Bug#1006905: bullseye-pu: package ostree/2020.8-2+deb11u1
On Tue, 08 Mar 2022 at 01:04:17 +, Simon McVittie wrote: > This update isn't finalized yet, but does it look like something of a > scale that you would be likely to accept in a point release? I've tested and uploaded the proposed update (no changes except for d/changelog, updated diff attached), but please let me know if any of it needs to be reverted. > all are straightforward backports, either from upstream release 2022.2 > (in unstable, not in testing yet) The version I'm backporting from is now in testing. > I will give this some real-world testing via Flatpak on bullseye > before upload (in particular to confirm that the eCryptFS fix has been > successful), but so far it has only had automated tests. I confirm that the eCryptFS issue is indeed fixed by these changes. Thanks, smcv diffstat for ostree-2020.8 ostree-2020.8 debian/changelog | 27 debian/control |2 debian/gbp.conf|2 debian/patches/Fall-back-if-copy_file_range-fails-with-EINVAL.patch| 31 + debian/patches/Fix-marking-static-delta-commits-as-partial.patch | 60 ++ debian/patches/Fix-translation-of-file-URIs-into-paths.patch | 57 + debian/patches/lib-Fix-a-bad-call-to-g_file_get_child.patch| 39 ++ debian/patches/libotutil-Avoid-infinite-recursion-during-error-unwinding.patch | 36 ++ debian/patches/series |5 libglnx/glnx-fdio.c|2 src/libostree/ostree-repo-checkout.c |2 src/libostree/ostree-repo-pull.c |7 - src/libotutil/ot-variant-builder.c |2 13 files changed, 265 insertions(+), 7 deletions(-) diff -Nru ostree-2020.8/debian/changelog ostree-2020.8/debian/changelog --- ostree-2020.8/debian/changelog 2020-11-22 13:24:35.0 + +++ ostree-2020.8/debian/changelog 2022-03-10 11:59:18.0 + @@ -1,3 +1,30 @@ +ostree (2020.8-2+deb11u1) bullseye; urgency=medium + + * d/gbp.conf, d/control: Branch for Debian 11 updates + * Backport various bug fixes from newer libostree releases. +Each of these fixes an issue that was reported against Flatpak when +using the libostree from Debian 11, either via bullseye or +buster-backports. +- d/p/Fall-back-if-copy_file_range-fails-with-EINVAL.patch: + Add patch to fall back if copy_file_range fails with EINVAL. + This fixes an incompatibility with eCryptFS, in particular when + using Flatpak in an eCryptFS home directory. (Closes: #1004467) +- d/p/libotutil-Avoid-infinite-recursion-during-error-unwinding.patch: + Avoid infinite recursion when recovering from certain errors, in + particular the one that was a symptom of #1004467. +- d/p/Fix-marking-static-delta-commits-as-partial.patch: + Mark commits as partial before downloading, to avoid Flatpak and other + ostree users getting into a state where a failed download cannot be + resumed. +- d/p/lib-Fix-a-bad-call-to-g_file_get_child.patch: + Fix an assertion failure when using a backport or local build of + GLib >= 2.71 +- d/p/Fix-translation-of-file-URIs-into-paths.patch: + Fix the ability to fetch OSTree content from paths containing + non-URI characters (such as backslashes) or non-ASCII + + -- Simon McVittie Thu, 10 Mar 2022 11:59:18 + + ostree (2020.8-2) unstable; urgency=medium * d/p/test-pull-summary-sigs-Set-timestamps-to-serve-expected-f.patch: diff -Nru ostree-2020.8/debian/control ostree-2020.8/debian/control --- ostree-2020.8/debian/control 2020-11-22 13:24:35.0 + +++ ostree-2020.8/debian/control 2022-03-10 11:59:18.0 + @@ -49,7 +49,7 @@ Rules-Requires-Root: no Standards-Version: 4.5.0 Homepage: https://github.com/ostreedev/ostree/ -Vcs-Git: https://salsa.debian.org/debian/ostree.git +Vcs-Git: https://salsa.debian.org/debian/ostree.git -b debian/bullseye Vcs-Browser: https://salsa.debian.org/debian/ostree Package: gir1.2-ostree-1.0 diff -Nru ostree-2020.8/debian/gbp.conf ostree-2020.8/debian/gbp.conf --- ostree-2020.8/debian/gbp.conf 2020-11-22 13:24:35.0 + +++ ostree-2020.8/debian/gbp.conf 2022-03-10 11:59:18.0 + @@ -1,7 +1,7 @@ [DEFAULT] pristine-tar = True compression = xz -debian-branch = debian/master +debian-branch = debian/bullseye upstream-branch = upstream/latest patch-numbers = False upstream-vcs-tag = v%(version)s diff -Nru ostree-2020.8/debian/patches/Fall-back-if-copy_file_range-fails-with-EINVAL.patch
Bug#1006905: bullseye-pu: package ostree/2020.8-2+deb11u1
On Mon, Mar 7, 2022 at 6:09 PM Simon McVittie wrote: > > If d/p/Fall-back-if-copy_file_range-fails-with-EINVAL.patch is not applied, > users with an eCryptFS encrypted home directory cannot use `flatpak --user`. > If they had already configured all necessary remotes before encrypting the > home directory, the symptom is that `flatpak build-bundle` crashes; if not, > from my tests on unstable, it appears that the symptom is that > `flatpak remote-add` fails. (#1004467) > There are indications from upstream bug reports that this patch might > also fix similar issues for ZFS users, although this is not yet confirmed. This is a safe patch as it just extends the cases where a fallback will be run. Since it affects all users of ecryptfs, it seems like a good idea to include. > If d/p/Fix-marking-static-delta-commits-as-partial.patch is not applied, > interrupted downloads can result in a corrupted local repository, requiring > manual cleanup via `flatpak repair` or `ostree fsck`. This is a really unfortunate bug in ostree that should be fixed ASAP. For Endless I'm going to backport this to all of our supported stable branches but haven't gotten around to it yet. > If d/p/libotutil-Avoid-infinite-recursion-during-error-unwinding.patch is > not applied, some failure modes (in particular the symptom of #1004467) > lead to a crash instead of a graceful failure. The change here is clearly correct and should have no unintended side effects. Since this also affects all users of ecryptfs, it's a good idea to have it in stable. > If d/p/Fix-translation-of-file-URIs-into-paths.patch is not applied, > users will be unable to install Flatpak apps from paths on the local > filesystem that contain a backslash or non-ASCII, most commonly during > "sideloading" from a USB stick created by `flatpak create-usb`. We've been shipping this in Endless stable for about a year with no reported issues. > If d/p/lib-Fix-a-bad-call-to-g_file_get_child.patch is not applied, > checking out only a subset of a commit (most frequently seen in Flatpak > when installing locale data) can fail with an assertion failure if a > backport or local build of GLib 2.71 is in use. I'm a little unsure about > this one for bullseye, since I would generally not recommend backporting > something as foundational as GLib, but it's a one-line fix. With my > GNOME team hat on, we need to get GLib >= 2.72 into bookworm within the > next few weeks, so if someone does a backport of bookworm's GLib into > bullseye-backports, then the priority of this change will suddenly go up. Even though this would only manifest with a newer GLib release, I think this is a good idea to include in bullseye. It's a bit unfortunate that GLib changed the semantics of g_file_get_child, but the change makes OSTree checkouts more robust all around in the face of user supplied subpaths. > [ Risks ] > I would say this is low-risk. They're narrowly-targeted patches, and > all are straightforward backports, either from upstream release 2022.2 > (in unstable, not in testing yet) or from older releases that are already > in testing. I would agree that this is low risk. These patches fix real bugs, were vetted by upstream, and are narrowly scoped. I think the risk of regressions is very low. These are all things I plan to put in our stable branch for Endless (I actually have the task to do that this week). -- Dan
Bug#1006905: bullseye-pu: package ostree/2020.8-2+deb11u1
Package: release.debian.org Severity: normal Tags: bullseye User: release.debian@packages.debian.org Usertags: pu X-Debbugs-Cc: Dan Nicholson This update isn't finalized yet, but does it look like something of a scale that you would be likely to accept in a point release? [ Reason ] Backport several bug fixes from testing/unstable, prompted by a user request in #1004467 and various issues reported to Flatpak upstream [ Impact ] In descending priority order: If d/p/Fall-back-if-copy_file_range-fails-with-EINVAL.patch is not applied, users with an eCryptFS encrypted home directory cannot use `flatpak --user`. If they had already configured all necessary remotes before encrypting the home directory, the symptom is that `flatpak build-bundle` crashes; if not, from my tests on unstable, it appears that the symptom is that `flatpak remote-add` fails. (#1004467) There are indications from upstream bug reports that this patch might also fix similar issues for ZFS users, although this is not yet confirmed. If d/p/Fix-marking-static-delta-commits-as-partial.patch is not applied, interrupted downloads can result in a corrupted local repository, requiring manual cleanup via `flatpak repair` or `ostree fsck`. If d/p/libotutil-Avoid-infinite-recursion-during-error-unwinding.patch is not applied, some failure modes (in particular the symptom of #1004467) lead to a crash instead of a graceful failure. If d/p/Fix-translation-of-file-URIs-into-paths.patch is not applied, users will be unable to install Flatpak apps from paths on the local filesystem that contain a backslash or non-ASCII, most commonly during "sideloading" from a USB stick created by `flatpak create-usb`. If d/p/lib-Fix-a-bad-call-to-g_file_get_child.patch is not applied, checking out only a subset of a commit (most frequently seen in Flatpak when installing locale data) can fail with an assertion failure if a backport or local build of GLib 2.71 is in use. I'm a little unsure about this one for bullseye, since I would generally not recommend backporting something as foundational as GLib, but it's a one-line fix. With my GNOME team hat on, we need to get GLib >= 2.72 into bookworm within the next few weeks, so if someone does a backport of bookworm's GLib into bullseye-backports, then the priority of this change will suddenly go up. [ Tests ] Automated tests are run at build-time and via autopkgtest, and pass. Build-time and ci.debian.net coverage are limited by the buildd and debci testbed using schroot/lxc, which prevents some of the more exotic scenarios from being tested, but I run tests on an amd64 qemu VM before each upload and those also pass. I will give this some real-world testing via Flatpak on bullseye before upload (in particular to confirm that the eCryptFS fix has been successful), but so far it has only had automated tests. [ Risks ] I would say this is low-risk. They're narrowly-targeted patches, and all are straightforward backports, either from upstream release 2022.2 (in unstable, not in testing yet) or from older releases that are already in testing. If one of these changes does cause a regression, then it's most likely to be something similar to the bugs I'm fixing: a crash in a very specific scenario that most Flatpak users don't exercise. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] See d/changelog, the Impact description above, and the individual patches for details. [ Other info ] I'm open to suggestions for additional patches with a similar risk/impact ratio. I've cc'd Dan Nicholson, who maintains the fork of our Flatpak and libostree packages in Endless, a Debian derivative that makes very heavy use of both Flatpak and libostree. diff --git a/debian/changelog b/debian/changelog index 3e4cd1b0..0bd98941 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,30 @@ +ostree (2020.8-2+deb11u1) UNRELEASED; urgency=medium + + * d/gbp.conf, d/control: Branch for Debian 11 updates + * Backport various bug fixes from newer libostree releases. +Each of these fixes an issue that was reported against Flatpak when +using the libostree from Debian 11, either via bullseye or +buster-backports. +- d/p/Fall-back-if-copy_file_range-fails-with-EINVAL.patch: + Add patch to fall back if copy_file_range fails with EINVAL. + This fixes an incompatibility with eCryptFS, in particular when + using Flatpak in an eCryptFS home directory. (Closes: #1004467) +- d/p/libotutil-Avoid-infinite-recursion-during-error-unwinding.patch: + Avoid infinite recursion when recovering from certain errors, in + particular the one that was a symptom of #1004467. +- d/p/Fix-marking-static-delta-commits-as-partial.patch: + Mark commits as partial before downloading, to avoid Flatpak and other + ostree
