Re: libldap-common missing in beanbag/reviewboard:6.0 and above

[Christian Hammond]

This honestly slipped by, as we’ve all been busy trying to make a deadline.
We’ll aim to get new images by this weekend.

Christian

-- 
Christian Hammond
President/CEO of Beanbag
Makers of Review Board


On Thu, Mar 21, 2024 at 01:01 'Florian Miedniak' via Review Board Community
 wrote:

> Any news on update of the docker image?
>
>
>
> *From:* reviewboard@googlegroups.com  *On
> Behalf Of *Christian Hammond
> *Sent:* Donnerstag, 7. März 2024 10:48
> *To:* reviewboard@googlegroups.com
> *Subject:* Re: libldap-common missing in beanbag/reviewboard:6.0 and above
>
>
>
> *BeSecure!*
>
> This email comes from outside of ABB. Make sure you *verify the sender*
> before clicking any links or downloading/opening attachments.
> If this email looks suspicious, *report it* by clicking 'Report Phishing'
> button in Outlook or raising a ticket on MyIS.
>
>
>
> It's built from this branch. The problem has to do with when the
> libldap-common is being installed. That install is happening in stage 1 of
> the build, but that only applies to compilation and initial setup. The
> problem is that stage 2 never installs this, so it doesn't end up in the
> final image. Stage 2 copies built Python packages and other state out of
> stage 1, but doesn't inherit the installed packages, as many of them aren't
> necessary beyond compilation.
>
>
>
> We'll correct it within the next couple of days.
>
>
>
> Christian
>
>
>
> On Thu, Mar 7, 2024 at 12:12 AM 'Florian Miedniak' via Review Board
> Community  wrote:
>
> Seems that change in Dockerfile didn't make it into the image:
>
>
>
> $ docker images --digests | grep beanbag
> beanbag/reviewboard  latest
>sha256:b74f9efcb53d5ed106fcfedc0d3cdd54128d3c6e6ad9ec565c99e5247813b4d9
>   61f6fb5c47b3   *5 hours ago*737MB  *-> Image from second attempt*
> beanbag/reviewboard  6.0
>   sha256:e3a1cb8da75bbb505a6c134d1407deddd71507886f41a9e1b56cc537b576f0ae
> b497c4569450   *27 hours ago*   737MB *-> Image from first attempt*
>
> $ container-diff diff daemon://beanbag/reviewboard:6.0
> daemon://beanbag/reviewboard:latest --type=apt
>
> -Apt-
>
>
> *Packages found only in beanbag/reviewboard:6.0: None Packages found only
> in beanbag/reviewboard:latest: None *
> Version differences: None
>
>
>
> I don't really know your branching concept, but is the docker image really
> made from branch release-6.x, where the commit has been done?
>
>
>
> -Florian
>
> On Thursday, March 7, 2024 at 2:43:35 AM UTC+1 Christian Hammond wrote:
>
> Hmm, that should have been picked up. Let me take another look.
>
>
>
> Christian
>
>
>
>
> --
> Christian Hammond
> President/CEO of Beanbag
> Makers of Review Board
>
>
>
> On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board Community
>  wrote:
>
> Unfortunately, not … :-/
>
>
>
> It seems the change of the Dockerfile (
> https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t
> <https://urldefense.com/v3/__https:/github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba*diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn**Bt__;I-KAmQ!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvdhXMLcuA$>
> )
>
> didn’t make it into the updated docker image:
> https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore
> <https://urldefense.com/v3/__https:/hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore__;!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvd3ES7ZyE$>
>
>
>
> -Florian
>
>
>
> On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote:
>
> Thanks for the report and the patch! We’ve deployed new images with this
> library installed, so hopefully that sorts things out.
>
>
>
> Christian
>
> --
> Christian Hammond
> President/CEO of Beanbag
> Makers of Review Board
>
>
>
>
>
> On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community
>  wrote:
>
> https://hellosplat.com/s/beanbag/tickets/5023/
> <https://urldefense.com/v3/__https:/hellosplat.com/s/beanbag/tickets/5023/__;!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvdHwRMPAI$>
>
&g

RE: libldap-common missing in beanbag/reviewboard:6.0 and above

['Florian Miedniak' via Review Board Community]

Any news on update of the docker image?

From: reviewboard@googlegroups.com  On Behalf Of 
Christian Hammond
Sent: Donnerstag, 7. März 2024 10:48
To: reviewboard@googlegroups.com
Subject: Re: libldap-common missing in beanbag/reviewboard:6.0 and above

BeSecure!
This email comes from outside of ABB. Make sure you verify the sender before 
clicking any links or downloading/opening attachments.
If this email looks suspicious, report it by clicking 'Report Phishing' button 
in Outlook or raising a ticket on MyIS.

It's built from this branch. The problem has to do with when the libldap-common 
is being installed. That install is happening in stage 1 of the build, but that 
only applies to compilation and initial setup. The problem is that stage 2 
never installs this, so it doesn't end up in the final image. Stage 2 copies 
built Python packages and other state out of stage 1, but doesn't inherit the 
installed packages, as many of them aren't necessary beyond compilation.

We'll correct it within the next couple of days.

Christian

On Thu, Mar 7, 2024 at 12:12 AM 'Florian Miedniak' via Review Board Community 
mailto:reviewboard@googlegroups.com>> wrote:
Seems that change in Dockerfile didn't make it into the image:

$ docker images --digests | grep beanbag
beanbag/reviewboard  latest  
sha256:b74f9efcb53d5ed106fcfedc0d3cdd54128d3c6e6ad9ec565c99e5247813b4d9   
61f6fb5c47b3   5 hours ago737MB  -> Image from second attempt
beanbag/reviewboard  6.0 
sha256:e3a1cb8da75bbb505a6c134d1407deddd71507886f41a9e1b56cc537b576f0ae   
b497c4569450   27 hours ago   737MB -> Image from first attempt
$ container-diff diff daemon://beanbag/reviewboard:6.0 
daemon://beanbag/reviewboard:latest --type=apt

-Apt-
Packages found only in beanbag/reviewboard:6.0: None
Packages found only in beanbag/reviewboard:latest: None

Version differences: None

I don't really know your branching concept, but is the docker image really made 
from branch release-6.x, where the commit has been done?

-Florian
On Thursday, March 7, 2024 at 2:43:35 AM UTC+1 Christian Hammond wrote:
Hmm, that should have been picked up. Let me take another look.

Christian



--
Christian Hammond
President/CEO of Beanbag
Makers of Review Board

On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board Community 
mailto:revie...@googlegroups.com>> wrote:

Unfortunately, not … :-/



It seems the change of the Dockerfile 
(https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t<https://urldefense.com/v3/__https:/github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba*diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn**Bt__;I-KAmQ!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvdhXMLcuA$>)

didn’t make it into the updated docker image: 
https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore<https://urldefense.com/v3/__https:/hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore__;!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvd3ES7ZyE$>



-Florian

On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote:
Thanks for the report and the patch! We’ve deployed new images with this 
library installed, so hopefully that sorts things out.

Christian

--
Christian Hammond
President/CEO of Beanbag
Makers of Review Board


On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community 
mailto:revie...@googlegroups.com>> wrote:
https://hellosplat.com/s/beanbag/tickets/5023/<https://urldefense.com/v3/__https:/hellosplat.com/s/beanbag/tickets/5023/__;!!NLW3fF9v!LzJTXwdnBniecOjEg64E2Nn5rICgWLWRLloVBO32lk1-9lutdCsdcsTdUOiP6u5BznIMeCJiXhNn-yibBgvdHwRMPAI$>
On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:
I just stumbled upon this: libldap-common missing in beanbag/reviewboard:6.0 
and above.

This has a nasty consequence: Verification of LDAPS servers with non-public 
certificates is not possible anymore! Instead, RB will just report the very 
unspecific error:
 Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact LDAP 
server", 'ctrls': [], 'info': '(unknown error code)'}

Back-trace down to root-cause:

  1.  Certificate of LDAP server can't be verified -> No connection possible
  2.  LDAP client library is not configured to access system-wide certificates 
as located in /etc/ssl/certs (Should be configured in /etc/ldap/ldap.conf, but 
whole directory is missing)
  3.  Directory is missing, because package libl

Re: libldap-common missing in beanbag/reviewboard:6.0 and above

[Christian Hammond]

It's built from this branch. The problem has to do with when the
libldap-common is being installed. That install is happening in stage 1 of
the build, but that only applies to compilation and initial setup. The
problem is that stage 2 never installs this, so it doesn't end up in the
final image. Stage 2 copies built Python packages and other state out of
stage 1, but doesn't inherit the installed packages, as many of them aren't
necessary beyond compilation.

We'll correct it within the next couple of days.

Christian

On Thu, Mar 7, 2024 at 12:12 AM 'Florian Miedniak' via Review Board
Community  wrote:

> Seems that change in Dockerfile didn't make it into the image:
>
> $ docker images --digests | grep beanbag
> beanbag/reviewboard  latest
>sha256:b74f9efcb53d5ed106fcfedc0d3cdd54128d3c6e6ad9ec565c99e5247813b4d9
>   61f6fb5c47b3   *5 hours ago*737MB  *-> Image from second attempt*
> beanbag/reviewboard  6.0
>   sha256:e3a1cb8da75bbb505a6c134d1407deddd71507886f41a9e1b56cc537b576f0ae
> b497c4569450   *27 hours ago*   737MB *-> Image from first attempt*
>
> $ container-diff diff daemon://beanbag/reviewboard:6.0
> daemon://beanbag/reviewboard:latest --type=apt
>
> -Apt-
>
>
> *Packages found only in beanbag/reviewboard:6.0: NonePackages found only
> in beanbag/reviewboard:latest: None*
> Version differences: None
>
> I don't really know your branching concept, but is the docker image really
> made from branch release-6.x, where the commit has been done?
>
> -Florian
> On Thursday, March 7, 2024 at 2:43:35 AM UTC+1 Christian Hammond wrote:
>
>> Hmm, that should have been picked up. Let me take another look.
>>
>> Christian
>>
>>
>> --
>> Christian Hammond
>> President/CEO of Beanbag
>> Makers of Review Board
>>
>> On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board
>> Community  wrote:
>>
>>> Unfortunately, not … :-/
>>>
>>>
>>>
>>> It seems the change of the Dockerfile (
>>> https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t
>>> )
>>>
>>> didn’t make it into the updated docker image:
>>> https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore
>>>
>>>
>>>
>>> -Florian
>>>
>>> On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote:
>>>
>>>> Thanks for the report and the patch! We’ve deployed new images with
>>>> this library installed, so hopefully that sorts things out.
>>>>
>>>> Christian
>>>>
>>>> --
>>>> Christian Hammond
>>>> President/CEO of Beanbag
>>>> Makers of Review Board
>>>>
>>>>
>>>> On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board
>>>> Community  wrote:
>>>>
>>>>> https://hellosplat.com/s/beanbag/tickets/5023/
>>>>>
>>>>> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:
>>>>>
>>>>>> I just stumbled upon this: libldap-common missing in
>>>>>> beanbag/reviewboard:6.0 and above.
>>>>>>
>>>>>> This has a nasty consequence: Verification of LDAPS servers with
>>>>>> non-public certificates is not possible anymore! Instead, RB will just
>>>>>> report the very unspecific error:
>>>>>>  Error authenticating with LDAP: {'result': -1, 'desc': "Can't
>>>>>> contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
>>>>>>
>>>>>> *Back-trace down to root-cause:*
>>>>>>
>>>>>>1. Certificate of LDAP server can't be verified -> No connection
>>>>>>possible
>>>>>>2. LDAP client library is *not* configured to access system-wide
>>>>>>certificates as located in /etc/ssl/certs (Should be configured in
>>>>>>/etc/ldap/ldap.conf, but whole directory is missing)
>>>>>>3. Directory is missing, because package libldap-common is not
>>>>>>installed
>>>>>>4. Chain of dependencies leading to installation:
>>>>>>   1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->*
>>>

Re: libldap-common missing in beanbag/reviewboard:6.0 and above

['Florian Miedniak' via Review Board Community]

Seems that change in Dockerfile didn't make it into the image:

$ docker images --digests | grep beanbag
beanbag/reviewboard  latest 
 sha256:b74f9efcb53d5ed106fcfedc0d3cdd54128d3c6e6ad9ec565c99e5247813b4d9   
61f6fb5c47b3   *5 hours ago*737MB  *-> Image from second attempt*
beanbag/reviewboard  6.0   
  sha256:e3a1cb8da75bbb505a6c134d1407deddd71507886f41a9e1b56cc537b576f0ae   
b497c4569450   *27 hours ago*   737MB *-> Image from first attempt*

$ container-diff diff daemon://beanbag/reviewboard:6.0 
daemon://beanbag/reviewboard:latest --type=apt

-Apt-


*Packages found only in beanbag/reviewboard:6.0: NonePackages found only in 
beanbag/reviewboard:latest: None*
Version differences: None

I don't really know your branching concept, but is the docker image really 
made from branch release-6.x, where the commit has been done?

-Florian
On Thursday, March 7, 2024 at 2:43:35 AM UTC+1 Christian Hammond wrote:

> Hmm, that should have been picked up. Let me take another look.
>
> Christian
>
>
> -- 
> Christian Hammond
> President/CEO of Beanbag
> Makers of Review Board
>
> On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board Community 
>  wrote:
>
>> Unfortunately, not … :-/
>>
>>  
>>
>> It seems the change of the Dockerfile (
>> https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t
>> )
>>
>> didn’t make it into the updated docker image: 
>> https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore
>>
>>  
>>
>> -Florian
>>
>> On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote:
>>
>>> Thanks for the report and the patch! We’ve deployed new images with this 
>>> library installed, so hopefully that sorts things out.
>>>
>>> Christian
>>>
>>> -- 
>>> Christian Hammond
>>> President/CEO of Beanbag
>>> Makers of Review Board
>>>
>>>
>>> On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board 
>>> Community  wrote:
>>>
>>>> https://hellosplat.com/s/beanbag/tickets/5023/
>>>>
>>>> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:
>>>>
>>>>> I just stumbled upon this: libldap-common missing in 
>>>>> beanbag/reviewboard:6.0 and above.
>>>>>
>>>>> This has a nasty consequence: Verification of LDAPS servers with 
>>>>> non-public certificates is not possible anymore! Instead, RB will just 
>>>>> report the very unspecific error:
>>>>>  Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact 
>>>>> LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
>>>>>
>>>>> *Back-trace down to root-cause:*
>>>>>
>>>>>1. Certificate of LDAP server can't be verified -> No connection 
>>>>>possible
>>>>>2. LDAP client library is *not* configured to access system-wide 
>>>>>certificates as located in /etc/ssl/certs (Should be configured in 
>>>>>/etc/ldap/ldap.conf, but whole directory is missing)
>>>>>3. Directory is missing, because package libldap-common is not 
>>>>>installed
>>>>>4. Chain of dependencies leading to installation:
>>>>>   1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* 
>>>>>   libldap-common 
>>>>>   2. RB 6.0 image:  curl -> libcurl4 -> libldap-2.5-0 
>>>>>   *-RECOMMENDS->* libldap-common
>>>>>   *=> Package libldap-common is not installed because its 
>>>>>   relationship changed from "dependents" to "recommends":* 
>>>>>   Before: https://packages.ubuntu.com/focal/libldap-2.4-2 Now: 
>>>>>   https://packages.ubuntu.com/jammy-updates/libldap-2.5-0  
>>>>>   *and*  OS packages are installed with --no-install-recommends
>>>>>
>>>>> For now, I'll live with explicitly installing libldap-common in my own 
>>>>> image that is derived from beanbag/reviewboard:6.0. But IMO it would be 
>>>>> better to solve this in the base image.
>>>>>
>>>>> *Possible solutions:*
&g

Re: libldap-common missing in beanbag/reviewboard:6.0 and above

[Christian Hammond]

Hmm, that should have been picked up. Let me take another look.

Christian


-- 
Christian Hammond
President/CEO of Beanbag
Makers of Review Board


On Wed, Mar 6, 2024 at 10:45 'Florian Miedniak' via Review Board Community <
reviewboard@googlegroups.com> wrote:

> Unfortunately, not … :-/
>
>
>
> It seems the change of the Dockerfile (
> https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t
> )
>
> didn’t make it into the updated docker image:
> https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore
>
>
>
> -Florian
>
> On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote:
>
>> Thanks for the report and the patch! We’ve deployed new images with this
>> library installed, so hopefully that sorts things out.
>>
>> Christian
>>
>> --
>> Christian Hammond
>> President/CEO of Beanbag
>> Makers of Review Board
>>
>>
>> On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board
>> Community  wrote:
>>
>>> https://hellosplat.com/s/beanbag/tickets/5023/
>>>
>>> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:
>>>
>>>> I just stumbled upon this: libldap-common missing in
>>>> beanbag/reviewboard:6.0 and above.
>>>>
>>>> This has a nasty consequence: Verification of LDAPS servers with
>>>> non-public certificates is not possible anymore! Instead, RB will just
>>>> report the very unspecific error:
>>>>  Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact
>>>> LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
>>>>
>>>> *Back-trace down to root-cause:*
>>>>
>>>>1. Certificate of LDAP server can't be verified -> No connection
>>>>possible
>>>>2. LDAP client library is *not* configured to access system-wide
>>>>certificates as located in /etc/ssl/certs (Should be configured in
>>>>/etc/ldap/ldap.conf, but whole directory is missing)
>>>>3. Directory is missing, because package libldap-common is not
>>>>installed
>>>>4. Chain of dependencies leading to installation:
>>>>   1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->*
>>>>   libldap-common
>>>>   2. RB 6.0 image:  curl -> libcurl4 -> libldap-2.5-0
>>>>   *-RECOMMENDS->* libldap-common
>>>>   *=> Package libldap-common is not installed because its
>>>>   relationship changed from "dependents" to "recommends":* Before:
>>>>   https://packages.ubuntu.com/focal/libldap-2.4-2 Now:
>>>>   https://packages.ubuntu.com/jammy-updates/libldap-2.5-0
>>>>   *and*  OS packages are installed with --no-install-recommends
>>>>
>>>> For now, I'll live with explicitly installing libldap-common in my own
>>>> image that is derived from beanbag/reviewboard:6.0. But IMO it would be
>>>> better to solve this in the base image.
>>>>
>>>> *Possible solutions:*
>>>> (a) Remove the --no-install-recommends from call to apt-get
>>>> + No explicit installation of libldap-common necessary, reduces risk of
>>>> similar issues with other packages in future
>>>> - May bloat the image with other packages that are neither wanted nor
>>>> needed
>>>> (b) Explicitly install package libldap-common
>>>> + Reduces risk of bloating the image and minimizes change in images
>>>>
>>>> Any opinions on that? Anyway, is
>>>> https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile
>>>> the correct file to look at and may I open  a pull request for this right
>>>> away or is it usual to discuss it first in this group?
>>>>
>>>> -Florian
>>>>
>>> --
>>> Supercharge your Review Board with Power Pack:
>>> https://www.reviewboard.org/powerpack/
>>> Want us to host Review Board for you? Check out RBCommons:
>>> https://rbcommons.com/
>>> Happy user? Let us know! https://www.reviewboard.org/users/
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Review Board Community" group.
>>>
>

Re: libldap-common missing in beanbag/reviewboard:6.0 and above

['Florian Miedniak' via Review Board Community]

Unfortunately, not … :-/

 

It seems the change of the Dockerfile (
https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t
)

didn’t make it into the updated docker image: 
https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore

 

-Florian

On Wednesday, March 6, 2024 at 7:33:26 PM UTC+1 Christian Hammond wrote:

> Thanks for the report and the patch! We’ve deployed new images with this 
> library installed, so hopefully that sorts things out.
>
> Christian
>
> -- 
> Christian Hammond
> President/CEO of Beanbag
> Makers of Review Board
>
>
> On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community 
>  wrote:
>
>> https://hellosplat.com/s/beanbag/tickets/5023/
>>
>> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:
>>
>>> I just stumbled upon this: libldap-common missing in 
>>> beanbag/reviewboard:6.0 and above.
>>>
>>> This has a nasty consequence: Verification of LDAPS servers with 
>>> non-public certificates is not possible anymore! Instead, RB will just 
>>> report the very unspecific error:
>>>  Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact 
>>> LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
>>>
>>> *Back-trace down to root-cause:*
>>>
>>>1. Certificate of LDAP server can't be verified -> No connection 
>>>possible
>>>2. LDAP client library is *not* configured to access system-wide 
>>>certificates as located in /etc/ssl/certs (Should be configured in 
>>>/etc/ldap/ldap.conf, but whole directory is missing)
>>>3. Directory is missing, because package libldap-common is not 
>>>installed
>>>4. Chain of dependencies leading to installation:
>>>   1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* 
>>>   libldap-common 
>>>   2. RB 6.0 image:  curl -> libcurl4 -> libldap-2.5-0 
>>>   *-RECOMMENDS->* libldap-common
>>>   *=> Package libldap-common is not installed because its 
>>>   relationship changed from "dependents" to "recommends":* Before: 
>>>   https://packages.ubuntu.com/focal/libldap-2.4-2 Now: 
>>>   https://packages.ubuntu.com/jammy-updates/libldap-2.5-0  
>>>   *and*  OS packages are installed with --no-install-recommends
>>>
>>> For now, I'll live with explicitly installing libldap-common in my own 
>>> image that is derived from beanbag/reviewboard:6.0. But IMO it would be 
>>> better to solve this in the base image.
>>>
>>> *Possible solutions:*
>>> (a) Remove the --no-install-recommends from call to apt-get
>>> + No explicit installation of libldap-common necessary, reduces risk of 
>>> similar issues with other packages in future
>>> - May bloat the image with other packages that are neither wanted nor 
>>> needed
>>> (b) Explicitly install package libldap-common
>>> + Reduces risk of bloating the image and minimizes change in images
>>>
>>> Any opinions on that? Anyway, is 
>>> https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile
>>>  
>>> the correct file to look at and may I open  a pull request for this right 
>>> away or is it usual to discuss it first in this group?
>>>
>>> -Florian
>>>
>> -- 
>> Supercharge your Review Board with Power Pack: 
>> https://www.reviewboard.org/powerpack/
>> Want us to host Review Board for you? Check out RBCommons: 
>> https://rbcommons.com/
>> Happy user? Let us know! https://www.reviewboard.org/users/
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "Review Board Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to reviewboard...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com?utm_medium=email_source=footer>
>> .
>>
>

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/reviewboard/0786dd31-bbc8-4836-8963-65598188d444n%40googlegroups.com.

RE: libldap-common missing in beanbag/reviewboard:6.0 and above

['Florian Miedniak' via Review Board Community]

Unfortunately, not … :-/

It seems the change of the Dockerfile 
(https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t)
didn’t make it into the updated docker image: 
https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore

-Florian

From: reviewboard@googlegroups.com  On Behalf Of 
Christian Hammond
Sent: Mittwoch, 6. März 2024 19:33
To: reviewboard@googlegroups.com
Subject: Re: libldap-common missing in beanbag/reviewboard:6.0 and above

BeSecure!
This email comes from outside of ABB. Make sure you verify the sender before 
clicking any links or downloading/opening attachments.
If this email looks suspicious, report it by clicking 'Report Phishing' button 
in Outlook or raising a ticket on MyIS.

Thanks for the report and the patch! We’ve deployed new images with this 
library installed, so hopefully that sorts things out.

Christian

--
Christian Hammond
President/CEO of Beanbag
Makers of Review Board


On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community 
mailto:reviewboard@googlegroups.com>> wrote:
https://hellosplat.com/s/beanbag/tickets/5023/<https://urldefense.com/v3/__https:/hellosplat.com/s/beanbag/tickets/5023/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2vRQYhRk$>
On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:
I just stumbled upon this: libldap-common missing in beanbag/reviewboard:6.0 
and above.

This has a nasty consequence: Verification of LDAPS servers with non-public 
certificates is not possible anymore! Instead, RB will just report the very 
unspecific error:
 Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact LDAP 
server", 'ctrls': [], 'info': '(unknown error code)'}

Back-trace down to root-cause:

  1.  Certificate of LDAP server can't be verified -> No connection possible
  2.  LDAP client library is not configured to access system-wide certificates 
as located in /etc/ssl/certs (Should be configured in /etc/ldap/ldap.conf, but 
whole directory is missing)
  3.  Directory is missing, because package libldap-common is not installed
  4.  Chain of dependencies leading to installation:

 *   RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 -DEPENDS-> 
libldap-common
 *   RB 6.0 image:  curl -> libcurl4 -> libldap-2.5-0 -RECOMMENDS-> 
libldap-common
=> Package libldap-common is not installed because its relationship changed 
from "dependents" to "recommends": Before: 
https://packages.ubuntu.com/focal/libldap-2.4-2<https://urldefense.com/v3/__https:/packages.ubuntu.com/focal/libldap-2.4-2__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2WdFJ1-M$>
 Now: 
https://packages.ubuntu.com/jammy-updates/libldap-2.5-0<https://urldefense.com/v3/__https:/packages.ubuntu.com/jammy-updates/libldap-2.5-0__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2r-4W_E0$>
and  OS packages are installed with --no-install-recommends
For now, I'll live with explicitly installing libldap-common in my own image 
that is derived from beanbag/reviewboard:6.0. But IMO it would be better to 
solve this in the base image.

Possible solutions:
(a) Remove the --no-install-recommends from call to apt-get
+ No explicit installation of libldap-common necessary, reduces risk of similar 
issues with other packages in future
- May bloat the image with other packages that are neither wanted nor needed
(b) Explicitly install package libldap-common
+ Reduces risk of bloating the image and minimizes change in images

Any opinions on that? Anyway, is 
https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile<https://urldefense.com/v3/__https:/github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2vS1wcoE$>
 the correct file to look at and may I open  a pull request for this right away 
or is it usual to discuss it first in this group?

-Florian
--
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/<https://urldefense.com/v3/__https:/www.reviewboard.org/powerpack/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2peDBxmA$>
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/<https://urldefense.com/v3/__https:/rbcommons.com/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2SCzRILQ$>
Happy user? Let us know! 
https://www.reviewboard.org/users/<https://urldefense.com/v3/__https:/www.reviewboard.org/users/__;!!N

Re: libldap-common missing in beanbag/reviewboard:6.0 and above

[Christian Hammond]

Thanks for the report and the patch! We’ve deployed new images with this
library installed, so hopefully that sorts things out.

Christian

-- 
Christian Hammond
President/CEO of Beanbag
Makers of Review Board


On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community <
reviewboard@googlegroups.com> wrote:

> https://hellosplat.com/s/beanbag/tickets/5023/
>
> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:
>
>> I just stumbled upon this: libldap-common missing in
>> beanbag/reviewboard:6.0 and above.
>>
>> This has a nasty consequence: Verification of LDAPS servers with
>> non-public certificates is not possible anymore! Instead, RB will just
>> report the very unspecific error:
>>  Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact
>> LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
>>
>> *Back-trace down to root-cause:*
>>
>>1. Certificate of LDAP server can't be verified -> No connection
>>possible
>>2. LDAP client library is *not* configured to access system-wide
>>certificates as located in /etc/ssl/certs (Should be configured in
>>/etc/ldap/ldap.conf, but whole directory is missing)
>>3. Directory is missing, because package libldap-common is not
>>installed
>>4. Chain of dependencies leading to installation:
>>   1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->*
>>   libldap-common
>>   2. RB 6.0 image:  curl -> libcurl4 -> libldap-2.5-0 *-RECOMMENDS->*
>>   libldap-common
>>   *=> Package libldap-common is not installed because its
>>   relationship changed from "dependents" to "recommends":* Before:
>>   https://packages.ubuntu.com/focal/libldap-2.4-2 Now:
>>   https://packages.ubuntu.com/jammy-updates/libldap-2.5-0
>>   *and*  OS packages are installed with --no-install-recommends
>>
>> For now, I'll live with explicitly installing libldap-common in my own
>> image that is derived from beanbag/reviewboard:6.0. But IMO it would be
>> better to solve this in the base image.
>>
>> *Possible solutions:*
>> (a) Remove the --no-install-recommends from call to apt-get
>> + No explicit installation of libldap-common necessary, reduces risk of
>> similar issues with other packages in future
>> - May bloat the image with other packages that are neither wanted nor
>> needed
>> (b) Explicitly install package libldap-common
>> + Reduces risk of bloating the image and minimizes change in images
>>
>> Any opinions on that? Anyway, is
>> https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile
>> the correct file to look at and may I open  a pull request for this right
>> away or is it usual to discuss it first in this group?
>>
>> -Florian
>>
> --
> Supercharge your Review Board with Power Pack:
> https://www.reviewboard.org/powerpack/
> Want us to host Review Board for you? Check out RBCommons:
> https://rbcommons.com/
> Happy user? Let us know! https://www.reviewboard.org/users/
> ---
> You received this message because you are subscribed to the Google Groups
> "Review Board Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to reviewboard+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com
> <https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com?utm_medium=email_source=footer>
> .
>

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/reviewboard/CAE7VndnCUeBwWudqqDwWbEFZvTxHp2qbRax8mRQzChH7xRWJkg%40mail.gmail.com.

Re: libldap-common missing in beanbag/reviewboard:6.0 and above

['Florian Miedniak' via Review Board Community]

https://hellosplat.com/s/beanbag/tickets/5023/

On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote:

> I just stumbled upon this: libldap-common missing in 
> beanbag/reviewboard:6.0 and above.
>
> This has a nasty consequence: Verification of LDAPS servers with 
> non-public certificates is not possible anymore! Instead, RB will just 
> report the very unspecific error:
>  Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact 
> LDAP server", 'ctrls': [], 'info': '(unknown error code)'}
>
> *Back-trace down to root-cause:*
>
>1. Certificate of LDAP server can't be verified -> No connection 
>possible
>2. LDAP client library is *not* configured to access system-wide 
>certificates as located in /etc/ssl/certs (Should be configured in 
>/etc/ldap/ldap.conf, but whole directory is missing)
>3. Directory is missing, because package libldap-common is not 
>installed
>4. Chain of dependencies leading to installation:
>   1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* 
>   libldap-common 
>   2. RB 6.0 image:  curl -> libcurl4 -> libldap-2.5-0 *-RECOMMENDS->* 
>   libldap-common
>   *=> Package libldap-common is not installed because its 
>   relationship changed from "dependents" to "recommends":* Before: 
>   https://packages.ubuntu.com/focal/libldap-2.4-2 Now: 
>   https://packages.ubuntu.com/jammy-updates/libldap-2.5-0  
>   *and*  OS packages are installed with --no-install-recommends
>
> For now, I'll live with explicitly installing libldap-common in my own 
> image that is derived from beanbag/reviewboard:6.0. But IMO it would be 
> better to solve this in the base image.
>
> *Possible solutions:*
> (a) Remove the --no-install-recommends from call to apt-get
> + No explicit installation of libldap-common necessary, reduces risk of 
> similar issues with other packages in future
> - May bloat the image with other packages that are neither wanted nor 
> needed
> (b) Explicitly install package libldap-common
> + Reduces risk of bloating the image and minimizes change in images
>
> Any opinions on that? Anyway, is 
> https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile
>  
> the correct file to look at and may I open  a pull request for this right 
> away or is it usual to discuss it first in this group?
>
> -Florian
>

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com.

libldap-common missing in beanbag/reviewboard:6.0 and above

[Florian Miedniak]

I just stumbled upon this: libldap-common missing in 
beanbag/reviewboard:6.0 and above.

This has a nasty consequence: Verification of LDAPS servers with non-public 
certificates is not possible anymore! Instead, RB will just report the very 
unspecific error:
 Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact LDAP 
server", 'ctrls': [], 'info': '(unknown error code)'}

*Back-trace down to root-cause:*

   1. Certificate of LDAP server can't be verified -> No connection possible
   2. LDAP client library is *not* configured to access system-wide 
   certificates as located in /etc/ssl/certs (Should be configured in 
   /etc/ldap/ldap.conf, but whole directory is missing)
   3. Directory is missing, because package libldap-common is not installed
   4. Chain of dependencies leading to installation:
  1. RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 *-DEPENDS->* 
  libldap-common 
  2. RB 6.0 image:  curl -> libcurl4 -> libldap-2.5-0 *-RECOMMENDS->* 
  libldap-common
  *=> Package libldap-common is not installed because its relationship 
  changed from "dependents" to "recommends":* 
  Before: https://packages.ubuntu.com/focal/libldap-2.4-2 
  Now: https://packages.ubuntu.com/jammy-updates/libldap-2.5-0  
  *and*  OS packages are installed with --no-install-recommends
   
For now, I'll live with explicitly installing libldap-common in my own 
image that is derived from beanbag/reviewboard:6.0. But IMO it would be 
better to solve this in the base image.

*Possible solutions:*
(a) Remove the --no-install-recommends from call to apt-get
+ No explicit installation of libldap-common necessary, reduces risk of 
similar issues with other packages in future
- May bloat the image with other packages that are neither wanted nor needed
(b) Explicitly install package libldap-common
+ Reduces risk of bloating the image and minimizes change in images

Any opinions on that? Anyway, 
is 
https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile
 
the correct file to look at and may I open  a pull request for this right 
away or is it usual to discuss it first in this group?

-Florian

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/reviewboard/ae32def5-32cb-4e40-bc0b-2e7265f964e0n%40googlegroups.com.