[Bug 1925822] Re: [21.04 regression] formatting vfat times out

2021-05-10 Thread Martin Pitt
I installed udisks2 2.9.2-1ubuntu1 from hirsute-proposed, and confirm
that both the manual test case above as well as cockpit's automatic
TestStorageFormat.testFormatTypes now succeed. Thank you Sebastien and
Robie!

** Tags removed: verification-needed verification-needed-hirsute
** Tags added: verification-done verification-done-hirsute

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925822

Title:
  [21.04 regression] formatting vfat times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1925822/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: socket is inaccessible for libvirt-dbus

2021-04-28 Thread Martin Pitt
** Changed in: libvirt (Ubuntu Hirsute)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  socket is inaccessible for libvirt-dbus

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925822] Re: [21.04 regression] formatting vfat times out

2021-04-27 Thread Martin Pitt
Argh indeed, forgot about that one already -- I even looked at that
before, it's tracked here: https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=983751

But you knew that as well, in comment #4 -- So I hope this didn't take
too much time to track down. Merci beaucoup !

** Bug watch added: Debian Bug tracker #983751
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983751

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925822

Title:
  [21.04 regression] formatting vfat times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1925822/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925822] Re: [21.04 regression] formatting vfat times out

2021-04-26 Thread Martin Pitt
Direct mkfs works:

# mkfs.vfat -I -n label /dev/vdb
mkfs.fat 4.2 (2021-01-31)
mkfs.fat: Warning: lowercase labels might not work properly on some systems
# blkid -p /dev/vdb
/dev/vdb: PTUUID="892240dd" PTTYPE="dos"


** Changed in: udisks2 (Ubuntu)
   Status: Incomplete => New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925822

Title:
  [21.04 regression] formatting vfat times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1925822/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925822] Re: [21.04 regression] formatting vfat times out

2021-04-26 Thread Martin Pitt
Reproducer from scratch:

# download current cloud image
curl -L -O 
https://cloud-images.ubuntu.com/daily/server/hirsute/current/hirsute-server-cloudimg-amd64.img
# nothing fancy, just admin:foobar and root:foobar
curl -L -O 
https://github.com/cockpit-project/bots/raw/master/machine/cloud-init.iso
# create second disk image for formatting
qemu-img create -f qcow2 disk2.img 100M
# boot it
qemu-system-x86_64 -cpu host -enable-kvm -nographic -m 2048 -drive 
file=hirsute-server-cloudimg-amd64.img,if=virtio -snapshot -cdrom 
cloud-init.iso -drive file=disk2.img,if=virtio

Log in on the console (root:foobar), then

# sanity check: should be empty
blkid -p /dev/vdb

busctl call org.freedesktop.UDisks2
/org/freedesktop/UDisks2/block_devices/vdb org.freedesktop.UDisks2.Block
Format 'sa{sv}' vfat 0

→ hangs.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925822

Title:
  [21.04 regression] formatting vfat times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1925822/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925765] Re: [21.04 regression] networking broken in containers

2021-04-24 Thread Martin Pitt
@Reinhard:

> Unfortunately, I cannot confirm this on a freshly installed Ubuntu
20.04

I assume this was a typo and you really meant 21.04.

> and see what's the one that breaks podman.

That was easy, it's tuned. Full reproducer:

apt install -y tuned
podman run -it --rm -p 5000:5000 --name registry docker.io/registry:2
curl http://localhost:5000/v2/

Curious, two years ago I already filed bug #1774000 where tuned breaks
qemu. Reassigning for now.

** Summary changed:

- [21.04 regression] networking broken in containers
+ [21.04 regression] tuned breaks networking in podman containers

** Package changed: libpod (Ubuntu) => tuned (Ubuntu)

** Changed in: tuned (Ubuntu)
   Status: Incomplete => New

** Changed in: tuned (Ubuntu)
 Assignee: Reinhard Tartler (siretart) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925765

Title:
  [21.04 regression] tuned breaks networking in podman containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tuned/+bug/1925765/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925765] Re: [21.04 regression] networking broken in containers

2021-04-24 Thread Martin Pitt
Thanks Reinhard for trying! I'm running a standard cloud image (https
://cloud-images.ubuntu.com/daily/server/hirsute/current/hirsute-server-
cloudimg-amd64.img), but with some additional packages installed. I'll
go through them with a fine comb and see what's the one that breaks
podman.

(But probably not before Monday, weather is just too nice )

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925765

Title:
  [21.04 regression] tuned breaks networking in podman containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tuned/+bug/1925765/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925822] Re: [21.04 regression] formatting vfat times out

2021-04-23 Thread Martin Pitt
Forgot to mention, there is nothing useful in the journal. The only
message is this when the timeout happens:

Apr 23 15:12:35 ubuntu udisksd[3116]: Error synchronizing after
formatting with type `vfat': Timed out waiting for object


** Description changed:

  There is a regression somewhere between udisks, udev, and dosfstools.
  Formatting a device with vfat hangs and fails:
- 
  
  # blkid -p /dev/sda
  (nothing)
  
-  busctl call org.freedesktop.UDisks2 
/org/freedesktop/UDisks2/block_devices/sda org.freedesktop.UDisks2.Block Format 
'sa{sv}' vfat 0
+ # busctl call org.freedesktop.UDisks2 
/org/freedesktop/UDisks2/block_devices/sda org.freedesktop.UDisks2.Block Format 
'sa{sv}' vfat 0
  (long pause)
  Call failed: Error synchronizing after formatting with type `vfat': Timed out 
waiting for object
  
  # blkid -p /dev/sda
  /dev/sda: PTUUID="3690494f" PTTYPE="dos"
  
  OTOH, formatting as ext4 works fine:
  
  # wipefs -a /dev/sda; wipefs -a /dev/sda
  # busctl call org.freedesktop.UDisks2 
/org/freedesktop/UDisks2/block_devices/sda org.freedesktop.UDisks2.Block Format 
'sa{sv}' ext4 0
  (immediately succeeds)
  
  # blkid -p /dev/sda
  /dev/sda: UUID="8bea7475-6af5-4835-86d0-0e5b2cb5500e" VERSION="1.0" 
BLOCK_SIZE="4096" TYPE="ext4" USAGE="filesystem"
  
  I tested this to a QEMU emulated disk, but it reproduces equally well
  against a `modprobe scsi_debug` device.
  
  Package: udisks2 2.9.2-1
  DistroRelease: Ubuntu 21.04

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925822

Title:
  [21.04 regression] formatting vfat times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1925822/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925822] Re: [21.04 regression] formatting vfat times out

2021-04-23 Thread Martin Pitt
I tried to run it in the foreground with


  G_MESSAGES_DEBUG=all /usr/libexec/udisks2/udisksd

but still no messages aside from the timeout.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925822

Title:
  [21.04 regression] formatting vfat times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1925822/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925822] [NEW] [21.04 regression] formatting vfat times out

2021-04-23 Thread Martin Pitt
Public bug reported:

There is a regression somewhere between udisks, udev, and dosfstools.
Formatting a device with vfat hangs and fails:

# blkid -p /dev/sda
(nothing)

# busctl call org.freedesktop.UDisks2 
/org/freedesktop/UDisks2/block_devices/sda org.freedesktop.UDisks2.Block Format 
'sa{sv}' vfat 0
(long pause)
Call failed: Error synchronizing after formatting with type `vfat': Timed out 
waiting for object

# blkid -p /dev/sda
/dev/sda: PTUUID="3690494f" PTTYPE="dos"

OTOH, formatting as ext4 works fine:

# wipefs -a /dev/sda; wipefs -a /dev/sda
# busctl call org.freedesktop.UDisks2 
/org/freedesktop/UDisks2/block_devices/sda org.freedesktop.UDisks2.Block Format 
'sa{sv}' ext4 0
(immediately succeeds)

# blkid -p /dev/sda
/dev/sda: UUID="8bea7475-6af5-4835-86d0-0e5b2cb5500e" VERSION="1.0" 
BLOCK_SIZE="4096" TYPE="ext4" USAGE="filesystem"

I tested this to a QEMU emulated disk, but it reproduces equally well
against a `modprobe scsi_debug` device.

Package: udisks2 2.9.2-1
DistroRelease: Ubuntu 21.04

** Affects: udisks2 (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: hirsute regression-release

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925822

Title:
  [21.04 regression] formatting vfat times out

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/udisks2/+bug/1925822/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: socket is inaccessible for libvirt-dbus

2021-04-23 Thread Martin Pitt
Thanks Christian! Lesson learned -- for 21.10 I'll update our images a
few weeks *before* the release. (I found a handful of regressions so
far..)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  socket is inaccessible for libvirt-dbus

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: socket is inaccessible for libvirt-dbus

2021-04-23 Thread Martin Pitt
This regressed in 21.04 (hirsute) again. 1.4.0-2 was synced from Debian
(https://launchpad.net/ubuntu/+source/libvirt-dbus/+changelog) instead
of merged.

** Tags added: hirsute regression-release

** Changed in: libvirt-dbus (Ubuntu)
   Status: Fix Released => Triaged

** Also affects: libvirt (Ubuntu Hirsute)
   Importance: Undecided
   Status: New

** Also affects: libvirt-dbus (Ubuntu Hirsute)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  socket is inaccessible for libvirt-dbus

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1925765] [NEW] [21.04 regression] networking broken in containers

2021-04-23 Thread Martin Pitt
Public bug reported:

This stopped working in 21.04:

  podman run -it --rm -p 5000:5000 --name registry docker.io/registry:2
  curl http://localhost:5000/v2/

The curl just hangs forever. This works fine in Ubuntu 20.10 with podman
2.0.6+dfsg1-1ubuntu1.

Outbound direction is also broken:

# podman run -it --rm docker.io/ubuntu:latest apt update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
  Temporary failure resolving 'archive.ubuntu.com'

However, that's already the case in Ubuntu 20.10.

Unfortunately there are no tools like `ip` in the container to see
network interfaces and routes, neither in fedora:latest.

/proc/net/dev and /proc/net/route do show an interface as expected, and
they are exactly the same as in 20.10.

Package: podman 3.0.1+dfsg1-1ubuntu1
DistroRelease: Ubuntu 21.04

** Affects: libpod (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: hirsute regression-release

** Description changed:

  This stopped working in 21.04:
  
-   podman run -it --rm -p 5000:5000 --name registry docker.io/registry:2
-   curl http://localhost:5000/v2/
+   podman run -it --rm -p 5000:5000 --name registry docker.io/registry:2
+   curl http://localhost:5000/v2/
  
  The curl just hangs forever. This works fine in Ubuntu 20.10 with podman
  2.0.6+dfsg1-1ubuntu1.
  
  Outbound direction is also broken:
  
  # podman run -it --rm docker.io/ubuntu:latest apt update
- Err:1 http://archive.ubuntu.com/ubuntu focal InRelease   
-   Temporary failure resolving 'archive.ubuntu.com'
+ Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
+   Temporary failure resolving 'archive.ubuntu.com'
  
  However, that's already the case in Ubuntu 20.10.
  
  Unfortunately there are no tools like `ip` in the container to see
  network interfaces and routes, neither in fedora:latest.
  
  /proc/net/dev and /proc/net/route do show an interface as expected, and
  they are exactly the same as in 20.10.
  
- PackageVersion: podman 3.0.1+dfsg1-1ubuntu1
+ Package: podman 3.0.1+dfsg1-1ubuntu1
+ DistroRelease: Ubuntu 21.04

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925765

Title:
  [21.04 regression] networking broken in containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/1925765/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861053] Re: no fatrace output in focal

2021-03-12 Thread Martin Pitt
** Changed in: fatrace (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861053

Title:
  no fatrace output in focal

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fatrace/+bug/1861053/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1916485] Re: test -x fails inside shell scripts in containers

2021-02-26 Thread Martin Pitt
I've been scratching my head over this regression [1] for a while now,
in the context of running a hirsute container on a 20.04 host (in
particular, a GitHub workflow machine) In my case, the symptom is that
after upgrading glibc, `which` is broken; that of course also uses
faccessat(), similar to test -x.

I tried all sorts of the "usual" workarounds, as seccomp has been giving
trouble for a while now [2]. But this failure is robust against fuse-
overlayfs vs. vfs (inefficient full copies of the file system), root vs.
user podman, podman vs. docker, and, relevant for this bug, it *also
happens* with --security-opt=seccomp=unconfined and/org --privileged,
both of which should disable seccomp.

Hence I believe this bug can't at least only be in libseccomp.


[1] 
https://github.com/martinpitt/umockdev/runs/1984769591?check_suite_focus=true#step:3:1019
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1900021

** Bug watch added: Red Hat Bugzilla #1900021
   https://bugzilla.redhat.com/show_bug.cgi?id=1900021

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1916485

Title:
  test -x fails inside shell scripts in containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1916485/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user -- missing CacheDirectory=

2021-02-15 Thread Martin Pitt
I now did exactly the same steps as above on an Ubuntu 20.04 VM, with
exactly the same results. This verifies 4.33-3ubuntu1.20.04.1.

** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user -- missing CacheDirectory=

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user -- missing CacheDirectory=

2021-02-15 Thread Martin Pitt
Verification for groovy:

I took a 20.10 VM with current pollinate 4.33-3ubuntu1, and after
booting, pollinate.service is in state failed as per the bug
description.

I then updated to 4.33-3ubuntu1.20.10.1. The package update auto-
restarted pollinate.service, and it looked successful:

# systemctl status pollinate
● pollinate.service - Pollinate to seed the pseudo random number generator
 Loaded: loaded (/lib/systemd/system/pollinate.service; enabled; vendor 
preset: enabled)
 Active: inactive (dead) since Tue 2021-02-16 06:03:56 UTC; 1min 45s ago
   Docs: https://launchpad.net/pollinate
Process: 2815 ExecStart=/usr/bin/pollinate (code=exited, status=0/SUCCESS)
   Main PID: 2815 (code=exited, status=0/SUCCESS)

Feb 16 06:03:56 ubuntu systemd[1]: Starting Pollinate to seed the pseudo random 
number generator...
Feb 16 06:03:56 ubuntu pollinate[2830]: client sent challenge to 
[https://entropy.ubuntu.com/]
Feb 16 06:03:56 ubuntu pollinate[2844]: client verified challenge/response with 
[https://entropy.ubuntu.com/]
Feb 16 06:03:56 ubuntu pollinate[2851]: client hashed response from 
[https://entropy.ubuntu.com/]
Feb 16 06:03:56 ubuntu pollinate[2852]: client successfully seeded 
[/dev/urandom]
Feb 16 06:03:56 ubuntu systemd[1]: pollinate.service: Succeeded.
Feb 16 06:03:56 ubuntu systemd[1]: Finished Pollinate to seed the pseudo random 
number generator.

It does not have RemainAfterExit=, so that is as expected. I rebooted
the VM, and the unit skipped cleanly, again as expected:

# systemctl status pollinate
● pollinate.service - Pollinate to seed the pseudo random number generator
 Loaded: loaded (/lib/systemd/system/pollinate.service; enabled; vendor 
preset: enabled)
 Active: inactive (dead)
  Condition: start condition failed at Tue 2021-02-16 06:06:58 UTC; 6s ago
 └─ ConditionPathExists=!/var/cache/pollinate/seeded was not met
   Docs: https://launchpad.net/pollinate

Feb 16 06:06:58 ubuntu systemd[1]: Condition check resulted in Pollinate
to seed the pseudo random number generator being skipped.

# ls -l /var/cache/pollinate/
total 0
-rw-r--r-- 1 pollinate daemon 0 Feb 16 06:03 seeded

Now let's re-try the cleanup:

# rm -rf /var/cache/*
# reboot

This causes the shutdown process to last a little longer, presumably
because running daemons got their files ripped away underneath them, but
it does succeed. After it came back up, pollinate.service once again ran
successfully like above.

** Tags removed: verification-needed-groovy
** Tags added: verification-done-groovy

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user -- missing CacheDirectory=

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user -- missing CacheDirectory=

2021-02-11 Thread Martin Pitt
@Christian: Debian still needs/wants to support sysvinit. Of course
init.d scripts ought to create cache directories too (like munin,
mopidy, and others already do, but probably not all of them), but that
will be a bit more work. FHS applies to SysV init as well, so the same
reasoning still holds. Also, some postinsts seem to do legitimate work,
like fontconfig which also creates an initial font cache.

If you want to start an MBF, it first needs some initial discussion, or
at least announcement, on debian-devel@ [1]. And then it needs checking
which packages actually have that problem, as I don't think it's
actually *that* many -- two dozens tops? But in general I think this is
a nice goal for sure. (For the record, we have not detected any problems
related to this in the Cockpit test suite on any Debian or Ubuntu image,
except for pollinate)

The "/var/cache/ should be removable" reference is [2], it was already
in comment #9:

[1] 
https://www.debian.org/doc/manuals/developers-reference/beyond-pkging.en.html#reporting-lots-of-bugs-at-once-mass-bug-filing
[2] https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s05.html

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user -- missing CacheDirectory=

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user -- missing CacheDirectory=

2021-02-09 Thread Martin Pitt
** Changed in: pollinate (Ubuntu)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user -- missing CacheDirectory=

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user -- missing CacheDirectory=

2021-02-08 Thread Martin Pitt
> Where could we download one of them to check the state of that path in
there?

See comment #7:

  git clone https://github.com/cockpit-project/bots/
  bots/vm-run ubuntu-stable

But I suppose that's moot now :)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user -- missing CacheDirectory=

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user -- missing CacheDirectory=

2021-02-08 Thread Martin Pitt
Indeed all our images clear up /var/cache [1]. Sorry, I forgot about
this bit before! An admin should always be able to rm -rf /var/cache,
reboot, and get a fully working system [2]. So if the pollinate data is
in any way precious, it should better be in /var/lib/pollinate then
(similar to /var/lib/systemd/random-seed).

So indeed it seems that CacheDirectory= will be at least *a* fix, or
moving to StateDirectory= and moving the file to /var/lib/pollinate/ if
it's precious.

Thanks Christian for your help here! And sorry for my unnecessarily
harsh words in comment #5, I should not have assumed that it was broken
everywhere. 來

[1] 
https://github.com/cockpit-project/bots/blob/master/images/scripts/lib/zero-disk.setup#L42
[2] https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s05.html

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user -- missing CacheDirectory=

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user

2021-02-07 Thread Martin Pitt
Thanks Christian! Interesting, the "ERROR: should execute as the
[pollinate] user" looks quite unrelated to any networking setup and
smelled like a package postinst/systemd unit bug.

I started trying to reproduce this outside of the Ubuntu CI, with a most
naïve

  curl -O 
https://cloud-images.ubuntu.com/daily/server/groovy/current/groovy-server-cloudimg-amd64.img
  curl -O 
https://github.com/cockpit-project/bots/raw/master/machine/cloud-init.iso
  qemu-system-x86_64 -enable-kvm -nographic -m 2048 -device virtio-rng-pci 
-drive file=groovy-server-cloudimg-amd64.img,if=virtio -snapshot -cdrom 
cloud-init.iso

(that cloud-init is nothing special, just to get root:foobar and
admin:foobar accounts, see [1])

But this fails to start ssh.service, and neither does it actually run
cloud-init, so there is no way to log in and examine further. But indeed
it seems to have started pollinate:

[  OK  ] Finished Pollinate to seed…seudo random number generator.
 Starting OpenBSD Secure Shell server...
[  OK  ] Started Dispatcher daemon for systemd-networkd.
[FAILED] Failed to start OpenBSD Secure Shell server.
See 'systemctl status ssh.service' for details.

Our CI uses libvirt for everything, which of course makes a CLI
reproducer a lot more difficult. It's fairly easy when actually using
our python wrappers:

  git clone https://github.com/cockpit-project/bots/
  bots/vm-run ubuntu-stable

(log in as root:foobar)

This downloads the actual image to ~/.cache/cockpit-images and creates a
transient domain with a transient overlay. I attach the `virsh dumpxml`
output, but of course that has a lot of absolute file system paths in
it, UUIDs, and other junk that is specific to my system.

There the pollinate user exists

  # id pollinate
  uid=111(pollinate) gid=1(daemon) groups=1(daemon)

  # systemctl cat pollinate
  [..]
  [Service]
  User=pollinate
  ExecStart=/usr/bin/pollinate
  Type=oneshot

which looks right.

I edited the systemd unit to run pollinate through /bin/sh -ex, and that did 
reveal something:
 
Feb 07 09:24:10 ubuntu sh[2449]: + set -e
Feb 07 09:24:10 ubuntu sh[2449]: + set -f
Feb 07 09:24:10 ubuntu sh[2449]: + PKG=pollinate
Feb 07 09:24:10 ubuntu sh[2450]: + mktemp -d -t pollinate.
Feb 07 09:24:10 ubuntu sh[2449]: + TMPDIR=/tmp/pollinate.77BPmzGSfzFm
Feb 07 09:24:10 ubuntu sh[2449]: + trap rm -rf /tmp/pollinate.77BPmzGSfzFm 
2>/dev/null || true EXIT HUP INT QUIT TERM
Feb 07 09:24:10 ubuntu sh[2449]: + CACHEDIR=/var/cache/pollinate
Feb 07 09:24:10 ubuntu sh[2449]: + FLAG=/var/cache/pollinate/seeded
Feb 07 09:24:10 ubuntu sh[2449]: + LOG=/var/cache/pollinate/log
Feb 07 09:24:10 ubuntu sh[2451]: + hostname
Feb 07 09:24:10 ubuntu sh[2449]: + HOSTNAME=ubuntu
Feb 07 09:24:10 ubuntu sh[2449]: + STRICT=0
Feb 07 09:24:10 ubuntu sh[2453]: + logger -V
Feb 07 09:24:10 ubuntu sh[2454]: + awk {print $4}
Feb 07 09:24:10 ubuntu sh[2449]: + logger_ver=2.36
Feb 07 09:24:10 ubuntu sh[2449]: + dpkg --compare-versions 2.36 ge 2.26.2
Feb 07 09:24:10 ubuntu sh[2449]: + LOGGER=logger --id=2449
Feb 07 09:24:10 ubuntu sh[2449]: + [ -t 0 ]
Feb 07 09:24:10 ubuntu sh[2449]: + [ -r /etc/default/pollinate ]
Feb 07 09:24:10 ubuntu sh[2449]: + . /etc/default/pollinate
Feb 07 09:24:10 ubuntu sh[2449]: + BINARY=1
Feb 07 09:24:10 ubuntu sh[2449]: + QUIET=0
Feb 07 09:24:10 ubuntu sh[2449]: + WAIT=10
Feb 07 09:24:10 ubuntu sh[2449]: + DEVICE=/dev/urandom
Feb 07 09:24:10 ubuntu sh[2449]: + SERVER=https://entropy.ubuntu.com/
Feb 07 09:24:10 ubuntu sh[2449]: + POOL=
Feb 07 09:24:10 ubuntu sh[2449]: + CURL_OPTS=--cacert 
/etc/pollinate/entropy.ubuntu.com.pem --capath /dev/null
Feb 07 09:24:10 ubuntu sh[2449]: + [ ! -z  ]
Feb 07 09:24:10 ubuntu sh[2449]: + [ -z  ]
Feb 07 09:24:10 ubuntu sh[2449]: + [ ! -w /var/cache/pollinate ]
Feb 07 09:24:10 ubuntu sh[2449]: + error should execute as the [pollinate] user
Feb 07 09:24:10 ubuntu sh[2449]: + logger --id=2449 -t pollinate ERROR: should 
execute as the [pollinate] user

/var/cache/pollinate indeed does not exist.

I added

  CacheDirectory=pollinate

to the systemd unit, and that fixes it.

[1] https://github.com/cockpit-project/bots/blob/master/machine/make-
cloud-init-iso


** Attachment added: "virsh dumpxml"
   
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+attachment/5461032/+files/ubuntu-2004.xml

** Summary changed:

- pollinate.service fails to start: ERROR: should execute as the [pollinate] 
user
+ pollinate.service fails to start: ERROR: should execute as the [pollinate] 
user -- missing CacheDirectory=

** Changed in: pollinate (Ubuntu)
   Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user -- missing CacheDirectory=

To manage notifications about this bug go to:

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user

2021-02-04 Thread Martin Pitt
I just tested on current 20.04 and 20.10 cloud images, still the same
bug. There was exactly one upload since then [1] which was trivial (just
updating the watch file).

[1] https://launchpad.net/ubuntu/+source/pollinate/+changelog

** Changed in: pollinate (Ubuntu)
   Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] Re: pollinate.service fails to start: ERROR: should execute as the [pollinate] user

2021-02-04 Thread Martin Pitt
One more thing: That package hasn't worked in literally years, and is
also obsolete. QEMU has had `-device virtio-rng-pci` for a long time
now, libvirt uses it by default, and apparently most cloud providers use
that, too. So I suggest to remove the package from Ubuntu, but *at
least* from the default install.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1906320] Re: fake-device-wrapper should bind-mount efivars

2020-11-30 Thread Martin Pitt
FTR, I would strongly advise against that, see
https://github.com/martinpitt/umockdev/issues/110#issuecomment-736224503
. You want the tests to work independently on the hardware it's running
on, so that you can run it on e.g. standard autopkgtest infra.

You could create /sys/firmware/efi/efivars/ tarballs of a bunch of real
systems with the properties that you want, keep them in the tests, and
unpack these in your test cases. You most probably just need a few of
them, so you can strip them down or possibly create them individually as
files, but a full tarball might be the quickest start.

** Bug watch added: github.com/martinpitt/umockdev/issues #110
   https://github.com/martinpitt/umockdev/issues/110

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1906320

Title:
  fake-device-wrapper should bind-mount efivars

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-drivers-common/+bug/1906320/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1905212] Re: On 20.04 arm64 (raspberry) can't install cockpit from focal-backports

2020-11-24 Thread Martin Pitt
Sorry, it wasn't built on armhf/arm64 yet:
https://launchpad.net/ubuntu/+source/cockpit/231-1~ubuntu20.04.1

There's currently some hw maintenance going on:
https://lists.ubuntu.com/archives/launchpad-
announce/2020-November/000107.html

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905212

Title:
  On 20.04 arm64 (raspberry) can't install cockpit from focal-backports

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cockpit/+bug/1905212/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1905212] Re: On 20.04 arm64 (raspberry) can't install cockpit from focal-backports

2020-11-24 Thread Martin Pitt
This is the wrong way to invoke apt, as the package/release syntax will
install *only* that package from backports, but resolve all dependencies
from main.

Please try this:

sudo apt install -t focal-backports cockpit


** Changed in: cockpit (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1905212

Title:
  On 20.04 arm64 (raspberry) can't install cockpit from focal-backports

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cockpit/+bug/1905212/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1892756] Re: System libvirt-dbus broken after changing libvirtd.socket SocketMode to 0660

2020-08-25 Thread Martin Pitt
ISTM that adding the libvirt-dbus user into the libvirt group is the
right fix here. According to /usr/share/dbus-1/system.d/org.libvirt.conf
only root and libvirt group users can call its interface. So that
useradd seems correct to me, and it should be put into the Debian
package.

Unfortunately libvirt-dbus does not use systemd to manage its service,
otherwise it could use DynamicUser= and SupplementaryGroups=libvirt.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892756

Title:
  System libvirt-dbus broken after changing libvirtd.socket SocketMode
  to 0660

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt-dbus/+bug/1892756/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1885188] Re: fatrace autopkgtest failure due to rename test

2020-08-22 Thread Martin Pitt
https://github.com/martinpitt/fatrace/releases/tag/0.16

I uploaded this to Debian as well, from where it should get auto-
imported into groovy.

** Changed in: fatrace
   Status: Fix Committed => Fix Released

** Changed in: fatrace (Ubuntu)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885188

Title:
  fatrace autopkgtest failure due to rename test

To manage notifications about this bug go to:
https://bugs.launchpad.net/fatrace/+bug/1885188/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1861053] Re: no fatrace output in focal

2020-08-22 Thread Martin Pitt
FTR, I just ran fatrace a lot in a current Ubuntu 20.04 VM to debug
#1885188, and it seems fine.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1861053

Title:
  no fatrace output in focal

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fatrace/+bug/1861053/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1885188] Re: fatrace autopkgtest failure due to rename test

2020-08-22 Thread Martin Pitt
I improved the "unknown" process names a bit now
<https://github.com/martinpitt/fatrace/commit/314cb93dc5589>.

But I just realized what actually goes wrong in terms of *this* bug: All
three autopkgtest failures
<https://autopkgtest.ubuntu.com/packages/f/fatrace/groovy/amd64> fail
like this:

  ^mv(.*): <> /tmp/autopkgtest.TV550j/build.0mf/src not found in log:

mv(1320): < /tmp/autopkgtest.TV550j/build.0mf/src
mv(1320): > /tmp/autopkgtest.TV550j/build.0mf/src

So it seems in some circumstances a file rename is not sent as a single
FAN_MOVED_FROM|FAN_MOVED_TO event, but two discrete ones. So I just need
to fix the test to accept either:
https://github.com/martinpitt/fatrace/commit/6cf5a35dc18

** Changed in: fatrace
   Status: New => Fix Committed

** Changed in: fatrace (Ubuntu)
   Status: Triaged => In Progress

** Changed in: fatrace (Ubuntu)
     Assignee: (unassigned) => Martin Pitt (pitti)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885188

Title:
  fatrace autopkgtest failure due to rename test

To manage notifications about this bug go to:
https://bugs.launchpad.net/fatrace/+bug/1885188/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1885188] Re: fatrace autopkgtest failure due to rename test

2020-08-22 Thread Martin Pitt
** Changed in: fatrace
 Assignee: (unassigned) => Martin Pitt (pitti)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885188

Title:
  fatrace autopkgtest failure due to rename test

To manage notifications about this bug go to:
https://bugs.launchpad.net/fatrace/+bug/1885188/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1885188] Re: fatrace autopkgtest failure due to rename test

2020-08-22 Thread Martin Pitt
Thanks Christian for your initial investigations! I'm back from
vacation, looking into this now. Observations:

 * The 0.13 tests still work fine
, so
this is indeed a problem with the "new" FAN_REPORT_FID mode.

 * I finally moved the upstream code from git.lauchpad.net to github
 and added Travis integration for
Ubuntu 20.04 LTS: This worked: https://travis-
ci.com/github/martinpitt/fatrace/builds/180931055 (also a previous run
on the tests branch).

 * I can in principle reproduce this on my Fedora 32 host (kernel
5.7.10), but it's really difficult -- I only got one failure in about
100 runs. This was when I had quite some background noise (downloading a
VM image), and thus a lot of events that were unrelated to the test.

 * After the image download finished, and thus background noise ceased,
I can no longer reproduce this.

 * I tried in an Ubuntu 20.04 VM, and after some dozen iterations I get
a *different* type of failure:

   ^bash(.* C\?WO\? /root/fatrace/test.txt not found in log

 bash(8605): CO /etc/ld.so.cache
 [...]
 unknown(8605): CWO /root/fatrace/test.txt


   ^rm(.*): D /root/fatrace$ not found in log

 rm(10115): O /usr/lib/locale/C.UTF-8/LC_NUMERIC
 rm(10115): O /usr/lib/locale/C.UTF-8/LC_CTYPE
 unknown(10115): D /root/fatrace
 unknown(10115): C /usr/bin/rm

   My first Travis run  had something
similar.

  This is again the ancient race condition of /proc/pid/comm being out
of sync with the actual process -- there is no race free way how to map
the fanotify event to a process exec. To fix this, I could cache the
lookup result for a while, but of course it would then be subject to pid
re-use.

  But either way, this is a different failure than this bug report.

 * I can make the locally running test fail when creating background
noise with

   find . -exec head '{}' \; > /dev/null

   But it usually just fails with the "unknown" error.

So it seems I should first do something about that "/proc/pid/comm out
of sync" issue.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1885188

Title:
  fatrace autopkgtest failure due to rename test

To manage notifications about this bug go to:
https://bugs.launchpad.net/fatrace/+bug/1885188/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1890786] [NEW] ipa-client-install fails on restarting non-existing chronyd.service

2020-08-07 Thread Martin Pitt
Public bug reported:

DistroRelease: Ubuntu 20.10
Package: freeipa-client 4.8.6-1ubuntu2

Client install fails:

 * LANG=C /usr/sbin/ipa-client-install --domain cockpit.lan --realm COCKPIT.LAN 
--mkhomedir --enable-dns-updates --unattended --force-join --principal admin -W 
--force-ntpd
Option --force-ntpd has been deprecated and will be removed in a future release.
Discovery was successful!
Client hostname: x0.cockpit.lan
Realm: COCKPIT.LAN
DNS Domain: cockpit.lan
IPA Server: f0.cockpit.lan
BaseDN: dc=cockpit,dc=lan
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was 
provided.
CalledProcessError(Command ['/bin/systemctl', 'restart', 'chronyd.service'] 
returned non-zero exit status 5: 'Failed to restart chronyd.service: Unit 
chronyd.service not found.\n')
The ipa-client-install command failed. See /var/log/ipaclient-install.log for 
more information

/var/log/ipaclient-install.log basically says the same,  just with a
giant Traceback for CalledProcessError.

freeipa-client could depend on chronyd, but IMHO it would be better to
make this non-fatal. If one uses systemd-timesyncd (as we do by default
in Ubuntu), that should be fine?

** Affects: freeipa (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: groovy

** Tags added: groovy

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890786

Title:
  ipa-client-install fails on restarting non-existing chronyd.service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1890786/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1799095] Re: Firewalld nftables backend breaks networking of libvirt

2020-08-07 Thread Martin Pitt
This somehow does not affect Ubuntu 20.04 LTS, but it does affect the
current "groovy" release again:

# virsh net-start default
error: Failed to start network default
error: internal error: firewalld is set to use the nftables backend, but the 
required firewalld 'libvirt' zone is missing. Either set the firewalld backend 
to 'iptables', or ensure that firewalld has a 'libvirt' zone by upgrading 
firewalld to a version supporting rule priorities (0.7.0+) and/or rebuilding 
libvirt with --with-firewalld-zone

Switching firewalld to iptables makes it work.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1799095

Title:
  Firewalld nftables backend breaks networking of libvirt

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1799095/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1831467] Re: test-umockdev tests flaky on armhf (and sometimes other archs)

2020-07-29 Thread Martin Pitt
https://salsa.debian.org/debian/umockdev/-/commit/87b476aee2 should
hopefully help. I uploaded 0.14.2 to Debian unstable now, it should
auto-sync into Groovy soon. Thanks  Dan for tackling this!

** Changed in: umockdev (Ubuntu Groovy)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1831467

Title:
  test-umockdev tests flaky on armhf (and sometimes other archs)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/umockdev/+bug/1831467/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1875028] Re: Package cockpit-docker cannot be found

2020-04-25 Thread Martin Pitt
Right, this is intended, we stopped supporting cockpit-docker upstream:
https://cockpit-project.org/blog/cockpit-215.html

The older package still works for the time being, if you install it
manually.

** Changed in: cockpit (Ubuntu)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875028

Title:
  Package cockpit-docker cannot be found

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cockpit/+bug/1875028/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: socket is inaccessible for libvirt-dbus

2020-02-24 Thread Martin Pitt
@Christian: Wontfix WFM, I'm glad that the default works in focal (the
next LTS). For the non-LTS ones it can be worked around (write a systemd
unit drop-in or so), but apparently it's not such a big issue. Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  socket is inaccessible for libvirt-dbus

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: socket is inaccessible for libvirt-dbus

2020-02-24 Thread Martin Pitt
Nice, thanks Christian!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  socket is inaccessible for libvirt-dbus

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: D-Bus socket is inaccessible

2020-02-18 Thread Martin Pitt
The socket is actually owned by libvirt

** Package changed: libvirt-dbus (Ubuntu) => libvirt (Ubuntu)

** Summary changed:

- D-Bus socket is inaccessible
+ socket is inaccessible for libvirt-dbus

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  socket is inaccessible for libvirt-dbus

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: D-Bus socket is inaccessible

2019-12-29 Thread Martin Pitt
Here as well:
https://www.reddit.com/r/linuxquestions/comments/c7hcfe/whack_issues_with_cockpit_and_ubuntu_server_1904/

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  D-Bus socket is inaccessible

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt-dbus/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: D-Bus socket is inaccessible

2019-12-29 Thread Martin Pitt
Other users run into this as well: https://github.com/cockpit-
project/cockpit/issues/13339

** Bug watch added: github.com/cockpit-project/cockpit/issues #13339
   https://github.com/cockpit-project/cockpit/issues/13339

** Changed in: libvirt-dbus (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  D-Bus socket is inaccessible

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt-dbus/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1850281] Re: package pcp 4.3.4-1build1 failed to install/upgrade: installed pcp package post-installation script subprocess returned error exit status 1

2019-11-07 Thread Martin Pitt
We see this in our Cockpit test image creation as well.

** Bug watch added: Red Hat Bugzilla #1721223
   https://bugzilla.redhat.com/show_bug.cgi?id=1721223

** Also affects: pcp (Fedora) via
   https://bugzilla.redhat.com/show_bug.cgi?id=1721223
   Importance: Unknown
   Status: Unknown

** Also affects: pcp (Ubuntu Eoan)
   Importance: Undecided
   Status: New

** Also affects: pcp (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Changed in: pcp (Ubuntu Eoan)
   Status: New => Confirmed

** Changed in: pcp (Ubuntu Focal)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1850281

Title:
  package pcp 4.3.4-1build1 failed to install/upgrade: installed pcp
  package post-installation script subprocess returned error exit status
  1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcp/+bug/1850281/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] Re: D-Bus socket is inaccessible

2019-10-28 Thread Martin Pitt
** Tags added: disco eoan

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  D-Bus socket is inaccessible

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt-dbus/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1848923] [NEW] pollinate.service fails to start: ERROR: should execute as the [pollinate] user

2019-10-20 Thread Martin Pitt
Public bug reported:

In a standard Ubuntu 19.10 cloud image install, pollinate fails to
start:

● pollinate.service - Pollinate to seed the pseudo random number generator
   Loaded: loaded (/lib/systemd/system/pollinate.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: exit-code) since Sun 2019-10-20 12:17:10 EEST; 3 
months 4 days ago
 Docs: https://launchpad.net/pollinate
 Main PID: 665 (code=exited, status=1/FAILURE)

Oct 20 12:17:10 ubuntu systemd[1]: Starting Pollinate to seed the pseudo random 
number generator...
Oct 20 12:17:10 ubuntu pollinate[708]: ERROR: should execute as the [pollinate] 
user
Oct 20 12:17:10 ubuntu systemd[1]: pollinate.service: Main process exited, 
code=exited, status=1/FAILURE
Oct 20 12:17:10 ubuntu systemd[1]: pollinate.service: Failed with result 
'exit-code'.
Oct 20 12:17:10 ubuntu systemd[1]: Failed to start Pollinate to seed the pseudo 
random number generator.

The user does exist:

# id pollinate
uid=110(pollinate) gid=1(daemon) groups=1(daemon)

and the unit has "User=pollinate"

This happens outside of systemd as well:

# sudo -u pollinate /usr/bin/pollinate
<13>Jan 24 09:31:05 pollinate[21456]: ERROR: should execute as the [pollinate] 
user

set -x shows why:

+ [ ! -w /var/cache/pollinate ]
+ error should execute as the [pollinate] user

This directory doesn't exist. So (1) this is a bad error message, and
(2) pollinate.service is missing "CacheDirectory=pollinate". When adding
that, it works.

pollinate 4.33-2ubuntu1

** Affects: pollinate (Ubuntu)
 Importance: Undecided
 Status: New

** Affects: pollinate (Ubuntu Eoan)
 Importance: Undecided
 Status: New


** Tags: eoan regression-release

** Also affects: pollinate (Ubuntu Eoan)
   Importance: Undecided
   Status: New

** Tags added: eoan regression-release

** Description changed:

  In a standard Ubuntu 19.10 cloud image install, pollinate fails to
  start:
  
  ● pollinate.service - Pollinate to seed the pseudo random number generator
-Loaded: loaded (/lib/systemd/system/pollinate.service; enabled; vendor 
preset: enabled)
-Active: failed (Result: exit-code) since Sun 2019-10-20 12:17:10 EEST; 3 
months 4 days ago
-  Docs: https://launchpad.net/pollinate
-  Main PID: 665 (code=exited, status=1/FAILURE)
+    Loaded: loaded (/lib/systemd/system/pollinate.service; enabled; vendor 
preset: enabled)
+    Active: failed (Result: exit-code) since Sun 2019-10-20 12:17:10 EEST; 3 
months 4 days ago
+  Docs: https://launchpad.net/pollinate
+  Main PID: 665 (code=exited, status=1/FAILURE)
  
  Oct 20 12:17:10 ubuntu systemd[1]: Starting Pollinate to seed the pseudo 
random number generator...
  Oct 20 12:17:10 ubuntu pollinate[708]: ERROR: should execute as the 
[pollinate] user
  Oct 20 12:17:10 ubuntu systemd[1]: pollinate.service: Main process exited, 
code=exited, status=1/FAILURE
  Oct 20 12:17:10 ubuntu systemd[1]: pollinate.service: Failed with result 
'exit-code'.
  Oct 20 12:17:10 ubuntu systemd[1]: Failed to start Pollinate to seed the 
pseudo random number generator.
  
  The user does exist:
  
  # id pollinate
  uid=110(pollinate) gid=1(daemon) groups=1(daemon)
  
  and the unit has "User=pollinate"
  
  This happens outside of systemd as well:
  
  # sudo -u pollinate /usr/bin/pollinate
  <13>Jan 24 09:31:05 pollinate[21456]: ERROR: should execute as the 
[pollinate] user
  
  set -x shows why:
  
  + [ ! -w /var/cache/pollinate ]
  + error should execute as the [pollinate] user
  
  This directory doesn't exist. So (1) this is a bad error message, and
  (2) pollinate.service is missing "CacheDirectory=pollinate". When adding
  that, it works.
+ 
+ pollinate 4.33-2ubuntu1

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1848923

Title:
  pollinate.service fails to start: ERROR: should execute as the
  [pollinate] user

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1848923/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1845157] Re: runner/autopkgtest fails to setup env with binary packages moved to another packge, and different source/binary versions

2019-10-02 Thread Martin Pitt
Fix landed in autopkgtest master. Thanks Dan!

** Changed in: autopkgtest (Ubuntu)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1845157

Title:
  runner/autopkgtest fails to setup env with binary packages moved to
  another packge, and different source/binary versions

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1845157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1826187] Re: firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall: looks for binaries in wrong paths

2019-09-10 Thread Martin Pitt
This magically went away on the most recent daily cloud images.
@wvengen, does it work for you again as well? If so, we can close this.
Thanks!

** Changed in: firewalld (Ubuntu)
   Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826187

Title:
  firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall:
  looks for binaries in wrong paths

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1826187/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1837233] Re: [bionic] Manual IPv6 routes are not set

2019-07-19 Thread Martin Pitt
Nevermind then, this is working well enough for a stable release.

** Changed in: network-manager (Ubuntu Bionic)
   Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1837233

Title:
  [bionic] Manual IPv6 routes are not set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1837233/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1837233] Re: [bionic] Manual IPv6 routes are not set

2019-07-19 Thread Martin Pitt
I confirm that using a valid IP works better:

In the config:

route1=fe80:2::/60,fe80::99,42

# ip -6 route show dev eth2
fe80::/64 proto kernel metric 101 pref medium
fe80::/64 proto kernel metric 256 pref medium
fe80:2::/60 via fe80::99 proto static metric 42 pref medium

It's still missing the route to fe80:2:: itself, though.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1837233

Title:
  [bionic] Manual IPv6 routes are not set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1837233/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1837233] Re: [bionic] Manual IPv6 routes are not set

2019-07-19 Thread Martin Pitt
The journal says why:

NetworkManager[1295]:   [1563552648.1667] platform: route-sync: failure 
to add IPv6 route: 1:2::/60 via 1:2::3 dev 6 metric 42 mss 0 rt-src user: No 
route to host (113)
NetworkManager[1295]:   [1563552648.1672] device (eth2): failed to apply 
manual IPv6 configuration

Apparently later versions ignore non-reachable hosts and set the route
anyway?


** Description changed:

  I have a system connection like this:
  
  -- /etc/NetworkManager/system-connections/eth2  ---
  [connection]
  id=eth2
  uuid=c73fb4d2-8383-4d03-a87c-04c8251961bd
  type=ethernet
  gateway-ping-timeout=12
  interface-name=eth2
  permissions=
  timestamp=1563551266
  
  [ethernet]
  mac-address-blacklist=
  
  [ipv4]
  dns-search=
  method=shared
  
  [ipv6]
  addr-gen-mode=stable-privacy
  dns-search=
  ignore-auto-routes=true
  method=auto
  route1=1:2::/60,1:2::3,42
  -- 8< -
  
  In particular, the last line (route1=) which sets a manual IPv6 route.
  Of course this is rather bogus,  I'm just using this to test cockpit's
  web UI.
  
  On Ubuntu 19.04, Debian 10, and Debian testing this works just fine:
  
  # nmcli c show eth2
  ipv6.routes:{ ip = 1:2::/60, nh = 1:2::3, mt = 42 
}
  IP6.ROUTE[1]:   dst = fe80::/64, nh = ::, mt = 101
  IP6.ROUTE[2]:   dst = ff00::/8, nh = ::, mt = 256, 
table=255
  IP6.ROUTE[3]:   dst = 1:2::3/128, nh = ::, mt = 42
  IP6.ROUTE[4]:   dst = 1:2::/60, nh = 1:2::3, mt = 42
  [...]
  # ip -6 route show dev eth2
  1:2::3 proto static metric 42 pref medium
  1:2::/60 via 1:2::3 proto static metric 42 pref medium
  fe80::/64 proto kernel metric 101 pref medium
  
  (There, the file is called eth2.nmconnection, but same difference)
  
  On Ubuntu 18.04 however, the route manual is ignored, and only the
  automatic link-local one exists:
  
  # nmcli c show eth2
  ipv6.routes:{ ip = 1:2::/60, nh = 1:2::3, mt = 42 
}
  IP6.ROUTE[1]:   dst = ff00::/8, nh = ::, mt = 256, 
table=255
  IP6.ROUTE[2]:   dst = fe80::/64, nh = ::, mt = 256
  IP6.ROUTE[3]:   dst = fe80::/64, nh = ::, mt = 101
  
  # ip -6 route show dev eth2
  fe80::/64 proto kernel metric 101 pref medium
  fe80::/64 proto kernel metric 256 pref medium
  
  Restarting NetworkManager does not help, nor does rebooting.
+ 
+ DistroRelease: Ubuntu 18.04
+ Package: 1.10.6-2ubuntu1.1
+ Architecture: amd64

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1837233

Title:
  [bionic] Manual IPv6 routes are not set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1837233/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1837233] [NEW] [bionic] Manual IPv6 routes are not set

2019-07-19 Thread Martin Pitt
Public bug reported:

I have a system connection like this:

-- /etc/NetworkManager/system-connections/eth2  ---
[connection]
id=eth2
uuid=c73fb4d2-8383-4d03-a87c-04c8251961bd
type=ethernet
gateway-ping-timeout=12
interface-name=eth2
permissions=
timestamp=1563551266

[ethernet]
mac-address-blacklist=

[ipv4]
dns-search=
method=shared

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ignore-auto-routes=true
method=auto
route1=1:2::/60,1:2::3,42
-- 8< -

In particular, the last line (route1=) which sets a manual IPv6 route.
Of course this is rather bogus,  I'm just using this to test cockpit's
web UI.

On Ubuntu 19.04, Debian 10, and Debian testing this works just fine:

# nmcli c show eth2
ipv6.routes:{ ip = 1:2::/60, nh = 1:2::3, mt = 42 }
IP6.ROUTE[1]:   dst = fe80::/64, nh = ::, mt = 101
IP6.ROUTE[2]:   dst = ff00::/8, nh = ::, mt = 256, 
table=255
IP6.ROUTE[3]:   dst = 1:2::3/128, nh = ::, mt = 42
IP6.ROUTE[4]:   dst = 1:2::/60, nh = 1:2::3, mt = 42
[...]
# ip -6 route show dev eth2
1:2::3 proto static metric 42 pref medium
1:2::/60 via 1:2::3 proto static metric 42 pref medium
fe80::/64 proto kernel metric 101 pref medium

(There, the file is called eth2.nmconnection, but same difference)

On Ubuntu 18.04 however, the route manual is ignored, and only the
automatic link-local one exists:

# nmcli c show eth2
ipv6.routes:{ ip = 1:2::/60, nh = 1:2::3, mt = 42 }
IP6.ROUTE[1]:   dst = ff00::/8, nh = ::, mt = 256, 
table=255
IP6.ROUTE[2]:   dst = fe80::/64, nh = ::, mt = 256
IP6.ROUTE[3]:   dst = fe80::/64, nh = ::, mt = 101

# ip -6 route show dev eth2
fe80::/64 proto kernel metric 101 pref medium
fe80::/64 proto kernel metric 256 pref medium

Restarting NetworkManager does not help, nor does rebooting.

DistroRelease: Ubuntu 18.04
Package: 1.10.6-2ubuntu1.1
Architecture: amd64

** Affects: network-manager (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: network-manager (Ubuntu Bionic)
 Importance: Undecided
 Status: New

** Also affects: network-manager (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: network-manager (Ubuntu)
   Status: New => Fix Released

** Description changed:

  I have a system connection like this:
  
  -- /etc/NetworkManager/system-connections/eth2  ---
  [connection]
  id=eth2
  uuid=c73fb4d2-8383-4d03-a87c-04c8251961bd
  type=ethernet
  gateway-ping-timeout=12
  interface-name=eth2
  permissions=
  timestamp=1563551266
  
  [ethernet]
  mac-address-blacklist=
  
  [ipv4]
  dns-search=
  method=shared
  
  [ipv6]
  addr-gen-mode=stable-privacy
  dns-search=
  ignore-auto-routes=true
  method=auto
  route1=1:2::/60,1:2::3,42
  -- 8< -
  
  In particular, the last line (route1=) which sets a manual IPv6 route.
  Of course this is rather bogus,  I'm just using this to test cockpit's
  web UI.
  
  On Ubuntu 19.04, Debian 10, and Debian testing this works just fine:
  
  # nmcli c show eth2
  ipv6.routes:{ ip = 1:2::/60, nh = 1:2::3, mt = 42 
}
  IP6.ROUTE[1]:   dst = fe80::/64, nh = ::, mt = 101
  IP6.ROUTE[2]:   dst = ff00::/8, nh = ::, mt = 256, 
table=255
  IP6.ROUTE[3]:   dst = 1:2::3/128, nh = ::, mt = 42
  IP6.ROUTE[4]:   dst = 1:2::/60, nh = 1:2::3, mt = 42
  [...]
-  ip -6 route show dev eth2
+ # ip -6 route show dev eth2
  1:2::3 proto static metric 42 pref medium
  1:2::/60 via 1:2::3 proto static metric 42 pref medium
  fe80::/64 proto kernel metric 101 pref medium
  
  (There, the file is called eth2.nmconnection, but same difference)
  
  On Ubuntu 18.04 however, the route manual is ignored, and only the
  automatic link-local one exists:
  
  # nmcli c show eth2
  ipv6.routes:{ ip = 1:2::/60, nh = 1:2::3, mt = 42 
}
  IP6.ROUTE[1]:   dst = ff00::/8, nh = ::, mt = 256, 
table=255
  IP6.ROUTE[2]:   dst = fe80::/64, nh = ::, mt = 256
  IP6.ROUTE[3]:   dst = fe80::/64, nh = ::, mt = 101
  
  # ip -6 route show dev eth2
  fe80::/64 proto kernel metric 101 pref medium
  fe80::/64 proto kernel metric 256 pref medium
  
  Restarting NetworkManager does not help, nor does rebooting.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1837233

Title:
  [bionic] Manual IPv6 routes are not set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1837233/+subscriptions

-- 
ubuntu-bugs mailing list

[Bug 1831296] Re: __main__.SeccompTest is failing on Ubuntu CI

2019-06-25 Thread Martin Pitt
Thanks Dan! I landed your PR, so it should apply to the next upstream CI
run.

** Changed in: systemd (Ubuntu Eoan)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1831296

Title:
  __main__.SeccompTest is failing on Ubuntu CI

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1831296/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1829829] Re: Ubuntu CI has been flaky for a week

2019-05-21 Thread Martin Pitt
Indeed the downstream tests fail like this as well:
http://autopkgtest.ubuntu.com/packages/systemd/eoan/amd64

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1829829

Title:
  Ubuntu CI has been flaky for a week

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1829829/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805642] Re: Package cockpit showing the debian favicon.ico

2019-05-17 Thread Martin Pitt
This version is in eoan and the bionic/cosmic/disco backports.

** Changed in: cockpit (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805642

Title:
  Package cockpit showing the debian favicon.ico

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cockpit/+bug/1805642/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1826187] Re: firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall: looks for binaries in wrong paths

2019-04-26 Thread Martin Pitt
Doing this fixes it:

ln -s /sbin/iptables /usr/sbin/
ln -s /sbin/iptables-restore /usr/sbin/
ln -s /sbin/ip6tables /usr/sbin/
ln -s /sbin/ip6tables-restore /usr/sbin/

Apparently firewalld looks for these binaries in the wrong path, doesn't
use $PATH, and assumes a merged /usr system.

** Summary changed:

- firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall.
+ firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall: looks for 
binaries in wrong paths

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826187

Title:
  firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall:
  looks for binaries in wrong paths

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1826187/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1826187] Re: firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall.

2019-04-24 Thread Martin Pitt
With the nftables backend, it's not just --state that's broken, it also
at least affects --reload:

# firewall-cmd --reload
Error: 'inet firewalld filter_IN_public jump filter_IN_public_allow'
# echo $?
254

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826187

Title:
  firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1826187/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1826187] Re: firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall.

2019-04-24 Thread Martin Pitt
The nftables backend actually does work reasonably well, only firewall-
cmd --state seems to be broken.

** Tags added: amd64 disco regression-release

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826187

Title:
  firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1826187/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1826187] [NEW] firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall.

2019-04-24 Thread Martin Pitt
Public bug reported:

In a clean Ubuntu 19.04 (disco) VM installation, firewalld fails to
start:

* firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor 
preset: enabled)
   Active: inactive (dead) since Wed 2019-04-24 06:35:00 EDT; 3min 58s ago
 Docs: man:firewalld(1)
  Process: 516 ExecStart=/usr/sbin/firewalld --nofork --nopid (code=exited, 
status=0/SUCCESS)
 Main PID: 516 (code=exited, status=0/SUCCESS)

Apr 24 06:34:58 ibm-p8-kvm-03-guest-02 systemd[1]: Starting firewalld - dynamic 
firewall daemon...
Apr 24 06:34:59 ibm-p8-kvm-03-guest-02 systemd[1]: Started firewalld - dynamic 
firewall daemon.
Apr 24 06:34:59 ibm-p8-kvm-03-guest-02 firewalld[516]: WARNING: 
iptables-restore and iptables are missing, disabling IPv4 firewall.
Apr 24 06:34:59 ibm-p8-kvm-03-guest-02 firewalld[516]: WARNING: 
ip6tables-restore and ip6tables are missing, disabling IPv6 firewall.
Apr 24 06:35:00 ibm-p8-kvm-03-guest-02 firewalld[516]: FATAL ERROR: No IPv4 and 
IPv6 firewall.
Apr 24 06:35:00 ibm-p8-kvm-03-guest-02 firewalld[516]: ERROR: Raising 
SystemExit in run_server
Apr 24 06:35:00 ibm-p8-kvm-03-guest-02 systemd[1]: firewalld.service: Succeeded.

This is with the default iptables backend. When switching to
FirewallBackend=nftables, firewalld at least starts up, even though it
shows warnings:

* firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor 
preset: enabled)
   Active: active (running) since Wed 2019-04-24 06:40:14 EDT; 2s ago
 Docs: man:firewalld(1)
 Main PID: 501 (firewalld)
Tasks: 2 (limit: 2306)
   Memory: 33.0M
   CGroup: /system.slice/firewalld.service
   `-501 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

Apr 24 06:40:15 ibm-p8-kvm-03-guest-02 firewalld[501]: WARNING: COMMAND_FAILED: 
UNKNOWN_ERROR: 'ip4tables' backend does not exist
Apr 24 06:40:15 ibm-p8-kvm-03-guest-02 firewalld[501]: WARNING: COMMAND_FAILED: 
UNKNOWN_ERROR: 'ip4tables' backend does not exist

and doesn't actually work:

# firewall-cmd --state
failed

ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: firewalld 0.6.3-5ubuntu4
Architecture: amd64

** Affects: firewalld (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1826187

Title:
  firewalld fails to start: FATAL ERROR: No IPv4 and IPv6 firewall.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1826187/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805642] Re: Package cockpit showing the debian favicon.ico

2019-04-01 Thread Martin Pitt
** Changed in: cockpit (Ubuntu)
 Assignee: (unassigned) => Martin Pitt (pitti)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805642

Title:
  Package cockpit showing the debian favicon.ico

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cockpit/+bug/1805642/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1822331] Re: autopkgtest-buildvm-ubuntu-cloud no longer works with precise or trusty

2019-03-29 Thread Martin Pitt
precise has been EOL for 2 years; trusty's support will end in about a
month,  so I don't think we need to bother about this now.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1822331

Title:
  autopkgtest-buildvm-ubuntu-cloud no longer works with precise or
  trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1822331/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805642] Re: Package cockpit showing the debian favicon.ico

2019-03-14 Thread Martin Pitt
Fixed upstream in https://github.com/cockpit-project/cockpit/pull/11357
, will be in release 190. Thanks!

** Changed in: cockpit (Ubuntu)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805642

Title:
  Package cockpit showing the debian favicon.ico

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cockpit/+bug/1805642/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1819589] Re: Ubuntu CI is broken

2019-03-12 Thread Martin Pitt
That worked.

** Changed in: systemd (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1819589

Title:
  Ubuntu CI is broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1819589/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1819589] Re: Ubuntu CI is broken

2019-03-12 Thread Martin Pitt
Should be fixed with https://salsa.debian.org/systemd-
team/systemd/commit/bd89a706b18796074d50bcf2a0cbd29de56ac542 . I'll
close this once the retried PRs go green.

** Changed in: systemd (Ubuntu)
 Assignee: (unassigned) => Martin Pitt (pitti)

** Changed in: systemd (Ubuntu)
   Status: New => Fix Committed

** Changed in: systemd (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1819589

Title:
  Ubuntu CI is broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1819589/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1817344] Re: Ubuntu CI that runs tests via autopkgtest for systemd on GitHub reports the wrong results

2019-02-24 Thread Martin Pitt
Thanks Iain! I'll keep an eye on this.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817344

Title:
  Ubuntu CI that runs tests via autopkgtest for systemd on GitHub
  reports the wrong results

To manage notifications about this bug go to:
https://bugs.launchpad.net/auto-package-testing/+bug/1817344/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1682077] Re: nested KVM fails - KVM: entry failed, hardware error 0x0

2019-02-24 Thread Martin Pitt
This happens in about half of the xenial semaphoreci.com instances as
well:

$ uname -a
Linux semaphore-light-1809b 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 
15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1682077

Title:
  nested KVM fails  - KVM: entry failed, hardware error 0x0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1682077/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1817344] Re: Ubuntu CI that runs tests via autopkgtest for systemd on GitHub reports the wrong results

2019-02-24 Thread Martin Pitt
Another example: https://github.com/systemd/systemd/pull/11802 refers to
the correct amd64 log
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-bionic-upstream-systemd-ci-systemd-ci/bionic/amd64/s
/systemd-upstream/20190222_161608_7fe1f@/log.gz .

But https://github.com/systemd/systemd/pull/11804 refers to the exact
same log. It is also the only result for 11804:
https://api.github.com/repos/systemd/systemd/statuses/b427959d65ba0edff385146d38825bb169458554

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817344

Title:
  Ubuntu CI that runs tests via autopkgtest for systemd on GitHub
  reports the wrong results

To manage notifications about this bug go to:
https://bugs.launchpad.net/autopkgtest-cloud/+bug/1817344/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1817344] Re: Ubuntu CI that runs tests via autopkgtest for systemd on GitHub reports the wrong results

2019-02-24 Thread Martin Pitt
It seems to me that the logs are internally consistent, i. e. the
mentioned UPSTREAM_PULL_REQUEST in the log does match the test results.
But they get sent to the wrong PR, i. e. to the wrong statuses API.

E. g.
https://api.github.com/repos/systemd/systemd/commits/99894b867f1293f56d181d62f5015c5a0a8adbda/status
was triggered by https://github.com/systemd/systemd/pull/11682 but the
referenced logs are for  PR #11767. This caused the landing of a
regression (that the tests would have noticed).

** Package changed: autopkgtest (Ubuntu) => autopkgtest-cloud

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817344

Title:
  Ubuntu CI that runs tests via autopkgtest for systemd on GitHub
  reports the wrong results

To manage notifications about this bug go to:
https://bugs.launchpad.net/autopkgtest-cloud/+bug/1817344/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1787396] Re: ss crashes when using --no-header

2018-11-30 Thread Martin Pitt
I confirm this on Ubuntu 18.04 (bionic) with 4.15.0-2ubuntu1. It is
fixed in 18.10 (cosmic) with  4.18.0-1ubuntu2.

** Also affects: iproute2 (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: iproute2 (Ubuntu Bionic)
   Status: New => Confirmed

** Changed in: iproute2 (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1787396

Title:
  ss crashes when using --no-header

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1787396/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805348] Re: Recent security update broke server-side keyboard-interactive authentication

2018-11-29 Thread Martin Pitt
Wow, thanks Marc, this was super-fast!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805348

Title:
  Recent security update broke server-side keyboard-interactive
  authentication

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1805348] [NEW] Recent security update broke server-side keyboard-interactive authentication

2018-11-27 Thread Martin Pitt
Public bug reported:

0.8.4 and the backported fixes for CVE-2018-10933 cause server-side
keyboard-interactive authentication to completely break. See
https://bugs.libssh.org/T117 for details and a reproducer.

This was fixed upstream as part of the 0.8.5 release, so disco is fine.
For 16.04/18.04/18.10, please backport the fix:

  https://git.libssh.org/projects/libssh.git/commit/?id=4ea46eecce9f4

** Affects: libssh (Ubuntu)
 Importance: Undecided
 Status: Fix Released

** Affects: libssh (Ubuntu Xenial)
 Importance: High
 Status: Triaged

** Affects: libssh (Ubuntu Bionic)
 Importance: High
 Status: Triaged

** Affects: libssh (Ubuntu Cosmic)
 Importance: High
 Status: Triaged

** Affects: libssh (Debian)
 Importance: Unknown
 Status: Unknown


** Tags: bionic cosmic regression-release xenial

** Tags added: bionic cosmic regression-release xenial

** Also affects: libssh (Ubuntu Cosmic)
   Importance: Undecided
   Status: New

** Also affects: libssh (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: libssh (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: libssh (Ubuntu)
   Status: New => Fix Released

** Changed in: libssh (Ubuntu Xenial)
   Status: New => Triaged

** Changed in: libssh (Ubuntu Bionic)
   Status: New => Triaged

** Changed in: libssh (Ubuntu Cosmic)
   Status: New => Triaged

** Changed in: libssh (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: libssh (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: libssh (Ubuntu Cosmic)
   Importance: Undecided => High

** Bug watch added: Debian Bug tracker #913870
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913870

** Also affects: libssh (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913870
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805348

Title:
  Recent security update broke server-side keyboard-interactive
  authentication

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1805348/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1640482] Re: Running "realm join" causes apparmor=DENIED messages

2018-11-13 Thread Martin Pitt
This seems fixed in 18.04.

** Changed in: realmd (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1640482

Title:
  Running "realm join" causes apparmor=DENIED messages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/realmd/+bug/1640482/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1799665] Re: [cosmic regression] fails to parse known_hosts, resulting in SSH_SERVER_FOUND_OTHER error for hostkey verification

2018-11-08 Thread Martin Pitt
I installed libssh-4 0.8.1-1ubuntu0.2 from cosmic-proposed, and confirm
that the manual ssh connection with "cockpit-ssh" as well as all the
integration tests that involve talking to remote machines through ssh
now work.

** Tags removed: verification-needed verification-needed-cosmic
** Tags added: verification-done verification-done-cosmic

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1799665

Title:
  [cosmic regression] fails to parse known_hosts, resulting in
  SSH_SERVER_FOUND_OTHER error for hostkey verification

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1799665/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1802005] [NEW] D-Bus socket is inaccessible

2018-11-06 Thread Martin Pitt
Public bug reported:

Package: libvirt-dbus
Version: 1.2.0-1
DistroRelease: Ubuntu 18.10

libvirt-dbus seems to be completely broken for the system connection:

root:~# busctl call org.libvirt /org/libvirt/QEMU org.libvirt.Connect 
ListDomains u 0
Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied

root:~# ls -l /var/run/libvirt/libvirt-sock
srwxrwx--- 1 root libvirt 0 Nov  6 15:15 /var/run/libvirt/libvirt-sock

root:~# ps aux|grep libvirtd
root  1434  0.0  3.4 1038028 35212 ?   Ssl  15:15   0:00 
/usr/sbin/libvirtd

The same happens for a user that is in the "libvirt" group.

On Fedora and also Debian testing (which has the exact same libvirt-dbus
package), the socket has permissions 777 instead of 770, where it works.
I don't have an idea where the wrong permissions are set.

** Affects: libvirt-dbus (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: cosmic

** Tags added: cosmic

** Description changed:

  Package: libvirt-dbus
  Version: 1.2.0-1
+ DistroRelease: Ubuntu 18.10
  
  libvirt-dbus seems to be completely broken for the system connection:
  
  root:~# busctl call org.libvirt /org/libvirt/QEMU org.libvirt.Connect 
ListDomains u 0
  Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied
  
  root:~# ls -l /var/run/libvirt/libvirt-sock
  srwxrwx--- 1 root libvirt 0 Nov  6 15:15 /var/run/libvirt/libvirt-sock
  
  root:~# ps aux|grep libvirtd
  root  1434  0.0  3.4 1038028 35212 ?   Ssl  15:15   0:00 
/usr/sbin/libvirtd
  
  The same happens for a user that is in the "libvirt" group.
  
  On Fedora and also Debian testing (which has the exact same libvirt-dbus
  package), the socket has permissions 777 instead of 770, where it works.
  I don't have an idea where the wrong permissions are set.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802005

Title:
  D-Bus socket is inaccessible

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt-dbus/+bug/1802005/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1799665] Re: [cosmic regression] fails to parse known_hosts, resulting in SSH_SERVER_FOUND_OTHER error for hostkey verification

2018-10-24 Thread Martin Pitt
Added SRU information and uploaded SRU to unapproved queue.

** Description changed:

  Ubuntu 18.10's libssh 0.8.1 regresses parsing of known_hosts. This
  happens (sometimes) if there are multiple known_host key types (e. g.
  ssh-rsa and ssh-ed25519), then it can happen that
  ssh_session_is_known_server() fails with SSH_SERVER_FOUND_OTHER [1].
  
  I noticed this with testing Cockpit on Ubuntu 18.10 [2], which has a few
- test cases exercising cockpit-ssh (which uses libssh). The scenario is a
- FreeIPA centrally managed known_hosts file with these entries:
+ test cases exercising cockpit-ssh (which uses libssh), e. g. [3]. The
+ scenario is a FreeIPA centrally managed known_hosts file with these
+ entries:
  
  x0.cockpit.lan ssh-rsa 
B3NzaC1yc2EDAQABAAABAQCv5sLKfLDuEAbTcHC3eOgJM+Ot7F077KewD4e1lGzfw300Jo4xnuPsoJEVSCR7OjsYQCnuVGlqtlavMCLFzIBNk06iTBg/nl+W+xa3CFNITbAjiBif7SeY0XL6Xeqzb1VYXNVfwKQKpcGIbDne6jyou4wRZV1eay03FHTSkd2+XKM6GOUGlkEUoPyAwYPHqoKUYiiyBxJs20l/peXVx6jsGgs2Sc6gl3KJP0TB2E7ncD1pWHGRtiNshFFVarw/YKr+Rs+KhiVS3CAAfYDhpBNWXOwTKyx2euJjAhsRF10bx6pnuadSEpT8Ufo5/YFIVAD1GHptULSzVjUoJm6ktoHB
  x0.cockpit.lan ecdsa-sha2-nistp256 
E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAABBBCkJ6CaqhzUhrbpbVmZ8BmZZgM3u6BukZ6HFB2a4NLQBdgpHlHbxoJ47ocTImctyFMiDi0y6vCb4tFuZgp6Krmk=
 root@(none)
  x0.cockpit.lan ssh-ed25519 
C3NzaC1lZDI1NTE5INK6gcOyH4OhiKPcNr33Kl6e+wFAUy9tGFBU/o4yWkxh root@(none)
  
  Connecting to that host with the standard ssh client works:
  
  $ ssh -vv x0.cockpit.lan
  [...]
  debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:MgfkN6HEl+pdz0X7+6q08IVkUZOtEDzfA6V18Wm9DgA
  debug1: Host 'x0.cockpit.lan' is known and matches the ECDSA host key.
  debug1: Found key in /var/lib/sss/pubconf/known_hosts:3
  [...]
  ad...@cockpit.lan@x0:~$
  
  But not with cockpit-ssh. This shows the JSON protocol (note that you
  need to copy the correct cookie value from the response):
  
  $ G_MESSAGES_DEBUG=cockpit-ssh cockpit-bridge --interact=---
  
  { "command": "open", "channel": "c", "payload": "echo", "host": 
"x0.cockpit.lan", "user": "ad...@cockpit.lan" }
  ---
  
  {"command":"authorize","challenge":"*","cookie":"session107271540364829"}
  ---
  
  {"command":"authorize", "response": "password foobarfoo", "cookie": 
"session107271540364829"}
  ---
  (cockpit-ssh:10814): cockpit-ssh-DEBUG: 03:11:51.049: cockpit-ssh 
x0.cockpit.lan: host not known in any local file, asking sssd
  (cockpit-ssh:10814): cockpit-ssh-DEBUG: 03:11:51.472: cockpit-ssh 
x0.cockpit.lan: using known hosts file /tmp/known-hosts.IDKNRZ
  (cockpit-ssh:10814): cockpit-ssh-DEBUG: 03:11:51.542: cockpit-ssh 
x0.cockpit.lan: connected
  cockpit-ssh-Message: 03:07:30.828: cockpit-ssh x0.cockpit.lan: host key for 
this server changed key type: ssh-ed25519
  
  {"command":"close","host-key":"x0.cockpit.lan ssh-ed25519 
C3NzaC1lZDI1NTE5INK6gcOyH4OhiKPcNr33Kl6e+wFAUy9tGFBU/o4yWkxh\n","host-fingerprint":"a0:27:1e:80:de:fd:4b:8a:0d:9d:a9:b6:42:7d:5c:b9","problem":"invalid-hostkey","error":"invalid-hostkey","auth-method-results":{},"channel":"c"}
  ---
  
+ The "host key for this server changed key type" is the effect of this
+ bug.
  
- The "host key for this server changed key type" is the effect of this bug.
+ 
+ SRU INFORMATION:
+ 
+ [IMPACT]: libssh connections that worked in previous Ubuntu releases now
+ may fail on host key verification
+ 
+ [TEST CASE]: See reproducer below. This isn't too easy to reproduce for
+ someone else, so I'm happy to do the validation myself. This can also be
+ verified with the Cockpit integration tests:
+ 
+ bots/image-prepare ubuntu-stable
+ TEST_OS=ubuntu-stable test/verify/check-realms TestRealms.testIpa
+ 
+ [REGRESSION POTENTIAL]: In principle these patches could break known_hosts 
validation further. However, these fixes have been in Debian testing for a 
while and validated through e. g. Cockpit's tests (which exercise cockpit-ssh 
quite heavily). There are also upstream unit tests, and while they didn't pick 
up that particular regression, they at least make sure that known_hosts 
verification still works for common  cases.
+ Also, libssh-4 does not have that many reverse dependencies. So overall, I 
think this is bearable for an SRU, especially as the impact is quite high.
  
  [1] 
http://api.libssh.org/master/group__libssh__session.html#gac%20bc5d04fe66beee863a0c61a93fdf765
  [2] https://github.com/cockpit-project/cockpit/pull/10357
+ [3] 
https://fedorapeople.org/groups/cockpit/logs/pull-10357-20181022-204242-8672df31-verify-ubuntu-stable/log.html#186

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1799665

Title:
  [cosmic regression] fails to parse known_hosts, resulting in
  SSH_SERVER_FOUND_OTHER error for hostkey verification

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1799665/+subscriptions

-- 
ubuntu-bugs 

[Bug 1799665] [NEW] [cosmic regression] fails to parse known_hosts, resulting in SSH_SERVER_FOUND_OTHER error for hostkey verification

2018-10-24 Thread Martin Pitt
Public bug reported:

Ubuntu 18.10's libssh 0.8.1 regresses parsing of known_hosts. This
happens (sometimes) if there are multiple known_host key types (e. g.
ssh-rsa and ssh-ed25519), then it can happen that
ssh_session_is_known_server() fails with SSH_SERVER_FOUND_OTHER [1].

I noticed this with testing Cockpit on Ubuntu 18.10 [2], which has a few
test cases exercising cockpit-ssh (which uses libssh), e. g. [3]. The
scenario is a FreeIPA centrally managed known_hosts file with these
entries:

x0.cockpit.lan ssh-rsa 
B3NzaC1yc2EDAQABAAABAQCv5sLKfLDuEAbTcHC3eOgJM+Ot7F077KewD4e1lGzfw300Jo4xnuPsoJEVSCR7OjsYQCnuVGlqtlavMCLFzIBNk06iTBg/nl+W+xa3CFNITbAjiBif7SeY0XL6Xeqzb1VYXNVfwKQKpcGIbDne6jyou4wRZV1eay03FHTSkd2+XKM6GOUGlkEUoPyAwYPHqoKUYiiyBxJs20l/peXVx6jsGgs2Sc6gl3KJP0TB2E7ncD1pWHGRtiNshFFVarw/YKr+Rs+KhiVS3CAAfYDhpBNWXOwTKyx2euJjAhsRF10bx6pnuadSEpT8Ufo5/YFIVAD1GHptULSzVjUoJm6ktoHB
x0.cockpit.lan ecdsa-sha2-nistp256 
E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAABBBCkJ6CaqhzUhrbpbVmZ8BmZZgM3u6BukZ6HFB2a4NLQBdgpHlHbxoJ47ocTImctyFMiDi0y6vCb4tFuZgp6Krmk=
 root@(none)
x0.cockpit.lan ssh-ed25519 
C3NzaC1lZDI1NTE5INK6gcOyH4OhiKPcNr33Kl6e+wFAUy9tGFBU/o4yWkxh root@(none)

Connecting to that host with the standard ssh client works:

$ ssh -vv x0.cockpit.lan
[...]
debug1: Server host key: ecdsa-sha2-nistp256 
SHA256:MgfkN6HEl+pdz0X7+6q08IVkUZOtEDzfA6V18Wm9DgA
debug1: Host 'x0.cockpit.lan' is known and matches the ECDSA host key.
debug1: Found key in /var/lib/sss/pubconf/known_hosts:3
[...]
ad...@cockpit.lan@x0:~$

But not with cockpit-ssh. This shows the JSON protocol (note that you
need to copy the correct cookie value from the response):

$ G_MESSAGES_DEBUG=cockpit-ssh cockpit-bridge --interact=---

{ "command": "open", "channel": "c", "payload": "echo", "host": 
"x0.cockpit.lan", "user": "ad...@cockpit.lan" }
---

{"command":"authorize","challenge":"*","cookie":"session107271540364829"}
---

{"command":"authorize", "response": "password foobarfoo", "cookie": 
"session107271540364829"}
---
(cockpit-ssh:10814): cockpit-ssh-DEBUG: 03:11:51.049: cockpit-ssh 
x0.cockpit.lan: host not known in any local file, asking sssd
(cockpit-ssh:10814): cockpit-ssh-DEBUG: 03:11:51.472: cockpit-ssh 
x0.cockpit.lan: using known hosts file /tmp/known-hosts.IDKNRZ
(cockpit-ssh:10814): cockpit-ssh-DEBUG: 03:11:51.542: cockpit-ssh 
x0.cockpit.lan: connected
cockpit-ssh-Message: 03:07:30.828: cockpit-ssh x0.cockpit.lan: host key for 
this server changed key type: ssh-ed25519

{"command":"close","host-key":"x0.cockpit.lan ssh-ed25519 
C3NzaC1lZDI1NTE5INK6gcOyH4OhiKPcNr33Kl6e+wFAUy9tGFBU/o4yWkxh\n","host-fingerprint":"a0:27:1e:80:de:fd:4b:8a:0d:9d:a9:b6:42:7d:5c:b9","problem":"invalid-hostkey","error":"invalid-hostkey","auth-method-results":{},"channel":"c"}
---

The "host key for this server changed key type" is the effect of this
bug.


SRU INFORMATION:

[IMPACT]: libssh connections that worked in previous Ubuntu releases now
may fail on host key verification

[TEST CASE]: See reproducer below. This isn't too easy to reproduce for
someone else, so I'm happy to do the validation myself. This can also be
verified with the Cockpit integration tests:

bots/image-prepare ubuntu-stable
TEST_OS=ubuntu-stable test/verify/check-realms TestRealms.testIpa

[REGRESSION POTENTIAL]: In principle these patches could break known_hosts 
validation further. However, these fixes have been in Debian testing for a 
while and validated through e. g. Cockpit's tests (which exercise cockpit-ssh 
quite heavily). There are also upstream unit tests, and while they didn't pick 
up that particular regression, they at least make sure that known_hosts 
verification still works for common  cases.
Also, libssh-4 does not have that many reverse dependencies. So overall, I 
think this is bearable for an SRU, especially as the impact is quite high.

[1] 
http://api.libssh.org/master/group__libssh__session.html#gac%20bc5d04fe66beee863a0c61a93fdf765
[2] https://github.com/cockpit-project/cockpit/pull/10357
[3] 
https://fedorapeople.org/groups/cockpit/logs/pull-10357-20181022-204242-8672df31-verify-ubuntu-stable/log.html#186

** Affects: libssh (Ubuntu)
 Importance: Undecided
 Assignee: Martin Pitt (pitti)
 Status: In Progress

** Affects: libssh (Ubuntu Cosmic)
 Importance: Undecided
 Assignee: Martin Pitt (pitti)
 Status: In Progress


** Tags: cosmic regression-release

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1799665

Title:
  [cosmic regression] fails to parse known_hosts, resulting in
  SSH_SERVER_FOUND_OTHER error for hostkey verification

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1799665/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1799665] Re: [cosmic regression] fails to parse known_hosts, resulting in SSH_SERVER_FOUND_OTHER error for hostkey verification

2018-10-24 Thread Martin Pitt
This works fine with the latest libssh 0.8.4, when building the Debian
unstable package for 18.10, it works fine:

$ G_MESSAGES_DEBUG=cockpit-ssh cockpit-bridge --interact=---

{ "command": "open", "channel": "c", "payload": "echo", "host": 
"x0.cockpit.lan", "user": "ad...@cockpit.lan" }
---

{"command":"authorize","challenge":"*","cookie":"session109311540371777"}
---

{"command":"authorize", "response": "password foobarfoo", 
"cookie":"session109311540371777"}
---
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:06.880: cockpit-ssh 
x0.cockpit.lan: host not known in any local file, asking sssd
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:07.165: cockpit-ssh 
x0.cockpit.lan: using known hosts file /tmp/known-hosts.KIBHRZ
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:07.248: cockpit-ssh 
x0.cockpit.lan: connected
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:07.249: cockpit-ssh 
x0.cockpit.lan: verified host key
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:07.278: cockpit-ssh 
x0.cockpit.lan: agent auth failed
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:07.282: cockpit-ssh 
x0.cockpit.lan: Got prompt Password:  prompt
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:07.995: cockpit-ssh 
x0.cockpit.lan: Couldn't set COCKPIT_REMOTE_PEER: Channel request env failed
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:07.995: cockpit-ssh 
x0.cockpit.lan: opened channel
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:08.071: cockpit-ssh 
x0.cockpit.lan: queued 162 bytes
(cockpit-ssh:10931): cockpit-ssh-DEBUG: 05:03:08.071: cockpit-ssh 
x0.cockpit.lan: wrote 162 bytes

{"command":"ready","channel":"c"}
---


I bisected this to this upstream fix:
https://git.libssh.org/projects/libssh.git/commit/?id=45058285fca549876449afef2c32833b24817e77
. I prepare an SRU.

There are also a few other known_hosts fixes which should get included:


https://git.libssh.org/projects/libssh.git/commit/?id=35a64554899f142a2b8b68c79007ad9c3ce00cb1

https://git.libssh.org/projects/libssh.git/commit/?id=c1a8c41c5daf79e37aa5fde67dd94c8596e81102

https://git.libssh.org/projects/libssh.git/commit/?id=893b69d82b4435973ec4d15aaecdf352f5f827e2


** Also affects: libssh (Ubuntu Cosmic)
   Importance: Undecided
 Assignee: Martin Pitt (pitti)
   Status: New

** Changed in: libssh (Ubuntu Cosmic)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1799665

Title:
  [cosmic regression] fails to parse known_hosts, resulting in
  SSH_SERVER_FOUND_OTHER error for hostkey verification

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1799665/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1796407] Re: pg_wrapper doesn't work when -p is used

2018-10-18 Thread Martin Pitt
@Robie: It's been a while since I dabbled with this, but to me this is
not really "wishlist", it's an actual bug. Surely pg_wrapper doesn't
document that it looks at the explicitly specified port, but it
certainly ought to. This case was just plain forgotten.

So the patch certainly needs some massaging, at least:

 - adjust it to current version [1], which e. g. has $explicit_port instead of 
$port_specified
 - Fix the "locahost" typo, and support IP addresses as well (127.0.0.* or ::1)
 - Add an integration test to 
https://salsa.debian.org/postgresql/postgresql-common/blob/master/t/090_multicluster.t

but the general heading of it seems fine to me.

[1] https://salsa.debian.org/postgresql/postgresql-
common/blob/master/pg_wrapper

** Changed in: postgresql-common (Ubuntu)
   Importance: Wishlist => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1796407

Title:
  pg_wrapper doesn't work when -p is used

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-common/+bug/1796407/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1788040] Re: Replace LXD deb by snap in Ubuntu 18.10

2018-08-22 Thread Martin Pitt
Ah, it used to be useful for running the containers on a remote servers.
I. e. what we used to do for armhf testing, they were running on remote
arm64 OpenStack instances.

I adjusted the Suggests: https://salsa.debian.org/ci-
team/autopkgtest/commit/4d4a7d9b16f

Thanks!

** Changed in: autopkgtest (Ubuntu)
   Importance: Undecided => Low

** Changed in: autopkgtest (Ubuntu)
   Status: Incomplete => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1788040

Title:
  Replace LXD deb by snap in Ubuntu 18.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adapt/+bug/1788040/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1788040] Re: Replace LXD deb by snap in Ubuntu 18.10

2018-08-22 Thread Martin Pitt
autopkgtest *only* uses the `lxc` CLI and documents the `lxd` setup CLI
from $PATH. The package has a "Suggests: lxd-client". You mention that
the "lxd" deb will remain around, does that apply to "lxd-client" as
well?

** Changed in: autopkgtest (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1788040

Title:
  Replace LXD deb by snap in Ubuntu 18.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adapt/+bug/1788040/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1778641] [NEW] nsupdate crashes in dns_name_clone()

2018-06-26 Thread Martin Pitt
Public bug reported:

During our Cockpit integration tests on Ubuntu 16.04, nsupdate crashes
awfully often when joining a FreeIPA domain, like this:

Jun 25 13:17:26 x0.cockpit.lan systemd-coredump[8503]: Process 8498 (nsupdate) 
of user 0 dumped core.
   
   Stack trace of thread 
8501:
   #0  0x7f3c32c87428 
__GI_raise (libc.so.6)
   #1  0x7f3c32c8902a 
__GI_abort (libc.so.6)
   #2  0x7f3c3302ee7f 
isc_assertion_failed (libisc.so.160)
   #3  0x7f3c33a13895 
dns_name_clone (libdns.so.162)
   #4  0x557a33fee6be 
n/a (nsupdate)
   #5  0x557a33ff019b 
n/a (nsupdate)
   #6  0x557a33ff16d2 
n/a (nsupdate)
   #7  0x7f3c33053360 
n/a (libisc.so.160)
   #8  0x7f3c32a3c6ba 
start_thread (libpthread.so.0)
   #9  0x7f3c32d5941d 
__clone (libc.so.6)
   
   Stack trace of thread 
8498:
   #0  0x7f3c32c87826 
__GI___sigsuspend (libc.so.6)
   #1  0x7f3c3305b8c9 
isc__app_ctxrun (libisc.so.160)
   #2  0x7f3c3305c37b 
isc_app_run (libisc.so.160)
   #3  0x557a33fec97f 
n/a (nsupdate)
   #4  0x7f3c32c72830 
__libc_start_main (libc.so.6)
   #5  0x557a33feccb9 
n/a (nsupdate)
   
   Stack trace of thread 
8499:
   #0  0x7f3c32d59a13 
epoll_wait (libc.so.6)
   #1  0x7f3c33065bae 
n/a (libisc.so.160)
   #2  0x7f3c32a3c6ba 
start_thread (libpthread.so.0)
   #3  0x7f3c32d5941d 
__clone (libc.so.6)
   
   Stack trace of thread 
8500:
   #0  0x7f3c32a42360 
pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)
   #1  0x7f3c3305873a 
n/a (libisc.so.160)
   #2  0x7f3c32a3c6ba 
start_thread (libpthread.so.0)
   #3  0x7f3c32d5941d 
__clone (libc.so.6)


This seems to match this error report: 
https://errors.ubuntu.com/problem/529d4b079f3b5f58071002a7639110edc593f56a


I cannot access that URL, but the stack trace in 
https://errors.ubuntu.com/?release=Ubuntu%2016.04=bind9=month is 
a fairly good match.

** Affects: bind9 (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1778641

Title:
  nsupdate crashes in dns_name_clone()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1778641/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1774000] Re: Fails to boot cirros QEMU image with tuned running

2018-05-29 Thread Martin Pitt
I tested this on Fedora 28, which also has tuned 2.9.0, but a slightly
newer QEMU (2.11.1, as opposed to 2.11 on Ubuntu 18.04), and a newer
kernel (4.16.10 instead of 4.15.0 in Ubuntu 18.04).

The invocation in the unit (/usr/bin/python -Es /usr/sbin/tuned -l -P)
is exactly the same, so is the active profile ("virtual-guest"),
profile_mode ("auto"), and the config file tuned-main.conf, which is bit
by bit the same between the two.

However, this also affects Debian testing, which has Linux 4.16.5 and a
newer QEMU (2.12). I filed a bug there as well now.

** Bug watch added: Debian Bug tracker #900381
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900381

** Also affects: tuned (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900381
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774000

Title:
  Fails to boot cirros QEMU image with tuned running

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tuned/+bug/1774000/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1774000] Re: Fails to boot cirros QEMU image with tuned running

2018-05-29 Thread Martin Pitt
Found it. This happens as soon as you install tuned, which auto-starts
tuned.service. After "systemctl stop tuned", QEMU works again. Retitled
accordingly, so this is not a regression.

** Summary changed:

- Regression: Fails to boot cirros image
+ Fails to boot cirros QEMU image with tuned running

** Package changed: qemu (Ubuntu) => tuned (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774000

Title:
  Fails to boot cirros QEMU image with tuned running

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tuned/+bug/1774000/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1774000] [NEW] Regression: Fails to boot cirros image

2018-05-29 Thread Martin Pitt
Public bug reported:

A recent security update broke booting of some images, particularly
CirrOS [3]:

$ wget https://download.cirros-cloud.net/0.3.5/cirros-0.3.5-i386-disk.img
$ qemu-system-x86_64 -enable-kvm -nographic cirros-0.3.5-i386-disk.img 
-snapshot 
qemu-system-x86_64: warning: host doesn't support requested feature: 
CPUID.8001H:ECX.svm [bit 2]

And then nothing happens at all any more, other than QEMU using 100%
CPU. This also affects version 0.4.0 and x86_64, so it's not
particularly sensitive to guest changes.

I'm testing this with (nested) KVM inside an Ubuntu 18.04 LTS VM.

When going back to an older image that was built 5 days ago [4], it
works:

# qemu-system-x86_64 -enable-kvm -nographic cirros-0.3.5-i386-disk.img 
-snapshot 
qemu-system-x86_64: warning: host doesn't support requested feature: 
CPUID.8001H:ECX.svm [bit 2]
[0.00] Initializing cgroup subsys cpuset
[0.00] Initializing cgroup subsys cpu
[0.00] Linux version 3.2.0-80-virtual (buildd@komainu) (gcc version 
4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #116-Ubuntu SMP Mon Mar 23 17:48:17 UTC 
2015 (Ubuntu 3.2.0-80.116-virtual 3.2.68)
[...]

This shows that the "ECX.svm" warning already happened before and seems
to be unrelated.

The most recent security update of Qemu 2.11+dfsg-1ubuntu7.2 [1] and
Linux 4.15.0-22.24 [2] are already on that previous image, so it seems
this is some dependency update in between these stacks. I. e. this is
*not* a regression in QEMU itself or Linux. I file it against qemu for
now, but I will bisect which particular update was responsible.


[1] https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.2
[2] https://launchpad.net/ubuntu/+source/linux/4.15.0-22.24
[3] https://download.cirros-cloud.net/
[4] https://github.com/cockpit-project/cockpit/pull/9221

** Affects: qemu (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1774000

Title:
  Regression: Fails to boot cirros image

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1774000/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1696471] Re: AppArmor denies access to /etc/gss/mech.d/

2018-03-02 Thread Martin Pitt
Sorry for the delay, I finally found some time to get back to this. This
is still reproducible on current Ubuntu 17.10:

virsh define m.xml
qemu-img create -f qcow2 /var/lib/libvirt/images/subVmTest1-2.img 128M
virsh start subVmTest1

dmesg shows:

[  319.220193] audit: type=1400 audit(1520004938.754:40):
apparmor="DENIED" operation="open" profile="libvirt-269b6725-e6fb-4242
-a83a-3ad286dd5efb" name="/etc/gss/mech.d/" pid=5930 comm="qemu-
system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

m.xml is attached. It's lightly edited to remove some external file and
device references, to be more or less self-contained (except for the
image created above; but that can be empty - it doesn't matter what's
actually running in the VM).

** Attachment added: "reproducing machine XML"
   
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1696471/+attachment/5067161/+files/m.xml

** Changed in: libvirt (Ubuntu)
   Status: Incomplete => New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1696471

Title:
  AppArmor denies access to /etc/gss/mech.d/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1696471/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1696471] Re: AppArmor denies access to /etc/gss/mech.d/

2018-03-02 Thread Martin Pitt
Forgot to mention: I didn't change any libvirt config files, in
particular not the ones you mentioned:

# dpkg -s libvirt-daemon-system | grep libvirt.conf
 /etc/sasl2/libvirt.conf 09c4fa846e8e27bfa3ab3325900d63ea
# md5sum /etc/sasl2/libvirt.conf
09c4fa846e8e27bfa3ab3325900d63ea  /etc/sasl2/libvirt.conf

# dpkg -s libvirt-daemon-system | grep libvirtd.conf
 /etc/libvirt/libvirtd.conf bfacce84359f17a8bb59cb0dfe9b424f
# md5sum /etc/libvirt/libvirtd.conf
bfacce84359f17a8bb59cb0dfe9b424f  /etc/libvirt/libvirtd.conf


But note that /etc/sasl2/libvirt.conf has "mech_list: gssapi" enabled by 
default.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1696471

Title:
  AppArmor denies access to /etc/gss/mech.d/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1696471/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1749736] Re: autopkgtest-build-lxd fails to build artful/bionic containers

2018-02-25 Thread Martin Pitt
Updated patch:
https://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/commit/?id=563eac74595cd

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1749736

Title:
  autopkgtest-build-lxd fails to build artful/bionic containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1749736/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1749736] Re: autopkgtest-build-lxd fails to build artful/bionic containers

2018-02-20 Thread Martin Pitt
** Changed in: autopkgtest (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1749736

Title:
  autopkgtest-build-lxd fails to build artful/bionic containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1749736/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1749736] Re: autopkgtest-build-lxd fails to build artful/bionic containers

2018-02-20 Thread Martin Pitt
https://anonscm.debian.org/cgit/autopkgtest/autopkgtest.git/commit/?id=20f479254f5e5b

** Changed in: autopkgtest (Ubuntu)
   Importance: High => Undecided

** Changed in: autopkgtest (Ubuntu)
   Status: Triaged => Fix Committed

** Changed in: autopkgtest (Ubuntu)
 Assignee: (unassigned) => Martin Pitt (pitti)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1749736

Title:
  autopkgtest-build-lxd fails to build artful/bionic containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1749736/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1750654] [NEW] "lxc-create -B best" fails on non-btrfs/zfs system

2018-02-20 Thread Martin Pitt
Public bug reported:

As per documentation, the `-B best` option should automatically select
the best backingstore, falling back all the way to dir.

But apparently it doesn't, at least not in artful's 2.1.0-0ubuntu1:

$ sudo lxc-create -B best --name=autopkgtest-xenial -t ubuntu -- -r xenial
lxc-create: autopkgtest-xenial: storage/btrfs.c: btrfs_create: 860 
Inappropriate ioctl for device - Failed to create btrfs subvolume 
"/var/lib/lxc/autopkgtest-xenial/rootfs"
lxc-create: autopkgtest-xenial: storage/zfs.c: zfs_create: 758 Failed to create 
zfs dataset "zfs:lxc/autopkgtest-xenial": lxc-create: autopkgtest-xenial: 
utils.c: run_command: 2326 failed to exec command
lxc-create: autopkgtest-xenial: storage/zfs.c: zfs_mount: 256 No such file or 
directory - Failed to mount "lxc/autopkgtest-xenial" on 
"/usr/lib/x86_64-linux-gnu/lxc"
lxc-create: autopkgtest-xenial: lxccontainer.c: create_run_template: 1294 
Failed to mount rootfs
lxc-create: autopkgtest-xenial: lxccontainer.c: create_run_template: 1473 
container creation template for autopkgtest-xenial failed
lxc-create: autopkgtest-xenial: storage/zfs.c: zfs_destroy: 613 Failed to 
detect zfs dataset "lxc/autopkgtest-xenial": lxc-create: autopkgtest-xenial:
lxc-create: autopkgtest-xenial: lxccontainer.c: container_destroy: 2653 Error 
destroying rootfs for autopkgtest-xenial
lxc-create: autopkgtest-xenial: tools/lxc_create.c: main: 326 Error creating 
container autopkgtest-xenial

Moreover, it creates cruft which is hard to clean up again:

$ sudo lxc-ls -f
NAME   STATE   AUTOSTART GROUPS IPV4 IPV6 
autopkgtest-xenial STOPPED 0 -  --

$ sudo lxc-destroy -n autopkgtest-xenial
lxc-destroy: autopkgtest-xenial: storage/zfs.c: zfs_destroy: 613 Failed to 
detect zfs dataset "lxc/autopkgtest-xenial": lxc-destroy: autopkgtest-xenial: 
utils.c: run_command: 2326 failed to exec command
lxc-destroy: autopkgtest-xenial: lxccontainer.c: container_destroy: 2653 Error 
destroying rootfs for autopkgtest-xenial
Destroying autopkgtest-xenial failed

$ sudo ls -lR /var/lib/lxc/autopkgtest-xenial
/var/lib/lxc/autopkgtest-xenial:
total 8
-rw-r--r-- 1 root root  149 Feb 20 20:41 config
drwxr-xr-x 2 root root 4096 Feb 20 20:41 rootfs

/var/lib/lxc/autopkgtest-xenial/rootfs:
total 0

This can only be cleaned up with `sudo rm -r`.

autopkgtest-build-lxc uses this option to get performant containers out
of the box. Arguably `-B best` is a sort of "unbreak my containers"
option and should always implicitly be used, but is there something else
that I should do here?

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: lxc 2.1.0-0ubuntu1
ProcVersionSignature: Ubuntu 4.13.0-32.35-generic 4.13.13
Uname: Linux 4.13.0-32-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
Date: Tue Feb 20 20:38:55 2018
JournalErrors:
 Error: command ['journalctl', '-b', '--priority=warning', '--lines=1000'] 
failed with exit code 1: Hint: You are currently not seeing messages from other 
users and the system.
   Users in the 'systemd-journal' group can see all messages. Pass -q to
   turn off this notice.
 No journal files were opened due to insufficient permissions.
PackageArchitecture: all
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
 lxc.net.0.type = veth
 lxc.net.0.link = lxcbr0
 lxc.net.0.flags = up
 lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxcsyslog:

** Affects: lxc (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apparmor apport-bug artful

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1750654

Title:
  "lxc-create -B best" fails on non-btrfs/zfs system

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1750654/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1707898] Re: systemd translations are not synced with upstream

2018-02-19 Thread Martin Pitt
Thanks Gunnar, nice work! I cherry-picked the patches in
https://salsa.debian.org/systemd-team/systemd/commit/87f54958bc24 . The
debian/ changes were already in Debian master.

** Changed in: systemd (Ubuntu)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1707898

Title:
  systemd translations are not synced with upstream

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1707898/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1749736] Re: autopkgtest-build-lxd fails to build artful/bionic containers

2018-02-15 Thread Martin Pitt
I propose to add a check for the default network route to the "is the container 
up?" polling loop:
https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040158.html

** Changed in: autopkgtest (Ubuntu)
   Status: New => Triaged

** Changed in: autopkgtest (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1749736

Title:
  autopkgtest-build-lxd fails to build artful/bionic containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1749736/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1707898] Re: systemd translations are not synced with upstream

2018-02-15 Thread Martin Pitt
I confirmed that the current "ninja -C build-deb/ systemd-pot" command
also builds a complete .pot file with policykit-1 installed
(unsurprisingly, as this also just calls gettext). So that part is fine.

What is really bad however, is to build-depend against policykit-1:

The following NEW packages will be installed:
  cgmanager dbus libcgmanager0 libnih-dbus1 libnih1 libpam-systemd 
libpolkit-backend-1-0 libprocps6 policykit-1 procps systemd
  systemd-shim

This is an awful lot to pull into a buildd schroot, in particular it
makes systemd build-depend on itself. I'd really like to avoid that.

Are the files /usr/share/gettext/its/polkit.{its,loc} only being used at
build time, or does polkit need these at runtime for dynamic gettext
translations? My gut feeling is that it's the former, and then it would
make sense to move these two into libpolkit-gobject-1-dev instead.
systemd already build-depends on that, thus it will automatically pick
these up.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1707898

Title:
  systemd translations are not synced with upstream

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1707898/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1707898] Re: systemd translations are not synced with upstream

2018-02-15 Thread Martin Pitt
Thanks Gunnar for tracking this down! Adding a policykit-1 build
dependency requires some thought, as that also build-depends on systemd
[1], thus this is circular. Also, there was a lot of effort with making
systemd bootstrappable without excessive dependencies. But I think it's
fine to add this as a [!stage1] b-dep.

[1] https://anonscm.debian.org/cgit/pkg-
utopia/policykit.git/tree/debian/control

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1707898

Title:
  systemd translations are not synced with upstream

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1707898/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1707898] Re: systemd translations are not synced with upstream

2018-02-14 Thread Martin Pitt
@Gunnar: This patch does not actually work:

❱❱❱ xgettext -f "po/POTFILES.in" -o "build-deb/po/systemd.pot" --join-existing
xgettext: warning: file 'src/core/org.freedesktop.systemd1.policy.in.in' 
extension 'policy' is unknown; will try C
xgettext: warning: file 'src/hostname/org.freedesktop.hostname1.policy.in' 
extension 'policy' is unknown; will try C
xgettext: warning: file 'src/import/org.freedesktop.import1.policy.in' 
extension 'policy' is unknown; will try C
xgettext: warning: file 'src/locale/org.freedesktop.locale1.policy.in' 
extension 'policy' is unknown; will try C
xgettext: warning: file 'src/login/org.freedesktop.login1.policy.in' extension 
'policy' is unknown; will try C
xgettext: warning: file 'src/machine/org.freedesktop.machine1.policy.in' 
extension 'policy' is unknown; will try C
xgettext: warning: file 'src/timedate/org.freedesktop.timedate1.policy.in' 
extension 'policy' is unknown; will try C

And systemd.pot is unchanged.

I now committed https://salsa.debian.org/systemd-
team/systemd/commit/09c6423728319 to simplify the .pot generation, but
it has the exact same issue.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1707898

Title:
  systemd translations are not synced with upstream

To manage notifications about this bug go to:
https://bugs.launchpad.net/systemd/+bug/1707898/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1707898] Re: systemd translations are not synced with upstream

2018-02-12 Thread Martin Pitt
I committed the first hunk to Debian, this makes sense:
https://salsa.debian.org/systemd-team/systemd/commit/18d8c2df133b8af

The second is too hackish for a permanent downstream delta, IMHO: This
should rather be fixed upstream, as upstream polkit (as well as Debian's
and Ubuntu's older versions) have proper runtime gettext support.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1707898

Title:
  systemd translations are not synced with upstream

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-translations/+bug/1707898/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1741227] Re: apparmor denial to several paths to binaries

2018-01-04 Thread Martin Pitt
The most plausible explanation for enumerating /usr/local/bin/ is that
ntpd has some hooks.d/ mechanism which gets called after syncing the
time, and that runs a shell in between. So IMHO this should be allowed.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1741227

Title:
  apparmor denial to several paths to binaries

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1741227/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1727202] Re: [17.10 regression] AppArmor ntp denial: Failed name lookup - disconnected path

2018-01-04 Thread Martin Pitt
The most plausible explanation for enumerating /usr/local/bin/ is that
ntpd has some hooks.d/ mechanism which gets called after syncing the
time, and that runs a shell in between. So IMHO this should be allowed.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1727202

Title:
  [17.10 regression] AppArmor ntp denial: Failed name lookup -
  disconnected path

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1727202/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1727202] Re: [17.10 regression] AppArmor ntp denial: Failed name lookup - disconnected path

2018-01-03 Thread Martin Pitt
I locally ran Cockpit tests on our current Ubuntu 17.10 image and re-
confirm that I got the "disconnected path" error. I then upgraded the
ntp package to artful-proposed, and *that* violation is now gone. As
others already saw, I now get a test failure on

   apparmor="DENIED" operation="open" profile="/usr/sbin/ntpd"
name="/usr/local/sbin/" pid=5938 comm="ntpd" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0

But this is not a regression from this update, and unrelated. So this
SRU is good from my POV. Thanks!

** Tags removed: verification-needed-artful
** Tags added: verification-done-artful

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1727202

Title:
  [17.10 regression] AppArmor ntp denial: Failed name lookup -
  disconnected path

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1727202/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1727202] Re: [17.10 regression] AppArmor denial: Failed name lookup - disconnected path

2017-12-15 Thread Martin Pitt
Thanks Christian! Indeed this is rather hard to reproduce locally, but
that PR seems to address this. I'll let you know if it doesn't after it
lands.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1727202

Title:
  [17.10 regression] AppArmor denial: Failed name lookup - disconnected
  path

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1727202/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1680384] Re: libvirt-qemu apparmor profiles misses several important entries

2017-12-06 Thread Martin Pitt
Christian: This bug now hit debian-testing (see
http://209.132.184.41/logs/pull-8219-20171206-214646-d2e9e141-verify-
debian-testing/log.html#2). Is there an upstream bug/patch mail for
reference, or are these Debian/Ubuntu downstream rules?

** Bug watch added: Debian Bug tracker #878203
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878203

** Also affects: libvirt (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878203
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1680384

Title:
  libvirt-qemu apparmor profiles misses several important entries

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1680384/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

  1   2   3   4   5   6   7   8   9   10   >