Bug#1066096: bookworm-pu: package libpod/4.3.1+ds1-8+deb12u1

[Jérôme Charaoui]

Le 2024-03-29 à 16 h 09, Jonathan Wiltshire a écrit :

Control: tag -1 moreinfo

Hi,

On Tue, Mar 12, 2024 at 10:24:16AM -0400, Jérôme Charaoui wrote:

Low, the patch is small (3 lines) and is
strictly designed to gracefully handle the
identified race condition.


The uploaded package also drops the .gitlab-ci.yml, is that intentional?


No, it isn't intentional, but it seems to me either that, or modifying 
debian/clean which specifically lists "debian/.gitlab-ci.yml". This was 
fixed in a later version of the source package.


-- Jérôme

Bug#1066096: bookworm-pu: package libpod/4.3.1+ds1-8+deb12u1

[Jonathan Wiltshire]

Control: tag -1 moreinfo

Hi,

On Tue, Mar 12, 2024 at 10:24:16AM -0400, Jérôme Charaoui wrote:
> Low, the patch is small (3 lines) and is
> strictly designed to gracefully handle the
> identified race condition.

The uploaded package also drops the .gitlab-ci.yml, is that intentional?

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1066096: bookworm-pu: package libpod/4.3.1+ds1-8+deb12u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2024-03-12 at 10:24 -0400, Jérôme Charaoui wrote:
> podman in bookworm suffers from a race condition which causes the 
> "network ls" command to fail intermittently in certain scenarios

Please go ahead.

Regards,

Adam

Bug#1066096: bookworm-pu: package libpod/4.3.1+ds1-8+deb12u1

[Jérôme Charaoui]

Just noting that I'm aware in the provided debdiff, the d/changelog 
entry is missing the Closes: tag.


This is already fixed in the upload I'm preparing, but if requested I 
can upload a new .debdiff without issue.


Also, as this is an NMU in its current form, I've also been in touch 
with the package maintainers in order to get additonal review and approval.


Thanks.

Bug#1066096: bookworm-pu: package libpod/4.3.1+ds1-8+deb12u1

[Jérôme Charaoui]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
Control: affects -1 + src:podman
X-Debbugs-Cc: pod...@packages.debian.org

[ Reason ]

podman in bookworm suffers from a race condition which causes the 
"network ls" command to fail intermittently in certain scenarios


[ Impact ]

The issue is responsible for intermittent failures when using podman as 
a GitLab CI runner executor and the 'FF_NETWORK_PER_BUILD' runner flag 
is enabled. This bug has been reported on the BTS at #1059496.


[ Risk ]

Low, the patch is small (3 lines) and is strictly designed to gracefully 
handle the identified race condition.


[ Tests ]

Autopkgtests are passing, and we've deployed this package on a small 
fleet of GitLab CI runners for several weeks without issue of any kind, 
and confirming the failures caused by the race condition do not occur 
anymore.


[ Checklist ]

  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]

The debdiff consists of the addition of a patch cherry-picked from 
upstream to gracefully handle a race condition in the "network ls" 
podman subcommand.


Thank you.

-- Jérôme
diff -Nru libpod-4.3.1+ds1/debian/changelog libpod-4.3.1+ds1/debian/changelog
--- libpod-4.3.1+ds1/debian/changelog   2023-04-30 08:19:54.0 -0400
+++ libpod-4.3.1+ds1/debian/changelog   2024-02-26 09:30:29.0 -0500
@@ -1,3 +1,10 @@
+libpod (4.3.1+ds1-8+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * d/patches: backport fix for removed container handling
+
+ -- Jérôme Charaoui   Mon, 26 Feb 2024 09:30:29 -0500
+
 libpod (4.3.1+ds1-8) unstable; urgency=medium
 
   * [upstream] unbreak using docker as client
diff -Nru libpod-4.3.1+ds1/debian/patches/fix-removed-container-handling.patch 
libpod-4.3.1+ds1/debian/patches/fix-removed-container-handling.patch
--- libpod-4.3.1+ds1/debian/patches/fix-removed-container-handling.patch
1969-12-31 19:00:00.0 -0500
+++ libpod-4.3.1+ds1/debian/patches/fix-removed-container-handling.patch
2024-02-26 09:30:29.0 -0500
@@ -0,0 +1,28 @@
+From: Valentin Rothberg 
+Date: Mon, 6 Feb 2023 13:52:40 +0100
+Subject: [PATCH] network ls: handle removed container
+
+Handle a race condition in the REST API when listing networks.
+In between listing all containers and inspecting them, they may have
+already been removed, so handle this case gracefully.
+
+[NO NEW TESTS NEEDED] as it's a race condition.
+
+Fixes: #17341
+
+Forwarded: not-needed
+Origin: upstream, 
https://github.com/containers/podman/commit/ced934284058232c1c3d76956786106d64511f89
+diff --git a/pkg/api/handlers/compat/networks.go 
b/pkg/api/handlers/compat/networks.go
+index 704af4b0e427..587da14361eb 100644
+--- a/pkg/api/handlers/compat/networks.go
 b/pkg/api/handlers/compat/networks.go
+@@ -74,6 +74,9 @@ func convertLibpodNetworktoDockerNetwork(runtime 
*libpod.Runtime, network *netty
+   for _, con := range cons {
+   data, err := con.Inspect(false)
+   if err != nil {
++  if errors.Is(err, define.ErrNoSuchCtr) || 
errors.Is(err, define.ErrCtrRemoved) {
++  continue
++  }
+   return nil, err
+   }
+   if netData, ok := data.NetworkSettings.Networks[network.Name]; 
ok {
diff -Nru libpod-4.3.1+ds1/debian/patches/series 
libpod-4.3.1+ds1/debian/patches/series
--- libpod-4.3.1+ds1/debian/patches/series  2023-04-30 08:19:54.0 
-0400
+++ libpod-4.3.1+ds1/debian/patches/series  2024-02-26 09:30:29.0 
-0500
@@ -3,3 +3,4 @@
 CVE-2023-0778.patch
 fix-podman-client.patch
 show-graphroot-before-removal.patch
+fix-removed-container-handling.patch


OpenPGP_signature.asc
Description: OpenPGP digital signature