[Bug 1867198] Re: MIR: libnginx-mod-http-geoip2 (src:nginx)
** Description changed: nginx is already in main, but the binary package libnginx-mod-http- geoip2 comes from another source that is shipped inside src:nginx and hasn't gone through the original nginx MIR. When it was included[1], the agreement was that it would stay in Universe. We now want it in main, because of the geoip1 legacy deprecation in favor of geoip2 (libmaxminddb), see libmaxminddb's MIR[2]. - 1. https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1825895 2. https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101 - MIR template to follow, stay tuned. + + Source: https://github.com/leev/ngx_http_geoip2_module + + Availability: + The package must already be in the Ubuntu universe, and must build for the architectures it is designed to work on. + The bin:libnginx-mod-http-geoip2 package is built from src:nginx and exists in universe already: + https://launchpad.net/ubuntu/focal/+package/libnginx-mod-http-geoip2 + https://launchpad.net/ubuntu/focal/amd64/libnginx-mod-http-geoip2/1.17.9-0ubuntu1 + + It's built for amd64, arm64, armhf, ppc64el, s390x + + + Rationale: + We want to move away from legacy geoip1 code into new geoip2 code. nginx already has a geoip1 module in main (bin:libnginx-mod-http-geoip), and we want to exchange that with the geoip2 module. + The main push to switch to geoip2 comes from the latest stable release of bind9 (9.16.x), which has no support for geoip1, just geoip2, via libmaxminddb, which has an ongoing MIR at https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101. As a requirement of that MIR, we want to avoid having geoip1 and geoip2 both in main. + + + Security: + The security history and the current state of security issues in the package must allow us to support the package for at least 9 months (60 for LTS support) without exposing its users to an inappropriate level of security risks. This requires checking of several things that are explained in detail in the subsection Security checks. + + http://cve.mitre.org/cve/search_cve_list.html: Search in the National Vulnerability Database using the package as a keyword + - I tried a few keywords: geoip2, "nginx geoip2", "nginx geoip", "ngx_http_geoip2_module", "ngx geoip2", "ngx geoip": all empty, or returning nginx issue, or geoip issues in other products + + check OSS security mailing list (feed 'site:www.openwall.com/lists/oss-security ' into search engine) + - "site:www.openwall.com/lists/oss-security nginx geoip2": empty + - "site:www.openwall.com/lists/oss-security nginx geoip": empty + - "site:www.openwall.com/lists/oss-security ngx_http_geoip2_module": empty + - "site:www.openwall.com/lists/oss-security ngx geoip2": empty + + Ubuntu CVE Tracker + * http://people.ubuntu.com/~ubuntu-security/cve/main.html + - nothing for "geoip", "geoip2" or "nginx" (I checked and the package search is a substring search). Be sure to click "clear filter" between search attempts. + + * http://people.ubuntu.com/~ubuntu-security/cve/universe.html + - nothing for "geoip", "geoip2" or "nginx" + + * http://people.ubuntu.com/~ubuntu-security/cve/partner.html + - nothing for "geoip", "geoip2" or "nginx" (in fact, there are no packages at all listed there) + + * Executables which have the suid or sgid bit set. + - none + + * Executables in /sbin, /usr/sbin. + - none, it's an nginx module is a .so file in the modules directory + + * Packages which install services / daemons (/etc/init.d/*, /etc/init/*, /lib/systemd/system/*) + - bin:libnginx-mod-http-geoip2 doesn't install a daemon, but nginx of course is one + + * Packages which open privileged ports (ports < 1024). + - bin:libnginx-mod-http-geoip2 doesn't, but nginx of course does + + * Add-ons and plugins to security-sensitive software (filters, scanners, UI skins, etc) + - this is an add-on, or plugin/module, to nginx + + + Quality assurance: + * After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading. + - the geoip2 module is loaded right after installation: + lrwxrwxrwx 1 root root 55 Mar 12 20:28 /etc/nginx/modules-enabled/50-mod-http-geoip2.conf -> /usr/share/nginx/modules-available/mod-http-geoip2.conf + - To further set it up, nginx configuration must be changed, and a copy of the geoip2 databases must be obtained, either the free one or the subscription one. + + * The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults. + - no debconf questions + + * There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package. + - Ubuntu bugs: + - src:nginx bugs: https://bugs.launchpad.net/ubuntu/+source/nginx. None about geoip, other than this MIR and the demotion
[Bug 1867198] [NEW] MIR: libnginx-mod-http-geoip2 (src:nginx)
Public bug reported: nginx is already in main, but the binary package libnginx-mod-http- geoip2 comes from another source that is shipped inside src:nginx and hasn't gone through the original nginx MIR. When it was included[1], the agreement was that it would stay in Universe. We now want it in main, because of the geoip1 legacy deprecation in favor of geoip2 (libmaxminddb), see libmaxminddb's MIR[2]. 1. https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1825895 2. https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101 MIR template to follow, stay tuned. ** Affects: nginx (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1867198 Title: MIR: libnginx-mod-http-geoip2 (src:nginx) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1867198/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1865902] Re: [FFe] Please update NGINX to 1.17.9 (latest mainline release)
I believe this is done, as I see 1.17.9 in focal release: nginx | 1.17.9-0ubuntu1 | focal | source, all https://launchpad.net/ubuntu/+source/nginx/1.17.9-0ubuntu1 -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1865902 Title: [FFe] Please update NGINX to 1.17.9 (latest mainline release) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1865902/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1863261] Re: modinfo prints an error message if modules.builtin.bin is missing
I'm flagging this as won't fix because of LP: #1864992. Focal has been merged with 0.136ubuntu1 containing this "fix". Eoan and Bionic will not face this issue with fix for LP: #1864992. ** Changed in: initramfs-tools (Ubuntu Eoan) Status: In Progress => Won't Fix ** Changed in: initramfs-tools (Ubuntu Bionic) Status: In Progress => Won't Fix -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1863261 Title: modinfo prints an error message if modules.builtin.bin is missing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1863261/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1864992] Re: depmod: ERROR: ../libkmod/libkmod.c:515 lookup_builtin_file() could not open builtin file '/lib/modules/5.4.0-14-generic/modules.builtin.bin'
Testing Bionic kernel with the initial situation the bug being dropped said to fix: (k)rafaeldtinoco@bkmodissue:~$ sudo rm /lib/modules/4.15.0-91-generic/modules.builtin.bin (k)rafaeldtinoco@bkmodissue:~$ sudo depmod -a -F /boot/System.map-4.15.0-91-generic ok (k)rafaeldtinoco@bkmodissue:.../4.15.0-91-generic$ sudo mv modules.alias.bin modules.alias.bin.old (k)rafaeldtinoco@bkmodissue:.../4.15.0-91-generic$ sudo modprobe hehe modprobe: FATAL: Module hehe not found in directory /lib/modules/4.15.0-91-generic and it is also safe to drop it based on previous bug test case -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1864992 Title: depmod: ERROR: ../libkmod/libkmod.c:515 lookup_builtin_file() could not open builtin file '/lib/modules/5.4.0-14-generic/modules.builtin.bin' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/1864992/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1866870] Re: KVM Guest pauses after upgrade to Ubuntu 20.04
After changing cpu to : I got this log (still in a paused state): char device redirected to /dev/pts/3 (label charserial0) 2020-03-12T15:06:22.560159Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-vnmi-pending [bit 22] 2020-03-12T15:06:22.560708Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48EH).vmx-secondary-ctls [bit 31] 2020-03-12T15:06:22.560971Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48BH).vmx-apicv-xapic [bit 0] 2020-03-12T15:06:22.561208Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(48DH).vmx-vnmi [bit 5] 2020-03-12T15:06:22.561392Z qemu-system-x86_64: warning: host doesn't support requested feature: MSR(480H).vmx-ins-outs [bit 54] KVM internal error. Suberror: 1 emulation failure EAX= EBX= ECX=86d4 EDX= ESI= EDI= EBP=86d4 ESP=6d7c EIP=7acf EFL=0002 [---] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES = 00809300 CS =f000 000f 00809b00 SS = 00809300 DS = 00809300 FS = 00809300 GS = 00809300 LDT= 8200 TR = 8b00 GDT= 000f6200 0037 IDT= 03ff CR0=0010 CR2= CR3= CR4= DR0= DR1= DR2= DR3= DR6=0ff0 DR7=0400 EFER= Code=b8 90 d9 00 00 66 e8 6b f7 ff ff 66 b8 0a 00 00 00 e9 61 f2 0f 1e fb 66 57 66 56 66 53 66 53 66 89 c7 67 66 89 14 24 66 89 ce 66 e8 15 f8 ff ff 88 -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1866870 Title: KVM Guest pauses after upgrade to Ubuntu 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1866870/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1866870] Re: KVM Guest pauses after upgrade to Ubuntu 20.04
I also have these two apparmor denied messages in dmesg: [ 1380.529549] audit: type=1400 audit(1584023445.093:139): apparmor="DENIED" operation="open" profile="libvirt-aa346a1d-8caa-4c55-bef9-c3acbe17bdac" name="/" pid=19712 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 [ 1380.529856] audit: type=1400 audit(1584023445.093:140): apparmor="DENIED" operation="open" profile="libvirt-aa346a1d-8caa-4c55-bef9-c3acbe17bdac" name="/sys/bus/nd/devices/" pid=19712 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 And one last bit of info, this system booted with mitigations=off. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1866870 Title: KVM Guest pauses after upgrade to Ubuntu 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1866870/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1866870] Re: KVM Guest pauses after upgrade to Ubuntu 20.04
/proc/cpuinfo ** Attachment added: "cpuinfo.txt" https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1866870/+attachment/5336147/+files/cpuinfo.txt -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1866870 Title: KVM Guest pauses after upgrade to Ubuntu 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1866870/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1866870] Re: KVM Guest pauses after upgrade to Ubuntu 20.04
virsh capabilities ** Attachment added: "virsh-capabilities.xml" https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1866870/+attachment/5336148/+files/virsh-capabilities.xml -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1866870 Title: KVM Guest pauses after upgrade to Ubuntu 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1866870/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1866870] Re: KVM Guest pauses after upgrade to Ubuntu 20.04
virsh domcapabilities ** Attachment added: "virsh-domcapabilities.xml" https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1866870/+attachment/5336149/+files/virsh-domcapabilities.xml -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1866870 Title: KVM Guest pauses after upgrade to Ubuntu 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1866870/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1866870] Re: KVM Guest pauses after upgrade to Ubuntu 20.04
I tried launching a focal vm on a focal host, and the vm launched but is in a paused state. Attached is its log. This is on an old E660 intel core system. ** Attachment added: "f1.log" https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1866870/+attachment/5336146/+files/f1.log -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1866870 Title: KVM Guest pauses after upgrade to Ubuntu 20.04 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1866870/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1864992] Re: depmod: ERROR: ../libkmod/libkmod.c:515 lookup_builtin_file() could not open builtin file '/lib/modules/5.4.0-14-generic/modules.builtin.bin'
** Description changed: + [Impact] + + * There is no impact to the end user but spurious error messages (tons + of them) causing the perception that something really bad happened: + + Example of one of those tons of messages: + + depmod: ERROR: ../libkmod/libkmod.c:515 lookup_builtin_file() could not + open builtin file '/lib/modules/5.4.0-14-generic/modules.builtin.bin' + + [Test Case] + + * sudo rm /lib/modules/$(uname -r)/modules.builtin.bin + + * sudo depmod -a -F /boot/System.map-$(uname -r) + + This will cause the spurious error messages because depmod -a -F won't + have the "modules.builtin.bin" file created. This is a simulation of + what the linux-modules postinst package does and an example of why the + messages happen. + + [Regression Potential] + + * We are reverting a debian patch so we will be closer to upstream code + base. + + * the change is about 2 different priority changes on verbosity, so + biggest problem would be extra (or fewer) stdout/stderr messages (for + scripts relying on them, for example). + + * I have tested with kernels 4.18, 5.0 and 5.3 and all of them seemed to + work fine. + + [Other Info] + + * Original Description: + During a Focal install from the ISO image several errors like: depmod: ERROR: ../libkmod/libkmod.c:515 lookup_builtin_file() could not open builtin file '/lib/modules/5.4.0-14-generic/modules.builtin.bin' are logged in curtin's install logs. The installed system boots and works fine, but the error is clearly something we want to get rid of. At first glance this seems related to: https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1863261 but the version of initramfs-tools in both the installer and installed system (checked with `chroot /target dpkg -l initramfs-tools` during the installation) is 0.136ubuntu1, which should contain Rafael's fix for that bug. I wonder if the update-initramfs diversion has a role here. I verified this happens at least on amd64 and arm64. I'm attaching the full install logs for a amd64 installation. - --- + --- ProblemType: Bug AlsaVersion: Advanced Linux Sound Architecture Driver Version k5.4.0-14-generic. AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.11-0ubuntu18 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: N/A Card0.Amixer.info: Error: [Errno 2] No such file or directory: 'amixer' Card0.Amixer.values: Error: [Errno 2] No such file or directory: 'amixer' CasperVersion: 1.439 DistroRelease: Ubuntu 20.04 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' LiveMediaBuild: Ubuntu-Server 20.04 LTS "Focal Fossa" - Alpha amd64 (20200225) Lsusb: - Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet - Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub - Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub - Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub - Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub + Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet + Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub + Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub + Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub + Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Lsusb-t: - /: Bus 04.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M - /: Bus 03.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M - /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M - /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M - |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 480M + /: Bus 04.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M + /: Bus 03.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M + /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M + /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M + |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 480M MachineType: QEMU Standard PC (Q35 + ICH9, 2009) NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair Package: linux (not installed) ProcEnviron: - TERM=linux - PATH=(custom, no user) - XDG_RUNTIME_DIR= - LANG=C.UTF-8 + TERM=linux + PATH=(custom, no user) + XDG_RUNTIME_DIR= + LANG=C.UTF-8 ProcFB: 0 qxldrmfb ProcKernelCmdLine: initrd=/casper/initrd quiet --- maybe-ubiquity ProcVersionSignature: Ubuntu 5.4.0-14.17-generic 5.4.18 RelatedPackageVersions: - linux-restricted-modules-5.4.0-14-generic N/A - linux-backports-modules-5.4.0-14-generic N/A -
[Bug 1867150] Re: FFe: nginx: demote bin:libnginx-mod-http-geoip
debdiff for nginx with the proposed change. The changelog shall be updated to contain a reference to this bug. ** Patch added: "nginx-nogeoip.debdiff" https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1867150/+attachment/5336128/+files/nginx-nogeoip.debdiff ** Description changed: In MIR bug #1861101 we want to bring into main the geoip2 library src:libmaxminedb. The MIR team agreed to that with some conditions, one of which is to demote the geoip1 legacy version of the library (src:geoip) in order to not have both in main. bin:libnginx-mod-http- geoip is one of the reverse-dependencies of bin:libgeoip1. The main reason behind the src:libmaxminddb MIR is that bind9 9.16.x no longer uses the legacy geoip1 library, and has switched to the supported geoip2 one (src:libmaxminddb). Without this change, bind9 will lose the geoip features in focal. But it's also an opportunity to switch away from the legacy geoip1 library. For the nginx case, bin:libnginx-mod-http-geoip is pulled in via bin :nginx-core which is in main, and bin:nginx-extras and bin:nginx-full which are in universe already. The original plan was to just replace the dependency on libnginx-mod- http-geoip in bin:nginx-core with libnginx-mod-http-geoip2, but that can't happen immediately because the source code for libnginx-mod-http- geoip2 does not come from nginx itself[1][2], and thus is not subject to the MIR that brought nginx into main a while ago. We can't pull bin :libnginx-mod-http-geoip2 into main without another MIR for just that module, which will require a security review. I will file an MIR for that anyway, but we expect the security review to not get done in time for focal. We then changed the plan to just demote bin:libnginx-mod-http-geoip to universe. This will allow src:geoip (the geoip1 legacy library) to be demoted, and the MIR team has agreed to that plan[3]. This means that bin:nginx-core will no longer have a dependency on any nginx geoip modules, legacy or otherwise, and thus represents a feature change. I added a release notes task to the MIR bug #1861101 and the following scenarios about this change come to mind: a) Since bin:nginx-core dropped the dependency on bin:libnginx-mod-http- geoip, if someone got it by installing bin:nginx-core, an "apt autoremove" might suggest that bin:libnginx-mod-http-geoip can be removed. If this happens, and there are still geoip configuration directives somewhere in /etc/nginx/**, nginx will fail to restart. Note that this would also happen had we replaced bin:libnginx-mod-http-geoip with bin:libnginx-mod-http-geoip2, as the configuration directives are different b) If someone has just main enabled in < focal, with bin:nginx-core and bin:libnginx-mod-http-geoip installed, and release upgrades to focal, libnginx-mod-http-geoip won't be upgraded because it's in focal/universe. + Attached is the proposed change to nginx, from + https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/14 - Attached is the proposed change to nginx, from https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/14 + PPA with a test build, together with bind9 already linking with + libmaxminddb: + + https://launchpad.net/~ahasenack/+archive/ubuntu/bind9-geoip + 1. https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/10 2. https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1825895 3. https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/18 -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1867150 Title: FFe: nginx: demote bin:libnginx-mod-http-geoip To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1867150/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1867150] [NEW] FFe: nginx: demote bin:libnginx-mod-http-geoip
Public bug reported: In MIR bug #1861101 we want to bring into main the geoip2 library src:libmaxminedb. The MIR team agreed to that with some conditions, one of which is to demote the geoip1 legacy version of the library (src:geoip) in order to not have both in main. bin:libnginx-mod-http- geoip is one of the reverse-dependencies of bin:libgeoip1. The main reason behind the src:libmaxminddb MIR is that bind9 9.16.x no longer uses the legacy geoip1 library, and has switched to the supported geoip2 one (src:libmaxminddb). Without this change, bind9 will lose the geoip features in focal. But it's also an opportunity to switch away from the legacy geoip1 library. For the nginx case, bin:libnginx-mod-http-geoip is pulled in via bin :nginx-core which is in main, and bin:nginx-extras and bin:nginx-full which are in universe already. The original plan was to just replace the dependency on libnginx-mod- http-geoip in bin:nginx-core with libnginx-mod-http-geoip2, but that can't happen immediately because the source code for libnginx-mod-http- geoip2 does not come from nginx itself[1][2], and thus is not subject to the MIR that brought nginx into main a while ago. We can't pull bin :libnginx-mod-http-geoip2 into main without another MIR for just that module, which will require a security review. I will file an MIR for that anyway, but we expect the security review to not get done in time for focal. We then changed the plan to just demote bin:libnginx-mod-http-geoip to universe. This will allow src:geoip (the geoip1 legacy library) to be demoted, and the MIR team has agreed to that plan[3]. This means that bin:nginx-core will no longer have a dependency on any nginx geoip modules, legacy or otherwise, and thus represents a feature change. I added a release notes task to the MIR bug #1861101 and the following scenarios about this change come to mind: a) Since bin:nginx-core dropped the dependency on bin:libnginx-mod-http- geoip, if someone got it by installing bin:nginx-core, an "apt autoremove" might suggest that bin:libnginx-mod-http-geoip can be removed. If this happens, and there are still geoip configuration directives somewhere in /etc/nginx/**, nginx will fail to restart. Note that this would also happen had we replaced bin:libnginx-mod-http-geoip with bin:libnginx-mod-http-geoip2, as the configuration directives are different b) If someone has just main enabled in < focal, with bin:nginx-core and bin:libnginx-mod-http-geoip installed, and release upgrades to focal, libnginx-mod-http-geoip won't be upgraded because it's in focal/universe. Attached is the proposed change to nginx, from https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/14 PPA with a test build, together with bind9 already linking with libmaxminddb: https://launchpad.net/~ahasenack/+archive/ubuntu/bind9-geoip 1. https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/10 2. https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1825895 3. https://bugs.launchpad.net/ubuntu/+source/libmaxminddb/+bug/1861101/comments/18 ** Affects: nginx (Ubuntu) Importance: Undecided Status: New ** Description changed: In MIR bug #1861101 we want to bring into main the geoip2 library src:libmaxminedb. The MIR team agreed to that with some conditions, one of which is to demote the geoip1 legacy version of the library (src:geoip) in order to not have both in main. bin:libnginx-mod-http- geoip is one of the reverse-dependencies of bin:libgeoip1. The main reason behind the src:libmaxminddb MIR is that bind9 9.16.x no longer uses the legacy geoip1 library, and has switched to the supported geoip2 one (src:libmaxminddb). Without this change, bind9 will lose the geoip features in focal. But it's also an opportunity to switch away from the legacy geoip1 library. For the nginx case, bin:libnginx-mod-http-geoip is pulled in via bin :nginx-core which is in main, and bin:nginx-extras and bin:nginx-full which are in universe already. The original plan was to just replace the dependency on libnginx-mod- http-geoip in bin:nginx-core with libnginx-mod-http-geoip2, but that can't happen immediately because the source code for libnginx-mod-http- geoip2 does not come from nginx itself[1][2], and thus is not subject to the MIR that brought nginx into main a while ago. We can't pull bin :libnginx-mod-http-geoip2 into main without another MIR for just that module, which will require a security review. I will file an MIR for that anyway, but we expect the security review to not get done in time for focal. We then changed the plan to just demote bin:libnginx-mod-http-geoip to universe. This will allow src:geoip (the geoip1 legacy library) to be demoted, and the MIR team has agreed to that plan[3]. This means that bin:nginx-core will no longer have a dependency on any nginx geoip modules, legacy or otherwise, and thus represents a feature
[Bug 1861101] Re: [MIR]: dependency of bind9
nginx FFe bug for the demotion of libnginx-mod-http-geoip: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1867150 -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1861101 Title: [MIR]: dependency of bind9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/1861101/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1864992] Re: depmod: ERROR: ../libkmod/libkmod.c:515 lookup_builtin_file() could not open builtin file '/lib/modules/5.4.0-14-generic/modules.builtin.bin'
Testing Bionic kernel with the initial situation the bug being dropped said to fix: (k)rafaeldtinoco@bkmodissue:~$ sudo rm /lib/modules/4.15.0-91-generic/modules.builtin.bin (k)rafaeldtinoco@bkmodissue:~$ sudo depmod -a -F /boot/System.map-4.15.0-91-generic (k)rafaeldtinoco@bkmodissue:~$ sudo rm /lib/modules/4.15.0-91-generic/modules.builtin.bin (k)rafaeldtinoco@bkmodissue:~$ sudo modprobe hehe modprobe: FATAL: Module hehe not found in directory /lib/modules/4.15.0-91-generic and it is also safe to drop it based on previous bug test case. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1864992 Title: depmod: ERROR: ../libkmod/libkmod.c:515 lookup_builtin_file() could not open builtin file '/lib/modules/5.4.0-14-generic/modules.builtin.bin' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/1864992/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
