from:"Brett Holman"

Bug#1065441: dh-python: pybuild's pyproject plugin puts data files in different directory than the distutils plugin

2024-03-07 Thread Brett Holman

>From a conversation in Libera's #debian-python channel today, it sounds like
making pybuild's pyproject plugin backwards compatible for writing data_files
to the root filesystem is unlikely to happen. I've filed a bug[1]
against the upstream
cloud-init project to make the required upstream changes to support PEP517 on
debian-based distros. More context can be found there.

[1] https://github.com/canonical/cloud-init/issues/5027

Bug#1065441: dh-python: pybuild's pyproject plugin puts data files in different directory than the distutils plugin

2024-03-04 Thread Brett Holman

Package: dh-python
Version: 6.20231223ubuntu1
Severity: normal
Tags: upstream
X-Debbugs-Cc: brett.hol...@canonical.com

Dear Maintainer,

Recently, my project attempted to switch from the distutils pybuild
plugin to the pyproject plugin. Upon doing so, files that were
previously installed at various locations in the root filesystem
started getting installed under a prefix:

/usr/lib/python3/dist-packages///

The files were previously installed using the dh-python distutils
plugin, and setup()'s `data_files` keyword argument passed the
filename.

This change in behavior between plugins prevents our project from using
the pyproject plugin. Is this change in behavior expected? If so, is
there some environment variable override that could be used to override
this behavior to match the distutils behavior.

I am unfamiliar with the dh-python codebase, but poking around in the
source it seems possible that this line[1] is where prepending of Python
path prefix is happening.

A bit of history:
-

In the original commit[2] (5317bb85eca) of this plugin there was some
uncertainty around the destination of data files with a comment:

#FIXME is this the right dest for data?

A later update[3] attempted to follow pip's lead, which was the suggested
fix by a user[4].

While this approach may "work", it does break expectations from the
distutils plugin, and therefore will likely cause breakage in various
projects if we do attempt to make this plugin the default[5].

[1] 
https://salsa.debian.org/python-team/tools/dh-python/-/blob/master/dhpython/build/plugin_pyproject.py?ref_type=heads#L148
[2] 
https://salsa.debian.org/python-team/tools/dh-python/-/commit/afbc167a10c024ce4890a9d520e6a3ba513494f1
[3] 
https://salsa.debian.org/python-team/tools/dh-python/-/commit/5317bb85ecaa25ec707221d036c783c0d2a7c9de
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025485
[5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027864

Note: My apologies if this is the wrong place to file a bug, I don't see
a way to file against the project in salsa.debian.org.

Regards,

Brett Holman


-- System Information:
Debian Release: trixie/sid
  APT prefers noble
  APT policy: (500, 'noble')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.0-11-generic (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dh-python depends on:
ii  python3 3.12.1-0ubuntu2
ii  python3-distutils   3.11.5-1
ii  python3-setuptools  68.1.2-2

dh-python recommends no packages.

Versions of packages dh-python suggests:
ii  dpkg-dev   1.22.4ubuntu5
pn  flit   
ii  libdpkg-perl   1.22.4ubuntu5
ii  python3-build  1.0.3-2
pn  python3-installer  
ii  python3-wheel  0.42.0-1

-- no debconf information

Bug#1033597: isc-dhcp-client: Cannot disable default dhclient script with apparmor

2023-03-27 Thread Brett Holman

Package: isc-dhcp-client
Version: 4.4.3-P1-1.1
Severity: normal
Tags: patch
X-Debbugs-Cc: brett.hol...@canonical.com

Dear Maintainer,

The Change:
---

Dhclient doesn't provide a mechanism for disabling hook scripts, which may 
provide undesirable system side effects. It does, however, allow the caller to 
define custom scripts. Therefore, one way to effectively disable hook scripts 
is to provide a no-op script, such as /bin/true. This change allows dhclient to 
execute /bin/true such that default hook scripts may effectively be disabled.

Before this change, note the "Permission denied" in the output:

root@debian:~# dhclient -1 -v -lf /run/dhclient.lease -pf /run/dhclient.pid 
enp5s0 -sf /bin/true
Internet Systems Consortium DHCP Client 4.4.3-P1
Copyright 2004-2022 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

execve (/bin/true, ...): Permission denied
Listening on LPF/enp5s0/00:16:3e:33:e1:76
Sending on   LPF/enp5s0/00:16:3e:33:e1:76
Sending on   Socket/fallback
DHCPREQUEST for 10.161.80.58 on enp5s0 to 255.255.255.255 port 67
DHCPACK of 10.161.80.58 from 10.161.80.1
execve (/bin/true, ...): Permission denied
bound to 10.161.80.58 -- renewal in 1673 seconds.

After this change, note the "Permission denied" is gone:

root@debian:~# dhclient -1 -v -lf /run/dhclient.lease -pf /run/dhclient.pid 
enp5s0 -sf /bin/true
Internet Systems Consortium DHCP Client 4.4.3-P1
Copyright 2004-2022 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp5s0/00:16:3e:33:e1:76
Sending on   LPF/enp5s0/00:16:3e:33:e1:76
Sending on   Socket/fallback
DHCPREQUEST for 10.161.80.58 on enp5s0 to 255.255.255.255 port 67
DHCPACK of 10.161.80.58 from 10.161.80.1
bound to 10.161.80.58 -- renewal in 1797 seconds.

Inline Debdiff:
---
```
--- isc-dhcp-4.4.3-P1/debian/apparmor/sbin.dhclient 2023-01-09 
08:25:59.0 +
+++ isc-dhcp-4.4.3-P1/debian/apparmor/sbin.dhclient 2023-03-28 
04:08:36.0 +
@@ -62,6 +62,10 @@
   # only being able to run the hooks scripts.
   /{,usr/}sbin/dhclient-script   Uxr,

+  # Since dhclient doesn't provide the option to disable hooks, which is
+  # desireable in some cases, executing /bin/true as the script file suffices
+  /{,usr/}bin/true   ixr,
+
   # Run the ELF executables under their own unrestricted profiles
   /usr/lib/NetworkManager/nm-dhcp-client.action   Pxrm,
   /usr/lib/connman/scripts/dhclient-scriptPxrm,
diff -Nru isc-dhcp-4.4.3-P1/debian/changelog isc-dhcp-4.4.3-P1/debian/changelog
--- isc-dhcp-4.4.3-P1/debian/changelog  2023-01-09 09:15:41.0 +
+++ isc-dhcp-4.4.3-P1/debian/changelog  2023-03-28 04:11:57.0 +
@@ -1,3 +1,10 @@
+isc-dhcp (4.4.3-P1-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/apparmor/sbin.dhclient: Allow disabling default dhclient script.
+
+ -- Brett Holman   Mon, 27 Mar 2023 22:11:57 -0600
+
 isc-dhcp (4.4.3-P1-1.1) unstable; urgency=medium

   * Non-maintainer upload.
```


Motivation:
---

When executing dhclient, cloud-init does not want variation in behavior caused 
side effects from /sbin/dhclient-script, and therefore overrides this script 
with a noop, /bin/true.

Formerly cloud-init used "dhclient sandboxing" to work around apparmor rules in 
dhclient. With recent changes[1], cloud-init has removed sandboxing and changed 
file locations to work with dedicated PID and lease file apparmor locations. 
Unfortunately under this scheme, when the script call fails (due to apparmor 
blocking execution of /bin/true), dhclient falls back to using the default 
script, /sbin/dhclient-script, which is undesirable.

Steps Taken:

- Reported in Ubuntu (LP: 2011628)
- Fixing in Debian was suggested (fix proposed[2])
- It was requested to make change in Debian

[1] 
https://github.com/canonical/cloud-init/commit/de7851b93c5a2d4658d8a0a336e9d014adb15189
[2] 
https://code.launchpad.net/~holmanb/ubuntu/+source/isc-dhcp/+git/isc-dhcp/+merge/439186

-- System Information:
Debian Release: 12.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-7-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages isc-dhcp-client depends on:
ii  debianutils  5.7-0.4
ii  iproute2 6.1.0-2
ii  libc62.36-8

Versions of packages isc-dhcp-client recommends:
ii  isc-dhcp-common  4.4.3-P1-1.1

Versions of packages isc-dhcp-client suggests:
pn  avahi-autoipd  
pn  isc-dhcp-client-ddns   
ii  systemd-resolved [resolvconf]  252.6-1

-- no debconf information

Bug#1009279: cloud-init: Please drop unneeded dependencies

2022-04-10 Thread Brett Holman

Package: cloud-init
Version: 21.4-3
Severity: normal

Cloud-init no longer uses the following dependencies:

python3-prettytable - since 2017
python3-six - since 2020

Both requirements were removed years ago upstream, we should drop them
in Debian as well.

Cheers,

Brett Holman

Bug#1065441: dh-python: pybuild's pyproject plugin puts data files in different directory than the distutils plugin

Bug#1065441: dh-python: pybuild's pyproject plugin puts data files in different directory than the distutils plugin

Bug#1033597: isc-dhcp-client: Cannot disable default dhclient script with apparmor

Bug#1009279: cloud-init: Please drop unneeded dependencies

4 matches

Site Navigation

Mail list logo

Footer information