviewboard latest >sha256:b74f9efcb53d5ed106fcfedc0d3cdd54128d3c6e6ad9ec565c99e5247813b4d9 > 61f6fb5c47b3 *5 hours ago*737MB *-> Image from second attempt* > beanbag/reviewboard 6.0 > sha256:e3a1cb8da75bbb505a6c134d1407deddd71507886f41a9e1b56cc537b576f0ae > b497c4569450 *27 hours ago* 737MB *-> Image from first attempt* > > $ container-diff diff daemon://beanbag/reviewboard:6.0 > daemon://beanbag/reviewboard:latest --type=apt > > -Apt- > > > *Packages found only in beanbag/reviewboard:6.0: NonePackages found only > in beanbag/reviewboard:latest: None* > Version differences: None > > I don't really know your branching concept, but is the docker image really > made from branch release-6.x, where the commit has been done? > > -Florian > On Thursday, March 7, 2024 at 2:43:35 AM UTC+1 Christian Hammond wrote: > >> Hmm, that should have been picked up. Let me take another look. >> >> Christian >> >> >> -- >> Christian Hammond >> President/CEO of Beanbag >> Makers of Review Board >> >> On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board >> Community wrote: >> >>> Unfortunately, not … :-/ >>> >>> >>> >>> It seems the change of the Dockerfile ( >>> https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t >>> ) >>> >>> didn’t make it into the updated docker image: >>> https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore >>> >>> >>> >>> -Florian >>> >>> On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote: >>> >>>> Thanks for the report and the patch! We’ve deployed new images with >>>> this library installed, so hopefully that sorts things out. >>>> >>>> Christian >>>> >>>> -- >>>> Christian Hammond >>>> President/CEO of Beanbag >>>> Makers of Review Board >>>> >>>> >>>> On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board >>>> Community wrote: >>>> >>>>> https://hellosplat.com/s/beanbag/tickets/5023/ >>>>> >>>>> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: >>>>> >>>>>> I just stumbled upon this: libldap-common missing in >>>>>> beanbag/reviewboard:6.0 and above. >>>>>> >>>>>> This has a nasty consequence: Verification of LDAPS servers with >>>>>> non-public certificates is not possible anymore! Instead, RB will just >>>>>> report the very unspecific error: >>>>>> Error authenticating with LDAP: {'result': -1, 'desc': "Can't >>>>>> contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'} >>>>>> >>>>>> *Back-trace down to root-cause:* >>>>>> >>>>>>1. Certificate of LDAP server can't be verified -> No connection >>>>>>possible >>>>>>2. LDAP client library is *not* configured to access system-wide >>>>>>certificates as located in /etc/ssl/certs (Should be configured in >>>>>>/etc/ldap/ldap.conf, but whole directory is missing) >>>>>>3. Directory is missing, because package libldap-common is not >>>>>>installed >>>>>>4. Chain of dependencies leading to installation: >>>>>> 1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* >>>
Re: libldap-common missing in beanbag/reviewboard:6.0 and above
Seems that change in Dockerfile didn't make it into the image: $ docker images --digests | grep beanbag beanbag/reviewboard latest sha256:b74f9efcb53d5ed106fcfedc0d3cdd54128d3c6e6ad9ec565c99e5247813b4d9 61f6fb5c47b3 *5 hours ago*737MB *-> Image from second attempt* beanbag/reviewboard 6.0 sha256:e3a1cb8da75bbb505a6c134d1407deddd71507886f41a9e1b56cc537b576f0ae b497c4569450 *27 hours ago* 737MB *-> Image from first attempt* $ container-diff diff daemon://beanbag/reviewboard:6.0 daemon://beanbag/reviewboard:latest --type=apt -Apt- *Packages found only in beanbag/reviewboard:6.0: NonePackages found only in beanbag/reviewboard:latest: None* Version differences: None I don't really know your branching concept, but is the docker image really made from branch release-6.x, where the commit has been done? -Florian On Thursday, March 7, 2024 at 2:43:35 AM UTC+1 Christian Hammond wrote: > Hmm, that should have been picked up. Let me take another look. > > Christian > > > -- > Christian Hammond > President/CEO of Beanbag > Makers of Review Board > > On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board Community > wrote: > >> Unfortunately, not … :-/ >> >> >> >> It seems the change of the Dockerfile ( >> https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t >> ) >> >> didn’t make it into the updated docker image: >> https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore >> >> >> >> -Florian >> >> On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote: >> >>> Thanks for the report and the patch! We’ve deployed new images with this >>> library installed, so hopefully that sorts things out. >>> >>> Christian >>> >>> -- >>> Christian Hammond >>> President/CEO of Beanbag >>> Makers of Review Board >>> >>> >>> On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board >>> Community wrote: >>> >>>> https://hellosplat.com/s/beanbag/tickets/5023/ >>>> >>>> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: >>>> >>>>> I just stumbled upon this: libldap-common missing in >>>>> beanbag/reviewboard:6.0 and above. >>>>> >>>>> This has a nasty consequence: Verification of LDAPS servers with >>>>> non-public certificates is not possible anymore! Instead, RB will just >>>>> report the very unspecific error: >>>>> Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact >>>>> LDAP server", 'ctrls': [], 'info': '(unknown error code)'} >>>>> >>>>> *Back-trace down to root-cause:* >>>>> >>>>>1. Certificate of LDAP server can't be verified -> No connection >>>>>possible >>>>>2. LDAP client library is *not* configured to access system-wide >>>>>certificates as located in /etc/ssl/certs (Should be configured in >>>>>/etc/ldap/ldap.conf, but whole directory is missing) >>>>>3. Directory is missing, because package libldap-common is not >>>>>installed >>>>>4. Chain of dependencies leading to installation: >>>>> 1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* >>>>> libldap-common >>>>> 2. RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 >>>>> *-RECOMMENDS->* libldap-common >>>>> *=> Package libldap-common is not installed because its >>>>> relationship changed from "dependents" to "recommends":* >>>>> Before: https://packages.ubuntu.com/focal/libldap-2.4-2 Now: >>>>> https://packages.ubuntu.com/jammy-updates/libldap-2.5-0 >>>>> *and* OS packages are installed with --no-install-recommends >>>>> >>>>> For now, I'll live with explicitly installing libldap-common in my own >>>>> image that is derived from beanbag/reviewboard:6.0. But IMO it would be >>>>> better to solve this in the base image. >>>>> >>>>> *Possible solutions:* &g
Re: libldap-common missing in beanbag/reviewboard:6.0 and above
Hmm, that should have been picked up. Let me take another look. Christian -- Christian Hammond President/CEO of Beanbag Makers of Review Board On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board Community < reviewboard@googlegroups.com> wrote: > Unfortunately, not … :-/ > > > > It seems the change of the Dockerfile ( > https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t > ) > > didn’t make it into the updated docker image: > https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore > > > > -Florian > > On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote: > >> Thanks for the report and the patch! We’ve deployed new images with this >> library installed, so hopefully that sorts things out. >> >> Christian >> >> -- >> Christian Hammond >> President/CEO of Beanbag >> Makers of Review Board >> >> >> On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board >> Community wrote: >> >>> https://hellosplat.com/s/beanbag/tickets/5023/ >>> >>> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: >>> >>>> I just stumbled upon this: libldap-common missing in >>>> beanbag/reviewboard:6.0 and above. >>>> >>>> This has a nasty consequence: Verification of LDAPS servers with >>>> non-public certificates is not possible anymore! Instead, RB will just >>>> report the very unspecific error: >>>> Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact >>>> LDAP server", 'ctrls': [], 'info': '(unknown error code)'} >>>> >>>> *Back-trace down to root-cause:* >>>> >>>>1. Certificate of LDAP server can't be verified -> No connection >>>>possible >>>>2. LDAP client library is *not* configured to access system-wide >>>>certificates as located in /etc/ssl/certs (Should be configured in >>>>/etc/ldap/ldap.conf, but whole directory is missing) >>>>3. Directory is missing, because package libldap-common is not >>>>installed >>>>4. Chain of dependencies leading to installation: >>>> 1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* >>>> libldap-common >>>> 2. RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 >>>> *-RECOMMENDS->* libldap-common >>>> *=> Package libldap-common is not installed because its >>>> relationship changed from "dependents" to "recommends":* Before: >>>> https://packages.ubuntu.com/focal/libldap-2.4-2 Now: >>>> https://packages.ubuntu.com/jammy-updates/libldap-2.5-0 >>>> *and* OS packages are installed with --no-install-recommends >>>> >>>> For now, I'll live with explicitly installing libldap-common in my own >>>> image that is derived from beanbag/reviewboard:6.0. But IMO it would be >>>> better to solve this in the base image. >>>> >>>> *Possible solutions:* >>>> (a) Remove the --no-install-recommends from call to apt-get >>>> + No explicit installation of libldap-common necessary, reduces risk of >>>> similar issues with other packages in future >>>> - May bloat the image with other packages that are neither wanted nor >>>> needed >>>> (b) Explicitly install package libldap-common >>>> + Reduces risk of bloating the image and minimizes change in images >>>> >>>> Any opinions on that? Anyway, is >>>> https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile >>>> the correct file to look at and may I open a pull request for this right >>>> away or is it usual to discuss it first in this group? >>>> >>>> -Florian >>>> >>> -- >>> Supercharge your Review Board with Power Pack: >>> https://www.reviewboard.org/powerpack/ >>> Want us to host Review Board for you? Check out RBCommons: >>> https://rbcommons.com/ >>> Happy user? Let us know! https://www.reviewboard.org/users/ >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Review Board Community" group. >>> >
Re: libldap-common missing in beanbag/reviewboard:6.0 and above
Unfortunately, not … :-/ It seems the change of the Dockerfile ( https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t ) didn’t make it into the updated docker image: https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore -Florian On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote: > Thanks for the report and the patch! We’ve deployed new images with this > library installed, so hopefully that sorts things out. > > Christian > > -- > Christian Hammond > President/CEO of Beanbag > Makers of Review Board > > > On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community > wrote: > >> https://hellosplat.com/s/beanbag/tickets/5023/ >> >> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: >> >>> I just stumbled upon this: libldap-common missing in >>> beanbag/reviewboard:6.0 and above. >>> >>> This has a nasty consequence: Verification of LDAPS servers with >>> non-public certificates is not possible anymore! Instead, RB will just >>> report the very unspecific error: >>> Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact >>> LDAP server", 'ctrls': [], 'info': '(unknown error code)'} >>> >>> *Back-trace down to root-cause:* >>> >>>1. Certificate of LDAP server can't be verified -> No connection >>>possible >>>2. LDAP client library is *not* configured to access system-wide >>>certificates as located in /etc/ssl/certs (Should be configured in >>>/etc/ldap/ldap.conf, but whole directory is missing) >>>3. Directory is missing, because package libldap-common is not >>>installed >>>4. Chain of dependencies leading to installation: >>> 1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* >>> libldap-common >>> 2. RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 >>> *-RECOMMENDS->* libldap-common >>> *=> Package libldap-common is not installed because its >>> relationship changed from "dependents" to "recommends":* Before: >>> https://packages.ubuntu.com/focal/libldap-2.4-2 Now: >>> https://packages.ubuntu.com/jammy-updates/libldap-2.5-0 >>> *and* OS packages are installed with --no-install-recommends >>> >>> For now, I'll live with explicitly installing libldap-common in my own >>> image that is derived from beanbag/reviewboard:6.0. But IMO it would be >>> better to solve this in the base image. >>> >>> *Possible solutions:* >>> (a) Remove the --no-install-recommends from call to apt-get >>> + No explicit installation of libldap-common necessary, reduces risk of >>> similar issues with other packages in future >>> - May bloat the image with other packages that are neither wanted nor >>> needed >>> (b) Explicitly install package libldap-common >>> + Reduces risk of bloating the image and minimizes change in images >>> >>> Any opinions on that? Anyway, is >>> https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile >>> >>> the correct file to look at and may I open a pull request for this right >>> away or is it usual to discuss it first in this group? >>> >>> -Florian >>> >> -- >> Supercharge your Review Board with Power Pack: >> https://www.reviewboard.org/powerpack/ >> Want us to host Review Board for you? Check out RBCommons: >> https://rbcommons.com/ >> Happy user? Let us know! https://www.reviewboard.org/users/ >> --- >> You received this message because you are subscribed to the Google Groups >> "Review Board Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to reviewboard...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com?utm_medium=email_source=footer> >> . >> > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/0786dd31-bbc8-4836-8963-65598188d444n%40googlegroups.com.
RE: libldap-common missing in beanbag/reviewboard:6.0 and above
Unfortunately, not … :-/ It seems the change of the Dockerfile (https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t) didn’t make it into the updated docker image: https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore -Florian From: reviewboard@googlegroups.com On Behalf Of Christian Hammond Sent: Mittwoch, 6. März 2024 19:33 To: reviewboard@googlegroups.com Subject: Re: libldap-common missing in beanbag/reviewboard:6.0 and above BeSecure! This email comes from outside of ABB. Make sure you verify the sender before clicking any links or downloading/opening attachments. If this email looks suspicious, report it by clicking 'Report Phishing' button in Outlook or raising a ticket on MyIS. Thanks for the report and the patch! We’ve deployed new images with this library installed, so hopefully that sorts things out. Christian -- Christian Hammond President/CEO of Beanbag Makers of Review Board On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community mailto:reviewboard@googlegroups.com>> wrote: https://hellosplat.com/s/beanbag/tickets/5023/<https://urldefense.com/v3/__https:/hellosplat.com/s/beanbag/tickets/5023/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2vRQYhRk$> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: I just stumbled upon this: libldap-common missing in beanbag/reviewboard:6.0 and above. This has a nasty consequence: Verification of LDAPS servers with non-public certificates is not possible anymore! Instead, RB will just report the very unspecific error: Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'} Back-trace down to root-cause: 1. Certificate of LDAP server can't be verified -> No connection possible 2. LDAP client library is not configured to access system-wide certificates as located in /etc/ssl/certs (Should be configured in /etc/ldap/ldap.conf, but whole directory is missing) 3. Directory is missing, because package libldap-common is not installed 4. Chain of dependencies leading to installation: * RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 -DEPENDS-> libldap-common * RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 -RECOMMENDS-> libldap-common => Package libldap-common is not installed because its relationship changed from "dependents" to "recommends": Before: https://packages.ubuntu.com/focal/libldap-2.4-2<https://urldefense.com/v3/__https:/packages.ubuntu.com/focal/libldap-2.4-2__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2WdFJ1-M$> Now: https://packages.ubuntu.com/jammy-updates/libldap-2.5-0<https://urldefense.com/v3/__https:/packages.ubuntu.com/jammy-updates/libldap-2.5-0__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2r-4W_E0$> and OS packages are installed with --no-install-recommends For now, I'll live with explicitly installing libldap-common in my own image that is derived from beanbag/reviewboard:6.0. But IMO it would be better to solve this in the base image. Possible solutions: (a) Remove the --no-install-recommends from call to apt-get + No explicit installation of libldap-common necessary, reduces risk of similar issues with other packages in future - May bloat the image with other packages that are neither wanted nor needed (b) Explicitly install package libldap-common + Reduces risk of bloating the image and minimizes change in images Any opinions on that? Anyway, is https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile<https://urldefense.com/v3/__https:/github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2vS1wcoE$> the correct file to look at and may I open a pull request for this right away or is it usual to discuss it first in this group? -Florian -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/<https://urldefense.com/v3/__https:/www.reviewboard.org/powerpack/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2peDBxmA$> Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/<https://urldefense.com/v3/__https:/rbcommons.com/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2SCzRILQ$> Happy user? Let us know! https://www.reviewboard.org/users/<https://urldefense.com/v3/__https:/www.reviewboard.org/users/__;!!N
Re: libldap-common missing in beanbag/reviewboard:6.0 and above
Thanks for the report and the patch! We’ve deployed new images with this library installed, so hopefully that sorts things out. Christian -- Christian Hammond President/CEO of Beanbag Makers of Review Board On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community < reviewboard@googlegroups.com> wrote: > https://hellosplat.com/s/beanbag/tickets/5023/ > > On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: > >> I just stumbled upon this: libldap-common missing in >> beanbag/reviewboard:6.0 and above. >> >> This has a nasty consequence: Verification of LDAPS servers with >> non-public certificates is not possible anymore! Instead, RB will just >> report the very unspecific error: >> Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact >> LDAP server", 'ctrls': [], 'info': '(unknown error code)'} >> >> *Back-trace down to root-cause:* >> >>1. Certificate of LDAP server can't be verified -> No connection >>possible >>2. LDAP client library is *not* configured to access system-wide >>certificates as located in /etc/ssl/certs (Should be configured in >>/etc/ldap/ldap.conf, but whole directory is missing) >>3. Directory is missing, because package libldap-common is not >>installed >>4. Chain of dependencies leading to installation: >> 1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* >> libldap-common >> 2. RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 *-RECOMMENDS->* >> libldap-common >> *=> Package libldap-common is not installed because its >> relationship changed from "dependents" to "recommends":* Before: >> https://packages.ubuntu.com/focal/libldap-2.4-2 Now: >> https://packages.ubuntu.com/jammy-updates/libldap-2.5-0 >> *and* OS packages are installed with --no-install-recommends >> >> For now, I'll live with explicitly installing libldap-common in my own >> image that is derived from beanbag/reviewboard:6.0. But IMO it would be >> better to solve this in the base image. >> >> *Possible solutions:* >> (a) Remove the --no-install-recommends from call to apt-get >> + No explicit installation of libldap-common necessary, reduces risk of >> similar issues with other packages in future >> - May bloat the image with other packages that are neither wanted nor >> needed >> (b) Explicitly install package libldap-common >> + Reduces risk of bloating the image and minimizes change in images >> >> Any opinions on that? Anyway, is >> https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile >> the correct file to look at and may I open a pull request for this right >> away or is it usual to discuss it first in this group? >> >> -Florian >> > -- > Supercharge your Review Board with Power Pack: > https://www.reviewboard.org/powerpack/ > Want us to host Review Board for you? Check out RBCommons: > https://rbcommons.com/ > Happy user? Let us know! https://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "Review Board Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to reviewboard+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com > <https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com?utm_medium=email_source=footer> > . > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAE7VndnCUeBwWudqqDwWbEFZvTxHp2qbRax8mRQzChH7xRWJkg%40mail.gmail.com.
Re: libldap-common missing in beanbag/reviewboard:6.0 and above
https://hellosplat.com/s/beanbag/tickets/5023/ On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: > I just stumbled upon this: libldap-common missing in > beanbag/reviewboard:6.0 and above. > > This has a nasty consequence: Verification of LDAPS servers with > non-public certificates is not possible anymore! Instead, RB will just > report the very unspecific error: > Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact > LDAP server", 'ctrls': [], 'info': '(unknown error code)'} > > *Back-trace down to root-cause:* > >1. Certificate of LDAP server can't be verified -> No connection >possible >2. LDAP client library is *not* configured to access system-wide >certificates as located in /etc/ssl/certs (Should be configured in >/etc/ldap/ldap.conf, but whole directory is missing) >3. Directory is missing, because package libldap-common is not >installed >4. Chain of dependencies leading to installation: > 1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* > libldap-common > 2. RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 *-RECOMMENDS->* > libldap-common > *=> Package libldap-common is not installed because its > relationship changed from "dependents" to "recommends":* Before: > https://packages.ubuntu.com/focal/libldap-2.4-2 Now: > https://packages.ubuntu.com/jammy-updates/libldap-2.5-0 > *and* OS packages are installed with --no-install-recommends > > For now, I'll live with explicitly installing libldap-common in my own > image that is derived from beanbag/reviewboard:6.0. But IMO it would be > better to solve this in the base image. > > *Possible solutions:* > (a) Remove the --no-install-recommends from call to apt-get > + No explicit installation of libldap-common necessary, reduces risk of > similar issues with other packages in future > - May bloat the image with other packages that are neither wanted nor > needed > (b) Explicitly install package libldap-common > + Reduces risk of bloating the image and minimizes change in images > > Any opinions on that? Anyway, is > https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile > > the correct file to look at and may I open a pull request for this right > away or is it usual to discuss it first in this group? > > -Florian > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com.
libldap-common missing in beanbag/reviewboard:6.0 and above
I just stumbled upon this: libldap-common missing in beanbag/reviewboard:6.0 and above. This has a nasty consequence: Verification of LDAPS servers with non-public certificates is not possible anymore! Instead, RB will just report the very unspecific error: Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'} *Back-trace down to root-cause:* 1. Certificate of LDAP server can't be verified -> No connection possible 2. LDAP client library is *not* configured to access system-wide certificates as located in /etc/ssl/certs (Should be configured in /etc/ldap/ldap.conf, but whole directory is missing) 3. Directory is missing, because package libldap-common is not installed 4. Chain of dependencies leading to installation: 1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* libldap-common 2. RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 *-RECOMMENDS->* libldap-common *=> Package libldap-common is not installed because its relationship changed from "dependents" to "recommends":* Before: https://packages.ubuntu.com/focal/libldap-2.4-2 Now: https://packages.ubuntu.com/jammy-updates/libldap-2.5-0 *and* OS packages are installed with --no-install-recommends For now, I'll live with explicitly installing libldap-common in my own image that is derived from beanbag/reviewboard:6.0. But IMO it would be better to solve this in the base image. *Possible solutions:* (a) Remove the --no-install-recommends from call to apt-get + No explicit installation of libldap-common necessary, reduces risk of similar issues with other packages in future - May bloat the image with other packages that are neither wanted nor needed (b) Explicitly install package libldap-common + Reduces risk of bloating the image and minimizes change in images Any opinions on that? Anyway, is https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile the correct file to look at and may I open a pull request for this right away or is it usual to discuss it first in this group? -Florian -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/ae32def5-32cb-4e40-bc0b-2e7265f964e0n%40googlegroups.com.