[Touch-packages] [Bug 2064096] Re: Services fail to start in noble deployed with TPM+FDE

[Christian Ehrhardt ]

Thanks for the great debug work so far already, I think it is "apparmor
or kernel" enough that we should add those packages and subscribe a few
folks we know dealing with those details - I'd start with jjohansen as
he'd be the best to map us to either knowledge or a known case.

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/2064096

Title:
  Services fail to start in noble deployed with TPM+FDE

Status in apparmor package in Ubuntu:
  New
Status in cups package in Ubuntu:
  Confirmed
Status in rsyslog package in Ubuntu:
  Confirmed
Status in sssd package in Ubuntu:
  Confirmed

Bug description:
  What's known so far:
  - 24.04 desktop deployed with TPM+FDE shows this bug
  - services confined with apparmor that need to access something in 
/run/systemd (like the notify socket) fail to do so, even if the apparmor 
profile is in complain mode. And the apparmor profile does already have rules 
to allow that access
  - only after running aa-disable  can the service start fine
  - paths logged by the apparmor DENIED or ALLOWED messages are missing the 
"/run" prefix from "/run/systemd/..".
  - When we add rules to the profile using "/systemd/" (i.e., also dropping 
the /run prefix), then it works
  - other access in /run/systemd/ are also blocked, but the most noticeable one 
is the notify mechanism
  - comment #2 also states that azure CVM images are also impacted
  - comment #4 has instructions on how to create such a VM locally with LXD vms

  Original description follows:

  This might be related to #2064088

  The rsyslog service is continually timing out and restarting. If I use
  a service drop-in file and change the 'Type' from 'notify' to
  'simple', the service starts and appears to work normally.

  In the journal, I can see the attached apparmor errors. I can't make
  sense of them, but if it's a similar issue to #2064088, then I suspect
  apparmor is preventing the systemd notify function from alerting
  systemd that the service is up and running.

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: rsyslog 8.2312.0-3ubuntu9
  ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1
  Uname: Linux 6.8.0-31-generic x86_64
  ApportVersion: 2.28.1-0ubuntu2
  Architecture: amd64
  CasperMD5CheckMismatches: ./boot/grub/grub.cfg
  CasperMD5CheckResult: fail
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Apr 29 10:37:46 2024
  ProcEnviron:
   LANG=en_GB.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: rsyslog
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2064096/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1876486] Re: systemd breaks due to old libsecomp libs left on the system

[Christian Ehrhardt ]

Hi Jeremy

> I do not understand why bugs like this cannot get fixed even years after
> several people have reported the same issue and the repro steps are clear

I understand this might seem frustrating, but the TL;DR is: Because it
isn't as clear as it might seem

Detail:

As you see throughout the discussions many have tried to recreate it
with those steps but it was not triggering for further debugging.

Just to be sure I did try to recreate again in a new clean system (this
time direct upgrades, no do-release-upgrade) upgrading X-B-F => no
issues. I also rechecked the libseccomp.so files - always had only those
belonging to the current installed version.

As you can see the open question is either:
a) find the details to the steps to really recreate this
or
b) finding out where the older files came from as they have in none of the case 
been part of the system that was upgraded from but from somewhere further in 
the past.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1876486

Title:
  systemd breaks due to old libsecomp libs left on the system

Status in libseccomp package in Ubuntu:
  Expired

Bug description:
  Upgraded Ubuntu 18.04 to 20.04.  Following the upgrade, booting was not 
possible.  The error messages is:
  /sbin/init: symbol lookup error: /lib/systemd/libsystemd-shared-245.so: 
undefined symbol: seccomp_api_get
  [4.608900] Kernel panic - not syncing: Attempted to kill init! 
exitcode=0x7f00
  See also attached photograph of screen during boot.

  Upgrade followed steps from here: 
https://help.ubuntu.com/community/FocalUpgrades/Kubuntu
  With the excpetion that The -d flag was used for the do-release-upgrade:
  sudo do-release-upgrade -d -m desktop

  1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> 
About Ubuntu
  Prior to upgrade: Ubuntu 18.04.4
  After upgrade (but never booted): Ubuntu (Kubuntu) 20.04
  Note that Ubuntu had originally be installed, but kubuntu-desktop was 
recently installed to change to Kubuntu, but no booting problems were 
experienced before updating to 20.04.

  2) The version of the package you are using, via 'apt-cache policy pkgname' 
or by checking in 
  Unknown -- Package version may have changed when upgrading to 20.04.

  3) What you expected to happen
  Boot without kernel panic.

  4) What happened instead
  Could not boot.  Even selecting safe mode from grub could not boot.  Had to 
restore system from backups.  Will not attempt upgrade again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1876486/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"

[Christian Ehrhardt ]

FYI the fix and a related cleanup are merged into upstream apparmor and
I'd expect the next upload to Ubuntu to then fix this issue.

@Martin
Thanks for the extra info for completeness, I assume we might find even more if 
we spend more time (but tat would provide no extra gain).

@John
Up to you then, I'll assign the apparmor task to you to represent that I'm not 
driving that part

** Changed in: chrony (Ubuntu)
 Assignee: (unassigned) => John Johansen (jjohansen)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056739

Title:
  apparmor="DENIED" operation="open" class="file" profile="virt-aa-
  helper" name="/etc/gnutls/config"

Status in apparmor package in Ubuntu:
  In Progress
Status in chrony package in Ubuntu:
  Won't Fix
Status in gnutls28 package in Ubuntu:
  Won't Fix
Status in libvirt package in Ubuntu:
  Won't Fix
Status in apparmor source package in Noble:
  In Progress
Status in chrony source package in Noble:
  Won't Fix
Status in gnutls28 source package in Noble:
  Won't Fix
Status in libvirt source package in Noble:
  Won't Fix

Bug description:
  Christian summarizes this after the great reports by Martin:

  gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
  and added more later.

  Due to that anything linked against gnutls while being apparmor
  isolated now hits similar denials, preventing the desired effect of
  the config change BTW.

  I think for safety we WANT to always allow this access, otherwise
  people will subtly not have crypto control about the more important
  (those isolated) software. Because after the denial I'd expect this to
  not really disable it in the program linked to gnutls (details might
  vary depending what they really use gnutls for).

  I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now
  fixing a few but leaving this open in some others not spotted.

  I'd therefore suggest, but we need to discuss, to therefore change it
  in /etc/apparmor.d/abstractions/base.

  Therefore I'm adding gnutls (and Adrien) as well as apparmor to the
  bug tasks.

  
  --- --- --- --- --- --- --- --- --- --- --- ---
  --- --- --- --- --- --- --- --- --- --- --- ---

  
  Merely booting current noble cloud image with "chrony" installed causes this:

  audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
  operation="open" class="file" profile="/usr/sbin/chronyd"
  name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0

  
  --- --- --- --- --- --- --- --- --- --- --- ---
  --- --- --- --- --- --- --- --- --- --- --- ---

  
  Running any VM in libvirt causes a new AppArmor violation in current noble. 
This is a regression, this didn't happen in any previous release.

  Reproducer:

    virt-install --memory 50 --pxe --virt-type qemu --os-variant
  alpinelinux3.8 --disk none --wait 0 --name test1

  (This is the simplest way to create a test VM. But it's form or shape
  doesn't matter at all).

  Results in lots of

  audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
  operation="open" class="file" profile="virt-aa-helper"
  name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
  requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  libvirt-daemon 10.0.0-2ubuntu1
  apparmor 4.0.0~alpha4-0ubuntu1
  libgnutls30:amd64 3.8.3-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"

[Christian Ehrhardt ]

FYI - submitted as https://gitlab.com/apparmor/apparmor/-/merge_requests/1178
@John if merged, would you mind adding a bug-ref to the Ubuntu upload changelog 
so this bug 2056739 closes?

Given that there seems to be some agreement to fix this in apparmor,
I'll set the other tasks to "Won't Fix"

** Changed in: libvirt (Ubuntu Noble)
   Status: New => Won't Fix

** Changed in: gnutls28 (Ubuntu Noble)
   Status: New => Won't Fix

** Changed in: chrony (Ubuntu Noble)
   Status: New => Won't Fix

** Changed in: apparmor (Ubuntu Noble)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056739

Title:
  apparmor="DENIED" operation="open" class="file" profile="virt-aa-
  helper" name="/etc/gnutls/config"

Status in apparmor package in Ubuntu:
  In Progress
Status in chrony package in Ubuntu:
  New
Status in gnutls28 package in Ubuntu:
  New
Status in libvirt package in Ubuntu:
  New
Status in apparmor source package in Noble:
  In Progress
Status in chrony source package in Noble:
  Won't Fix
Status in gnutls28 source package in Noble:
  Won't Fix
Status in libvirt source package in Noble:
  Won't Fix

Bug description:
  Christian summarizes this after the great reports by Martin:

  gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
  and added more later.

  Due to that anything linked against gnutls while being apparmor
  isolated now hits similar denials, preventing the desired effect of
  the config change BTW.

  I think for safety we WANT to always allow this access, otherwise
  people will subtly not have crypto control about the more important
  (those isolated) software. Because after the denial I'd expect this to
  not really disable it in the program linked to gnutls (details might
  vary depending what they really use gnutls for).

  I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now
  fixing a few but leaving this open in some others not spotted.

  I'd therefore suggest, but we need to discuss, to therefore change it
  in /etc/apparmor.d/abstractions/base.

  Therefore I'm adding gnutls (and Adrien) as well as apparmor to the
  bug tasks.

  
  --- --- --- --- --- --- --- --- --- --- --- ---
  --- --- --- --- --- --- --- --- --- --- --- ---

  
  Merely booting current noble cloud image with "chrony" installed causes this:

  audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
  operation="open" class="file" profile="/usr/sbin/chronyd"
  name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0

  
  --- --- --- --- --- --- --- --- --- --- --- ---
  --- --- --- --- --- --- --- --- --- --- --- ---

  
  Running any VM in libvirt causes a new AppArmor violation in current noble. 
This is a regression, this didn't happen in any previous release.

  Reproducer:

    virt-install --memory 50 --pxe --virt-type qemu --os-variant
  alpinelinux3.8 --disk none --wait 0 --name test1

  (This is the simplest way to create a test VM. But it's form or shape
  doesn't matter at all).

  Results in lots of

  audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
  operation="open" class="file" profile="virt-aa-helper"
  name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
  requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  libvirt-daemon 10.0.0-2ubuntu1
  apparmor 4.0.0~alpha4-0ubuntu1
  libgnutls30:amd64 3.8.3-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"

[Christian Ehrhardt ]

Suggestion would be something like:

--- /etc/apparmor.d/abstractions/crypto.orig2024-03-11 11:05:24.027597234 
+
+++ /etc/apparmor.d/abstractions/crypto 2024-03-11 11:06:12.035895701 +
@@ -24,4 +24,7 @@
   /etc/crypto-policies/*/*.txt r,
   /usr/share/crypto-policies/*/*.txt r,
 
+  # Global gnutls config
+  @{etc_ro}/gnutls/config
+
   include if exists 

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056739

Title:
  apparmor="DENIED" operation="open" class="file" profile="virt-aa-
  helper" name="/etc/gnutls/config"

Status in apparmor package in Ubuntu:
  New
Status in chrony package in Ubuntu:
  New
Status in gnutls28 package in Ubuntu:
  New
Status in libvirt package in Ubuntu:
  New
Status in apparmor source package in Noble:
  New
Status in chrony source package in Noble:
  New
Status in gnutls28 source package in Noble:
  New
Status in libvirt source package in Noble:
  New

Bug description:
  Christian summarizes this after the great reports by Martin:

  gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
  and added more later.

  Due to that anything linked against gnutls while being apparmor
  isolated now hits similar denials, preventing the desired effect of
  the config change BTW.

  I think for safety we WANT to always allow this access, otherwise
  people will subtly not have crypto control about the more important
  (those isolated) software. Because after the denial I'd expect this to
  not really disable it in the program linked to gnutls (details might
  vary depending what they really use gnutls for).

  I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now
  fixing a few but leaving this open in some others not spotted.

  I'd therefore suggest, but we need to discuss, to therefore change it
  in /etc/apparmor.d/abstractions/base.

  Therefore I'm adding gnutls (and Adrien) as well as apparmor to the
  bug tasks.

  
  --- --- --- --- --- --- --- --- --- --- --- ---
  --- --- --- --- --- --- --- --- --- --- --- ---

  
  Merely booting current noble cloud image with "chrony" installed causes this:

  audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
  operation="open" class="file" profile="/usr/sbin/chronyd"
  name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0

  
  --- --- --- --- --- --- --- --- --- --- --- ---
  --- --- --- --- --- --- --- --- --- --- --- ---

  
  Running any VM in libvirt causes a new AppArmor violation in current noble. 
This is a regression, this didn't happen in any previous release.

  Reproducer:

    virt-install --memory 50 --pxe --virt-type qemu --os-variant
  alpinelinux3.8 --disk none --wait 0 --name test1

  (This is the simplest way to create a test VM. But it's form or shape
  doesn't matter at all).

  Results in lots of

  audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
  operation="open" class="file" profile="virt-aa-helper"
  name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
  requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  libvirt-daemon 10.0.0-2ubuntu1
  apparmor 4.0.0~alpha4-0ubuntu1
  libgnutls30:amd64 3.8.3-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"

[Christian Ehrhardt ]

There is precedence in /etc/apparmor.d/abstractions/base holding various rules 
like these
$ grep etc_ro /etc/apparmor.d/abstractions/base
  @{etc_ro}/locale/**  r,
  @{etc_ro}/locale.alias   r,
  @{etc_ro}/localtime  r,
  @{etc_ro}/bindresvport.blacklistr,
  @{etc_ro}/ld.so.cache   mr,
  @{etc_ro}/ld.so.confr,
  @{etc_ro}/ld.so.conf.d/{,*.conf}r,
  @{etc_ro}/ld.so.preload r,
  @{etc_ro}/ld-musl-*.pathr,

I'd think the better fix is to allow it there.

Actually, base isn't the best.
I think it should go into /etc/apparmor.d/abstractions/crypto (which is 
included by base)


If Adrien knows about similar, "whoever uses it should have read access to that 
config to restrict it accordingly" config files we might want to add them all 
in one block there.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2056739

Title:
  apparmor="DENIED" operation="open" class="file" profile="virt-aa-
  helper" name="/etc/gnutls/config"

Status in apparmor package in Ubuntu:
  New
Status in chrony package in Ubuntu:
  New
Status in gnutls28 package in Ubuntu:
  New
Status in libvirt package in Ubuntu:
  New
Status in apparmor source package in Noble:
  New
Status in chrony source package in Noble:
  New
Status in gnutls28 source package in Noble:
  New
Status in libvirt source package in Noble:
  New

Bug description:
  Christian summarizes this after the great reports by Martin:

  gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
  and added more later.

  Due to that anything linked against gnutls while being apparmor
  isolated now hits similar denials, preventing the desired effect of
  the config change BTW.

  I think for safety we WANT to always allow this access, otherwise
  people will subtly not have crypto control about the more important
  (those isolated) software. Because after the denial I'd expect this to
  not really disable it in the program linked to gnutls (details might
  vary depending what they really use gnutls for).

  I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now
  fixing a few but leaving this open in some others not spotted.

  I'd therefore suggest, but we need to discuss, to therefore change it
  in /etc/apparmor.d/abstractions/base.

  Therefore I'm adding gnutls (and Adrien) as well as apparmor to the
  bug tasks.

  
  --- --- --- --- --- --- --- --- --- --- --- ---
  --- --- --- --- --- --- --- --- --- --- --- ---

  
  Merely booting current noble cloud image with "chrony" installed causes this:

  audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
  operation="open" class="file" profile="/usr/sbin/chronyd"
  name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0

  
  --- --- --- --- --- --- --- --- --- --- --- ---
  --- --- --- --- --- --- --- --- --- --- --- ---

  
  Running any VM in libvirt causes a new AppArmor violation in current noble. 
This is a regression, this didn't happen in any previous release.

  Reproducer:

    virt-install --memory 50 --pxe --virt-type qemu --os-variant
  alpinelinux3.8 --disk none --wait 0 --name test1

  (This is the simplest way to create a test VM. But it's form or shape
  doesn't matter at all).

  Results in lots of

  audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
  operation="open" class="file" profile="virt-aa-helper"
  name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
  requested_mask="r" denied_mask="r" fsuid=0 ouid=0

  libvirt-daemon 10.0.0-2ubuntu1
  apparmor 4.0.0~alpha4-0ubuntu1
  libgnutls30:amd64 3.8.3-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"

[Christian Ehrhardt ]

** Description changed:

+ Christian summarizes this after the great reports by Martin:
+ 
+ gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
+ and added more later.
+ 
+ Due to that anything linked against gnutls while being apparmor isolated
+ now hits similar denials, preventing the desired effect of the config
+ change BTW.
+ 
+ I think for safety we WANT to always allow this access, otherwise people
+ will subtly not have crypto control about the more important (those
+ isolated) software. Because after the denial I'd expect this to not
+ really disable it in the program linked to gnutls (details might vary
+ depending what they really use gnutls for).
+ 
+ I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now
+ fixing a few but leaving this open in some others not spotted.
+ 
+ I'd therefore suggest, but we need to discuss, to therefore change it in
+ /etc/apparmor.d/abstractions/base.
+ 
+ Therefore I'm adding gnutls (and Adrien) as well as apparmor to the bug
+ tasks.
+ 
  ---
  ---
  
  Merely booting current noble cloud image with "chrony" installed causes
  this:
  
  audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
  operation="open" class="file" profile="/usr/sbin/chronyd"
  name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0
  
- --- 
+ ---
  ---
  
  Running any VM in libvirt causes a new AppArmor violation in current
  noble. This is a regression, this didn't happen in any previous release.
  
  Reproducer:
  
    virt-install --memory 50 --pxe --virt-type qemu --os-variant
  alpinelinux3.8 --disk none --wait 0 --name test1
  
  (This is the simplest way to create a test VM. But it's form or shape
  doesn't matter at all).
  
  Results in lots of
  
  audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
  operation="open" class="file" profile="virt-aa-helper"
  name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
  requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  
  libvirt-daemon 10.0.0-2ubuntu1
  apparmor 4.0.0~alpha4-0ubuntu1
  libgnutls30:amd64 3.8.3-1ubuntu1

** Also affects: gnutls28 (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
   Status: New

** Description changed:

  Christian summarizes this after the great reports by Martin:
  
  gnutls started to ship forceful disables in pkg/import/3.8.1-4ubuntu3
  and added more later.
  
  Due to that anything linked against gnutls while being apparmor isolated
  now hits similar denials, preventing the desired effect of the config
  change BTW.
  
  I think for safety we WANT to always allow this access, otherwise people
  will subtly not have crypto control about the more important (those
  isolated) software. Because after the denial I'd expect this to not
  really disable it in the program linked to gnutls (details might vary
  depending what they really use gnutls for).
  
  I do not nkow of a gnutls abstraction to use, but TBH I'm afraid now
  fixing a few but leaving this open in some others not spotted.
  
  I'd therefore suggest, but we need to discuss, to therefore change it in
  /etc/apparmor.d/abstractions/base.
  
  Therefore I'm adding gnutls (and Adrien) as well as apparmor to the bug
  tasks.
  
- ---
- ---
  
- Merely booting current noble cloud image with "chrony" installed causes
- this:
+ --- --- --- --- --- --- --- --- --- --- --- ---
+ --- --- --- --- --- --- --- --- --- --- --- ---
+ 
+ 
+ Merely booting current noble cloud image with "chrony" installed causes this:
  
  audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
  operation="open" class="file" profile="/usr/sbin/chronyd"
  name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
  denied_mask="r" fsuid=0 ouid=0
  
- ---
- ---
  
- Running any VM in libvirt causes a new AppArmor violation in current
- noble. This is a regression, this didn't happen in any previous release.
+ --- --- --- --- --- --- --- --- --- --- --- ---
+ --- --- --- --- --- --- --- --- --- --- --- ---
+ 
+ 
+ Running any VM in libvirt causes a new AppArmor violation in current noble. 
This is a regression, this didn't happen in any previous release.
  
  Reproducer:
  
    virt-install --memory 50 --pxe --virt-type qemu --os-variant
  alpinelinux3.8 --disk none --wait 0 --name test1
  
  (This is the simplest way to create a test VM. But it's form or shape
  doesn't matter at all).
  
  Results in lots of
  
  audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
  operation="open" class="file" profile="virt-aa-helper"
  name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
  requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  
  libvirt-daemon 10.0.0-2ubuntu1
  apparmor 4.0.0~alpha4-0ubuntu1
  libgnutls30:amd64 3.8.3-1ubuntu1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

I've added a section to the release notes summing this up and linking
back here and to some of the past links.

** Changed in: ubuntu-release-notes
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in cloud-images:
  New
Status in Release Notes for Ubuntu:
  Fix Released
Status in Ubuntu on IBM z Systems:
  Opinion
Status in irqbalance package in Ubuntu:
  Opinion
Status in ubuntu-meta package in Ubuntu:
  Fix Released

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

FYI: updated ubuntu-meta, now in noble-proposed as version 1.532

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in cloud-images:
  New
Status in Release Notes for Ubuntu:
  In Progress
Status in Ubuntu on IBM z Systems:
  Opinion
Status in irqbalance package in Ubuntu:
  Opinion
Status in ubuntu-meta package in Ubuntu:
  In Progress

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

FYI: Seed change landed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in cloud-images:
  New
Status in Release Notes for Ubuntu:
  In Progress
Status in Ubuntu on IBM z Systems:
  Opinion
Status in irqbalance package in Ubuntu:
  Opinion
Status in ubuntu-meta package in Ubuntu:
  In Progress

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

Steve was so kind reviewing and approving my proposal.
Doing that now is also helpful as it should make sure it still has quite some 
exposure and thereby chances for people to report issues (vs if we'd land it 
much later like after beta freeze).

Changes will:
- change the seeds in regard to irqbalance, but no change to irqbalance (the 
package)
- need an update of ubuntu-meta
- IMHO we also want a release notes entry.
- CPC might consider re-enabling it as image customization for some as shown in 
comment #39

I'm adjusting the bug tasks and state accordingly.

** Also affects: cloud-images
   Importance: Undecided
   Status: New

** Also affects: ubuntu-release-notes
   Importance: Undecided
   Status: New

** Changed in: ubuntu-release-notes
   Status: New => In Progress

** Changed in: ubuntu-z-systems
   Status: Confirmed => Opinion

** Changed in: irqbalance (Ubuntu)
   Status: Confirmed => Opinion

** Changed in: ubuntu-meta (Ubuntu)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in cloud-images:
  New
Status in Release Notes for Ubuntu:
  In Progress
Status in Ubuntu on IBM z Systems:
  Opinion
Status in irqbalance package in Ubuntu:
  Opinion
Status in ubuntu-meta package in Ubuntu:
  In Progress

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

While there was sadly neither enough time not enough resources to do all
the deep dive analysis that could have been done, we succeeded by
reaching out to many more parties and got their input as well. Thank you
all!

Since Noble feature freeze is coming we need to make a call either way.
I proposed the underlying seed change [1].
And even once accepted that has to be followed by an update to ubuntu-meta.
Furthermore we'd have more follow up, like enabling it in special cases like 
the AWS images for the reasons Fabio mentioned.

Of course this is just a proposal. There are many other options left,
from not changing anything to more subtle counters to my proposal like
only doing so in 24.10 to give things more time, to holding back until
someone found time/resource to gather more data.

But for now, I feel "Not enabling it by default, but enabling
selectively where identified to be wanted" seems to be the better choice
- and that is what I proposed.

[1]: https://code.launchpad.net/~paelzer/ubuntu-
seeds/+git/platform/+merge/460904

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in Ubuntu on IBM z Systems:
  Confirmed
Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

Interesting, that is more towards irqbalance than I heard so far.
thanks Fabio!

So we might end up needing to go like "Generally disabled except this
list of places [...] where it stays enabled".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in Ubuntu on IBM z Systems:
  Confirmed
Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

Hey Henry, thanks for chiming in and I agree in general that tech moved on.
Myself and others said similar before, thanks for adding more details and 
voices - that is what such a discussion is about.

> they just don't go ping-ponging around between

In particular on this aspect, so much has happened with fast devices
often not only "not being bottle-necked" but even  I/O interaction
routing smartly, I mentioned for example rps/xps on here before.

Still, there are even today a few workloads - usually high utilization large 
scale loads that benefit.
Thanks @John for carrying a few of them forward to this bug!


But the more I read, the more people chime in, ... the more one pattern seems 
to crystallize (for me).
I'll try to summarize my gut-feeling so far... (which is my opinion so far, not 
more):
"""
While it seems a few high intensity workloads still can benefit, those are of 
the kind that are usually hand-optimized and could easily pull-in irqbalance if 
needed.

On the other hand the majority of workloads do not care either way - at
least not in an easily provable way.

And furthermore most of the need to have it in the past has been
replaced by newer I/O architectures.

Finally there also have been some cases that suffered from irqbalance
being enabled. Those cases in particular seem to be those of end-users,
often Desktop end users that might not always tune their system
intensely.

For consistency between Server and Desktop I'd prefer to change it in
both in the same way, while the cases still benefiting all where
server'ish there hasn't been a case that would need it by default.

Overall that makes me think that we could indeed change it to not be enabled by 
default anymore in the upcoming Noble release.
"""


I know that Steve (@vorlon) wanted to comment on this as well, maybe we have 
sufficient statements, opinions and at least a bit of data so far to have a 
decision for Noble before Feature freeze?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in Ubuntu on IBM z Systems:
  Confirmed
Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2051572] Re: Always preseed core and snapd snap in server seed

[Christian Ehrhardt ]

On Fri, Feb 16, 2024 at 06:51:46PM -, Philip Roche wrote:
> @vorlon @jchittum @paelzer given the above findings are you still -1 on
> any snap preseeding? Based on the data, I vote not to preseed any snaps.

I was already leaning that way and thank you for adding the data.
I agree to not to preseed any snap (in images where no mandatory snaps are 
present, i.e. not those agent examples you brought up above - these would stay 
as is right?).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/2051572

Title:
  Always preseed core and snapd snap in server seed

Status in ubuntu-meta package in Ubuntu:
  New
Status in ubuntu-meta source package in Noble:
  New

Bug description:
  In removing the LXD snap from preseeding in the server seed for Ubuntu
  24.04 as part LP #2051346 [1] we also removed the snapd snap and the
  core22 snap.

  This means that are subsequent snap install, like LXD, will take much
  longer than expected for a non minimized image.

  Time taken to install LXD snap using the lxd-installer package without
  snapd and core22 preinstalled/seeded

  ```
  ubuntu@cloudimg:~$ time sudo lxd --version
  Installing LXD snap, please be patient.
  5.19

  real  0m29.107s
  user  0m0.006s
  sys   0m0.005s
  ```

  Time taken to install LXD snap using the lxd-installer package with
  snapd and core22 already installed.

  ```
  ubuntu@cloudimg:~$ time sudo lxd --version
  Installing LXD snap, please be patient.
  5.19

  real  0m15.034s
  user  0m0.005s
  sys   0m0.005s
  ```

  This is a significant difference and for a workload we intend to
  remain as a core tested and tracked workload. As such I propose we re-
  introduce core22 and snapd snaps to our seed.

  LXD do intend to move to the core24 snap as their base as I'm sure
  snapd does too so when that does happen we need to update the
  preseeded core snap.

  This bug is to track the work of making that change in the server seed
  @ https://git.launchpad.net/~ubuntu-core-dev/ubuntu-
  seeds/+git/ubuntu/tree/server#n69

  [1] https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/2051346

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/2051572/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2051572] Re: Always preseed core and snapd snap in server seed

[Christian Ehrhardt ]

It was nice to have LXD around and ready for many test/dev workloads,
and I feel it was worth it back then.
But we already replaced it with lxd-installer in minimal environments and it 
was fine there too.
I never heard someone complaining that LXD takes a bit there, but every second 
of boot time seems to be valued highly.

Now that we had to reduce this to the lxd-installer everywhere (Due to
LP #2051346) it is really worth to be re-revaluated. Thank you for
driving this Phil!

IMHO now that your first LXD command will take a bit longer already (due
to fetching LXD snap), the exact amount of that "a bit longer" (as being
more by also fetching snapd and base) seems almost irrelevant as long as
it is in the same ballpark.

On one hand those dev/test environments that use it most, can easily be
made to tolerate the bit of extra time - they usually start with a
barrage of other "install this" anyway that has the same "wait for
network and install" characteristic.

On the other hand reducing size and the initialization effort of it will
save transfer and startup time for everyone - the guessed 3-5 seconds
mentioned/assumed above would be totally worth it IMHO.

---

Furthermore as Simon showed (thanks), by snapd being a baseless snap
we'd not even gain something by having that around already for the
latter fetch of lxd by lxd-installer.

---

I further appreciate John's comment that we should back up some of our
current assumptions (how much will this slow down lxc interactions, how
much will the boot speed gain) with some actual data.

But if that data will not totally upset what we expect, then I very much
agree with Steve in comment #1 and would not optimize for it at the cost
of all others and thereby I'd be fine to not preseed the other bits
there.

---

P.S. I wanted to mention that our perception might also be biased. I
believe (no data) that the closer to Ubuntu development itself you are,
the more likely you use LXD heavily in testing. But that same ratio
likely does not apply to any user of Ubuntu images in the world.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/2051572

Title:
  Always preseed core and snapd snap in server seed

Status in ubuntu-meta package in Ubuntu:
  New
Status in ubuntu-meta source package in Noble:
  New

Bug description:
  In removing the LXD snap from preseeding in the server seed for Ubuntu
  24.04 as part LP #2051346 [1] we also removed the snapd snap and the
  core22 snap.

  This means that are subsequent snap install, like LXD, will take much
  longer than expected for a non minimized image.

  Time taken to install LXD snap using the lxd-installer package without
  snapd and core22 preinstalled/seeded

  ```
  ubuntu@cloudimg:~$ time sudo lxd --version
  Installing LXD snap, please be patient.
  5.19

  real  0m29.107s
  user  0m0.006s
  sys   0m0.005s
  ```

  Time taken to install LXD snap using the lxd-installer package with
  snapd and core22 already installed.

  ```
  ubuntu@cloudimg:~$ time sudo lxd --version
  Installing LXD snap, please be patient.
  5.19

  real  0m15.034s
  user  0m0.005s
  sys   0m0.005s
  ```

  This is a significant difference and for a workload we intend to
  remain as a core tested and tracked workload. As such I propose we re-
  introduce core22 and snapd snaps to our seed.

  LXD do intend to move to the core24 snap as their base as I'm sure
  snapd does too so when that does happen we need to update the
  preseeded core snap.

  This bug is to track the work of making that change in the server seed
  @ https://git.launchpad.net/~ubuntu-core-dev/ubuntu-
  seeds/+git/ubuntu/tree/server#n69

  [1] https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/2051346

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/2051572/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

FYI, multiple parties and people promised me more input, but so far none
has arrived over the last weeks.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in Ubuntu on IBM z Systems:
  Confirmed
Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Please consider no more having irqbalance enabled by default (per image/use-case/TBD)

[Christian Ehrhardt ]

Since the discussion is no more only covering Desktop I updated the
title (thanks Seb128 for suggesting)

** Summary changed:

- Consider removing irqbalance from default install on desktop images
+ Please consider no more having irqbalance enabled by default (per 
image/use-case/TBD)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Please consider no more having irqbalance enabled by default (per
  image/use-case/TBD)

Status in Ubuntu on IBM z Systems:
  Confirmed
Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

Hi Etanay,

I realize I maybe wrote too much :-/
So I start with a TL;DR:
AFAICS you are right in all you say, but I think there can not be "one right 
answer" anyway. Hence I'm trying to leave all parties their freedom of defining 
what is important to them and try to learn from them what impact irqbalance has 
to that.


> Yes I was not arguing strictly against irqbalance, just trying
> to ascertain some discussion parameters as well as parameters for data
> collection.

Yeah, I see that and didn't intend to rebut your statements either.
Just push them a bit into potential context and POV of others.


> I have not yet seen a coherent philosophy on what it means to "optimize
> performance" with default settings that serve the greatest capacity of
> server or desktop scenarios.

That is true, but the reason for that is that you can only optimize for
something like a workload or particular HW.

The defaults are usually trying to be not too crappy for any possible
thing that might happen on e.g. Ubuntu which is quite a scope.

> In my humble opinion, data collection is useless without this
> framework of understanding what it is we are trying to achieve
> and why in terms of system performance. To me this is the deeper
> unresolved issue, perhaps.

I can see your point and would not even argue against. But this is
(this is opinion and a bit of experience, not scientific proven
truth) only the problem if we'd try to solve the singular global
and always valid "is irqbalance good or bad" question.

Thinking about it I think I'm even of the same opinion than you,
but instead of standardizing excatly what we are trying to achieve
(which to me feels like selecting a workload or HW as optimization
target) I was trying to reach out to as many groups as possible
so we can see what HW/workloads are important to them and how
irqbalance might help or interfere with that.

A bit like the old case where some clouds brought it up that it is
conflicting in virtio-net on their substrate and to be disabled
by default there (see Debian and also some Ubuntu cloud images).

I have personally no hope in reaching a general "this is good / bad"
without considering it per workload or HW environment.

Hence my hope is that if we manage to get this variety of preferences
of different parties and only then the impact of irqbalance to that
we can make compartmentalized decisions.
For example as some suggested, making it no more the default in
Desktop, but keeping it in other cases.

And this is just me trying to be helpful and drive this from being
a dormant case to something useful, I do not pretend to have the
masterplan or the solution yet :-)


> I fear that systems are currently optimized by default for throughput. For
> users, responsiveness (which can include but is not limited to throughput)
> and latency may be more important psychologically

Can I just say yes here, you go into lengths explaining (thanks) but I
already agreed here :-)

Yet - as true as that is - it is true for a set of workloads and hardware,
but not for all that Ubuntu can be (as I outlined above neither decision
could be true for all)

> And power saving is important in global terms, as even small gains
> multiplied over hundreds or thousands of deployments can have a
> significant impact

True as well, yet - again - most servers are often split by some virt
solution to pay off by their price running at high utilization.
There to reach density often people are ok to forfeit some latency
for overall throughput and thereby density which saves power by
having x% less systems active at all.


P.S. I'm now waiting for further input by all of you that found the thread so 
far as well as hopefully
some of all the teams, hardware manufacturers and clouds that I have connected 
to please think about this question.

P.P.S. I'm drifting away of seeing a big deja-vu into my decade of
Linux on mainframe performance - and density and performance and
interfering workloads that invalidated all you knew when looking
at just one ... and you know what the answer always was and still is:
"it depends" as any performance engineer will love to tell you :-)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in Ubuntu on IBM z Systems:
  New
Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

Pings done, in a perfect world (if all reply) that would cover more than
we ever need, but then there is 0% guarantee they even have time or care
about this at the moment :-)

If anyone has connections as well, please ask them to participate too.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

I want to try to avoid that this becomes too stale, so I wondered
what we can do from here. Two things came to my mind.

On one hand I will try to use some indirect relations to pull in some
HW manufacturer experts. They often have large performance teams tracking
things like that against different workloads.

And on the other hand, due to the request seemingly to close in on
"please consider not making it the default on desktop" (server is more likely
to have these large scaling workloads that are more likely to benefit) we need
to pull in someone from Desktop a bit more.
I'll do a few direct pings for that as well to ensure to get their voice too.

Doing so now ...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

Hi Paride

> Back in the day I asked upstream their take on irqbalance usefulness with
> newer kernels, here is their reply:
> https://github.com/Irqbalance/irqbalance/issues/151

Thanks for this and the other extra pointers.
The Debian bug was referenced before, AFAIC it is mostly around
a) the kernel got smarter in many cases (true)
b) bad in virtual environments (we already removed it from those)

And in that discussion the upstream comments (it is good to see that
they are still convinced of their code) revolved around:
c) There should be no conflict with running irqbalance (with the new kernel)
d) The kernel policy is driver centric (irqbalance has a full picture)

Both - as I read them - are more arguments to keep it than to remove.
But as all other, not with enough data to make it a clear yes/no.

As I said much earlier in this case, I feel this is system and workload
dependent and hence there will never be a clear generic yes/no.
The best we can achieve is finding sets (like images used in virtual
environments - or as suggested desktop systems) and drop it being the
default there.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

Hi Dough

> If irqbalance is to be included by default, then there should be due
> diligence to demonstrate a clear benefit.

You are right that we should have that as well.
But this would be even more ture if this would be about "making it the default
when it was not before".
Right now (purely opinion) the lack of data can IMHO neither be used to keep
it nor to remove it - which sadly locks this up a bit.

> The results were:

I want to thank you a lot, this won't be enough but it is a masterpiece
demonstration of dedicating time to start providing such data.
Thank you.

I do not know the ping pong test, but on iperf, I think that is in the noise
range as far as I remember. If you'd just re-run that as-is what is the delta
on your test box?

Hoping that this will be extended by more contributing different workloads
on different systems let me ask, what kind of system (cpu, size, nodes, ...)
was that. I know you are good at writing up things, you might set the standard
how others might report to this :-)

Your results show no change or minimal degradation while at the same time losing
a bit of power. Have you also had a chance to try the powerthresh argument
that Steve mentioned above?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

Hi Mike

> SUSE ... says that the first step to get there is to disable
irqbalance

I've read the same, IMHO that is just "if you want to manually tune, disable
it" which does not imply that it is bad to have it. But this is how I read
it, I have not talked to the authors to get their underlaying reasoning.


> Applications vendors ... currently recommend removing irqbalance

The only one that does so AFAICS is cpufreq and everyone else just links
to their reasoning and follows. And even some statements there like
"If you are still running irqbalance, you are not getting the maximum
performance your system is capable of!" are hard to believe as a general
statement - especially without data across a wide variety of system types
and workload.
As we have seen as well in the references linked, irqbalance helps just as
much for "maximum performance" in many other cases.

> I found this blog (https://blogs.oracle.com/linux/post/irqbalance-
design-and-internals)

Thanks, every extra background we find will only help (except for those
joining later to read more).

> The question I have is, if Ubuntu is Debian Branch, and we long ago went
> from having different kernels for desktop & server in ubuntu-base, but do
> have ubuntu-server packages and ubuntu-desktop packages, where things could
> be different, why is this still a broad sweep as a default install "for all"?

Because there was no well-funded conclusion like "it really is bad for
environment X" to remove it. You are right that there are no technical blockers
to make it e.g. kept in servers but no more the default in Desktop.
After all it is already dropped in cloud-images used in virtual environemnts as
it had a more clear reasoning and argument there.

And there are also cases where irqbalance missing caused performance impact
and bug reports like the already mentioned [1] (clearly high scale server
though)


> I am happy that this is getting discussed properly now so that we can
> relook at this, and what it means to us today.

Ack, that is why I tried to compile all I've found into one place.


[1]: https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/2038573

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

Hi Ethanay
> All I can find is a recommendation not to use it on CPUs with 2 or fewer
> cores as the overhead is said to be too high

This isn't a real problem anyway, the service will stop immediately if only
running on one core - even if running on multiple cores with the same
cache (as the intended benefit is due to cache hotness by having all I/O
hitting the same cache).

> I can imagine it might still add undesirable or even critical latency in
> applications that are highly latency sensitive

I understand your line of thought, but it might even improve latency.
If there is no bottleneck on the cores assigned to handle an IRQ then
the improved cache hit rate will make even latency better.
And if there is a strong bottleneck, then some drivers without IRQbalance
would end up locked on one cpu - so again these might gain lower latency.
But I have no data on this either (just like no one seems to have on almost
any of this).

Just like others I'd personally more expect the drawback to be on a potential
lack of power saving.

> This website gave me some clarity on the theory and purpose:
> https://www.baeldung.com/linux/irqbalance-modern-hardware

Hah, didn't find this one yet - thank you!
But to me it only underlines the "it can help as much or even more often"
expectation.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

Hi Steve,

> I see a lot of strong opinions ... I would want any decision to remove
> irqbalance from the desktop to be based on evidence, not conjecture.

I agree that there is plenty of opinion (often backing up each other with cyclic
links) and not much data. Hence my compilation of the history to make it
somehwat consumable.

I wasn't entirely sure on my own but I agree that we'd need data to back
up changes, thanks for empowering that branch of the decision tree.

Yet on the other hand, that most likely means not much will move quickly.
Which is fine, but also makes it unlikely to conclude before Noble freezes.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

After all the history I was looking at where we are right now:
- irqbalance already is not in ubuntu-cloud-minimal images
- irqbalance is in normal cloud images and installed systems via the dep from 
ubuntu-server

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

I subscribed a few people directly to get their input.

@Steve
I've subscribed you after trying to find, refer and summarize all of the past 
to allow you and anyone else to read into this in one go. I think I'll need 
your input as Architect and as participant of these discussions right from when 
they started 14 years ago.

@Phil/@John
Some past discussions, especially the backpedaling of Debian referred to 
virtual environments and/or large cloud providers. Is irqbalance anything you 
got asked to disable (or keep) for their environment?
No need to share names, but reasoning or data points would be helpful :-)

@Dimitri
Is there a more clear "this is what userspace should do in regard to this in 
2024" form the kernel? I couldn#t find it, but maybe you know or know who'd 
know ...

@Sebastien
Since most problems reported have been around Desktops (to be fair, that could 
be an coincidence because that is where people do more experiments and have 
more diverse special cases). But I think it is fair to ask you if requests or 
discussion like the above have come up towards Desktop that are worth to refer 
here?


Maybe one of you has more details that help to make the decision more clear and 
easy.
Or a gut feeling that is even stronger than mine, strong enough even to pick 
one of the options?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

# Summary

This discussion was seeminly easier to make the more dedicated to a singluar
use case you are - as then you have less "but what if" cases to consider.
That wide usage is great for Ubuntu but sometimes delays decisions.

List of reasons to remove it from the default dependencies:
- Seems to cause issues more often on Desktop environments
- cpufreq, thermald and similar struggle to save energy
- Impacts due to unepexcted throttling
- Conflicts with enabling/disabling threads/cores
- Problematic in virtual environments
- It is mostly an x86 thing but we pull it in everywhere
- It conflicts with manually fine tuned IRQ affinity e.g. in
  ultra low latency setups
- It is less useful on cpus with large and wide shared caches
  as well as in virtual environments without fix pinning

List of reasons to keep it in the set of default dependencies:
- Benefits seem mostly for large scale servers
- lacking irqbalance can be a performance degradation in some
  large scale high traffic cases

I think from all I've found - old and new - it seems it still has its purpose
in some scenarios, but the HW/SW world evolved and it is nowadays less often
useful and more often harmful than it was in the past.
On the other hand there is almost no clear cut "it is bad and that is why",
most issues were individual issues and special cases, nothing that would
apply to everyone.

And irqbalance still has is purpose, so we should surely keep it around.

In a perfect worlds this would have half a year of time or more and two people
to run all kinds of workloads on all kinds of HW to compare. But let us be
honest that will not happen and that would then also be not be worth the effort.
We'll have to decide with what we have.
Have the others that switched have more time to evaluate in depth, I do not
know. But usually once a significant amount of the ecosystems changed and you
lack better data it is better to also follow or common hints and optimizations
will no more apply due to being the one outlier in regard to behavior.

To me this seems to be a perfect case for a few special images/deployments
known to match the workload profile that needs this to enable it.
It is also more likely that a professional admin of such a large scale machine
(or cluster thereof) can make the opt-in decision and evaluation better than
expectint every user of Ubuntu to think about an opt-out.


---

Options IMHO:
A) Change it from an opt-out to an opt-in and remove the dependency
   from ubuntu-standard
B) Remove it from ubuntu-standard to get rid of it in Desktops and images
   used in virtual environments. But try to keep it in a place that is mostly
   used for bare metal which tend to be closer to the kind that benefits more
C) Do nothing, keep it as is

D) Any of the above, but let us not touch Noble more than half way through the
cycle, but do that early in 24.10 to have enough exposure before a release in
an LTS.

My gut feeling (and it can't be much more without much more time for much
deeper investigations) would be (A).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

# Actions by Others

Times have changes, as mentioned above the kernel learned many new tricks.
More new I/O hardware virtual or physical appeared that tries to be smart
and thereby sometimes conflict with what irqbalance does.

Some are mostly based on the links referred above, the Debian disucssion
was more about it being harmful (or at least not helpful) in virtual
environments and hence removed from cloud images (we close in on workload
specific again).

Indeed many projects already removed it from the default
- https://github.com/pop-os/iso/pull/288
- https://github.com/ValveSoftware/Proton/issues/3243
- https://lists.debian.org/debian-cloud/2019/04/msg00040.html

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

Hi,
this was overlooked for too long but came up in bug 2046470 again which made me 
see this for the first time.

I'd wish we'd have had that even a bit earlier e.g. to release it with
mantic and not half way through noble, but still now is the time to
still change the next LTS.

I needed to make up my mind on this to come to a conclusion and so I wrote a
summary mostly for myself, but also for others that I want to ack to the
decision as well as for anyone to later be able to understand what changed
and why.

I must admit that I'm slightly biased, having looked at it ages ago, even
before I was more active in Ubuntu development and already wondering if that
should be used by default.

And yes, some people had a stronger wish to get it out of the default.
So as already reported, many have already asked to remove it.

I'll try to break up my answers to be more easily referable.


** Also affects: irqbalance (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

# Referred Arguments

An argument that might not have been so strong more than a decade ago
but is much more today is power savings and that is an aspect that comes up
over and over.
It also had reports of conflicts with power saving [10] and e.g. dynamically
disabling/enabling cores which is much more a thing nowadays as long ago
this was only reliably working on mainframes anyway.

I don't buy the "games need 100%" as even games need their I/O to happen,
but OTOH irqbalance just doesn't help much nowadays either as the kernel learned
many more tricks to do well - like to name just one all the traffic aware
and potentially offloaded rps/xps [2]. And irqbalance is not mutually exclusive
with most of those technologies not with RSS [18] nor with kernel policies [15].

Some report about conflicting with their custom tweaking of IRQs [8][16].
It is actually a common conflict between irqbalance being smart [9] and other
things like a particular device firmware being smart leading to a conflict of
interest.
=> But TBH that is why it is removable for such rare cases.

On one hand it clearly has some impact and various cases of bad impacts by it
have come up as well for frame rates [11], stuttering [14] or even network
traffic [12].

But on the other hand, there have been reports and cases where a broken
irqbalance led to impacted high-performance network traffic [7], so it is
not that it is clearly always bad [13]. While we never know how outdated
any such source might be, it proves that it is most likely workload and
system dependent. Many documentations also sitll refer to it only older RH,
Arch [19], ... you'll find it everywhere.

It is an interesting case, and the workload dependency leads many discussions
to even be contradicting - in one case it saves cpu power in the other it makes
it worse. In one it helps traffic in the other is degrades it. That is all a
consqeuence of it being workload and system dependent.
This back and forther is perfectly encapsulated in this phornix thread [15].
Which quotes interesting other POVs like kernel solutions often being "driver
centric" optimizing throughput, but maybe not always the best as policy for
the full system as irqbalance pilicies and tunables are configurable.

An interim summary might be:
"""
It could cause rare issues or conflicts, especially on Desktop,
but might be still wanted on Servers especially those with a
high rate of I/O
"""

Which is interestingly quite close to the arguments floating around when it
was added more than a decade ago (see further below).

[2]: https://www.kernel.org/doc/html/latest/networking/scaling.html
[7]: https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/2038573
[8]: https://groups.google.com/g/gce-discussion/c/Ns8hgOUW9GY
[9]: https://docs.xilinx.com/r/en-US/ug1523-x3522-user/Interrupt-Affinity
[10]: https://konkor.github.io/cpufreq/faq/#irqbalance-detected
[11]: 
https://askubuntu.com/questions/1067866/ubuntu-18-04-steam-games-frame-rate-drop
[12]: 
https://serverfault.com/questions/410928/irqbalance-on-linux-and-dropped-packets
[13]: https://bookofzeus.com/harden-ubuntu/server-setup/disable-irqbalance/
[14]: 
https://www.reddit.com/r/linux_gaming/comments/emnu3k/removing_irqbalance_fixed_major_stuttering_in/
[15]: 
https://www.phoronix.com/forums/forum/hardware/processors-memory/1335986-amd-zen-1-linux-performance-hit-from-retbleed-accumulated-cpu-mitigation-impact/page4
[16]: 
https://documentation.suse.com/sbp/server-linux/pdf/SBP-performance-tuning_en.pdf
[18]: 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/performance_tuning_guide/network-rss
[19]: https://wiki.archlinux.org/title/Improving_performance#irqbalance

** Bug watch added: Debian Bug tracker #577788
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577788

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ 

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

[Christian Ehrhardt ]

# Integration and maintenance

Despite some saying it is for the past only, it is regularly updated
and has multiple releases per year throughout all the time [4]. Those
updates flow well into Debian and Ubuntu - so it is not a classic "old
and outdated" case. And while not much changes in those updates, it means
it still learns like about thermal events in 1.9.1 or about isolcpus in 1.0.9.
I'm not saying it is super modern doing it all, but it gets updates.

Currently this is seeded in ubuntu-standard [1], which is what makes it
default installed everywhere. But it is intentionally only a recommends,
so the set of people that want to remove it can do so.

It was added a long time ago [3] back when multi-core was a rare thing
at least for Desktop systems. This was based on a discussion [5] and was
related to the kernel [6] actively delegating this to userspace. Debian
did a similar change a bit later [17] for the same reasons.
But again this was the time of single-core being common.


[1]: 
https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/platform/tree/standard?h=noble#n19
[3]: 
https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/platform/commit/?h=noble=dcd02266953547e11221979eb17eb740a76a62b5
[4]: https://github.com/Irqbalance/irqbalance/tags
[5]: https://lists.ubuntu.com/archives/ubuntu-devel/2010-January/029939.html
[6]: 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8b8e8c1bf7275eca859fe551dfa484134eaf013b
[17]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577788


** Bug watch added: github.com/ValveSoftware/Proton/issues #3243
   https://github.com/ValveSoftware/Proton/issues/3243

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop;
  SUPPORT_URL="http://support.system76.com;
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues;
  PRIVACY_POLICY_URL="https://system76.com/privacy;
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2015562] Re: [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)

[Christian Ehrhardt ]

Hey, while passing by I admit I only looked at the test plan and tried to get 
this moving by executing it.
Thanks for hinting at these further things to check ...

I still had the environment around

root@Jdnsmasq:~# apt-cache policy dnsmasq
dnsmasq:
  Installed: 2.86-1.1ubuntu0.4
  Candidate: 2.86-1.1ubuntu0.4

That resolved well, asking the configured dns (8.8.8.8 in my case) and
returning a proper answer.

root@Jdnsmasq:~# dig +short A www.thekelleys.org.uk @127.0.0.1
thekelleys.org.uk.
85.119.82.65
root@Jdnsmasq:~# dig +short A www.thekelleys.org.uk @127.0.0.1
thekelleys.org.uk.
85.119.82.65
root@Jdnsmasq:~# dig +short A www.thekelleys.org.uk @127.0.0.1
thekelleys.org.uk.
85.119.82.65

Since the original issue was about repeating queries (in other context and 
situation) I ran it a few times.
The log (we still have verbose logging enabled from the first test) shows the 
forward resolving just as expected:
Jan 05 07:32:56 Jdnsmasq dnsmasq[255]: query[A] www.thekelleys.org.uk from 
127.0.0.1
Jan 05 07:32:56 Jdnsmasq dnsmasq[255]: forwarded www.thekelleys.org.uk to 
8.8.8.8
Jan 05 07:32:56 Jdnsmasq dnsmasq[255]: reply www.thekelleys.org.uk is 
Jan 05 07:32:56 Jdnsmasq dnsmasq[255]: reply thekelleys.org.uk is 85.119.82.65


---


Now dnsmasqs version of a static entry

root@Jdnsmasq:~# echo "address=/domain/1.2.3.4" >> /etc/dnsmasq.conf
root@Jdnsmasq:~# systemctl restart dnsmasq
root@Jdnsmasq:~# dig +short A domain
1.2.3.4


---


Since I had that running over night I also see in the verbose logs all kind of 
expected background action and all that worked as well.
Like:
Jan 05 07:30:43 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is 185.125.188.54
Jan 05 07:30:43 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is 185.125.188.59
Jan 05 07:30:43 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is 185.125.188.58
Jan 05 07:30:43 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is 185.125.188.55
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: query[] 
canonical-bos01.cdn.snapcraftcontent.com from 127.0.0.1
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: forwarded 
canonical-bos01.cdn.snapcraftcontent.com to 8.8.8.8
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: query[A] 
canonical-bos01.cdn.snapcraftcontent.com from 127.0.0.1
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: forwarded 
canonical-bos01.cdn.snapcraftcontent.com to 8.8.8.8
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: reply 
canonical-bos01.cdn.snapcraftcontent.com is NODATA-IPv6
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: reply 
canonical-bos01.cdn.snapcraftcontent.com is 91.189.91.43
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: reply 
canonical-bos01.cdn.snapcraftcontent.com is 91.189.91.42
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: query[] api.snapcraft.io from 
127.0.0.1
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is NODATA-IPv6
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: query[A] api.snapcraft.io from 127.0.0.1
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: forwarded api.snapcraft.io to 8.8.8.8
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: reply api.snapcraft.io is 185.125.188.58
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: reply api.snapcraft.io is 185.125.188.55
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: reply api.snapcraft.io is 185.125.188.54
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: reply api.snapcraft.io is 185.125.188.59
...
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
185.125.190.39
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 91.189.91.81
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 91.189.91.83
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4000:1::16
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4002:1::103
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4002:1::102
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4000:1::19
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4002:1::101
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
185.125.190.36
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 91.189.91.81
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 91.189.91.83
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 91.189.91.82
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
185.125.190.39
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4000:1::16
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4002:1::101
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4002:1::103
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4000:1::19
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4002:1::102
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: query[SRV] _https._tcp.motd.ubuntu.com 
from 127.0.0.1
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: forwarded _https._tcp.motd.ubuntu.com to 

[Touch-packages] [Bug 2037703] Re: dpkg-reconfigure openssh-server doesn't ask questions again

[Christian Ehrhardt ]

** Tags removed: server-triage-discuss

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2037703

Title:
  dpkg-reconfigure openssh-server doesn't ask questions again

Status in openssh package in Ubuntu:
  New

Bug description:
  openssh-server does provide a couple of configuration options:

  [~]$ sudo debconf-get-selections |grep openssh-server
  openssh-serveropenssh-server/listenstream-may-failerror   
  openssh-serveropenssh-server/password-authentication  boolean true
  openssh-serveropenssh-server/permit-root-loginboolean true

  
  I want to change those options now interactively but nothing I tried worked 
and showed a dialog:

  [~]$ sudo dpkg-reconfigure -p low openssh-server  
  Warning: Stopping ssh.service, but it can still be activated by:
ssh.socket
  rescue-ssh.target is a disabled or a static unit not running, not starting it.

  [~]$ sudo dpkg-reconfigure -p low --force --frontend dialog openssh-server
  Warning: Stopping ssh.service, but it can still be activated by:
ssh.socket
  rescue-ssh.target is a disabled or a static unit not running, not starting it.


  But the documentation (https://manpages.debian.org/testing/debconf-
  doc/debconf.7.en.html#Reconfiguring_packages) does state that those
  commands should ask those questions again.

  
  p.s. also tried with a lxc debian-sid container and had the same problem 
there.

  ProblemType: Bug
  DistroRelease: Ubuntu 23.10
  Package: openssh-server 1:9.3p1-1ubuntu3
  ProcVersionSignature: Ubuntu 6.5.0-5.5-generic 6.5.0
  Uname: Linux 6.5.0-5-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.27.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Sep 29 10:35:33 2023
  InstallationDate: Installed on 2023-05-10 (142 days ago)
  InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Release amd64 (20230418)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/usr/bin/zsh
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: openssh
  UpgradeStatus: Upgraded to mantic on 2023-07-19 (71 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2037703/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2047719] Re: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: new slapd package pre-installation script subprocess returned error exit status 1

[Christian Ehrhardt ]

Thank you for taking the time to report bugs and help make Ubuntu
better.

This looks like a local configuration issue rather than a bug in the
software itself. Please check your configuration to make sure it's
correct. If you need help configuring, you can get community support in
the Ubuntu channels on libera.chat, or in
http://www.ubuntu.com/support/community

I'm marking this "Invalid" because it doesn't appear to be a bug, but if
I'm wrong, please change it back to "New" and add some more info to
point me in the right direction. Use this link as a guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2047719

Title:
  package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: new
  slapd package pre-installation script subprocess returned error exit
  status 1

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Happened while upgrading ubuntu distro

  ProblemType: Package
  DistroRelease: Ubuntu 22.04
  Package: slapd 2.4.49+dfsg-2ubuntu1.9
  ProcVersionSignature: Ubuntu 5.15.0-1053.61~20.04.1-azure 5.15.131
  Uname: Linux 5.15.0-1053-azure x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Fri Dec 29 23:55:31 2023
  ErrorMessage: new slapd package pre-installation script subprocess returned 
error exit status 1
  ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1053-azure 
root=UUID=b9df59e6-c806-4851-befa-12402bca5828 ro console=tty1 console=ttyS0 
earlyprintk=ttyS0 rootdelay=300
  Python3Details: /usr/bin/python3.10, Python 3.10.12, python3-minimal, 
3.10.6-1~22.04
  PythonDetails: N/A
  RebootRequiredPkgs: Error: path contained symlinks.
  RelatedPackageVersions:
   dpkg 1.21.1ubuntu2.2
   apt  2.4.11
  SourcePackage: openldap
  Title: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: new 
slapd package pre-installation script subprocess returned error exit status 1
  UpgradeStatus: Upgraded to jammy on 2023-12-29 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2047719/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2047719] Re: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: new slapd package pre-installation script subprocess returned error exit status 1

[Christian Ehrhardt ]

Hi and thanks for the report,
it seems that the automatic "try to backup and upgrade" failed.
That is usually due to local config that does not behave well as it needs 
knowledge or assumptions the package can't have. Or at other times by using 
features that have been removed.

The log output is actually quite clear on what it tried, and that it
suggests to the admin to overcome this to continue.

"""
Preparing to unpack .../20-slapd_2.5.16+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Saving current slapd configuration to 
/var/backups/slapd-2.4.49+dfsg-2ubuntu1.9...
  Dumping to /var/backups/slapd-2.4.49+dfsg-2ubuntu1.9: 
  - directory 
dc=1tmfm1mfbauutnso5ahdvmpnma,dc=gx,dc=internal,dc=cloudapp,dc=ne... slapcat: 
slap_init no backend for 
"dc=1tmfm1mfbauutnso5ahdvmpnma,dc=gx,dc=internal,dc=cloudapp,dc=ne"
failed.
[?1049h[?1h=[?25l  


  

  


  

  


  

  


  

  


 

   
 

 


     

     


 

     


     

 


 

     


   

[Touch-packages] [Bug 2047082] Re: upgrading openssh-server always shows error: rescue-ssh.target is a disabled or a static unit not running, not starting it.

[Christian Ehrhardt ]

** Tags added: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2047082

Title:
  upgrading openssh-server always shows error: rescue-ssh.target is a
  disabled or a static unit not running, not starting it.

Status in openssh package in Ubuntu:
  New

Bug description:
  In our project we regularly build Ubuntu VM images for current 23.10
  (stable). In https://github.com/cockpit-project/bots/issues/5691 we
  ran into an upgrade failure of openssh-server. It starts with the
  current cloud image and then apt upgrades it, with
  "DEBIAN_FRONTEND=noninteractive". openssh was updated a few days ago
  indeed:

Setting up openssh-server (1:9.3p1-1ubuntu3.1) ...
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:UqrRSpQNM7SIixVivYP/WwZRjt7Sv89P31W/Gxaf+Z8 root@ubuntu (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:hy9AEDydfnZeY9nf9P4Sb90kx39Oqr101A6tz5j4RQw root@ubuntu (ED25519)
rescue-ssh.target is a disabled or a static unit not running, not starting 
it.
Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 145.
dpkg: error processing package openssh-server (--configure):
 installed openssh-server package post-installation script subprocess 
returned error exit status 1

  I.e. of course that security update itself [1] didn't introduce the
  regression, but earlier VM builds just didn't have a pending openssh
  update -- looks like this has been a luring upgrade trap in the
  release already.

  As a first naïve reproducer I tried

apt update
DEBIAN_FRONTEND=noninteractive apt update openssh-server

  on our current VM (with the release version 1:9.3p1-1ubuntu3), and
  that worked fine. Same with installing all 9 available packages.
  rescue.target is loaded/inactive/static, as it should be. Updating
  without DEBIAN_FRONTEND does show me a conffile prompt about
  /etc/ssh/sshd_config, which is justified as we do modify the config:

# Allow root login with password
sed -i 's/^[# ]*PermitRootLogin .*/PermitRootLogin yes/' 
/etc/ssh/sshd_config
# Prevent SSH from hanging for a long time when no external network access
echo 'UseDNS no' >> /etc/ssh/sshd_config

  this also leads to a merge conflict. However, I suppose all of that is
  tangential to the rescue-ssh.target issue. In all my interactive
  upgrades, it seemed to handle that just fine:

Setting up openssh-server (1:9.3p1-1ubuntu3.1) ...
rescue-ssh.target is a disabled or a static unit not running, not starting 
it.

  So this seems to be related to the first-time installation of openssh-
  server -- it is part of the cloud image, but it does the host key
  generation during our image builds.

  So reproducing this is a bit tricky, but aside from that: Why does it
  even do this in the first place?

  # Automatically added by dh_installsystemd/13.11.6ubuntu1
  if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = 
"abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
  if [ -d /run/systemd/system ]; then
  systemctl --system daemon-reload >/dev/null || true
  if [ -n "$2" ]; then
  _dh_action=restart
  else
  _dh_action=start
  fi
  deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true
  fi
  fi

  It feels like the postinst should *never* try to start rescue-
  ssh.target. That's an alternative boot mode, and should never run un
  multi-user.target, isn't it?

  [1] https://launchpad.net/ubuntu/+source/openssh/1:9.3p1-1ubuntu3.1

  DistroRelease: Ubuntu 23.10
  PackageVersion: openssh-server 1:9.3p1-1ubuntu3.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2047082/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2037703] Re: dpkg-reconfigure openssh-server doesn't ask questions again

[Christian Ehrhardt ]

** Tags added: server-triage-discuss

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2037703

Title:
  dpkg-reconfigure openssh-server doesn't ask questions again

Status in openssh package in Ubuntu:
  New

Bug description:
  openssh-server does provide a couple of configuration options:

  [~]$ sudo debconf-get-selections |grep openssh-server
  openssh-serveropenssh-server/listenstream-may-failerror   
  openssh-serveropenssh-server/password-authentication  boolean true
  openssh-serveropenssh-server/permit-root-loginboolean true

  
  I want to change those options now interactively but nothing I tried worked 
and showed a dialog:

  [~]$ sudo dpkg-reconfigure -p low openssh-server  
  Warning: Stopping ssh.service, but it can still be activated by:
ssh.socket
  rescue-ssh.target is a disabled or a static unit not running, not starting it.

  [~]$ sudo dpkg-reconfigure -p low --force --frontend dialog openssh-server
  Warning: Stopping ssh.service, but it can still be activated by:
ssh.socket
  rescue-ssh.target is a disabled or a static unit not running, not starting it.


  But the documentation (https://manpages.debian.org/testing/debconf-
  doc/debconf.7.en.html#Reconfiguring_packages) does state that those
  commands should ask those questions again.

  
  p.s. also tried with a lxc debian-sid container and had the same problem 
there.

  ProblemType: Bug
  DistroRelease: Ubuntu 23.10
  Package: openssh-server 1:9.3p1-1ubuntu3
  ProcVersionSignature: Ubuntu 6.5.0-5.5-generic 6.5.0
  Uname: Linux 6.5.0-5-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.27.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Sep 29 10:35:33 2023
  InstallationDate: Installed on 2023-05-10 (142 days ago)
  InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Release amd64 (20230418)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/usr/bin/zsh
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: openssh
  UpgradeStatus: Upgraded to mantic on 2023-07-19 (71 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2037703/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2015562] Re: [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)

[Christian Ehrhardt ]

Verifying according to the instructions - Before the update I got this as 
expected:

root@Jdnsmasq:~# dig A netflix.com @127.0.0.1
;; communications error to 127.0.0.1#53: timed out
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> A netflix.com @127.0.0.1
;; global options: +cmd
;; no servers could be reached


Jan 02 11:13:01 Jdnsmasq systemd[1]: dnsmasq.service: Main process exited, 
code=dumped, status=11/SEGV
Jan 02 11:13:01 Jdnsmasq systemd[1]: dnsmasq.service: Failed with result 
'core-dump'.


---

Upgrade

...
Preparing to unpack .../12-dnsmasq-base_2.86-1.1ubuntu0.4_amd64.deb ...
Unpacking dnsmasq-base (2.86-1.1ubuntu0.4) over (2.86-1.1ubuntu0.3) ...
Preparing to unpack .../13-dnsmasq_2.86-1.1ubuntu0.4_all.deb ...
Unpacking dnsmasq (2.86-1.1ubuntu0.4) over (2.86-1.1ubuntu0.3) ...
...
worked without issues


---

root@Jdnsmasq:~# systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
 Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor 
preset: enabled)
 Active: active (running) since Tue 2024-01-02 11:18:03 UTC; 3s ago
Process: 4327 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, 
status=0/SUCCESS)
Process: 4335 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, 
status=0/SUCCESS)
Process: 4344 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf 
(code=exited, status=0/SUCCESS)
   Main PID: 4343 (dnsmasq)
  Tasks: 1 (limit: 38247)
 Memory: 588.0K
CPU: 45ms
 CGroup: /system.slice/dnsmasq.service
 └─4343 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 
/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service 
--trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bb>

Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
netflix.com
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: reading /etc/resolv.conf
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using nameserver 8.8.8.8#53
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: ignoring nameserver 127.0.0.1 - local 
interface
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
example.com
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
nflxext.com
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
netflix.net
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
netflix.com
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: read /etc/hosts - 7 addresses
Jan 02 11:18:03 Jdnsmasq systemd[1]: Started dnsmasq - A lightweight DHCP and 
caching DNS server.


---


Trying the issue trigger again:

root@Jdnsmasq:~# dig +short -tA ubuntu.com @127.0.0.1
185.125.190.29
185.125.190.20
185.125.190.21
root@Jdnsmasq:~# dig +short -t ubuntu.com @127.0.0.1
2620:2d:4000:1::27
2620:2d:4000:1::28
2620:2d:4000:1::26
root@Jdnsmasq:~# dig A netflix.com @127.0.0.1

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> A netflix.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63180
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;netflix.com.   IN  A

;; ANSWER SECTION:
netflix.com.60  IN  A   18.200.8.190
netflix.com.60  IN  A   54.155.246.232
netflix.com.60  IN  A   54.73.148.110

;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Jan 02 11:18:36 UTC 2024
;; MSG SIZE  rcvd: 88

root@Jdnsmasq:~# dig A netflix.com @127.0.0.1

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> A netflix.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29034
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;netflix.com.   IN  A

;; ANSWER SECTION:
netflix.com.52  IN  A   54.73.148.110
netflix.com.52  IN  A   54.155.246.232
netflix.com.52  IN  A   18.200.8.190

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Jan 02 11:18:44 UTC 2024
;; MSG SIZE  rcvd: 88


---


working fine now, no segfault

log only has the start:
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: compile time options: IPv6 GNU-getopt 
DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash 
DNSSEC loop-detect inotify dumpfile

---


Setting as verified


** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.

[Touch-packages] [Bug 2045577] Re: Demote isc-dhcp-server to universe

[Christian Ehrhardt ]

I've discussed with MAAS and Dimitri, we moved it to the community-maas seed.
=> https://code.launchpad.net/~paelzer/ubuntu-seeds/+git/platform/+merge/457339
Thereby it should (tm) no more be in component mismatches.

The other AAs haven't replied yet if they'd need something else, that
answer might only happen in 2024.

But after the seed updates we should already be much better, demoting
again.

Right now there is only 4.4.3-P1-4ubuntu1 in noble, nothing in proposed
- maybe the former loss was due to that not correctly being carried over
when moving to -release?

Override component to universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble amd64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble arm64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble armhf: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble ppc64el: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble riscv64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble s390x: main/net/optional/100% -> 
universe
Override [y|N]? y
6 publications overridden.


** Changed in: isc-dhcp (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2045577

Title:
  Demote isc-dhcp-server to universe

Status in isc-dhcp package in Ubuntu:
  Fix Released

Bug description:
  Following up on the isc-kea promotion (LP: #2002861) as the new
  supported DHCP server, it is now time to demote isc-dhcp-server.

  All the packages that are in.

  While we are not ready to demote all isc-dhcp packages (there are
  still packages in main that reverse depend/recommend isc-dhcp-client),
  we are ready to demote isc-dhcp-server.

  $ reverse-depends isc-dhcp-server
  Reverse-Recommends
  ==
  * fai-server

  Reverse-Depends
  ===
  * fai-quickstart
  * isc-dhcp-server-ldap [amd64 arm64 armhf ppc64el s390x]

  Packages without architectures listed are reverse-dependencies in:
  amd64, arm64, armhf, i386, ppc64el, s390x

  $ reverse-depends -b isc-dhcp-server
  Reverse-Testsuite-Triggers
  ==
  * chrony
  * dracut

  As shown there are no reverse dependencies for isc-dhcp-server in
  main. There are Reverse-Testsuite-Triggers in main, but these should
  not be considered for demotion matters here.

  The seeds at https://git.launchpad.net/~ubuntu-core-dev/ubuntu-
  seeds/+git/platform/tree/?h=noble contain 2 entries for isc-dhcp-
  server:

  $ grep -r isc-dhcp-server *
  supported-maas: * isc-dhcp-server
  supported-misc-servers: * isc-dhcp-server

  I will proceed with removing the supported-misc-servers entry. Once
  this is removed from supported-maas, the package will no longer be
  seeded (we should then get a component mismatch) and can be safely
  demoted to universe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2045577/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2045771] Re: [MIR] isc-dhcp-server

[Christian Ehrhardt ]

** Description changed:

+ This isn't really MIR, but a reminder found by the tooling that tells us
+ why it is no more in main >=Noble.
+ 
+ ---
+ 
  This was demoted due to LP: #2045577.
  
  This will keep showing in component mismatches as needed from MAAS (just
  like ipmitool did for years) for now.
  
  MAAS is no more part of the Archive and planned to move off of using
  isc-dhcp in PF-3898, that has had some changes over time (not committed
  in last cycle, changed the approach this cycle) - but either way they
  will move off of it and we are no more holding it in main in Ubuntu just
  like that.
  
  Please, do not move it back to main for the time being.
  
  See LP: #2045577 for further reference.

** Description changed:

  This isn't really MIR, but a reminder found by the tooling that tells us
  why it is no more in main >=Noble.
  
  ---
  
  This was demoted due to LP: #2045577.
  
  This will keep showing in component mismatches as needed from MAAS (just
  like ipmitool did for years) for now.
  
- MAAS is no more part of the Archive and planned to move off of using
- isc-dhcp in PF-3898, that has had some changes over time (not committed
- in last cycle, changed the approach this cycle) - but either way they
- will move off of it and we are no more holding it in main in Ubuntu just
- like that.
+ MAAS is no more part of the Archive and planned to move off of using isc-dhcp 
in PF-3898, that has had some changes over time (communicated in late 2022, 
filed as a need in 23.04, changed the approach while in 24.04).
+ But either way they will move off of it and we are no more holding it in main 
in Ubuntu just for that (there are good reasons it is demoted).
  
  Please, do not move it back to main for the time being.
  
  See LP: #2045577 for further reference.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2045771

Title:
  [MIR] isc-dhcp-server

Status in isc-dhcp package in Ubuntu:
  Won't Fix

Bug description:
  This isn't really MIR, but a reminder found by the tooling that tells
  us why it is no more in main >=Noble.

  ---

  This was demoted due to LP: #2045577.

  This will keep showing in component mismatches as needed from MAAS
  (just like ipmitool did for years) for now.

  MAAS is no more part of the Archive and planned to move off of using isc-dhcp 
in PF-3898, that has had some changes over time (communicated in late 2022, 
filed as a need in 23.04, changed the approach while in 24.04).
  But either way they will move off of it and we are no more holding it in main 
in Ubuntu just for that (there are good reasons it is demoted).

  Please, do not move it back to main for the time being.

  See LP: #2045577 for further reference.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2045771/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2045771] Re: [MIR] isc-dhcp-server

[Christian Ehrhardt ]

** Description changed:

- This was demoted due to LP: #2045577. This will keep showing in
- component mismatches as ipmitool for now.
+ This was demoted due to LP: #2045577.
+ 
+ This will keep showing in component mismatches as needed from MAAS (just
+ like ipmitool did for years) for now.
+ 
+ MAAS is no more part of the Archive and planned to move off of using
+ isc-dhcp in PF-3898, that has had some changes over time (not committed
+ in last cycle, changed the approach this cycle) - but either way they
+ will move off of it and we are no more holding it in main in Ubuntu just
+ like that.
  
  Please, do not move it back to main for the time being.
  
  See LP: #2045577 for further reference.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2045771

Title:
  [MIR] isc-dhcp-server

Status in isc-dhcp package in Ubuntu:
  Won't Fix

Bug description:
  This was demoted due to LP: #2045577.

  This will keep showing in component mismatches as needed from MAAS
  (just like ipmitool did for years) for now.

  MAAS is no more part of the Archive and planned to move off of using
  isc-dhcp in PF-3898, that has had some changes over time (not
  committed in last cycle, changed the approach this cycle) - but either
  way they will move off of it and we are no more holding it in main in
  Ubuntu just like that.

  Please, do not move it back to main for the time being.

  See LP: #2045577 for further reference.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2045771/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2045577] Re: Demote isc-dhcp-server to universe

[Christian Ehrhardt ]

Hi Athos,
agreed:

According to [1] all that is holding it back is MAAS still referrring to it.
But I'm afraid of doing the demotion last minute as a surprise to the wider 
Ubuntu.

The MAAS team has been involved in planning and preparing for this.
They have committed to get rid of their dependency.

And then OTOH the supported-maas seed also does depend and show imptools
all the time and it was left open.

So ack, we want to demote this right now to make sure everyone, and not
just MAAS, is more even more aware.

The source can not yet move as Foundations works on letting the client
fully go.

Demoted in proposed and will go to noble in full once 4.4.3-P1-4ubuntu1
migrates.

Override component to universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble amd64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble arm64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble armhf: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble ppc64el: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble riscv64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble s390x: main/net/optional/100% -> 
universe
Override [y|N]? y
6 publications overridden


@Athos - please create a MIR bug saying "Won't Fix" and some reference to this 
and the rest of the history. To be found by component mismatches, otherwise 
another friendly archive admin will just re-promote it.

[1]: https://ubuntu-archive-team.ubuntu.com/germinate-
output/ubuntu.jammy/rdepends/isc-dhcp/isc-dhcp-server

** Changed in: isc-dhcp (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2045577

Title:
  Demote isc-dhcp-server to universe

Status in isc-dhcp package in Ubuntu:
  Fix Released

Bug description:
  Following up on the isc-kea promotion (LP: #2002861) as the new
  supported DHCP server, it is now time to demote isc-dhcp-server.

  All the packages that are in.

  While we are not ready to demote all isc-dhcp packages (there are
  still packages in main that reverse depend/recommend isc-dhcp-client),
  we are ready to demote isc-dhcp-server.

  $ reverse-depends isc-dhcp-server
  Reverse-Recommends
  ==
  * fai-server

  Reverse-Depends
  ===
  * fai-quickstart
  * isc-dhcp-server-ldap [amd64 arm64 armhf ppc64el s390x]

  Packages without architectures listed are reverse-dependencies in:
  amd64, arm64, armhf, i386, ppc64el, s390x

  $ reverse-depends -b isc-dhcp-server
  Reverse-Testsuite-Triggers
  ==
  * chrony
  * dracut

  As shown there are no reverse dependencies for isc-dhcp-server in
  main. There are Reverse-Testsuite-Triggers in main, but these should
  not be considered for demotion matters here.

  The seeds at https://git.launchpad.net/~ubuntu-core-dev/ubuntu-
  seeds/+git/platform/tree/?h=noble contain 2 entries for isc-dhcp-
  server:

  $ grep -r isc-dhcp-server *
  supported-maas: * isc-dhcp-server
  supported-misc-servers: * isc-dhcp-server

  I will proceed with removing the supported-misc-servers entry. Once
  this is removed from supported-maas, the package will no longer be
  seeded (we should then get a component mismatch) and can be safely
  demoted to universe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2045577/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2030684] Re: tzname[1] empty after tzset() with env TZ="UTC"

[Christian Ehrhardt ]

This bug is no more an issue marking fixed

** Changed in: python-django (Ubuntu)
   Status: New => Fix Released

** Changed in: django-mailman3 (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tzdata in Ubuntu.
https://bugs.launchpad.net/bugs/2030684

Title:
  tzname[1] empty after tzset() with env TZ="UTC"

Status in django-mailman3 package in Ubuntu:
  Fix Released
Status in php8.2 package in Ubuntu:
  Triaged
Status in postgresql-15 package in Ubuntu:
  Fix Committed
Status in python-django package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Invalid
Status in tzdata package in Ubuntu:
  Fix Released
Status in tzdata package in Debian:
  Fix Released

Bug description:
  The following program prints different output when run with tzdata
  2023c-7ubuntu1 from mantic, versus tzdata 2023c-8ubuntu1 from mantic-
  proposed:

  root@mantic:~# cat bug.c 
  #include 
  #include 
  #include 
  #include 
  #include 

  int main(void) {
  int r;

  r = setenv("TZ", ":UTC", 1);
  if (r < 0) {
  printf("Failed to set TZ env var: %s\n", strerror(errno));
  return 1;
  }

  tzset();

  printf("timezone = %lu, daylight = %d\n", timezone, daylight);
  printf("tzname[0] = %s, tzname[1] = %s\n", tzname[0], tzname[1]);
  }

  root@mantic:~# gcc bug.c
  root@mantic:~# ./a.out 
  timezone = 0, daylight = 0
  tzname[0] = UTC, tzname[1] = UTC
  root@mantic:~# apt-cache policy tzdata
  tzdata:
Installed: 2023c-7ubuntu1
Candidate: 2023c-7ubuntu1
Version table:
   *** 2023c-7ubuntu1 500
  500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages
  100 /var/lib/dpkg/status

  If I install tzdata from mantic-proposed, I get different output:

  root@mantic:~# vi /etc/apt/sources.list
  root@mantic:~# apt update && apt install tzdata
  Hit:1 http://archive.ubuntu.com/ubuntu mantic InRelease
  Hit:2 http://security.ubuntu.com/ubuntu mantic-security InRelease
  Get:3 http://archive.ubuntu.com/ubuntu mantic-proposed InRelease [118 kB]
  Hit:4 http://archive.ubuntu.com/ubuntu mantic-updates InRelease
  Hit:5 http://archive.ubuntu.com/ubuntu mantic-backports InRelease
  Get:6 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 Packages 
[35.9 kB]
  Get:7 http://archive.ubuntu.com/ubuntu mantic-proposed/main Translation-en 
[14.8 kB]
  Get:8 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 DEP-11 
Metadata [2376 B]
  Get:9 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 c-n-f 
Metadata [1004 B]
  Get:10 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 
Packages [15.9 kB]
  Get:11 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted 
Translation-en [3564 B]
  Get:12 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 
c-n-f Metadata [336 B]
  Fetched 192 kB in 1s (324 kB/s) 
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  72 packages can be upgraded. Run 'apt list --upgradable' to see them.
  root@mantic:~# apt install tzdata=2023c-8ubuntu1
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  The following packages were automatically installed and are no longer 
required:
libefiboot1 libefivar1
  Use 'apt autoremove' to remove them.
  The following packages will be upgraded:
tzdata
  1 upgraded, 0 newly installed, 0 to remove and 72 not upgraded.
  Need to get 269 kB of archives.
  After this operation, 142 kB disk space will be freed.
  Get:1 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 tzdata all 
2023c-8ubuntu1 [269 kB]
  Fetched 269 kB in 0s (867 kB/s)
  Preconfiguring packages ...
  (Reading database ... 39935 files and directories currently installed.)
  Preparing to unpack .../tzdata_2023c-8ubuntu1_all.deb ...
  Unpacking tzdata (2023c-8ubuntu1) over (2023c-7ubuntu1) ...
  Setting up tzdata (2023c-8ubuntu1) ...

  Current default time zone: 'Etc/UTC'
  Local time is now:  Mon Aug  7 21:18:35 UTC 2023.
  Universal Time is now:  Mon Aug  7 21:18:35 UTC 2023.
  Run 'dpkg-reconfigure tzdata' if you wish to change it.

  Scanning processes... 


 
  Scanning candidates...


 

  Restarting services...
  Service restarts being deferred:
   systemctl restart systemd-logind.service
   systemctl restart 

[Touch-packages] [Bug 2004551] Re: upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

[Christian Ehrhardt ]

@Steve
Since the machines original use case is blocked until we know if we can go on.
Is the above enough for your to have a deeper look together with us?

If so please let Miriam know when once she can reset the machine to go
on with the MRE verifications that this was supposed to do :-)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  New

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  I'm not sure what exactly it is.
  This output complains about rescue-ssh.target and indeed that can not be 
started even directly.

  $ sudo systemctl start rescue-ssh.target
  A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for 
details.

  And in postinst is a try to start it:
  $  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true

  
  But I think the underlying issue is that ssh is already on, and I'm logged in 
via it.
  And that makes the service restart of the ssh socket which was added break.

  Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create 
listening socket ([::]:22): Address already in use
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive 
listening socket ([::]:22): Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to listen on 
sockets: Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed with result 
'resources'.

  
  Now, whichever it is, it is hard to resolve.
  The only way to get the socket to own it would be rebooting so that sshd lets 
go and systemd can take over.
  I could reboot, but that is not the point.
  What if I'd want to get the service and upgrade completed before reboot.
  Because as of now dpkg considers the system unhappy, and that would usually 
be a sign for "better not reboot before being resolved" to me.

  One thing though, I have not upgraded with do-release-upgrade - would
  we / do we have magic there to make the ssh socket activation
  transition smoother?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2004551/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2027712] Re: Switch from usrmerge to usr-is-merged

[Christian Ehrhardt ]

FYI Change of the way this shall be tackled.

Per Steves very helpful comment in the MR to the seeds:
"I don't think we want either of these packages in main. They are transitional 
packages; while the transition is still ongoing in Debian, in Ubuntu the 
transition completed two LTS cycles ago.

We should just patch init-system-helpers in Ubuntu to drop the
dependency which is no longer needed."


@Foundations
I'm adding a task for init-system-helpers to represent the work for that change.

@CPC
The cloud-image tasks can stay to eventually verify that the image builds 
(after that change to init-system-helpers) really have neither installed.

** Also affects: init-system-helpers (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to init-system-helpers in
Ubuntu.
https://bugs.launchpad.net/bugs/2027712

Title:
  Switch from usrmerge to usr-is-merged

Status in cloud-images:
  Confirmed
Status in init-system-helpers package in Ubuntu:
  New

Bug description:
  Last year in Debian we added the 'usr-is-merged' binary package to the
  'usrmerge' source package. Its purpose is to be an empty metapackage
  that simply asserts that the system is usr-merged. This is done via
  the postinst. Contrary to usrmerge, it doesn't ship any additional
  code, perform any additional action or have any additional
  dependencies.

  In Debian, we have an essential package (init-system-helpers) that
  depends on usrmerge | usr-is-merged, so that on upgrade for already
  installed images usrmerge is pulled in and all systems are forcibly
  merged.

  But for new images being built, the boostrap (eg: debootstrap) process
  will instead pull in usr-is-merged, which will save space and reduce
  the overall code footprint.

  The problem in Ubuntu is that while usrmerge is in main, usr-is-merged
  is in universe, so unless the bootstrap tool enables universe for the
  initial bootstrap phase, usrmerge is always pulled in.

  Refs:

  https://packages.ubuntu.com/mantic/usr-is-merged
  https://packages.ubuntu.com/mantic/usrmerge
  https://packages.ubuntu.com/mantic/init-system-helpers

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/2027712/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1815101] Re: [master] Restarting systemd-networkd breaks keepalived, heartbeat, corosync, pacemaker (interface aliases are restarted)

[Christian Ehrhardt ]

** Changed in: keepalived (Ubuntu Xenial)
 Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro)

** Changed in: keepalived (Ubuntu Bionic)
 Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro)

** No longer affects: keepalived (Ubuntu Xenial)

** Changed in: keepalived (Ubuntu Focal)
 Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1815101

Title:
  [master] Restarting systemd-networkd breaks keepalived, heartbeat,
  corosync, pacemaker (interface aliases are restarted)

Status in netplan:
  Triaged
Status in heartbeat package in Ubuntu:
  Won't Fix
Status in keepalived package in Ubuntu:
  In Progress
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  Won't Fix
Status in keepalived source package in Bionic:
  Confirmed
Status in systemd source package in Bionic:
  Fix Released
Status in systemd source package in Disco:
  Won't Fix
Status in systemd source package in Eoan:
  Fix Released
Status in keepalived source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Fix Released

Bug description:
  [impact]

  - ALL related HA software has a small problem if interfaces are being
  managed by systemd-networkd: nic restarts/reconfigs are always going
  to wipe all interfaces aliases when HA software is not expecting it to
  (no coordination between them.

  - keepalived, smb ctdb, pacemaker, all suffer from this. Pacemaker is
  smarter in this case because it has a service monitor that will
  restart the virtual IP resource, in affected node & nic, before
  considering a real failure, but other HA service might consider a real
  failure when it is not.

  [test case]

  - comment #14 is a full test case: to have 3 node pacemaker, in that
  example, and cause a networkd service restart: it will trigger a
  failure for the virtual IP resource monitor.

  - other example is given in the original description for keepalived.
  both suffer from the same issue (and other HA softwares as well).

  [regression potential]

  - this backports KeepConfiguration parameter, which adds some
  significant complexity to networkd's configuration and behavior, which
  could lead to regressions in correctly configuring the network at
  networkd start, or incorrectly maintaining configuration at networkd
  restart, or losing network state at networkd stop.

  - Any regressions are most likely to occur during networkd start,
  restart, or stop, and most likely to involve missing or incorrect ip
  address(es).

  - the change is based in upstream patches adding the exact feature we
  needed to fix this issue & it will be integrated with a netplan change
  to add the needed stanza to systemd nic configuration file
  (KeepConfiguration=)

  [other info]

  original description:
  ---

  Configure netplan for interfaces, for example (a working config with
  IP addresses obfuscated)

  network:
  ethernets:
  eth0:
  addresses: [192.168.0.5/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth2:
  addresses:
    - 12.13.14.18/29
    - 12.13.14.19/29
  gateway4: 12.13.14.17
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth3:
  addresses: [10.22.11.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth4:
  addresses: [10.22.14.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth7:
  addresses: [9.5.17.34/29]
  dhcp4: false
  optional: true
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  version: 2

  Configure keepalived (again, a working config with IP addresses
  obfuscated)

  global_defs   # Block id
  {
  notification_email {
  sysadm...@blah.com
  }
  notification_email_from keepali...@system3.hq.blah.com
  smtp_server 10.22.11.7 # IP
  smtp_connect_timeout 30  # integer, seconds
  router_id system3  # string identifying the machine,
   # (doesn't have to be hostname).
  vrrp_mcast_group4 224.0.0.18 # 

[Touch-packages] [Bug 1815101] Re: [master] Restarting systemd-networkd breaks keepalived, heartbeat, corosync, pacemaker (interface aliases are restarted)

[Christian Ehrhardt ]

** Changed in: keepalived (Ubuntu)
 Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1815101

Title:
  [master] Restarting systemd-networkd breaks keepalived, heartbeat,
  corosync, pacemaker (interface aliases are restarted)

Status in netplan:
  Triaged
Status in heartbeat package in Ubuntu:
  Won't Fix
Status in keepalived package in Ubuntu:
  In Progress
Status in systemd package in Ubuntu:
  Fix Released
Status in keepalived source package in Xenial:
  Confirmed
Status in systemd source package in Xenial:
  Won't Fix
Status in keepalived source package in Bionic:
  Confirmed
Status in systemd source package in Bionic:
  Fix Released
Status in systemd source package in Disco:
  Won't Fix
Status in systemd source package in Eoan:
  Fix Released
Status in keepalived source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Fix Released

Bug description:
  [impact]

  - ALL related HA software has a small problem if interfaces are being
  managed by systemd-networkd: nic restarts/reconfigs are always going
  to wipe all interfaces aliases when HA software is not expecting it to
  (no coordination between them.

  - keepalived, smb ctdb, pacemaker, all suffer from this. Pacemaker is
  smarter in this case because it has a service monitor that will
  restart the virtual IP resource, in affected node & nic, before
  considering a real failure, but other HA service might consider a real
  failure when it is not.

  [test case]

  - comment #14 is a full test case: to have 3 node pacemaker, in that
  example, and cause a networkd service restart: it will trigger a
  failure for the virtual IP resource monitor.

  - other example is given in the original description for keepalived.
  both suffer from the same issue (and other HA softwares as well).

  [regression potential]

  - this backports KeepConfiguration parameter, which adds some
  significant complexity to networkd's configuration and behavior, which
  could lead to regressions in correctly configuring the network at
  networkd start, or incorrectly maintaining configuration at networkd
  restart, or losing network state at networkd stop.

  - Any regressions are most likely to occur during networkd start,
  restart, or stop, and most likely to involve missing or incorrect ip
  address(es).

  - the change is based in upstream patches adding the exact feature we
  needed to fix this issue & it will be integrated with a netplan change
  to add the needed stanza to systemd nic configuration file
  (KeepConfiguration=)

  [other info]

  original description:
  ---

  Configure netplan for interfaces, for example (a working config with
  IP addresses obfuscated)

  network:
  ethernets:
  eth0:
  addresses: [192.168.0.5/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth2:
  addresses:
    - 12.13.14.18/29
    - 12.13.14.19/29
  gateway4: 12.13.14.17
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth3:
  addresses: [10.22.11.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth4:
  addresses: [10.22.14.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth7:
  addresses: [9.5.17.34/29]
  dhcp4: false
  optional: true
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  version: 2

  Configure keepalived (again, a working config with IP addresses
  obfuscated)

  global_defs   # Block id
  {
  notification_email {
  sysadm...@blah.com
  }
  notification_email_from keepali...@system3.hq.blah.com
  smtp_server 10.22.11.7 # IP
  smtp_connect_timeout 30  # integer, seconds
  router_id system3  # string identifying the machine,
   # (doesn't have to be hostname).
  vrrp_mcast_group4 224.0.0.18 # optional, default 224.0.0.18
  vrrp_mcast_group6 ff02::12   # optional, default ff02::12
  enable_traps # enable SNMP traps
  }
  vrrp_sync_group collection {
  group {

[Touch-packages] [Bug 2022927] Re: Busybox mount fails to mount Snaps

[Christian Ehrhardt ]

This is somewhat opinion, so I'm happy to be convinced, but without either
- upstream progress to merge it there
  or
- a good explanation why you think that wouldn't lock us in into hard to 
maintain delta and issues to users
=> This won't be uploaded IMHO.

When that upstream response or explanation is ready please post it and
subscribe ubuntu-sponsors again.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/2022927

Title:
  Busybox mount fails to mount Snaps

Status in busybox package in Ubuntu:
  New

Bug description:
  Snapd tries to mount squashfs Snaps with non-standard mount flags like
  "x-gdu.hide" and "x-gvfs-hide", both of which are used to indicate to
  userspace programs that a given mount should not be shown in a list of
  mounted partitions/filesystems. Busybox does not support these flags,
  and so fails with "Invalid argument".

  $ sudo busybox mount -t tmpfs -o x-gdu-hide test /tmp/test
  mount: mounting test on /tmp/test failed: Invalid argument

  These flags can likely be be safely ignored, as they don't actually
  affect the functionality of the mount. This goes for all mount options
  starting with "x-", as these generally denote non-standard mount
  option "extensions".

  I've created a patch against Busybox which adds an optional
  configuration item to ignore all mount options beginning with "x-". An
  additional verbose option has also been added to enable the ability to
  report that the mount flags have been ignored, rather than silently
  ignoring them.

  This is a requirement for a customer project, where we are limited to
  using Busybox (due to coreutils' GPL-3.0 licence) but would also
  require using Snaps like checkbox for testing and verification. This
  was posted on the Busybox mailing list a few months ago
  (http://lists.busybox.net/pipermail/busybox/2023-March/090202.html)
  but patch acceptance there seems to take quite a long time, and we
  need this for the customer.

  A PPA containing the patched Busybox version is available on the
  project's Launchpad team: https://launchpad.net/~nemos-
  team/+archive/ubuntu/ppa

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/2022927/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2022927] Re: Busybox mount fails to mount Snaps

[Christian Ehrhardt ]

Debian is at 1.36 already, but without your change landing upstream that
doesn't help us :-/ (This was released before on January 2023 anyway)

The upstream contribubution was nice, but stalled with 
http://lists.busybox.net/pipermail/busybox/2023-March/090211.html
It didn't come up again in April-June :-/
Was there any follow up to avoid this being Ubuntu delta forever?

Especially with something that changes behavior so that e.g. guides and howtos 
would behave differently between linux variants you'd usually want upstreams 
buy-in to avoid maintenance nightmare.
Would you mind following up with them and summarizing here about that progress 
to get it upstream?

P.S. by now you might want to set "mantic" in your debdiff changelog
stanza as that is what someone will eventually sponsor it to.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/2022927

Title:
  Busybox mount fails to mount Snaps

Status in busybox package in Ubuntu:
  New

Bug description:
  Snapd tries to mount squashfs Snaps with non-standard mount flags like
  "x-gdu.hide" and "x-gvfs-hide", both of which are used to indicate to
  userspace programs that a given mount should not be shown in a list of
  mounted partitions/filesystems. Busybox does not support these flags,
  and so fails with "Invalid argument".

  $ sudo busybox mount -t tmpfs -o x-gdu-hide test /tmp/test
  mount: mounting test on /tmp/test failed: Invalid argument

  These flags can likely be be safely ignored, as they don't actually
  affect the functionality of the mount. This goes for all mount options
  starting with "x-", as these generally denote non-standard mount
  option "extensions".

  I've created a patch against Busybox which adds an optional
  configuration item to ignore all mount options beginning with "x-". An
  additional verbose option has also been added to enable the ability to
  report that the mount flags have been ignored, rather than silently
  ignoring them.

  This is a requirement for a customer project, where we are limited to
  using Busybox (due to coreutils' GPL-3.0 licence) but would also
  require using Snaps like checkbox for testing and verification. This
  was posted on the Busybox mailing list a few months ago
  (http://lists.busybox.net/pipermail/busybox/2023-March/090202.html)
  but patch acceptance there seems to take quite a long time, and we
  need this for the customer.

  A PPA containing the patched Busybox version is available on the
  project's Launchpad team: https://launchpad.net/~nemos-
  team/+archive/ubuntu/ppa

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/2022927/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1815101] Re: [master] Restarting systemd-networkd breaks keepalived, heartbeat, corosync, pacemaker (interface aliases are restarted)

[Christian Ehrhardt ]

Marking todo to recheck how the situation is today.

** Tags removed: server-triage-discuss
** Tags added: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1815101

Title:
  [master] Restarting systemd-networkd breaks keepalived, heartbeat,
  corosync, pacemaker (interface aliases are restarted)

Status in netplan:
  Triaged
Status in heartbeat package in Ubuntu:
  Won't Fix
Status in keepalived package in Ubuntu:
  In Progress
Status in systemd package in Ubuntu:
  Fix Released
Status in keepalived source package in Xenial:
  Confirmed
Status in systemd source package in Xenial:
  Won't Fix
Status in keepalived source package in Bionic:
  Confirmed
Status in systemd source package in Bionic:
  Fix Released
Status in systemd source package in Disco:
  Won't Fix
Status in systemd source package in Eoan:
  Fix Released
Status in keepalived source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Fix Released

Bug description:
  [impact]

  - ALL related HA software has a small problem if interfaces are being
  managed by systemd-networkd: nic restarts/reconfigs are always going
  to wipe all interfaces aliases when HA software is not expecting it to
  (no coordination between them.

  - keepalived, smb ctdb, pacemaker, all suffer from this. Pacemaker is
  smarter in this case because it has a service monitor that will
  restart the virtual IP resource, in affected node & nic, before
  considering a real failure, but other HA service might consider a real
  failure when it is not.

  [test case]

  - comment #14 is a full test case: to have 3 node pacemaker, in that
  example, and cause a networkd service restart: it will trigger a
  failure for the virtual IP resource monitor.

  - other example is given in the original description for keepalived.
  both suffer from the same issue (and other HA softwares as well).

  [regression potential]

  - this backports KeepConfiguration parameter, which adds some
  significant complexity to networkd's configuration and behavior, which
  could lead to regressions in correctly configuring the network at
  networkd start, or incorrectly maintaining configuration at networkd
  restart, or losing network state at networkd stop.

  - Any regressions are most likely to occur during networkd start,
  restart, or stop, and most likely to involve missing or incorrect ip
  address(es).

  - the change is based in upstream patches adding the exact feature we
  needed to fix this issue & it will be integrated with a netplan change
  to add the needed stanza to systemd nic configuration file
  (KeepConfiguration=)

  [other info]

  original description:
  ---

  Configure netplan for interfaces, for example (a working config with
  IP addresses obfuscated)

  network:
  ethernets:
  eth0:
  addresses: [192.168.0.5/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth2:
  addresses:
    - 12.13.14.18/29
    - 12.13.14.19/29
  gateway4: 12.13.14.17
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth3:
  addresses: [10.22.11.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth4:
  addresses: [10.22.14.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth7:
  addresses: [9.5.17.34/29]
  dhcp4: false
  optional: true
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  version: 2

  Configure keepalived (again, a working config with IP addresses
  obfuscated)

  global_defs   # Block id
  {
  notification_email {
  sysadm...@blah.com
  }
  notification_email_from keepali...@system3.hq.blah.com
  smtp_server 10.22.11.7 # IP
  smtp_connect_timeout 30  # integer, seconds
  router_id system3  # string identifying the machine,
   # (doesn't have to be hostname).
  vrrp_mcast_group4 224.0.0.18 # optional, default 224.0.0.18
  vrrp_mcast_group6 ff02::12   # optional, default ff02::12
  enable_traps # enable SNMP traps
  }
  vrrp_sync_group 

[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite

[Christian Ehrhardt ]

There has been not further update for too long, for now we consider it invalid.
Feel free to re-open if there is effort backing it up and motivation to bring 
it to main.

** Changed in: opensc (Ubuntu)
   Status: Incomplete => Invalid

** Changed in: pcsc-lite (Ubuntu)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559

Title:
  [MIR] ccid opensc pcsc-lite

Status in ccid package in Ubuntu:
  In Progress
Status in opensc package in Ubuntu:
  Invalid
Status in pam-pkcs11 package in Ubuntu:
  Invalid
Status in pcsc-lite package in Ubuntu:
  Invalid
Status in pcsc-perl package in Ubuntu:
  Invalid
Status in pcsc-tools package in Ubuntu:
  Invalid

Bug description:
  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.

  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.

  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465

  Has a debian/watch file.
  Quilt packaging.

  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13

  [Dependencies]
  Minimal dependencies, in main

  [Standards compliance]
  Appears to satisfy FHS and Debian policy

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.

  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.

  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.

  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.

  Quilt packaging.

  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.

  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.

  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.

  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.

  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.

  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems funny all the same.

  Otherwise appears to 

[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)

[Christian Ehrhardt ]

** Merge proposal linked:
   
https://code.launchpad.net/~mirespace/ubuntu/+source/dnsmasq/+git/dnsmasq/+merge/442007

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2015562

Title:
  Segfault in dnsmasq when using certain static domain entries + DoH
  (bugfix possibly exists upstream)

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Jammy:
  In Progress

Bug description:
  Hi folks,

  I've been using dnsmasq for my home DNS needs, which includes
  returning null entries for certain domain queries. The specific case
  in which I found this segfault was returning null  records for
  Netflix (to ensure Netflix does not try to use my IPv6 tunnel to
  egress traffic through).

  I've been using very simple configuration snippet to achieve this,
  this is attached as netflix-nov6.conf (the full file contains more
  entries).

  Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept
  segfaulting at random occasions. I also attempted do an apt
  update&, but there are no newer versions of this package
  available.

  Further research into this issue showed that a surefire way to trigger
  this segfault was to go to a website blocked via this method (for
  testing purposes, a dig query works quite well). The segfault can be
  reproduced reliably, and always occurs after one or a few queries
  towards the "blocked" domain entries.

  I found a commit in the upstream dnsmasq git repo which seems to fix this 
issue, the fix made it into 2.87:
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b

  Would it be possible to backport this into the version used in the
  current LTS Ubuntu release? Thanks!

  --

  $ lsb_release -d
  Description:  Ubuntu 22.04.2 LTS
  $ apt-cache policy dnsmasq
  dnsmasq:
    Installed: 2.86-1.1ubuntu0.2
    Candidate: 2.86-1.1ubuntu0.2
    Version table:
   *** 2.86-1.1ubuntu0.2 500
  500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 
Packages
  100 /var/lib/dpkg/status
   2.86-1.1ubuntu0.1 500
  500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 
Packages
   2.86-1.1 500
  500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages

  --

  Excerpt from the dnsmasq logs, with debugging enabled, after I loaded 
fast.com:
  Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and 
caching DNS server.
  Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] 
fast.dradis.netflix.com from 192.168.10.82
  Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network 
error)
  Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] 
ichnaea-web.netflix.com from 192.168.10.82
  Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, 
code=dumped, status=11/SEGV
  Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 
'core-dump'.

  Core dump is also attached.

  Reproduction steps:
  - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 
2.86)
  - 1.5. Configure one or multiple DNS servers for dnsmasq
  - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/
  - 3. Restart/reload dnsmasq
  - 3.5 Verify that dnsmasq resolves domains correctly:

  root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1
  185.125.190.21
  185.125.190.20
  185.125.190.29
  root@budgie:~# dig +short -t ubuntu.com @127.0.0.1
  2620:2d:4000:1::28
  2620:2d:4000:1::26
  2620:2d:4000:1::27

  - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards
  the dnsmasq server once or twice:

  root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1
  root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1
  ;; communications error to 127.0.0.1#53: timed out
  ;; communications error to 127.0.0.1#53: connection refused
  ;; communications error to 127.0.0.1#53: connection refused
  ;; no servers could be reached

  - 5. Check logs to verify segfault:

  Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and 
caching DNS server.
  Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 
127.0.0.1
  Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network 
error)
  Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 
127.0.0.1
  Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, 
code=dumped, status=11/SEGV
  Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 
'core-dump'.

  --
  netflix-nov6.conf:
  # Null  response on these domains
  server=/netflix.com/#
  address=/netflix.com/::
  server=/netflix.net/#
  address=/netflix.net/::
  server=/nflxext.com/#
  address=/nflxext.com/::

To manage notifications about this bug go to:

[Touch-packages] [Bug 2019424] Re: Heimdal can be synced

[Christian Ehrhardt ]

@Steve / @Vorlon

As outlined above we still can't see the diff in dependencies due to LTO.
But I'm sure you have seen it or you wouldn't have said so and we want to spot 
where in our work the mistake was ...
Therefore let me ask - was that a local build that you did or is that somewhere 
we could have a look at for comparison?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/2019424

Title:
  Heimdal can be synced

Status in heimdal package in Ubuntu:
  Confirmed

Bug description:
  After heimdal merge process, I was trying to figure out if the delta that is 
still not dropped is required or not.
  So, to test it, I have created 2 PPAs, one in which lto is disabled, and the 
second one, where the lto is enabled. I have built them and downloaded the debs 
for i386 and amd64.
  Then I have compared amd64 deb from PPA1 with amd64 deb from PPA2. The same 
story with i386. The binary dependencies were identical. There is no difference 
between the files. So in that case, the delta can possibly be dropped.

  The package has already been merged again, with the change:

  heimdal (7.8.git20221117.28daf24+dfsg-2ubuntu1) mantic; urgency=low

    * Merge from Debian unstable. Remaining changes:
  - d/rules: Disable lto, to regain dep on roken, otherwise
    dependencies on amd64 are different than i386 resulting in
    different files on amd64 and i386.

   -- Steve Langasek  Tue, 02 May 2023
  09:56:10 +0200

  heimdal (7.8.git20221117.28daf24+dfsg-1ubuntu1) lunar; urgency=low

    * Merge from Debian unstable. Remaining changes:
  - d/rules: Disable lto, to regain dep on roken, otherwise
    dependencies on amd64 are different than i386 resulting in
    different files on amd64 and i386.
    (LP #1934936)

   -- Steve Langasek  Tue, 24 Jan 2023
  19:14:54 -0800

  Due to this, syncpackage doesn't run.
  The package can be sync'd next time it comes up.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/2019424/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2019424] Re: Heimdal can be synced

[Christian Ehrhardt ]

Hmm - odd,
Michal has checked the files and the build logs as he outlined above.
And in addition to all those checks being done, if we just grep for all final 
dependencies and compare there is no difference (other than a glibc min version 
level).

I know names are not too helpful:
- ~ppa1 = LTO-off
- ~ppa2 = LTO-on

This compares amd64 vs i386 without LTO enabled

$ grep "Depends" 
buildlog_ubuntu-lunar-amd64.heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2_BUILDING.txt
  > amd64.deps
$ grep "Depends" 
buildlog_ubuntu-lunar-i386.heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2_BUILDING.txt
  > i386.deps
$ diff -Naur amd64.deps i386.deps
--- amd64.deps  2023-05-16 10:18:49.754334825 +0200
+++ i386.deps   2023-05-16 10:18:51.106344323 +0200
@@ -8,10 +8,10 @@
  Depends: debconf (>= 0.5.00) | debconf-2.0, heimdal-clients, krb5-config, 
lsb-base, openbsd-inetd | inet-superserver, libasn1-8-heimdal (>= 
1.4.0+git20110226), libc6 (>= 2.34), libcap-ng0 (>= 0.7.9), libgssapi3-heimdal 
(>= 1.4.0+git20110226), libhcrypto5-heimdal (>= 1.4.0+git20110226), 
libhdb9-heimdal (>= 1.6~git20131117), libheimntlm0-heimdal (>= 
1.4.0+git20110226), libkadm5srv8-heimdal (>= 7.8.git20221115.a6cf945+dfsg), 
libkdc2-heimdal (>= 1.4.0+git20110226), libkrb5-26-heimdal (>= 
1.7~git20160418), libroken19-heimdal (>= 1.7~git20150920), libsl0-heimdal (>= 
1.4.0+git20110226)
  Depends: comerr-dev, libasn1-8-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libgssapi3-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libhcrypto5-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libhdb9-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libheimbase1-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libhx509-5-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkadm5clnt7-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkadm5srv8-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkafs0-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkdc2-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkrb5-26-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libwind0-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libotp0-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libsl0-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libc6 (>= 2.34), libcom-err2 (>= 
1.43.9), libroken19-heimdal (>= 1.4.0+git20110226)
  Depends: krb5-config, openbsd-inetd | inet-superserver, libc6 (>= 2.34), 
libkrb5-26-heimdal (>= 1.4.0+git20110226), libroken19-heimdal (>= 
1.4.0+git20110226)
- Depends: libc6 (>= 2.14), libcom-err2 (>= 1.43.9), libroken19-heimdal (>= 
1.4.0+git20110226)
+ Depends: libc6 (>= 2.8), libcom-err2 (>= 1.43.9), libroken19-heimdal (>= 
1.4.0+git20110226)
  Depends: libasn1-8-heimdal (>= 1.4.0+git20110226), libc6 (>= 2.34), 
libcom-err2 (>= 1.43.9), libhcrypto5-heimdal (>= 1.4.0+git20110226), 
libheimntlm0-heimdal (>= 1.4.0+git20110226), libkrb5-26-heimdal (>= 
1.6~git20131117), libroken19-heimdal (>= 1.7~git20150920)
  Depends: libasn1-8-heimdal (>= 1.4.0+git20110226), libc6 (>= 2.36), 
libheimbase1-heimdal (>= 1.4.0+git20110226), libroken19-heimdal (>= 
1.7~git20150920)
- Depends: libasn1-8-heimdal (>= 1.6~git20120311g), libc6 (>= 2.14), 
libcom-err2 (>= 1.43.9), libdb5.3, libkrb5-26-heimdal (>= 1.7~git20161112), 
libldap2 (>= 2.6.2), libroken19-heimdal (>= 1.7~git20150920), libsqlite3-0 (>= 
3.5.9)
+ Depends: libasn1-8-heimdal (>= 1.6~git20120311g), libc6 (>= 2.8), libcom-err2 
(>= 1.43.9), libdb5.3, libkrb5-26-heimdal (>= 1.7~git20161112), libldap2 (>= 
2.6.2), libroken19-heimdal (>= 1.7~git20150920), libsqlite3-0 (>= 3.5.9)
  Depends: libc6 (>= 2.34)
  Depends: libc6 (>= 2.4), libhcrypto5-heimdal (>= 1.4.0+git20110226), 
libkrb5-26-heimdal (>= 1.4.0+git20110226), libroken19-heimdal (>= 
1.7~git20150920), libwind0-heimdal (>= 1.4.0+git20110226)
  Depends: libasn1-8-heimdal (>= 1.4.0+git20110226), libc6 (>= 2.34), 
libcom-err2 (>= 1.43.9), libhcrypto5-heimdal (>= 1.4.0+git20110226), 
libheimbase1-heimdal (>= 1.6~git20131117), libroken19-heimdal (>= 
1.7~git20150920), libwind0-heimdal (>= 1.4.0+git20110226)
@@ -23,4 +23,4 @@
  Depends: libc6 (>= 2.33), libdb5.3, libhcrypto5-heimdal (>= 1.4.0+git20110226)
  Depends: libc6 (>= 2.36), libcrypt1 (>= 1:4.1.0)
  Depends: libc6 (>= 2.11), libedit2 (>= 2.11-20080614-0)
- Depends: libc6 (>= 2.14), libcom-err2 (>= 1.43.9)
+ Depends: libc6 (>= 2.4), libcom-err2 (>= 1.43.9)


And checking the PPAs build if LTO was really back on I indeed see "... 
-ffat-lto-objects ..." used in
https://launchpadlibrarian.net/646899573/buildlog_ubuntu-lunar-amd64.heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2_BUILDING.txt.gz

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/2019424

Title:
  Heimdal can be synced

Status in heimdal package in Ubuntu:
  Confirmed

Bug description:
  After 

[Touch-packages] [Bug 1641272] Re: Debug symbols package doesnt exist

[Christian Ehrhardt ]

Jorge very likely doesn't work on this anymore, so much time has passed.
The assignment created wrong expectations, let us unassign it to reflect that.

Also this isn't ubuntu specific, if tackled it should be done together with 
Debian
which has this bug as well 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844989

** Bug watch added: Debian Bug tracker #844989
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844989

** Changed in: dnsmasq (Ubuntu)
 Assignee: Jorge Niedbalski (niedbalski) => (unassigned)

** Also affects: dnsmasq (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844989
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1641272

Title:
  Debug symbols package doesnt exist

Status in dnsmasq package in Ubuntu:
  New
Status in dnsmasq package in Debian:
  Unknown

Bug description:
  On Yakkety with ddebs repos enabled there is no debug packages for
  dnsmasq

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1641272/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d

[Christian Ehrhardt ]

FYI: might be related (or even dup) of bug 2002994

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2012298

Title:
  PasswordAuthenticaion in sshd_config.d

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Confirmed

Bug description:
  The stanza
  Match User 
PasswordAuthentication no

  in /etc/ssh/sshd_config works as expected.

  The same stanza in /etc/ssh/sshd_config.d/username.conf does not work.

  The Include in /etc/ssh/sshd_config is not commented out, and

  /usr/sbin/sshd -D -ddd

  shows the username.config file being parsed.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.5
  ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210
  Uname: Linux 5.4.0-131-generic x86_64
  NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal 
falcon_lsm_pinned_14713
  ApportVersion: 2.20.11-0ubuntu27.25
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Mon Mar 20 13:34:14 2023
  InstallationDate: Installed on 2022-11-04 (136 days ago)
  InstallationMedia:
   
  SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with 
exit code 127: pkexec must be setuid root
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2000739] Re: Window actions (like maximize) no more work in wayland for QEMU using GTK backend once the guest UI is intialized.

[Christian Ehrhardt ]

** Also affects: gtk+3.0 (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/2000739

Title:
  Window actions (like maximize) no more work in wayland for QEMU using
  GTK backend once the guest UI is intialized.

Status in gtk+3.0 package in Ubuntu:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  Window actions (like maximize) no more work in wayland for QEMU using
  GTK backend once the guest UI is intialized.

  This can be seen by running an installed or even a trial Ubuntu from
  an ISO like:

  $ qemu-system-x86_64 \
    -boot d \
    -cdrom ubuntu-22.04.1-desktop-amd64.iso \
    -m 4096M \
    -machine type=q35,accel=kvm \
    -cpu host \
    -smp 2 \
    -device qxl-vga

  The GTK UI of qemu has a feature called "fullscreen" which disables
  the screen decorations and sets the window to maximize. The
  decorations go away, but maximize doesn't work.

  
  The following details were found so far:
  - running with GDK_BACKEND=x11 works
  - using sdl instead of gtk backend works
  - using the old qemu of Focal, or the newest from upstream git in jammy all 
fails (no qemu change AFAICS)
  - host UI widgets (the square at the window top) do not work either
  - hotkeys (super-up) do not work either

  It seems that once the guest has enabled the desktop something changes
  and the maximize/minimize/... actions are no more processed. Not sure
  were to debug next in regard to the gnome/wayland UI handling of this
  - any idea?

  P.S. We can reproduce this in git builds of qemu, so we can debug of
  modify the code as needed. The code for this is mostly in [1]

  [1]: https://gitlab.com/qemu-project/qemu/-/blob/master/ui/gtk.c

  --- original report ---

  Running QEMU version 4.2.1 on Ubuntu 20.04 via

  qemu-system-x86_64 \
    -boot d \
    -cdrom ubuntu-22.04.1-desktop-amd64.iso \
    -m 4096M \
    -machine type=q35,accel=kvm \
    -cpu host \
    -smp 2 \
    -device qxl-vga

  and pressing ctrl+alt+f after booting the Ubuntu 22.04 live ISO and
  adjusting the display resolution to match the native resolution, works
  as expected, i.e., the VM screen is correctly displayed in fullscreen.

  However, after running the same command for QEMU version 6.2.0 on
  Ubuntu 22.04 and pressing ctrl+alt+f after making the resolution
  adjustment, yields a fullscreen view where the space occupied by the
  GNOME top bar (top panel with date in center) of the host is not used.
  The top bar itself is not visible but instead the purple background is
  shown where the top bar resides.

  The problem also occurs when replacing '-device qxl-vga' by '-device
  VGA,vgamem_mb=64'. The problem however does not occur when using
  '-device virtio-vga'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/2000739/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1967593] Re: kernel modules going missing after reboot

[Christian Ehrhardt ]

** Changed in: cloud-initramfs-tools (Ubuntu)
 Assignee: (unassigned) => Dave Jones (waveform)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1967593

Title:
  kernel modules going missing after reboot

Status in cloud-initramfs-tools package in Ubuntu:
  Confirmed
Status in linux-kvm package in Ubuntu:
  New
Status in linux-lowlatency package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  New

Bug description:
  EDIT: There are no accurate results in the package search, but it is
  for the kernel shown below Linux 5.15.0-23-generic x86_64. Also for
  the low latency kernel and other versions 5.4, 5.13, 5.14, 5.17. So it
  is not kernel specific. It must be a problem with configuration, but
  reinstalling doesnt fix it.

  EDIT2: it turns out this is caused by the cloud-initramfs-copymods
  package mounting over modules locations. Removed it and reinstalled
  kernel modules package (extras didnt seem necessary, but probably
  prudent too).


  This affects several different kernels I've tried in 22.04.

  This post basically sums it up:
  
https://unix.stackexchange.com/questions/405146/removed-lib-modules-folder-after-every-reboot
  detailed answer: https://unix.stackexchange.com/a/499580/346155

  And this one from upgrading from 20.04 to 22.04:
  
https://askubuntu.com/questions/1400470/kernel-module-not-getting-installed-after-upgrade

  Basically, for some reason the kernel modules are being mounted over
  after reboot.

  My image was built on top of a cloud-init image, but removing the recommeded 
package "cloud-initramfs-copymods" that mounts over modules didnt work for me. 
Adding the snd_hda_intel module to the boot config /etc/initramfs-tools/modules 
did fix my issue for this module. But how many others will not be available?
  ---
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  user   2189 F pulseaudio
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 22.04
  IwConfig:
   lono wireless extensions.

   enp1s0no wireless extensions.

   virbr0no wireless extensions.
  Lsusb:
   Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  Lsusb-t:
   /:  Bus 04.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
   /:  Bus 03.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
   /:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
   /:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M
   |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 
480M
  MachineType: QEMU Standard PC (Q35 + ICH9, 2009)
  Package: linux (not installed)
  ProcFB: 0 virtio_gpudrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-23-generic 
root=UUID=5d51cbd2-a1de-48f6-b8b6-00709c787fa0 ro
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  RelatedPackageVersions:
   linux-restricted-modules-5.15.0-23-generic N/A
   linux-backports-modules-5.15.0-23-generic  N/A
   linux-firmware 20220329.git681281e4-0ubuntu1
  RfKill:

  Tags:  jammy uec-images
  Uname: Linux 5.15.0-23-generic x86_64
  UpgradeStatus: Upgraded to jammy on 2022-04-01 (1 days ago)
  UserGroups: libvirt sudo
  WifiSyslog:

  _MarkForUpload: True
  dmi.bios.date: 04/01/2014
  dmi.bios.release: 0.0
  dmi.bios.vendor: SeaBIOS
  dmi.bios.version: 1.13.0-1ubuntu1.1
  dmi.chassis.type: 1
  dmi.chassis.vendor: QEMU
  dmi.chassis.version: pc-q35-4.2
  dmi.modalias: 
dmi:bvnSeaBIOS:bvr1.13.0-1ubuntu1.1:bd04/01/2014:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-4.2:cvnQEMU:ct1:cvrpc-q35-4.2:sku:
  dmi.product.name: Standard PC (Q35 + ICH9, 2009)
  dmi.product.version: pc-q35-4.2
  dmi.sys.vendor: QEMU
  ---
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  user   2189 F pulseaudio
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 22.04
  IwConfig:
   lono wireless extensions.

   enp1s0no wireless extensions.

   virbr0no wireless extensions.
  Lsusb:
   Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  Lsusb-t:
   /:  Bus 04.Port 1: Dev 1, 

[Touch-packages] [Bug 1981697] Re: KDC: weak crypto in default settings

[Christian Ehrhardt ]

** Changed in: krb5 (Ubuntu Jammy)
 Assignee: (unassigned) => Andreas Hasenack (ahasenack)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1981697

Title:
  KDC: weak crypto in default settings

Status in krb5 package in Ubuntu:
  Fix Released
Status in krb5 source package in Jammy:
  Triaged
Status in krb5 source package in Kinetic:
  Fix Released
Status in krb5 package in Debian:
  Fix Released

Bug description:
  Default setting in /etc/krb5kdc/kdc.conf, as installed from krb5-kdc in 
Ubuntu 22.04 Server:
  master_key_type = des3-hmac-sha1

  3DES was deprecated by NIST in 2017, i.e. give years ago! Reference:
  https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-
  of-TDEA . This should not be a default since a very long time, and
  particularly not for new installations. If a compatibility with out-
  of-date installations is necessary, this should be explicitly made be
  the administrator.

  SHA-1 was deprecated as well, in 2011, i.e. eleven years ago!
  Reference:
  https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-131a.pdf
  .

  A reasonable default would probably be:
  master_key_type = aes256-cts-hmac-sha384-192

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: krb5-kdc 1.19.2-2
  ProcVersionSignature: Ubuntu 5.15.0-40.43-generic 5.15.35
  Uname: Linux 5.15.0-40-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Thu Jul 14 12:34:22 2022
  InstallationDate: Installed on 2022-05-30 (45 days ago)
  InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220421)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_IE.UTF-8
   SHELL=/bin/bash
  SourcePackage: krb5
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1981697/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1993387] Re: Merge bridge-utils from Debian unstable for lunar

[Christian Ehrhardt ]

This was done by Graham Inggs in
https://launchpad.net/ubuntu/+source/bridge-utils/1.7.1-1ubuntu1 and no
other merge was needed.

 bridge-utils | 1.7.1-1ubuntu1 | lunar   | source, amd64, arm64, armhf,
ppc64el, riscv64, s390x

=> Done (and thanks Graham)

** Changed in: bridge-utils (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bridge-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1993387

Title:
  Merge bridge-utils from Debian unstable for lunar

Status in bridge-utils package in Ubuntu:
  Fix Released

Bug description:
  Scheduled-For: ubuntu-22.12
  Upstream: 1.7.1
  Debian:   1.7-2
  Ubuntu:   1.7-1ubuntu3

  ### New Debian Changes ###

  bridge-utils (1.7-2) unstable; urgency=medium

* Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils
  to stop disabling IPv6 on physical interfaces of vlan ports if set to no. 
  Closes: #989162.
* Update interfaces man page, IPv6 works with STP on after DAD was fixed.
  Closes: #980507.
* Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627.
* Update NEWS file to fix us blaming the kernel for the MAC address
  selection that is really overridden by systemd.

   -- Santiago García Mantiñán   Mon, 03 Oct 2022
  23:11:46 +0200

  
  ### Old Ubuntu Delta ###

  bridge-utils (1.7-1ubuntu3) jammy; urgency=medium

    * No-change rebuild for ppc64el baseline bump.

   -- Łukasz 'sil2100' Zemczak   Wed, 23 Mar
  2022 10:44:35 +0100

  bridge-utils (1.7-1ubuntu2) impish; urgency=medium

    * No-change rebuild to build packages with zstd compression.

   -- Matthias Klose   Thu, 07 Oct 2021 12:09:41 +0200

  bridge-utils (1.7-1ubuntu1) impish; urgency=low

    * Merge from Debian unstable. Remaining changes:
  - Don't call ifup from bridge-network-interface, instead just call brctl
    and let udev/upstart bring the interface up.
  - debian/ifupdown.sh: Handle bridge params which use port and value
  - debian/bridge-utils-interface.5:
    + Update max, default value for path cost
    + Update unsettable gcint value for newer kernels

   -- Steve Langasek   Wed, 17 Mar 2021
  12:32:22 -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bridge-utils/+bug/1993387/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2008465] Re: apt repository broken when having only jammy and jammy-security apt-repos enabled

[Christian Ehrhardt ]

Hey,
it turns out this worked for most people but if you go into enough detail they 
start to disagree.
This was discussed [1], got "no it is not supported" [2] and people saying "yes 
we do" [3] and some people stating what I'd have expected [4] to be related to 
only-auto-update.

But no matter which is entirely true, this needs to be sorted out and 
documented better.
As well as then been made part of some testing and more considerations.
I'll try to organize a meeting at the next sprint with the right people.

Until then this isn't really an openldap question, it is more a release-
team tasks on documentation. Depending where the discussion ends it
might be something entirely else eventually, but for now that at least
represents the state better.

[1]: https://irclogs.ubuntu.com/2023/03/01/%23ubuntu-release.html#t18:33
[2]: https://irclogs.ubuntu.com/2023/03/01/%23ubuntu-release.html#t18:38
[3]: https://irclogs.ubuntu.com/2023/03/01/%23ubuntu-release.html#t18:49
[4]: https://irclogs.ubuntu.com/2023/03/01/%23ubuntu-release.html#t19:05

** Also affects: ubuntu-docs
   Importance: Undecided
   Status: New

** Tags removed: server-triage-discuss

** Changed in: ubuntu-docs
 Assignee: (unassigned) => Ubuntu Release Team (ubuntu-release)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2008465

Title:
  apt repository broken when having only jammy and jammy-security apt-
  repos enabled

Status in Ubuntu:
  New

Bug description:
  Having installed Ubuntu 22 server from server-live-cd 
https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso
  (md5sum e8d2a77c51b599c10651608a5d8c286f)

  without network connection to internet (so no connection to ubuntu apt
  repositories). After offline installation completed, we remove the
  "jammy-updates" from the /etc/apt/sources.list so it looks like so:

  # cat /etc/apt/sources.list
  deb http://de.archive.ubuntu.com/ubuntu jammy 
  main restricted universe multiverse
  deb http://de.archive.ubuntu.com/ubuntu jammy-security
  main restricted universe multiverse

  Now we give the host network access and do "apt update" to refresh the
  apt repository.

  We assume that the installed package libldap-2.5-0 version 
2.5.12+dfsg-0ubuntu0.22.04.1
  was installed from the ubuntu installer cd which is a version from 
jammy-updates.

  Now we are unable to install package "ldap-utils" because that depends
  on package libldap-2.5-0 version 2.5.11+dfsg-1~exp1ubuntu3.1 (which is
  older than the offline installed version 2.5.12+dfsg-0ubuntu0.22.04.1)

  # lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:Ubuntu 22.04.1 LTS
  Release:22.04
  Codename:   jammy

  # apt-cache policy libldap-2.5-0
  libldap-2.5-0:
    Installed: 2.5.12+dfsg-0ubuntu0.22.04.1
    Candidate: 2.5.12+dfsg-0ubuntu0.22.04.1
    Version table:
   *** 2.5.12+dfsg-0ubuntu0.22.04.1 100
  100 /var/lib/dpkg/status
   2.5.11+dfsg-1~exp1ubuntu3.1 500
  500 http://de.archive.ubuntu.com/ubuntu jammy-security/main amd64 
Packages
   2.5.11+dfsg-1~exp1ubuntu3 500
  500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

  # apt install --simulate ldap-utils
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:
  The following packages have unmet dependencies:
   ldap-utils : Depends: libldap-2.5-0 (= 2.5.11+dfsg-1~exp1ubuntu3.1) but 
2.5.12+dfsg-0ubuntu0.22.04.1 is to be installed
  E: Unable to correct problems, you have held broken packages.

  --
  The problem is solved when adding line

  deb http://de.archive.ubuntu.com/ubuntu jammy-updates
  main restricted universe multiverse

  to /etc/apt/sources.list

  But we want _only_ security updates, to keep the updates minimal.

  Other workaround is "apt remove libldap-2.5-0", then when installing
  ldap-utils that fetches the older libldap-2.5-0 version
  2.5.11+dfsg-1~exp1ubuntu3.1 and repo is consistent.

  Questions:
  - Can you confirm that the package version from the server-live-cd see above 
is the version from the jammy-updates repository?
  - Do you agree that when the above question is answered yes, having 
jammy-updates apt-repository is mandatory?
  - if jammy-updates repo should be mandatory should this be documented?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2008465/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : 

[Touch-packages] [Bug 2007837] Re: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4

[Christian Ehrhardt ]

** Changed in: rsync (Ubuntu Jammy)
 Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2007837

Title:
  Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix
  available in 3.2.4

Status in rsync package in Ubuntu:
  Fix Released
Status in rsync source package in Jammy:
  Triaged
Status in rsync package in Debian:
  Unknown

Bug description:
  rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling,
  leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04)
  to surface [1].

  It practically makes using BackupPC 3 impossible with clients using
  rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04
  can't be used to back up machines with 22.04 is rather surprising and
  has bitten other users [2].

  It's unclear whether the bug will be fixed in 18.04's and 20.04's
  libfile-rsyncp-perl package (for status, see [3]).

  Because of this, the rsync maintainer has included a patch in 3.2.4
  that fixes this regression [4] (even though not strictly an rsync
  bug). As a result, rsync 3.2.3 is the only affected version, which
  happens to be the one packaged in 22.04.

  This report is to request backporting that fix [4] to Ubuntu 22.04, so
  that things don't silently break in scenarios where the backup server
  is left at 20.04, and some backup clients happen to upgrade to 22.04.

  I'm not sure what the criteria for security releases are, but as the
  issue causes backup denial of service and has easy mitigation, I think
  it would make sense to put it through the security channel.

  [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358
  [2]: 
https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html
  [3]: 
https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833
  [4]: 
https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1647285] Re: SSL trust not system-wide

[Christian Ehrhardt ]

** Tags removed: server-triage-discuss

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1647285

Title:
  SSL trust not system-wide

Status in ca-certificates package in Ubuntu:
  Confirmed
Status in firefox package in Ubuntu:
  Confirmed
Status in nss package in Ubuntu:
  Confirmed
Status in p11-kit package in Ubuntu:
  Fix Released
Status in sssd package in Ubuntu:
  Confirmed
Status in thunderbird package in Ubuntu:
  Confirmed

Bug description:
  When I install a corporate CA trust root with update-ca-certificates,
  it doesn't seem to work everywhere. Various things like Firefox,
  Evolution, Chrome, etc. all fail to trust the newly-installed trusted
  CA.

  This ought to work, and does on other distributions. In p11-kit there
  is a module p11-kit-trust.so which can be used as a drop-in
  replacement for NSS's own libnssckbi.so trust root module, but which
  reads from the system's configured trust setup instead of the hard-
  coded version.

  This allows us to install the corporate CAs just once, and then file a
  bug against any package that *doesn't* then trust them.

  See https://fedoraproject.org/wiki/Features/SharedSystemCertificates
  for some of the historical details from when this feature was first
  implemented, but this is all now supported upstream and not at all
  distribution-specific. There shouldn't be any significant work
  required; it's mostly just a case of configuring and building it to
  make use of this functionality. (With 'alternatives' to let you
  substitute p11-kit-trust.so for the original NSS libnssckbi.so, etc.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1647285/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2004551] Re: upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

[Christian Ehrhardt ]

Thank you Steve, documenting what kind of debug data you'd expect helps
me or anyone else who might run into this next time.

Once I'm done with my current tasks on this system I'll try to redeploy
and re-upgrade to check if it happens again.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  I'm not sure what exactly it is.
  This output complains about rescue-ssh.target and indeed that can not be 
started even directly.

  $ sudo systemctl start rescue-ssh.target
  A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for 
details.

  And in postinst is a try to start it:
  $  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true

  
  But I think the underlying issue is that ssh is already on, and I'm logged in 
via it.
  And that makes the service restart of the ssh socket which was added break.

  Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create 
listening socket ([::]:22): Address already in use
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive 
listening socket ([::]:22): Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to listen on 
sockets: Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed with result 
'resources'.

  
  Now, whichever it is, it is hard to resolve.
  The only way to get the socket to own it would be rebooting so that sshd lets 
go and systemd can take over.
  I could reboot, but that is not the point.
  What if I'd want to get the service and upgrade completed before reboot.
  Because as of now dpkg considers the system unhappy, and that would usually 
be a sign for "better not reboot before being resolved" to me.

  One thing though, I have not upgraded with do-release-upgrade - would
  we / do we have magic there to make the ssh socket activation
  transition smoother?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2004551/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2004551] Re: upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

[Christian Ehrhardt ]

As expected, on reboot all is fine for the service status


ubuntu@node-horsea:~$ systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
 Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
Drop-In: /etc/systemd/system/ssh.service.d
 └─00-socket.conf
 Active: active (running) since Thu 2023-02-02 10:54:40 UTC; 12min ago
TriggeredBy: ● ssh.socket
   Docs: man:sshd(8)
 man:sshd_config(5)
Process: 2689 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 2690 (sshd)
  Tasks: 1 (limit: 38220)
 Memory: 5.3M
CPU: 894ms
 CGroup: /system.slice/ssh.service
 └─2690 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Feb 02 11:06:27 node-horsea sshd[14629]: Accepted publickey for ubuntu from 
10.172.196.173 port 47348 ssh2: RSA 
SHA256:KyONnhWWzlbscZNTHPZ25GWCXDQY5u/UD72EtQcwtqU
Feb 02 11:06:27 node-horsea sshd[14629]: pam_unix(sshd:session): session opened 
for user ubuntu(uid=1000) by (uid=0)
Feb 02 11:06:27 node-horsea sshd[14629]: pam_env(sshd:session): deprecated 
reading of user environment enabled
Feb 02 11:06:58 node-horsea sshd[14735]: Accepted publickey for ubuntu from 
10.172.196.173 port 55016 ssh2: RSA 
SHA256:KyONnhWWzlbscZNTHPZ25GWCXDQY5u/UD72EtQcwtqU
Feb 02 11:06:58 node-horsea sshd[14735]: pam_unix(sshd:session): session opened 
for user ubuntu(uid=1000) by (uid=0)
Feb 02 11:06:59 node-horsea sshd[14735]: pam_env(sshd:session): deprecated 
reading of user environment enabled
Feb 02 11:07:03 node-horsea sshd[14796]: Accepted publickey for ubuntu from 
10.172.196.173 port 57034 ssh2: RSA 
SHA256:KyONnhWWzlbscZNTHPZ25GWCXDQY5u/UD72EtQcwtqU
Feb 02 11:07:03 node-horsea sshd[14796]: pam_unix(sshd:session): session opened 
for user ubuntu(uid=1000) by (uid=0)
Feb 02 11:07:03 node-horsea sshd[14796]: pam_env(sshd:session): deprecated 
reading of user environment enabled
Feb 02 11:07:03 node-horsea sshd[14796]: pam_unix(sshd:session): session closed 
for user ubuntu
ubuntu@node-horsea:~$ systemctl status ssh.socket
● ssh.socket - OpenBSD Secure Shell server socket
 Loaded: loaded (/lib/systemd/system/ssh.socket; enabled; preset: enabled)
 Active: active (running) since Thu 2023-02-02 10:54:21 UTC; 12min ago
  Until: Thu 2023-02-02 10:54:21 UTC; 12min ago
   Triggers: ● ssh.service
 Listen: [::]:22 (Stream)
  Tasks: 0 (limit: 38220)
 Memory: 8.0K
CPU: 894us
 CGroup: /system.slice/ssh.socket

Feb 02 10:54:21 node-horsea systemd[1]: Listening on OpenBSD Secure
Shell server socket.


And out of this condition it can even complete the package
configuration.

ubuntu@node-horsea:~$ sudo dpkg-reconfigure openssh-server
/usr/sbin/dpkg-reconfigure: openssh-server is broken or not fully installed
ubuntu@node-horsea:~$ sudo apt-get install --fix-broken
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up openssh-server (1:9.0p1-1ubuntu8) ...
Replacing config file /etc/ssh/sshd_config with new version
Replacing config file /etc/ssh/sshd_config with new version
Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ssh
Warning: Stopping ssh.service, but it can still be activated by:
  ssh.socket
rescue-ssh.target is a disabled or a static unit not running, not starting it.
ubuntu@node-horsea:~$ echo $?
0

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  New

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg 

[Touch-packages] [Bug 2004551] [NEW] upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

[Christian Ehrhardt ]

Public bug reported:

Hi,
I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

Setting up openssh-server (1:9.0p1-1ubuntu8) ...
Replacing config file /etc/ssh/sshd_config with new version
Replacing config file /etc/ssh/sshd_config with new version
Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ssh
rescue-ssh.target is a disabled or a static unit not running, not starting it.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
dpkg: error processing package openssh-server (--configure):
 installed openssh-server package post-installation script subprocess returned 
error exit status 1
Processing triggers for man-db (2.11.2-1) ...
Processing triggers for libc-bin (2.36-0ubuntu4) ...
Errors were encountered while processing:
 openssh-server
Error: Timeout was reached
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)

I'm not sure what exactly it is.
This output complains about rescue-ssh.target and indeed that can not be 
started even directly.

$ sudo systemctl start rescue-ssh.target
A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for details.

And in postinst is a try to start it:
$  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true


But I think the underlying issue is that ssh is already on, and I'm logged in 
via it.
And that makes the service restart of the ssh socket which was added break.

Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create 
listening socket ([::]:22): Address already in use
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive listening 
socket ([::]:22): Input/output error
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to listen on 
sockets: Input/output error
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed with result 
'resources'.


Now, whichever it is, it is hard to resolve.
The only way to get the socket to own it would be rebooting so that sshd lets 
go and systemd can take over.
I could reboot, but that is not the point.
What if I'd want to get the service and upgrade completed before reboot.
Because as of now dpkg considers the system unhappy, and that would usually be 
a sign for "better not reboot before being resolved" to me.

One thing though, I have not upgraded with do-release-upgrade - would we
/ do we have magic there to make the ssh socket activation transition
smoother?

** Affects: openssh (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  New

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  I'm not sure what exactly it is.
  This output complains about rescue-ssh.target and indeed that can not be 
started even directly.

  $ sudo systemctl start rescue-ssh.target
  A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for 
details.

  And in postinst is a try to start it:
  $  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true

  
  But I think the underlying issue is that ssh is already on, and I'm logged in 
via it.
  And that makes the service restart of the ssh socket which was added break.

  Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create 
listening socket ([::]:22): Address already in use
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive 
listening socket ([::]:22): Input/output error
  Feb 02 10:40:56 

[Touch-packages] [Bug 2002994] Re: sshd_config makes some changes awkward

[Christian Ehrhardt ]

I agree as well, it is great that we have .d function at all, but it could be 
better.
As reported there is no control yet at what goes early or late and that would 
be a great enhancement. Just including it late isn't an easy option either as 
you might unintentionally to a different section that was at the end of the 
former config.

A bit of history:
- initially added via
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845315
  - https://salsa.debian.org/ssh-team/openssh/-/commit/cb37f2bf1
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862316
(unclosed, but in theory adressed by the above)
- having some troubles to work
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961007
  - https://bugzilla.mindrot.org/show_bug.cgi?id=3122
- good but not yet as good as other .d config inclusions
  - this bug
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998834
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954965

Overall a problem that I see after going through all those is that some
settings seem to be "the earliest set wins" so including at the top is
good. And others are "overwritten by later statements" which asks for an
inclusion at the end of the file.

This needs to be analyzed, maybe the behavior changed over time or there
are different categories of settings? To do so I recommend to read
through those bugs, some have more examples and how to debug them. Once
that check is done one can propose a solution and it might very well be
what Kevin suggested here which is to put the main config into the .d
directory as well and include them in numerical order. That might not
solve/address the behavior of different statements, but at least it
would give full control to the admin without touching the package owned
config file.


Either way this is worth having a look, but needs more time than a usual bug 
fix.
Therefore I've added it to a set of ideas that we pick the most important ones 
from each Ubuntu release cycle. If anyone else wants to tackle this before we 
get to it - great, keep the bug updated in that case.

** Bug watch added: Debian Bug tracker #845315
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845315

** Bug watch added: Debian Bug tracker #862316
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862316

** Bug watch added: Debian Bug tracker #961007
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961007

** Bug watch added: OpenSSH Portable Bugzilla #3122
   https://bugzilla.mindrot.org/show_bug.cgi?id=3122

** Bug watch added: Debian Bug tracker #998834
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998834

** Bug watch added: Debian Bug tracker #954965
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954965

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2002994

Title:
  sshd_config makes some changes awkward

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  As distribted, the file sshd_config has apparently been modified from
  an upstream version -- those lines that are NOT comments.  There is no
  good way for me to change any of them, even though there is a
  sshd_config.d directory for my changes.  That is because the files in
  the sshd_config.d directory are invoked early, and the uncommented
  lines in the sshd_config file override them.  I would have to modify
  the sshd_config file which defeats the purpose of having the
  directory.

  I suggest to adopt a method that I have seen elsewhere: put all of
  your changes in a file and put the file in the .d directory.  Start
  the filename with something like '50' so that it can sort before or
  after any file contributed by the local admin.  Keep the sshd_config
  file as you get it from upstream.

  This is, after all, the reason that the .d directories exist.

  In this way, admins do not have to modify distributed files, which
  avoids awkwardness when the package is updated.

  The same applies to ssh_config.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.5
  ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
  Uname: Linux 5.4.0-122-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: XFCE
  Date: Mon Jan 16 06:29:16 2023
  SourcePackage: openssh
  UpgradeStatus: Upgraded to focal on 2021-02-19 (696 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2002994/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2002994] Re: sshd_config makes some changes awkward

[Christian Ehrhardt ]

** Tags removed: server-triage-discuss

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2002994

Title:
  sshd_config makes some changes awkward

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  As distribted, the file sshd_config has apparently been modified from
  an upstream version -- those lines that are NOT comments.  There is no
  good way for me to change any of them, even though there is a
  sshd_config.d directory for my changes.  That is because the files in
  the sshd_config.d directory are invoked early, and the uncommented
  lines in the sshd_config file override them.  I would have to modify
  the sshd_config file which defeats the purpose of having the
  directory.

  I suggest to adopt a method that I have seen elsewhere: put all of
  your changes in a file and put the file in the .d directory.  Start
  the filename with something like '50' so that it can sort before or
  after any file contributed by the local admin.  Keep the sshd_config
  file as you get it from upstream.

  This is, after all, the reason that the .d directories exist.

  In this way, admins do not have to modify distributed files, which
  avoids awkwardness when the package is updated.

  The same applies to ssh_config.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.5
  ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
  Uname: Linux 5.4.0-122-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: XFCE
  Date: Mon Jan 16 06:29:16 2023
  SourcePackage: openssh
  UpgradeStatus: Upgraded to focal on 2021-02-19 (696 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2002994/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2000739] Re: Window actions (like maximize) no more work in wayland for QEMU using GTK backend once the guest UI is intialized.

[Christian Ehrhardt ]

** Description changed:

+ Window actions (like maximize) no more work in wayland for QEMU using
+ GTK backend once the guest UI is intialized.
+ 
+ This can be seen by running an installed or even a trial Ubuntu from an
+ ISO like:
+ 
+ $ qemu-system-x86_64 \
+   -boot d \
+   -cdrom ubuntu-22.04.1-desktop-amd64.iso \
+   -m 4096M \
+   -machine type=q35,accel=kvm \
+   -cpu host \
+   -smp 2 \
+   -device qxl-vga
+ 
+ The GTK UI of qemu has a feature called "fullscreen" which disables the
+ screen decorations and sets the window to maximize. The decorations go
+ away, but maximize doesn't work.
+ 
+ 
+ The following details were found so far:
+ - running with GDK_BACKEND=x11 works
+ - using sdl instead of gtk backend works
+ - using the old qemu of Focal, or the newest from upstream git in jammy all 
fails (no qemu change AFAICS)
+ - host UI widgets (the square at the window top) do not work either
+ - hotkeys (super-up) do not work either
+ 
+ It seems that once the guest has enabled the desktop something changes
+ and the maximize/minimize/... actions are no more processed. Not sure
+ were to debug next in regard to the gnome/wayland UI handling of this -
+ any idea?
+ 
+ P.S. We can reproduce this in git builds of qemu, so we can debug of
+ modify the code as needed. The code for this is mostly in [1]
+ 
+ [1]: https://gitlab.com/qemu-project/qemu/-/blob/master/ui/gtk.c
+ 
+ --- original report ---
+ 
  Running QEMU version 4.2.1 on Ubuntu 20.04 via
  
  qemu-system-x86_64 \
-   -boot d \
-   -cdrom ubuntu-22.04.1-desktop-amd64.iso \
-   -m 4096M \
-   -machine type=q35,accel=kvm \
-   -cpu host \
-   -smp 2 \
-   -device qxl-vga
+   -boot d \
+   -cdrom ubuntu-22.04.1-desktop-amd64.iso \
+   -m 4096M \
+   -machine type=q35,accel=kvm \
+   -cpu host \
+   -smp 2 \
+   -device qxl-vga
  
  and pressing ctrl+alt+f after booting the Ubuntu 22.04 live ISO and
  adjusting the display resolution to match the native resolution, works
  as expected, i.e., the VM screen is correctly displayed in fullscreen.
  
  However, after running the same command for QEMU version 6.2.0 on Ubuntu
  22.04 and pressing ctrl+alt+f after making the resolution adjustment,
  yields a fullscreen view where the space occupied by the GNOME top bar
  (top panel with date in center) of the host is not used. The top bar
  itself is not visible but instead the purple background is shown where
  the top bar resides.
  
  The problem also occurs when replacing '-device qxl-vga' by '-device
  VGA,vgamem_mb=64'. The problem however does not occur when using
  '-device virtio-vga'.

** Also affects: wayland (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wayland in Ubuntu.
https://bugs.launchpad.net/bugs/2000739

Title:
  Window actions (like maximize) no more work in wayland for QEMU using
  GTK backend once the guest UI is intialized.

Status in qemu package in Ubuntu:
  Confirmed
Status in wayland package in Ubuntu:
  New

Bug description:
  Window actions (like maximize) no more work in wayland for QEMU using
  GTK backend once the guest UI is intialized.

  This can be seen by running an installed or even a trial Ubuntu from
  an ISO like:

  $ qemu-system-x86_64 \
    -boot d \
    -cdrom ubuntu-22.04.1-desktop-amd64.iso \
    -m 4096M \
    -machine type=q35,accel=kvm \
    -cpu host \
    -smp 2 \
    -device qxl-vga

  The GTK UI of qemu has a feature called "fullscreen" which disables
  the screen decorations and sets the window to maximize. The
  decorations go away, but maximize doesn't work.

  
  The following details were found so far:
  - running with GDK_BACKEND=x11 works
  - using sdl instead of gtk backend works
  - using the old qemu of Focal, or the newest from upstream git in jammy all 
fails (no qemu change AFAICS)
  - host UI widgets (the square at the window top) do not work either
  - hotkeys (super-up) do not work either

  It seems that once the guest has enabled the desktop something changes
  and the maximize/minimize/... actions are no more processed. Not sure
  were to debug next in regard to the gnome/wayland UI handling of this
  - any idea?

  P.S. We can reproduce this in git builds of qemu, so we can debug of
  modify the code as needed. The code for this is mostly in [1]

  [1]: https://gitlab.com/qemu-project/qemu/-/blob/master/ui/gtk.c

  --- original report ---

  Running QEMU version 4.2.1 on Ubuntu 20.04 via

  qemu-system-x86_64 \
    -boot d \
    -cdrom ubuntu-22.04.1-desktop-amd64.iso \
    -m 4096M \
    -machine type=q35,accel=kvm \
    -cpu host \
    -smp 2 \
    -device qxl-vga

  and pressing ctrl+alt+f after booting the Ubuntu 22.04 live ISO and
  adjusting the display resolution to match the native resolution, works
  as expected, i.e., the VM screen is correctly displayed in fullscreen.

  However, after running the same command for QEMU version 6.2.0 on
  

[Touch-packages] [Bug 1995260] Re: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

[Christian Ehrhardt ]

FYI proposed migration tests should be happy as soon as the migration-
reference run for ubuntu-fan completed (but queues are long)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1995260

Title:
  dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Focal:
  Fix Committed

Bug description:
  [SRU]

  [ Impact ]

  Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
  This can lead to erroneous actions by clients who need to determine
  whether a domain name exists or not.

  [ Test Plan ]

  In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't
  installed yet.

  #0 Disabling systemd-resolved service and enabling resolution through
  dnsmasq.

  # systemctl disable --now systemd-resolved.service
  # rm -f /etc/resolv.conf
  # cat > /etc/resolv.conf << __EOF__
  nameserver 8.8.8.8
  __EOF__
  # systemctl start dnsmasq.service

  #1 Bad case

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  test.foo has no TXT record
  test.foo has no SRV record

  #2 Good case

  #2.1 Installing new package

  # ls -1 *.deb
  dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq_2.80-1.1ubuntu1.6_all.deb

  # dpkg -i *.deb
  (Reading database ... 32073 files and directories currently installed.)
  Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Selecting previously unselected package dnsmasq-utils.
  Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
  Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
  Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for systemd (245.4-4ubuntu3.18) ...

  # dpkg -l | grep dnsmasq
  ii  dnsmasq2.80-1.1ubuntu1.6 all  
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-base   2.80-1.1ubuntu1.6 amd64
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-utils  2.80-1.1ubuntu1.6 amd64
Utilities for manipulating DHCP leases

  #2.2 Testing OK

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)

  [ Where problems could occur ]

  It changes the program's behaviour by classifying as NXDOMAIN what
  used to be NODATA in some situations, so if a user had a workaround
  for this (in the form of a script or other kind of automatization) it
  will probably start to malfunction.

  The last rebuilding of the package for Focal was in May, so if any new
  dependencies or libs have been upgraded on this Ubuntu series this can
  impact the new rebuild.

  [ Other Info ]

  The patch is applied upstream and originated from a bug filed on
  Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067

  [Original Report]
  ---
  We upgraded our openstack containers which host dnsmasq services from bionic 
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which 
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.

  This is already fixed upstream with the following commit [1].

  The Ubuntu dnsmasq 2.80 package should get a backport with a release
  for the focal packages which includes this bug fix.

  [1]
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1995260] Re: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

[Christian Ehrhardt ]

@SRU team - please consider accepting and merging the test hint [1] to
resolve the current blocker for this SRU.

[1]: https://code.launchpad.net/~paelzer/britney/+git/hints-
ubuntu/+merge/433770

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1995260

Title:
  dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Focal:
  Fix Committed

Bug description:
  [SRU]

  [ Impact ]

  Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
  This can lead to erroneous actions by clients who need to determine
  whether a domain name exists or not.

  [ Test Plan ]

  In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't
  installed yet.

  #0 Disabling systemd-resolved service and enabling resolution through
  dnsmasq.

  # systemctl disable --now systemd-resolved.service
  # rm -f /etc/resolv.conf
  # cat > /etc/resolv.conf << __EOF__
  nameserver 8.8.8.8
  __EOF__
  # systemctl start dnsmasq.service

  #1 Bad case

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  test.foo has no TXT record
  test.foo has no SRV record

  #2 Good case

  #2.1 Installing new package

  # ls -1 *.deb
  dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq_2.80-1.1ubuntu1.6_all.deb

  # dpkg -i *.deb
  (Reading database ... 32073 files and directories currently installed.)
  Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Selecting previously unselected package dnsmasq-utils.
  Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
  Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
  Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for systemd (245.4-4ubuntu3.18) ...

  # dpkg -l | grep dnsmasq
  ii  dnsmasq2.80-1.1ubuntu1.6 all  
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-base   2.80-1.1ubuntu1.6 amd64
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-utils  2.80-1.1ubuntu1.6 amd64
Utilities for manipulating DHCP leases

  #2.2 Testing OK

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)

  [ Where problems could occur ]

  It changes the program's behaviour by classifying as NXDOMAIN what
  used to be NODATA in some situations, so if a user had a workaround
  for this (in the form of a script or other kind of automatization) it
  will probably start to malfunction.

  The last rebuilding of the package for Focal was in May, so if any new
  dependencies or libs have been upgraded on this Ubuntu series this can
  impact the new rebuild.

  [ Other Info ]

  The patch is applied upstream and originated from a bug filed on
  Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067

  [Original Report]
  ---
  We upgraded our openstack containers which host dnsmasq services from bionic 
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which 
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.

  This is already fixed upstream with the following commit [1].

  The Ubuntu dnsmasq 2.80 package should get a backport with a release
  for the focal packages which includes this bug fix.

  [1]
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1995260] Re: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

[Christian Ehrhardt ]

Great finding Miriam,
I've looked into it and fully agree.
Since I had all the data at that moment I filed bug 1998184 for ubuntu-fan.
Based on that we need to mask the tests and we can ignore them here in regard 
to this SRU (until fixed in ubuntu-fan).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1995260

Title:
  dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Focal:
  Fix Committed

Bug description:
  [SRU]

  [ Impact ]

  Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
  This can lead to erroneous actions by clients who need to determine
  whether a domain name exists or not.

  [ Test Plan ]

  In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't
  installed yet.

  #0 Disabling systemd-resolved service and enabling resolution through
  dnsmasq.

  # systemctl disable --now systemd-resolved.service
  # rm -f /etc/resolv.conf
  # cat > /etc/resolv.conf << __EOF__
  nameserver 8.8.8.8
  __EOF__
  # systemctl start dnsmasq.service

  #1 Bad case

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  test.foo has no TXT record
  test.foo has no SRV record

  #2 Good case

  #2.1 Installing new package

  # ls -1 *.deb
  dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq_2.80-1.1ubuntu1.6_all.deb

  # dpkg -i *.deb
  (Reading database ... 32073 files and directories currently installed.)
  Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Selecting previously unselected package dnsmasq-utils.
  Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
  Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
  Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for systemd (245.4-4ubuntu3.18) ...

  # dpkg -l | grep dnsmasq
  ii  dnsmasq2.80-1.1ubuntu1.6 all  
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-base   2.80-1.1ubuntu1.6 amd64
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-utils  2.80-1.1ubuntu1.6 amd64
Utilities for manipulating DHCP leases

  #2.2 Testing OK

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)

  [ Where problems could occur ]

  It changes the program's behaviour by classifying as NXDOMAIN what
  used to be NODATA in some situations, so if a user had a workaround
  for this (in the form of a script or other kind of automatization) it
  will probably start to malfunction.

  The last rebuilding of the package for Focal was in May, so if any new
  dependencies or libs have been upgraded on this Ubuntu series this can
  impact the new rebuild.

  [ Other Info ]

  The patch is applied upstream and originated from a bug filed on
  Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067

  [Original Report]
  ---
  We upgraded our openstack containers which host dnsmasq services from bionic 
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which 
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.

  This is already fixed upstream with the following commit [1].

  The Ubuntu dnsmasq 2.80 package should get a backport with a release
  for the focal packages which includes this bug fix.

  [1]
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : 

[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite

[Christian Ehrhardt ]

** Changed in: pcsc-lite (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559

Title:
  [MIR] ccid opensc pcsc-lite

Status in ccid package in Ubuntu:
  In Progress
Status in opensc package in Ubuntu:
  Incomplete
Status in pam-pkcs11 package in Ubuntu:
  Invalid
Status in pcsc-lite package in Ubuntu:
  Incomplete
Status in pcsc-perl package in Ubuntu:
  Invalid
Status in pcsc-tools package in Ubuntu:
  Invalid

Bug description:
  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.

  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.

  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465

  Has a debian/watch file.
  Quilt packaging.

  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13

  [Dependencies]
  Minimal dependencies, in main

  [Standards compliance]
  Appears to satisfy FHS and Debian policy

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.

  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.

  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.

  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.

  Quilt packaging.

  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.

  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.

  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.

  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.

  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.

  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems funny all the same.

  Otherwise appears to satisfy FHS and Debian policy.

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  Dependency of pcsc-tools; 

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

[Christian Ehrhardt ]

Hi Marius,

> What actually is the effect of the denial? Will qemu not use more than one 
> CPU, 
> or is it something less harmful?

Since the new interface is arch specific and new the code does fall back
tot he old way.

  226 /* On some architectures it is possible to distinguish between configured 
   
  227and active cpus.  */   
   
  228 int   
   
  229 __get_nprocs_conf (void)  
   
  230 { 
   
  231   int result = read_sysfs_file ("/sys/devices/system/cpu/possible");  
   
  232   if (result != 0)
   
  233 return result;
   
  234   
   
  235   /* Fall back to /proc/stat and sched_getaffinity.  */   
   
  236   return get_nprocs_fallback ();  
   
  237 }   

Due to that, even when denied it gets the right number (as it had
before).

Once with and without isolation blocking access.

ubuntu@k2:/tmp$ ./testsysconf 
_SC_NPROCESSORS_CONF 3

ubuntu@k2:/tmp$ sudo aa-exec -p test -- ./testsysconf
_SC_NPROCESSORS_CONF 3

It only has a real difference on systems where the new code was needed in the 
first place.
Those are usually rather massive systems which start at lower cpu counts but 
might hot-plug them later - on those with the denial falling back you'd only 
get a lower than the real potential max number.
The code that hits this in your case is libnuma on initialization, unless you 
are very deep into numa control on very huge systems using cpu hotplug you 
won't see any effect.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989073

Title:
  AppArmor DENIES reading of /sys/devices/system/cpu/possible

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor source package in Kinetic:
  Confirmed

Bug description:
  libvirt 8.6.0-0ubuntu1
  apparmor 3.0.7-1ubuntu1

  Creating a VM with virt-install produces this AppAmore denial:

  AVC apparmor="DENIED" operation="open"
  profile="libvirt-974c9859-e682-4f5d-b0cb-dcf3d60185fc"
  name="/sys/devices/system/cpu/possible" pid=2522 comm="qemu-
  system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

  Creation of the VM is successful.  This is with nested virtualization.

  This did not happen with libvirt 8.0.0-1ubuntu8 and apparmor
  3.0.7-1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

[Christian Ehrhardt ]

Submitted upstream:
 https://lists.ubuntu.com/archives/apparmor/2022-November/012528.html

Once discussed and accepted there I suggest a backport to Kinetic.

I hope this debug and patch helps, but to manage expectations, I'd
hope/expect that someone usually looking after apparmor does that follow
on step then. Could someone please agree to take it over from here and
comment on this bug?

P.S. I mostly want to avoid stepping on someones toes, if you want me to
upload it to kinetic I can do so, let me know.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989073

Title:
  AppArmor DENIES reading of /sys/devices/system/cpu/possible

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor source package in Kinetic:
  Confirmed

Bug description:
  libvirt 8.6.0-0ubuntu1
  apparmor 3.0.7-1ubuntu1

  Creating a VM with virt-install produces this AppAmore denial:

  AVC apparmor="DENIED" operation="open"
  profile="libvirt-974c9859-e682-4f5d-b0cb-dcf3d60185fc"
  name="/sys/devices/system/cpu/possible" pid=2522 comm="qemu-
  system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

  Creation of the VM is successful.  This is with nested virtualization.

  This did not happen with libvirt 8.0.0-1ubuntu8 and apparmor
  3.0.7-1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

[Christian Ehrhardt ]

Reported upstream at https://gitlab.com/apparmor/apparmor/-/issues/283

** Bug watch added: gitlab.com/apparmor/apparmor/-/issues #283
   https://gitlab.com/apparmor/apparmor/-/issues/283

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989073

Title:
  AppArmor DENIES reading of /sys/devices/system/cpu/possible

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor source package in Kinetic:
  Confirmed

Bug description:
  libvirt 8.6.0-0ubuntu1
  apparmor 3.0.7-1ubuntu1

  Creating a VM with virt-install produces this AppAmore denial:

  AVC apparmor="DENIED" operation="open"
  profile="libvirt-974c9859-e682-4f5d-b0cb-dcf3d60185fc"
  name="/sys/devices/system/cpu/possible" pid=2522 comm="qemu-
  system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

  Creation of the VM is successful.  This is with nested virtualization.

  This did not happen with libvirt 8.0.0-1ubuntu8 and apparmor
  3.0.7-1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

[Christian Ehrhardt ]

That is the commit causing the change [1] in behavior.

That is pretty low level (in libc6) and will probably hit anything that
links against libnuma.

I think the fix should therefore go into
  /etc/apparmor.d/abstractions/base


Today it has:
  # glibc's sysconf(3) routine to determine free memory, etc
  @{PROC}/meminfor,
  @{PROC}/stat   r,
  @{PROC}/cpuinfor,
  @{sys}/devices/system/cpu/   r,
  @{sys}/devices/system/cpu/online r,

And due to [1] I think this needs to get:
  @{sys}/devices/system/cpu/possible r,

That is still missing in upstreams [2] current base profile.

Gladly it isn't too fatal, but still bad.
Retargetting this to the apparmor package.

[1]: https://sourceware.org/git/?p=glibc.git;a=commit;h=97a912f7a832a6
[2]: 
https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor.d/abstractions/base#L98

** Package changed: libvirt (Ubuntu) => apparmor (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989073

Title:
  AppArmor DENIES reading of /sys/devices/system/cpu/possible

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor source package in Kinetic:
  Confirmed

Bug description:
  libvirt 8.6.0-0ubuntu1
  apparmor 3.0.7-1ubuntu1

  Creating a VM with virt-install produces this AppAmore denial:

  AVC apparmor="DENIED" operation="open"
  profile="libvirt-974c9859-e682-4f5d-b0cb-dcf3d60185fc"
  name="/sys/devices/system/cpu/possible" pid=2522 comm="qemu-
  system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

  Creation of the VM is successful.  This is with nested virtualization.

  This did not happen with libvirt 8.0.0-1ubuntu8 and apparmor
  3.0.7-1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1986521] Re: ssh client spins if output fd closed

[Christian Ehrhardt ]

** Changed in: openssh (Ubuntu Jammy)
 Assignee: (unassigned) => Bryce Harrington (bryce)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1986521

Title:
  ssh client spins if output fd closed

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Jammy:
  Triaged

Bug description:
  The OpenSSH package 8.9p1 as shipped with U22.04 (8.9p1-3) suffers from the 
bug described at
  https://bugzilla.mindrot.org/show_bug.cgi?id=3411 and 
https://bugzilla.mindrot.org/show_bug.cgi?id=3405

  A command such as "xterm -e 'ssh -f remote.host sleep 60'" will pop up
  an xterm, ask for whatever authentication is needed, close the xterm,
  and leave the ssh client spinning consuming CPU time for 60 seconds
  before it exits. It should leave the ssh client idle for 60 seconds.
  Many uses of ssh to launch graphical applications will be caught by
  this bug.

  This is fixed in OpenSSH 9.0p1 as the first bugfix listed in its
  release notes at https://www.openssh.com/txt/release-9.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1986521/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1979879] Re: Apparmor profile in 22.04 jammy - fails to start when printing enabled

[Christian Ehrhardt ]

** Changed in: apparmor (Ubuntu Jammy)
 Assignee: Michał Małoszewski (michal-maloszewski99) => Andreas Hasenack 
(ahasenack)

** Changed in: apparmor (Ubuntu)
 Assignee: Michał Małoszewski (michal-maloszewski99) => Andreas Hasenack 
(ahasenack)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1979879

Title:
  Apparmor profile in 22.04 jammy - fails to start when printing enabled

Status in apparmor package in Ubuntu:
  Invalid
Status in samba package in Ubuntu:
  Fix Released
Status in apparmor source package in Jammy:
  In Progress

Bug description:
  [Impact]

  Users who have:
  a) opted in to confining samba with apparmor (by installing 
apparmor-profiles); and
  b) changed the usr.sbin.smbd and samba-bgqd apparmor profiles to enforce mode;

  will experience an error in starting the smbd service in jammy:

  [2022/08/25 16:04:05.848067,  0] 
../../lib/util/become_daemon.c:119(exit_daemon)
    exit_daemon: daemon failed to start: Samba failed to init printing 
subsystem, error code 13

  This "printing subsystem" is actually a new daemon called samba-bgqd.
  This errors prevents "smbd" from starting.

  The reason it failed to start is that this binary is installed on a
  different path than what is allowed in the samba apparmor profiles,
  and as a result its execution is denied.

  The chosen fix for this is to change the path of samba-bgqd in the
  samba apparmor profiles to match where it is actually being installed
  in the jammy packaging. Changing the actual path in the samba
  packaging would be a more invasive fix.

  In kinetic and later, the installation path of samba-bgqd was changed
  instead, and requires no changes to the apparmor profiles.

  However, once the path in the apparmor profiles was fixed for jammy,
  another error comes up which also requires an apparmor change. samba-
  bgqd is using locking when opening the *.tdb files in /run/samba, and
  that requires an extra "k" flag to apparmor rules that cover that
  directory and its tdb files.

  This bug doesn't affect jammy samba users by default, as they have to
  complete steps (a) and (b) from above to be impacted. Therefore, on
  its own, this bug does not warrant an SRU, and we are using the block-
  proposed-jammy tag to prevent its release until such time when another
  more SRU-worthy apparmor bug is fixed for Jammy.

  [Test Plan]

  Make a container for testing:

  $ lxc launch ubuntu-daily:jammy jammy-test
  $ lxc shell jammy-test

  Install the needed packages:
  # apt update && apt install apparmor-profiles apparmor-utils samba

  Confirm that you have smbd and samba-bgqd processes confined and in complain 
mode (check first column):
  # ps faxZ | grep -E "(smbd|bgqd)" | grep -v grep

  smbd (complain)2432 ?Ss 0:00 /usr/sbin/smbd 
--foreground --no-process-group
  smbd (complain)2434 ?S  0:00  \_ 
/usr/sbin/smbd --foreground --no-process-group
  smbd (complain)2435 ?S  0:00  \_ 
/usr/sbin/smbd --foreground --no-process-group
  smbd//null-/usr/lib/x86_64-linux-gnu/samba/samba-bgqd (complain) 2436 ? S   
0:00  \_ /usr/lib/x86_64-linux-gnu/samba/samba-bgqd

  Change the samba profiles to enforce mode:
  # aa-enforce /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/samba-bgqd
  Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode.
  Setting /etc/apparmor.d/samba-bgqd to enforce mode.

  Restart smbd:
  # systemctl restart smbd

  systemctl won't complain, but smbd failed to start:
  root@jammy-test:~# ps faxZ | grep smbd | grep -v smbd
  root@jammy-test:~#

  # tail -2 /var/log/samba/log.smbd
  [2022/09/09 18:20:35.200901,  0] 
../../lib/util/become_daemon.c:119(exit_daemon)
    exit_daemon: daemon failed to start: Samba failed to init printing 
subsystem, error code 13

  And dmesg on the *host* (not the container) will log a few DENIED messages 
like this:
  [sex set  9 15:20:30 2022] audit: type=1400 audit(1662747635.194:10356): 
apparmor="DENIED" operation="exec" 
namespace="root//lxd-jammy-test_" profile="smbd" 
name="/usr/lib/x86_64-linux-gnu/samba/samba-bgqd" pid=994396 comm="smbd" 
requested_mask="x" denied_mask="x" fsuid=100 ouid=100

  After installing the fixed package (and accepting the dpkg conf prompt
  changes), the new profile will be loaded in complain mode again. So
  let's put it in enforce mode one more time:

  # aa-enforce /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/samba-bgqd 
  Setting /etc/apparmor.d/usr.sbin.smbd to enforce mode.
  Setting /etc/apparmor.d/samba-bgqd to enforce mode.

  Restart:
  # systemctl restart smbd

  And confirm that smbd and samba-bgqd are running this time, and in
  enforce mode:

  TBD

  [Where problems could occur]
  An apparmor update will impact all ubuntu users, regardless if they are using 
samba or not. One has to weigh this 

[Touch-packages] [Bug 1989803] Re: Adjust apport for the new Ubuntu debuginfod service

[Christian Ehrhardt ]

** Tags added: cetest

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1989803

Title:
  Adjust apport for the new Ubuntu debuginfod service

Status in Apport:
  Fix Released
Status in apport package in Ubuntu:
  Fix Released

Bug description:
  With the new Ubuntu debuginfod service
  (https://debuginfod.ubuntu.com), and with the prospect of having the
  system automatically fetch debuginfo from the internet without user
  intervention, it is necessary to adjust apport to cope with this
  scenario.

  I had a conversation with bdmurray and he was concerned that having a
  debuginfod-enabled GDB generate the corefiles that are eventually
  submitted to Ubuntu can be a problem.

  My proposed solution is to disable GDB's debuginfod support when
  collecting the corefile.  This should keep things as is and not
  disturb the retrace service.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1989803/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1988270] Re: AppArmor fails to start with Yoga UCA libvirt profile on Focal

[Christian Ehrhardt ]

Focal: 
- apparmor  2.13.3-7ubuntu5.1
- kernel5.4.0-109-generic
- libvirt:
  a) base 6.0.0-0ubuntu8.16
  b) server-backport 8.0.0-1ubuntu7.2~backport20.04.202210042317~ubuntu20.04.1
  c) UCA Yoga 8.0.0-1ubuntu7.1~cloud0

With none did a restart trigger an issue as reported.
libvirtd is reported to be in enforce mode by aa-status

Something must be different on the affected systems, any idea what it
might be?

But also bpf is not present in that file for any of those versions.
For me this is always empty:
  $ grep bpf /etc/apparmor.d/usr.sbin.libvirtd

The reason is (and that explains why it felt known to me) that I have resolved 
that in march.
 
https://git.launchpad.net/~canonical-server/ubuntu/+source/libvirt/commit/?h=backport-libvirt-focal=21eb63454433d7b2c2b75f197b7064c96cf7d1e8

Since it is a conffile it might not be updated on upgrades, so I have checked 
that.
Server backports was fine as expected.

Yoga is indeed still having bpf when purging and re-installing (to force
the default conffile in the pachage).

And then I can see it:
Oct 05 16:27:58 f apparmor.systemd[48796]: AppArmor parser error for 
/etc/apparmor.d/usr.sbin.libvirtd in /etc/apparmor.d/usr.sbin.libvirtd at line 
29: Invalid capability bpf.

Oct 05 16:27:58 f apparmor.systemd[48720]: Error: At least one profile failed 
to load
Oct 05 16:27:58 f systemd[1]: apparmor.service: Main process exited, 
code=exited, status=1/FAILURE
Oct 05 16:27:58 f systemd[1]: apparmor.service: Failed with result 'exit-code'.
Oct 05 16:27:58 f systemd[1]: Failed to start Load AppArmor profiles.

And indeed it is missing here:
https://git.launchpad.net/~ubuntu-cloud-archive/ubuntu/+source/ca-patches/tree/yoga/libvirt.patch

So UCA needs to pick up the patch I referenced above.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1988270

Title:
  AppArmor fails to start with Yoga UCA libvirt profile on Focal

Status in Ubuntu Cloud Archive:
  Confirmed
Status in apparmor package in Ubuntu:
  Invalid
Status in apparmor source package in Focal:
  New

Bug description:
  On a fully patched Ubuntu Focal with Yoga UCA enabled, after
  installation of libvirt-daemon-system, restarting apparmor would fail
  with error:

  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Restarting 
AppArmor
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Reloading 
AppArmor profiles
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6341]: Skipping 
profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6348]: AppArmor 
parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line 
29: Invalid capability bpf.
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6413]: AppArmor 
parser error for /etc/apparmor.d/usr.sbin.libvirtd in 
/etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6418]: Skipping 
profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Error: At 
least one profile failed to load
  Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Main 
process exited, code=exited, status=1/FAILURE
  Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Failed 
with result 'exit-code'.
  Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: Failed to start Load 
AppArmor profiles.

  In addition to bpf, perfmon capability, which is also enabled in
  /etc/apparmor.d/usr.sbin.libvirtd profile, would lead to the same
  error.

  System information:
  root@ubuntu2004:~# uname -a
  Linux ubuntu2004.localdomain 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 
13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
  root@ubuntu2004:~# dpkg -l libvirt\*
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name   Version 
Architecture Description
  
+++-==-===--=
  ii  libvirt-clients8.0.0-1ubuntu7.1~cloud0 amd64  
  Programs for the libvirt library
  ii  libvirt-daemon 8.0.0-1ubuntu7.1~cloud0 amd64  
  Virtualization daemon
  ii  libvirt-daemon-config-network  8.0.0-1ubuntu7.1~cloud0 all
  Libvirt daemon configuration files (default network)
  ii  libvirt-daemon-config-nwfilter 8.0.0-1ubuntu7.1~cloud0 all
  Libvirt daemon configuration files (default network filters)
  un  libvirt-daemon-driver-lxc 
  (no description available)
  ii  

[Touch-packages] [Bug 1988270] Re: AppArmor fails to start with Yoga UCA libvirt profile on Focal

[Christian Ehrhardt ]

I'll have a look for the same in server-backports ppa, but it might be
as easy as the old apparmor not knowing about these and failing. If that
is true we might need to remove them on the backports.

@Security - is there more to know about these particular features (will
they come to focal, is there more to know about it, ...)?

** Also affects: apparmor (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: apparmor (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Changed in: apparmor (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1988270

Title:
  AppArmor fails to start with Yoga UCA libvirt profile on Focal

Status in Ubuntu Cloud Archive:
  Confirmed
Status in apparmor package in Ubuntu:
  Invalid
Status in apparmor source package in Focal:
  New

Bug description:
  On a fully patched Ubuntu Focal with Yoga UCA enabled, after
  installation of libvirt-daemon-system, restarting apparmor would fail
  with error:

  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Restarting 
AppArmor
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Reloading 
AppArmor profiles
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6341]: Skipping 
profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6348]: AppArmor 
parser error for /etc/apparmor.d in /etc/apparmor.d/usr.sbin.libvirtd at line 
29: Invalid capability bpf.
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6413]: AppArmor 
parser error for /etc/apparmor.d/usr.sbin.libvirtd in 
/etc/apparmor.d/usr.sbin.libvirtd at line 29: Invalid capability bpf.
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6418]: Skipping 
profile in /etc/apparmor.d/disable: usr.sbin.rsyslogd
  Aug 31 07:40:52 ubuntu2004.localdomain apparmor.systemd[6335]: Error: At 
least one profile failed to load
  Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Main 
process exited, code=exited, status=1/FAILURE
  Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: apparmor.service: Failed 
with result 'exit-code'.
  Aug 31 07:40:52 ubuntu2004.localdomain systemd[1]: Failed to start Load 
AppArmor profiles.

  In addition to bpf, perfmon capability, which is also enabled in
  /etc/apparmor.d/usr.sbin.libvirtd profile, would lead to the same
  error.

  System information:
  root@ubuntu2004:~# uname -a
  Linux ubuntu2004.localdomain 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 
13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
  root@ubuntu2004:~# dpkg -l libvirt\*
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name   Version 
Architecture Description
  
+++-==-===--=
  ii  libvirt-clients8.0.0-1ubuntu7.1~cloud0 amd64  
  Programs for the libvirt library
  ii  libvirt-daemon 8.0.0-1ubuntu7.1~cloud0 amd64  
  Virtualization daemon
  ii  libvirt-daemon-config-network  8.0.0-1ubuntu7.1~cloud0 all
  Libvirt daemon configuration files (default network)
  ii  libvirt-daemon-config-nwfilter 8.0.0-1ubuntu7.1~cloud0 all
  Libvirt daemon configuration files (default network filters)
  un  libvirt-daemon-driver-lxc 
  (no description available)
  ii  libvirt-daemon-driver-qemu 8.0.0-1ubuntu7.1~cloud0 amd64  
  Virtualization daemon QEMU connection driver
  un  libvirt-daemon-driver-storage-gluster 
  (no description available)
  un  libvirt-daemon-driver-storage-iscsi-direct
  (no description available)
  un  libvirt-daemon-driver-storage-rbd 
  (no description available)
  un  libvirt-daemon-driver-storage-zfs 
  (no description available)
  un  libvirt-daemon-driver-vbox
  (no description available)
  un  libvirt-daemon-driver-xen 
  (no description available)
  ii  libvirt-daemon-system  8.0.0-1ubuntu7.1~cloud0 amd64  
  Libvirt daemon configuration files
  ii  libvirt-daemon-system-systemd  8.0.0-1ubuntu7.1~cloud0 all
  Libvirt daemon configuration files (systemd)
  un  libvirt-daemon-system-sysv
  (no description available)
  un  libvirt-login-shell   
  (no description available)
  un  

[Touch-packages] [Bug 1989803] Re: Adjust apport for the new Ubuntu debuginfod service

[Christian Ehrhardt ]

** Tags removed: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1989803

Title:
  Adjust apport for the new Ubuntu debuginfod service

Status in Apport:
  Fix Released
Status in apport package in Ubuntu:
  In Progress

Bug description:
  With the new Ubuntu debuginfod service
  (https://debuginfod.ubuntu.com), and with the prospect of having the
  system automatically fetch debuginfo from the internet without user
  intervention, it is necessary to adjust apport to cope with this
  scenario.

  I had a conversation with bdmurray and he was concerned that having a
  debuginfod-enabled GDB generate the corefiles that are eventually
  submitted to Ubuntu can be a problem.

  My proposed solution is to disable GDB's debuginfod support when
  collecting the corefile.  This should keep things as is and not
  disturb the retrace service.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1989803/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1981794] Re: Duplicate/retried DNS queries fail with REFUSED (Fixed in upstream)

[Christian Ehrhardt ]

** Changed in: dnsmasq (Ubuntu Kinetic)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: dnsmasq (Ubuntu Jammy)
 Assignee: (unassigned) => Lena Voytek (lvoytek)

** Tags added: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1981794

Title:
  Duplicate/retried DNS queries fail with REFUSED (Fixed in upstream)

Status in dnsmasq package in Ubuntu:
  Confirmed
Status in dnsmasq source package in Jammy:
  Confirmed
Status in dnsmasq source package in Kinetic:
  Confirmed

Bug description:
  Duplicate or retried DNS queries will return REFUSED for one of the
  queries causing intermittent failures in clients.

  This probably breaks lots of things, but for me is causing 22.04's
  internet connection sharing to be unstable. It's particularly bad for
  my Xbox which seems to like sending duplicate queries.

  Here's an example capture:
  22:37:25.308212 IP 10.42.0.16.54248 > 10.42.0.1.53: 22442+ A? 
title.auth.xboxlive.com. (41)
  22:37:25.332711 IP 10.42.0.16.54248 > 10.42.0.1.53: 22442+ A? 
title.auth.xboxlive.com. (41)
  22:37:25.332740 IP 10.42.0.1.53 > 10.42.0.16.54248: 22442 Refused 0/0/0 (41)
  22:37:25.353003 IP 10.42.0.1.53 > 10.42.0.16.54248: 22442 2/0/0 CNAME 
title.auth.xboxlive.com.akadns.net., A 40.64.90.82 (105)

  This has been fixed in upstream as of Sept 2021 in the unreleased 2.87
  version. It's apparently a regression in version 2.86 (also released
  in Sept 2021). Ubuntu 22.04 and later all use the broken 2.86 version.

  Upstream fix:
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2561f9fe0eb9c0be1df48da1e2bd3d3feaa138c2

  Upstream bug thread:
  
https://www.mail-archive.com/search?l=dnsmasq-discuss%40lists.thekelleys.org.uk=subject:%22%5C%5BDnsmasq%5C-discuss%5C%5D+REFUSED+after+dropped+packets%22=oldest=1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1981794/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1920640] Re: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic Signing Key (2016)

[Christian Ehrhardt ]

FYI: I've today had two systems exposing that issue.
The cleanup in comment #32 helped, but I wonder what caused it initially.
Sadly I can't recreate it anymore with a new system/container - might have been 
related to the keying update to 2021.03.26 a few days ago.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1920640

Title:
  EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive Automatic
  Signing Key (2016) 

Status in ubuntu-keyring package in Ubuntu:
  Fix Released
Status in ubuntu-keyring source package in Bionic:
  Fix Released
Status in ubuntu-keyring source package in Focal:
  Fix Released
Status in ubuntu-keyring source package in Groovy:
  Fix Released
Status in ubuntu-keyring source package in Hirsute:
  Fix Released

Bug description:
  [Impact]

   * Cannot update apt metadata from ddebs.ubuntu.com whilst using
  ubuntu-dbgsym-keyring package

  [Test Plan]

   * Install ubuntu-dbgsym-keyring package
   * Add ddebs.ubuntu.com repository for your release
   * sudo apt update must be successful

   * Install ubuntu-dbgsym-keyring package
   * Install and use `apt-key list` and check that there is no expiry on the 
dbgsym key

  I.e. bad output
  /etc/apt/trusted.gpg.d/ubuntu-keyring-2016-dbgsym.gpg
  -
  pub   rsa4096 2016-03-21 [SC] [expired: 2021-03-20]
F2ED C64D C5AE E1F6 B9C6  21F0 C8CA B659 5FDF F622
  uid   [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key 
(2016) 

  
  Good output has no [date] in the pub line.

  [Where problems could occur]

   * At the moment the signature was bumped by one year
   * Meaning this issue will occur again in 2022
   * Instead the key must be set to not expire & new round of SRUs issued

  [Other Info]

   * Original bug report

  The public key used by the debugging symbols repository
  /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg from the package ubuntu-
  dbgsym-keyring expired.

  $ apt policy ubuntu-dbgsym-keyring
  ubuntu-dbgsym-keyring:
    Installed: 2020.02.11.2
    Candidate: 2020.02.11.2
    Version table:
   *** 2020.02.11.2 500
  500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
  500 http://archive.ubuntu.com/ubuntu focal/main i386 Packages
  100 /var/lib/dpkg/status
  $ gpg --no-default-keyring --keyring 
/usr/share/keyrings/ubuntu-dbgsym-keyring.gpg --list-keys
  /usr/share/keyrings/ubuntu-dbgsym-keyring.gpg
  -
  pub   rsa4096 2016-03-21 [SC] [expired: 2021-03-20]
    F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622
  uid   [ expired] Ubuntu Debug Symbol Archive Automatic Signing Key 
(2016) 

  Error message on "apt update":

  E: The repository 'http://ddebs.ubuntu.com bionic-updates Release' is not 
signed.
  N: Updating from such a repository can't be done securely, and is therefore 
disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration 
details.
  W: GPG error: http://ddebs.ubuntu.com bionic Release: The following 
signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive 
Automatic Signing Key (2016) 
  E: The repository 'http://ddebs.ubuntu.com bionic Release' is not signed.
  N: Updating from such a repository can't be done securely, and is therefore 
disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration 
details.
  W: GPG error: http://ddebs.ubuntu.com bionic-proposed Release: The following 
signatures were invalid: EXPKEYSIG C8CAB6595FDFF622 Ubuntu Debug Symbol Archive 
Automatic Signing Key (2016) 
  E: The repository 'http://ddebs.ubuntu.com bionic-proposed Release' is not 
signed.
  N: Updating from such a repository can't be done securely, and is therefore 
disabled by default.
  N: See apt-secure(8) manpage for repository creation and user configuration 
details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1920640/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information

[Christian Ehrhardt ]

With Michal: Marked block-proposed, added SRU content, re-reviewed and
sponsored the upload to Focal-unapproved.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1871465

Title:
  ssh_config(5) contains outdated information

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Triaged
Status in openssh source package in Hirsute:
  Won't Fix
Status in openssh source package in Impish:
  Won't Fix

Bug description:
  [Impact]

  The problem here is straightforward. 
  The case is to fix manpages. They need to reflect a change done to the code 
some time ago. That problem might be annoying for users before being fixed. 

  Backport upstream fix to Focal
  Origin: 
  
https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636


  [Test Plan]

  Make a container for testing:

  First option:
  $ lxc launch images:ubuntu/bionic focal-test
  $ lxc shell focal-test

  Simply install the openssh package using ‘apt install’ and check both 
ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ 
in these files.
   

  
  [Where problems could occur]

  Any code change might change the behavior of the package in a specific
  situation and cause other errors.

  Next things which might cause regression are new dependencies which
  might not align and it is obvious the dependencies are upgraded and it
  might be a problem, but it is really unlikely.

  Even none of the rather generic cases above does apply here as we only
  change non-functional content in the form of the man page; Therefore
  the only risk is out of re-building the package which could pick up
  something from e.g. a changed toolchain.

  
  [Other Info]

  
  Fixing this is nice for the users, but OTOH very low severity and would cause 
a package download and update on almost every Ubuntu in the world. Therefore we 
will mark this as block-proposed and keep it in focal-proposed so that a later 
real update (security or functional) will pick this up from -proposed and then 
fix it in the field for real.

  original
  report---

  The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list
  of CACertificateAlgorithms. However the latest `openssh-client` still
  ships the man page for ssh_config(5) that contains the following
  description:

   CASignatureAlgorithms
   Specifies which algorithms are allowed for signing of 
certificates
   by certificate authorities (CAs).  The default is:

     
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
     ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

   ssh(1) will not accept host certificates signed using algorithms
   other than those specified.

  As far as I am concerned, `ssh-rsa` should be dropped from the list so
  as to match the behavior of ssh(1).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1871465] Re: ssh_config(5) contains outdated information

[Christian Ehrhardt ]

** Tags added: block-proposed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1871465

Title:
  ssh_config(5) contains outdated information

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Triaged
Status in openssh source package in Hirsute:
  Won't Fix
Status in openssh source package in Impish:
  Won't Fix

Bug description:
  The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list
  of CACertificateAlgorithms. However the latest `openssh-client` still
  ships the man page for ssh_config(5) that contains the following
  description:

   CASignatureAlgorithms
   Specifies which algorithms are allowed for signing of 
certificates 
   by certificate authorities (CAs).  The default is:

     
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
     ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

   ssh(1) will not accept host certificates signed using algorithms 
   other than those specified.

  As far as I am concerned, `ssh-rsa` should be dropped from the list so
  as to match the behavior of ssh(1).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1971523] Re: Static build does not work for libmnl (-lmnl)

[Christian Ehrhardt ]

@Michal
Sponsored for Kinetic, once complete there please have a look at considering an 
SRU.

This might be on the brink between fix and feature depending on someones
POV.

Make your own decision and add some arguments for it to the SRU template
(if that is what you go for). Or explain why you decided against it here
on the bug and set the Jammy task to Won't Fix.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libmnl in Ubuntu.
https://bugs.launchpad.net/bugs/1971523

Title:
  Static build does not work for libmnl (-lmnl)

Status in libmnl package in Ubuntu:
  Triaged
Status in libmnl source package in Jammy:
  Triaged
Status in libmnl package in Debian:
  Fix Committed

Bug description:
  [Test Case]
  $ cat > /tmp/hello.c <

  int main() {
  printf("Hello world! (and LP: #1971523)\n");
  }
  EOF
  $ gcc -o /tmp/hello /tmp/hello.c -lmnl
  (dynamic libs work)
  $ gcc -static -o /tmp/hello /tmp/hello.c -lmnl
  /usr/bin/ld: cannot find -lmnl: No such file or directory

  [Original Report]
  My program uses both -lmnl and -lnetfilter_queue and in Ubuntu 20.04 the 
-lnetfilter_queue did not work and -lmnl worked for static builds. In Ubuntu 
22.04 the problem is reversed, -lnetfilter_queue works but -lmnl doesn't for 
static builds. This is very awkward during the transition 20.04->22.04 when 
both should be supported.

  I compensated in Ubuntu 20.04 by building netfilter_queue locally;
  https://github.com/Nordix/nfqueue-loadbalancer#build

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: libmnl0:amd64 1.0.4-3build2
  ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30
  Uname: Linux 5.15.0-27-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: XFCE
  Date: Wed May  4 07:33:26 2022
  InstallationDate: Installed on 2018-09-07 (1334 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  SourcePackage: libmnl
  UpgradeStatus: Upgraded to jammy on 2022-05-01 (2 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/1971523/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1897932] Re: systemd-repart not packaged

[Christian Ehrhardt ]

I was asked to add a Jammy task, I did so - the details and if that will
be done is up to your consideration/discussion/decision.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1897932

Title:
  systemd-repart not packaged

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Jammy:
  Confirmed
Status in systemd package in Debian:
  Fix Released

Bug description:
  [Impact]

  systemd-repart is not (as of 246.6-1ubuntu1) packaged in the
  Ubuntu/Debian packages of systemd - probably because it has an extra
  dependency?

  The bug reporter would like to use it in our new raspberry pi images
  where they don't have cloud-init installed. The reporter is already
  using systemd-growfs, but they are missing the nice partition resizing
  part (so are using cloud-initramfs-growroot).

  Furthermore, in the mkosi image builder
  (https://github.com/systemd/mkosi), the systemd/mkosi developers would
  like to start using systemd-repart for partitioning. Unfortunately,
  they're currently blocked on this because 22.04 doesn't ship systemd-
  repart. The upstream CI uses Github Actions which runs on Ubuntu Jammy
  and will do so until the next Ubuntu LTS is released. If we have to
  wait for the next LTS to be released, we'll have to wait for a
  considerable amount of time before we're able to start using systemd-
  repart.

  Being able to use systemd-repart will allow the systemd/mkosi developers to 
take advantage of its improved interface compared to sfdisk,
  as well as its builtin protections against race conditions surrounding the 
use of loop devices. The systemd/mkosi developers expect to
  be able to get rid of some nasty loop device failure in mkosi by using 
systemd-repart.

  [Test Plan]
  This is a missing extra executable. Once enabled it has self-tests in the 
build-time unit tests, and also a regression test in the autopkgtest 'upstream' 
suite.

  [Where problems could occur]
  Shipping systemd-repart will come with no additional risk. While there is a 
systemd-repart.service that runs on boot, it's configured to not do anything if 
no config files are shipped with the system or provided by the user. As such, 
the service, if enabled, will effectively be a noop. Aside from the service, 
there's the CLI tool systemd-repart and the accompanying man pages that will be 
shipped as part of the systemd package.

  Given that there's no risk involved with enabling systemd-repart, and
  given the useful features it provides, the systemd/mkosi developers
  would like to request that systemd-repart be enabled in Ubuntu and
  backported to Jammy so that they can start adopting it in mkosi.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1897932/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1897932] Re: systemd-repart not packaged

[Christian Ehrhardt ]

** Also affects: systemd (Ubuntu Jammy)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1897932

Title:
  systemd-repart not packaged

Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Jammy:
  Confirmed
Status in systemd package in Debian:
  Fix Released

Bug description:
  [Impact]

  systemd-repart is not (as of 246.6-1ubuntu1) packaged in the
  Ubuntu/Debian packages of systemd - probably because it has an extra
  dependency?

  The bug reporter would like to use it in our new raspberry pi images
  where they don't have cloud-init installed. The reporter is already
  using systemd-growfs, but they are missing the nice partition resizing
  part (so are using cloud-initramfs-growroot).

  Furthermore, in the mkosi image builder
  (https://github.com/systemd/mkosi), the systemd/mkosi developers would
  like to start using systemd-repart for partitioning. Unfortunately,
  they're currently blocked on this because 22.04 doesn't ship systemd-
  repart. The upstream CI uses Github Actions which runs on Ubuntu Jammy
  and will do so until the next Ubuntu LTS is released. If we have to
  wait for the next LTS to be released, we'll have to wait for a
  considerable amount of time before we're able to start using systemd-
  repart.

  Being able to use systemd-repart will allow the systemd/mkosi developers to 
take advantage of its improved interface compared to sfdisk,
  as well as its builtin protections against race conditions surrounding the 
use of loop devices. The systemd/mkosi developers expect to
  be able to get rid of some nasty loop device failure in mkosi by using 
systemd-repart.

  [Test Plan]
  This is a missing extra executable. Once enabled it has self-tests in the 
build-time unit tests, and also a regression test in the autopkgtest 'upstream' 
suite.

  [Where problems could occur]
  Shipping systemd-repart will come with no additional risk. While there is a 
systemd-repart.service that runs on boot, it's configured to not do anything if 
no config files are shipped with the system or provided by the user. As such, 
the service, if enabled, will effectively be a noop. Aside from the service, 
there's the CLI tool systemd-repart and the accompanying man pages that will be 
shipped as part of the systemd package.

  Given that there's no risk involved with enabling systemd-repart, and
  given the useful features it provides, the systemd/mkosi developers
  would like to request that systemd-repart be enabled in Ubuntu and
  backported to Jammy so that they can start adopting it in mkosi.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1897932/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1971319] Re: Merge rsync from Debian unstable for kinetic

[Christian Ehrhardt ]

Builds on amd64 are fine.


So one could think "heeey sync \o/", but sadly i386 crosses that plan :-/
i386 has:
Missing build dependencies: python3-cmarkgfm

Those are needed to generate manpages :-/
So it can't be a sync yet :-/

I guess one needs to check how much of a dependency chain that would need to 
bring into i386 that isn't there.
Sadly the removal of i386 rsync seems unlikely, the list of `$ reverse-depends 
--release=kinetic src:rsync --arch=i386` is rather long.

I hope this 30 minute pre-check helps to save some time when getting to it, it 
can't be handled as fast as I hoped :-/
Yielding back to Sergio

** Changed in: rsync (Ubuntu)
 Assignee: Christian Ehrhardt  (paelzer) => Sergio Durigan Junior 
(sergiodj)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1971319

Title:
  Merge rsync from Debian unstable for kinetic

Status in rsync package in Ubuntu:
  New

Bug description:
  Upstream: tbd
  Debian:   3.2.4-1
  Ubuntu:   3.2.3-8ubuntu3


  Debian does new releases regularly, so it's likely there will be newer
  versions available before FF that we can pick up if this merge is done
  later in the cycle.

  
  ### New Debian Changes ###

  rsync (3.2.4-1) unstable; urgency=medium

[ Samuel Henrique ]
* New upstream version 3.2.4
  - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc
mounted (closes: #995046).
  - rsync.1: remove prepended backticks which broke --stop-after and
--stop-at formatting (closes: #1007990).
* Ship new python-based rrsync with --with-rrsync:
  - rrsync was previouysly written in bash.
  - A manpage is now shipped for rrsync.
  - python3 and python3-cmarkgfm are new B-Ds since they're needed
to generate the manpage.
* d/control:
  - Add version requirement for some libxxhash-dev and libzstd-dev as
per upstream docs.
  - Add python3-braceexpand to Suggests as it can be used by rrsync.
* d/rsync.install: cull_options has been renamed to cull-options.
* d/patches:
  - Refresh the following patches:
~ disable_reconfigure_req.diff;
~ perl_shebang.patch;
~ skip_devices_test.patch;
  - Drop the following patches, applied upstream now:
~ CVE-2020-14387.patch;
~ copy-devices.diff;
~ fix_delay_updates.patch;
~ fix_ftcbfs_configure.patch;
~ fix_mkpath.patch;
~ fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch;
~ fix_sparse_inplace.patch;
~ manpage_upstream_fixes.patch;
~ update_rrsync_options.patch;
~ workaround_glibc_lchmod_regression.patch;

[ Sergio Durigan Junior ]
* d/rules: Disable ASM optimizations when building.
  This is not needed because the only ASM-optimized implementation
  available is the MD5 hash, which is actually a no-op because we link
  against OpenSSL and rsync ends up using that library's implementation
  of the hash.  Even then, the final binary ends up with the
  ASM-optimized version included, which makes it become
  CET-incompatible.
  Thanks to Dimitri John Ledkov 

   -- Samuel Henrique   Mon, 18 Apr 2022 14:44:44
  +0100

  rsync (3.2.3-8) unstable; urgency=medium

* debian/patches:
  - manpage_upstream_fixes.patch: Import multiple upstream patches to fix
manpage.
  - copy-devices.diff: Add missing manpage changes to patch
  - CVE-2020-14387.patch: Add Forwarded DEP3 field to point to upstream 
patch
  - fix_delay_updates.patch: Refresh patch
  - fix_mkpath.patch: New upstream patch to fix an edge case on --mkpath
  - fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch: New upstream patch
  - fix_sparse_inplace.patch: New upstream patch to fix --sparse + --inplace
options
  - update_rrsync_options.patch: New upstream patch to update rrsync options

   -- Samuel Henrique   Sat, 25 Sep 2021 17:38:16
  +0100

  rsync (3.2.3-7) unstable; urgency=medium

* Bump Standards-Version to 4.6.0
* d/p/workaround_glibc_lchmod_regression.patch: New patch from upstream
  (closes: #994543)
* debian/rsync.NEWS: Fix typo in last entry

   -- Samuel Henrique   Sat, 18 Sep 2021 00:25:13
  +0100

  rsync (3.2.3-6) unstable; urgency=medium

* d/t/upstream-tests: Suppress stderr warnings from the build
  process

   -- Samuel Henrique   Sun, 12 Sep 2021 18:22:57
  +0100

  rsync (3.2.3-5) unstable; urgency=medium

[ 刘建强 ]
* Set the rsync.service not to start automatically after installation,
  the rsyncd.conf configuration file needs to be configured by the user
  before the service can start

[ Samuel Henrique ]
* Re-add upstream patch for --copy-devices, the --write-devices option is
  not fully equivalent (closes: #992215)
* d/rsync.docs: Add NEWS.md file (previously named NEWS) (closes: #9936

[Touch-packages] [Bug 1971319] Re: Merge rsync from Debian unstable for kinetic

[Christian Ehrhardt ]

Test build in PPA: https://launchpad.net/~paelzer/+archive/ubuntu/kinetic-rsync
Once built I'll also run the autopkgtests there ...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1971319

Title:
  Merge rsync from Debian unstable for kinetic

Status in rsync package in Ubuntu:
  New

Bug description:
  Upstream: tbd
  Debian:   3.2.4-1
  Ubuntu:   3.2.3-8ubuntu3


  Debian does new releases regularly, so it's likely there will be newer
  versions available before FF that we can pick up if this merge is done
  later in the cycle.

  
  ### New Debian Changes ###

  rsync (3.2.4-1) unstable; urgency=medium

[ Samuel Henrique ]
* New upstream version 3.2.4
  - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc
mounted (closes: #995046).
  - rsync.1: remove prepended backticks which broke --stop-after and
--stop-at formatting (closes: #1007990).
* Ship new python-based rrsync with --with-rrsync:
  - rrsync was previouysly written in bash.
  - A manpage is now shipped for rrsync.
  - python3 and python3-cmarkgfm are new B-Ds since they're needed
to generate the manpage.
* d/control:
  - Add version requirement for some libxxhash-dev and libzstd-dev as
per upstream docs.
  - Add python3-braceexpand to Suggests as it can be used by rrsync.
* d/rsync.install: cull_options has been renamed to cull-options.
* d/patches:
  - Refresh the following patches:
~ disable_reconfigure_req.diff;
~ perl_shebang.patch;
~ skip_devices_test.patch;
  - Drop the following patches, applied upstream now:
~ CVE-2020-14387.patch;
~ copy-devices.diff;
~ fix_delay_updates.patch;
~ fix_ftcbfs_configure.patch;
~ fix_mkpath.patch;
~ fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch;
~ fix_sparse_inplace.patch;
~ manpage_upstream_fixes.patch;
~ update_rrsync_options.patch;
~ workaround_glibc_lchmod_regression.patch;

[ Sergio Durigan Junior ]
* d/rules: Disable ASM optimizations when building.
  This is not needed because the only ASM-optimized implementation
  available is the MD5 hash, which is actually a no-op because we link
  against OpenSSL and rsync ends up using that library's implementation
  of the hash.  Even then, the final binary ends up with the
  ASM-optimized version included, which makes it become
  CET-incompatible.
  Thanks to Dimitri John Ledkov 

   -- Samuel Henrique   Mon, 18 Apr 2022 14:44:44
  +0100

  rsync (3.2.3-8) unstable; urgency=medium

* debian/patches:
  - manpage_upstream_fixes.patch: Import multiple upstream patches to fix
manpage.
  - copy-devices.diff: Add missing manpage changes to patch
  - CVE-2020-14387.patch: Add Forwarded DEP3 field to point to upstream 
patch
  - fix_delay_updates.patch: Refresh patch
  - fix_mkpath.patch: New upstream patch to fix an edge case on --mkpath
  - fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch: New upstream patch
  - fix_sparse_inplace.patch: New upstream patch to fix --sparse + --inplace
options
  - update_rrsync_options.patch: New upstream patch to update rrsync options

   -- Samuel Henrique   Sat, 25 Sep 2021 17:38:16
  +0100

  rsync (3.2.3-7) unstable; urgency=medium

* Bump Standards-Version to 4.6.0
* d/p/workaround_glibc_lchmod_regression.patch: New patch from upstream
  (closes: #994543)
* debian/rsync.NEWS: Fix typo in last entry

   -- Samuel Henrique   Sat, 18 Sep 2021 00:25:13
  +0100

  rsync (3.2.3-6) unstable; urgency=medium

* d/t/upstream-tests: Suppress stderr warnings from the build
  process

   -- Samuel Henrique   Sun, 12 Sep 2021 18:22:57
  +0100

  rsync (3.2.3-5) unstable; urgency=medium

[ 刘建强 ]
* Set the rsync.service not to start automatically after installation,
  the rsyncd.conf configuration file needs to be configured by the user
  before the service can start

[ Samuel Henrique ]
* Re-add upstream patch for --copy-devices, the --write-devices option is
  not fully equivalent (closes: #992215)
* d/rsync.docs: Add NEWS.md file (previously named NEWS) (closes: #993697)
* d/p/fix_delay_updates.patch: New patch from upstream (closes: #992231)

   -- Samuel Henrique   Sun, 12 Sep 2021 17:25:37
  +0100

  rsync (3.2.3-4) unstable; urgency=medium

[ Helmut Grohne ]
* d/p/fix_ftcbfs_configure.patch: New patch to fix FTCBFS (closes: #971285)

[ Samuel Henrique ]
* Bump Standards-Version to 4.5.1


  ### Old Ubuntu Delta ###

  rsync (3.2.3-8ubuntu3) jammy; urgency=high

* No change rebuild for ppc64el baseline bump.

   -- Julian Andres Klode   Fri, 25 Mar 2022
  10:51:06 +0100

  rsync (3.2.3-8ubuntu2) jammy; urgency=medium

* No-change rebuild against 

[Touch-packages] [Bug 1971319] Re: Merge rsync from Debian unstable for kinetic

[Christian Ehrhardt ]

The Delta we have is up since Groovy (added by xnox), sadly without any
bug reference test details or anything else. Since then we have had
H,I,J merges just retaining it as-is.

Gladly the last merger (Thanks Sergio) picked this up for real :-)
Therefore we now have [1] including the later refinement of [2] which does not 
contradict.

Thereby 3.2.4-1 contains all our remaining Delta and various upstream and 
packaging improvements.
This is ready to be a sync.

[1]: 
https://salsa.debian.org/debian/rsync/-/commit/8dfd09fe5c850564953825c81d2f523fa0f30f07
[2]: 
https://salsa.debian.org/debian/rsync/-/commit/34390672fadd347f157148deb3b66cbf27ae6ed1

** Tags removed: needs-merge
** Tags added: needs-sync

** Changed in: rsync (Ubuntu)
 Assignee: Sergio Durigan Junior (sergiodj) => Christian Ehrhardt  
(paelzer)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/1971319

Title:
  Merge rsync from Debian unstable for kinetic

Status in rsync package in Ubuntu:
  New

Bug description:
  Upstream: tbd
  Debian:   3.2.4-1
  Ubuntu:   3.2.3-8ubuntu3


  Debian does new releases regularly, so it's likely there will be newer
  versions available before FF that we can pick up if this merge is done
  later in the cycle.

  
  ### New Debian Changes ###

  rsync (3.2.4-1) unstable; urgency=medium

[ Samuel Henrique ]
* New upstream version 3.2.4
  - Work around a glibc bug where lchmod() breaks in a chroot w/o /proc
mounted (closes: #995046).
  - rsync.1: remove prepended backticks which broke --stop-after and
--stop-at formatting (closes: #1007990).
* Ship new python-based rrsync with --with-rrsync:
  - rrsync was previouysly written in bash.
  - A manpage is now shipped for rrsync.
  - python3 and python3-cmarkgfm are new B-Ds since they're needed
to generate the manpage.
* d/control:
  - Add version requirement for some libxxhash-dev and libzstd-dev as
per upstream docs.
  - Add python3-braceexpand to Suggests as it can be used by rrsync.
* d/rsync.install: cull_options has been renamed to cull-options.
* d/patches:
  - Refresh the following patches:
~ disable_reconfigure_req.diff;
~ perl_shebang.patch;
~ skip_devices_test.patch;
  - Drop the following patches, applied upstream now:
~ CVE-2020-14387.patch;
~ copy-devices.diff;
~ fix_delay_updates.patch;
~ fix_ftcbfs_configure.patch;
~ fix_mkpath.patch;
~ fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch;
~ fix_sparse_inplace.patch;
~ manpage_upstream_fixes.patch;
~ update_rrsync_options.patch;
~ workaround_glibc_lchmod_regression.patch;

[ Sergio Durigan Junior ]
* d/rules: Disable ASM optimizations when building.
  This is not needed because the only ASM-optimized implementation
  available is the MD5 hash, which is actually a no-op because we link
  against OpenSSL and rsync ends up using that library's implementation
  of the hash.  Even then, the final binary ends up with the
  ASM-optimized version included, which makes it become
  CET-incompatible.
  Thanks to Dimitri John Ledkov 

   -- Samuel Henrique   Mon, 18 Apr 2022 14:44:44
  +0100

  rsync (3.2.3-8) unstable; urgency=medium

* debian/patches:
  - manpage_upstream_fixes.patch: Import multiple upstream patches to fix
manpage.
  - copy-devices.diff: Add missing manpage changes to patch
  - CVE-2020-14387.patch: Add Forwarded DEP3 field to point to upstream 
patch
  - fix_delay_updates.patch: Refresh patch
  - fix_mkpath.patch: New upstream patch to fix an edge case on --mkpath
  - fix_rsync-ssl_RSYNC_SSL_CERT_feature.patch: New upstream patch
  - fix_sparse_inplace.patch: New upstream patch to fix --sparse + --inplace
options
  - update_rrsync_options.patch: New upstream patch to update rrsync options

   -- Samuel Henrique   Sat, 25 Sep 2021 17:38:16
  +0100

  rsync (3.2.3-7) unstable; urgency=medium

* Bump Standards-Version to 4.6.0
* d/p/workaround_glibc_lchmod_regression.patch: New patch from upstream
  (closes: #994543)
* debian/rsync.NEWS: Fix typo in last entry

   -- Samuel Henrique   Sat, 18 Sep 2021 00:25:13
  +0100

  rsync (3.2.3-6) unstable; urgency=medium

* d/t/upstream-tests: Suppress stderr warnings from the build
  process

   -- Samuel Henrique   Sun, 12 Sep 2021 18:22:57
  +0100

  rsync (3.2.3-5) unstable; urgency=medium

[ 刘建强 ]
* Set the rsync.service not to start automatically after installation,
  the rsyncd.conf configuration file needs to be configured by the user
  before the service can start

[ Samuel Henrique ]
* Re-add upstream patch for --copy-devices, the --write-devices option is
  not fully equivalent (closes: #992

[Touch-packages] [Bug 1971523] Re: Static build does not work for libmnl (-lmnl)

[Christian Ehrhardt ]

** No longer affects: libmnl (Ubuntu Impish)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libmnl in Ubuntu.
https://bugs.launchpad.net/bugs/1971523

Title:
  Static build does not work for libmnl (-lmnl)

Status in libmnl package in Ubuntu:
  Triaged
Status in libmnl source package in Jammy:
  Triaged
Status in libmnl package in Debian:
  Fix Committed

Bug description:
  [Test Case]
  $ cat > /tmp/hello.c <

  int main() {
  printf("Hello world! (and LP: #1971523)\n");
  }
  EOF
  $ gcc -o /tmp/hello /tmp/hello.c -lmnl
  (dynamic libs work)
  $ gcc -static -o /tmp/hello /tmp/hello.c -lmnl
  /usr/bin/ld: cannot find -lmnl: No such file or directory

  [Original Report]
  My program uses both -lmnl and -lnetfilter_queue and in Ubuntu 20.04 the 
-lnetfilter_queue did not work and -lmnl worked for static builds. In Ubuntu 
22.04 the problem is reversed, -lnetfilter_queue works but -lmnl doesn't for 
static builds. This is very awkward during the transition 20.04->22.04 when 
both should be supported.

  I compensated in Ubuntu 20.04 by building netfilter_queue locally;
  https://github.com/Nordix/nfqueue-loadbalancer#build

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: libmnl0:amd64 1.0.4-3build2
  ProcVersionSignature: Ubuntu 5.15.0-27.28-generic 5.15.30
  Uname: Linux 5.15.0-27-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: XFCE
  Date: Wed May  4 07:33:26 2022
  InstallationDate: Installed on 2018-09-07 (1334 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 
(20180725)
  SourcePackage: libmnl
  UpgradeStatus: Upgraded to jammy on 2022-05-01 (2 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libmnl/+bug/1971523/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1905493] Re: cloud-init status --wait hangs indefinitely in a nested lxd container

[Christian Ehrhardt ]

Due to a ping on IRC I wanted to summarize the situation here as it
seems this still affects people.

In nested LXD container we seem to have multiple issues:
- apparmor service failing to start (might need to work with LXD to sort out 
why and how to fix it)
  - if it doesn't work at least fail to start more gracefully
  - comment 2 has a workaround to make dbus not insist on apparmor, but that is 
not a real fix we could generally apply

- snapd snapd.seeded.service needs code to die/exit gracefully in this 
situation (as it won't work)
  - See comment 7, might have changed since then, but worth a revisit

** Also affects: lxd (Ubuntu)
   Importance: Undecided
   Status: New

** Summary changed:

- cloud-init status --wait hangs indefinitely in a nested lxd container
+ Services (apparmor, snapd.seeded, ...?) fail to start in nested lxd container

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1905493

Title:
  Services (apparmor, snapd.seeded, ...?) fail to start in nested lxd
  container

Status in AppArmor:
  New
Status in cloud-init:
  Invalid
Status in snapd:
  Confirmed
Status in dbus package in Ubuntu:
  Confirmed
Status in lxd package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  Invalid

Bug description:
  When booting a nested lxd container inside another lxd container (just
  a normal container, not a VM) (i.e. just L2), using cloud-init -status
  --wait, the "." is just printed off infinitely and never returns.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/1905493/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1828749] Re: ifconfig dummy0 : Device not found

[Christian Ehrhardt ]

Hi,
I come by trying to clear old bugs that were dormant for too long either 
resolving or reviving them.

First of all I can confirm what you have found (insmod vs modprobe
changes), but I also found why.


I've found that this makes modprobe work like before:
  modprobe dummy numdummies=1

So I wondered if only the default config changed.

modprobe uses config files and it picks up defaults from
/lib/modprobe.d/ and /etc/modprobe.d/.

And in there I found:
root@b:~# cat /lib/modprobe.d/systemd.conf
...
# When bonding module is loaded, it creates bond0 by default due to max_bonds
# option default value 1. This interferes with the network configuration
# management / networkd, as it is not possible to detect whether this bond0 was
# intentionally configured by the user, or should be managed by
# networkd/NM/etc. Therefore disable bond0 creation.
options bonding max_bonds=0
# Do the same for dummy0.
options dummy numdummies=0


That is the reason the new default number of dummies is zero when using 
modprobe.
You can change via a config file or pass numdummies=1 to modprobe to resolve 
that.

The default value was discussed upstream (denied) and the same problem but from 
a "where to configure" POV in Ubuntu (see bug 1937953).
Following that bug 1937953 and marking this one invalid as I think it is 
explained and not something that will be fixed/changed in the package.
That bug also has some hints on how to overwrite that default config as there 
are some intricacies in regard to "which overwrites which" for these conffiles.

** Changed in: net-tools (Ubuntu)
   Status: New => Invalid

** Changed in: ifupdown (Ubuntu)
   Status: New => Invalid

** Also affects: kmod (Ubuntu)
   Importance: Undecided
   Status: New

** Also affects: systemd (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: kmod (Ubuntu)
   Status: New => Invalid

** Changed in: systemd (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1828749

Title:
  ifconfig dummy0 : Device not found

Status in ifupdown package in Ubuntu:
  Invalid
Status in kmod package in Ubuntu:
  Invalid
Status in net-tools package in Ubuntu:
  Invalid
Status in systemd package in Ubuntu:
  Invalid

Bug description:
  Desired behavior:
The ifconfig command should be able to deal with the
dummy device.  This worked fine until recently.

  Observed behavior:
:; ifconfig dummy0
dummy0: error fetching interface information: Device not found

This problem appeared when I upgraded to bionic.

  Highly informative workaround:
:; ip link add dummy0 type dummy
That command works, and makes the problem go away permanently.
The ifconfig command works fine after that.
The ifup and ifdown commands also work fine after that.

For convenient debugging, you can use the command:
:; ip link del dummy0 type dummy
which makes the problem come back.
You can also experiment with dummy1 et cetera.

  Package ownership issues:
Compare: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909204
That report was filed against ippusbxd, which is almost certainly
not the relevant package.

For that matter, I have no idea whether the root cause is in the
net-tools package or the kernel networking stack.  All I know is
the ip command plays nicely with the kernel while the ifconfig
command does not.

  
  Notes:
The kernel module for the dummy interface is preloaded in
all situations described here.  That's not the issue.

An apport file is attached, to describe the environment.
Also, since you asked:

:; apt-cache policy net-tools
  net-tools:
Installed: 1.60-26ubuntu1
Candidate: 1.60-26ubuntu1
Version table:
   *** 1.60-26ubuntu1 500
  500 http://ubuntu.cs.utah.edu/ubuntu xenial/main amd64 Packages
  100 /var/lib/dpkg/status

:; lsb_release -rd
Description:Ubuntu 16.04.6 LTS
Release:16.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1828749/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1937953] Re: systemd forcibly disables use of dummy/bond interfaces

[Christian Ehrhardt ]

FYI - related but not a dup - bug 1828749

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1937953

Title:
  systemd forcibly disables use of dummy/bond interfaces

Status in systemd package in Ubuntu:
  Invalid

Bug description:
  /etc/modprobe.d/local-dummy.conf contains:
  options dummy numdummies=10

  /etc/modules-load.d/local-dummy.conf contains:
  dummy

  /lib/modprobe.d/systemd.conf contains:
  options bonding max_bonds=0
  options dummy numdummies=0

  On boot, the "dummy" module is loaded with the options "numdummies=10
  numdummies=0" because configuration in /lib/modprobe.d/ overrides
  configuration in /etc/modprobe.d/.

  This makes it impossible to automatically load the dummy module with
  10 interfaces and then use them in /etc/network/interfaces.d/ because
  the configuration file provided with systemd overrides my module
  configuration by setting the number of interfaces back to 0.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: systemd 237-3ubuntu10.50
  Uname: Linux 5.4.132+ x86_64
  ApportVersion: 2.20.9-0ubuntu7.24
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Jul 25 19:18:14 2021
  InstallationDate: Installed on 2014-05-10 (2633 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
  MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
  ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-5.4.132+ 
root=UUID=3d2fba1f-59b9-424f-a0df-2e7f1e2d8637 ro rootflags=subvol=@ 
sysrq_always_enabled panic=600 reboot=p sd_mod.stop_before_reboot=0 
page_owner=on page_poison=1 debug_objects=1
  SourcePackage: systemd
  UpgradeStatus: Upgraded to bionic on 2018-11-24 (973 days ago)
  dmi.bios.date: 11/22/2016
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: P7.20
  dmi.board.name: Z170 Extreme4
  dmi.board.vendor: ASRock
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: To Be Filled By O.E.M.
  dmi.chassis.version: To Be Filled By O.E.M.
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvrP7.20:bd11/22/2016:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnZ170Extreme4:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.:
  dmi.product.family: To Be Filled By O.E.M.
  dmi.product.name: To Be Filled By O.E.M.
  dmi.product.sku: To Be Filled By O.E.M.
  dmi.product.version: To Be Filled By O.E.M.
  dmi.sys.vendor: To Be Filled By O.E.M.
  modified.conffile..etc.systemd.journald.conf: [modified]
  modified.conffile..etc.systemd.logind.conf: [modified]
  mtime.conffile..etc.systemd.journald.conf: 2018-11-24T15:04:07.599704
  mtime.conffile..etc.systemd.logind.conf: 2015-07-04T15:46:37.746749

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1937953/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1805115] Re: problem with (ubuntu/cosmic)mawk /^[[:space:]]*

[Christian Ehrhardt ]

** Tags removed: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to mawk in Ubuntu.
https://bugs.launchpad.net/bugs/1805115

Title:
   problem with (ubuntu/cosmic)mawk /^[[:space:]]*http://archive.ubuntu.com/ubuntu cosmic/main amd64 Packages
  100 /var/lib/dpkg/status
  ###

  more background @ 
  https://github.com/whiteinge/ok.sh/issues/66# problem with 
(ubuntu/cosmic)mawk /^[[:space:]]*https://api.github.com/repositories/3386088/issues?page=2>; 
rel="next", ; 
rel="last"' | awk '
  BEGIN { RS=", "; FS="; "; OFS=": " }
  {
  sub(/^rel="/, "", $2); sub(/"$/, "", $2)
  sub(/^ *$/, "", $1)
  print "Link_" $2, $1
  }'
  Link_next: https://api.github.com/repositories/3386088/issues?page=2
  Link_last: https://api.github.com/repositories/3386088/issues?page=33
  -

  fails using [[:space:]]
  eg
  -
  printf %s '; 
rel="next", ; 
rel="last"' | awk '
  BEGIN { RS=", "; FS="; "; OFS=": " }
  {
  sub(/^rel="/, "", $2); sub(/"$/, "", $2)
  sub(/^[[:space:]]*$/, "", $1)
  print "Link_" $2, $1
  }'
  Link_next: