I have chatted with folks, and in my opinion the best path forward is to use the upstream systemd CI for the SRU testing and verification. I have already provided a PPA to use for testing (described in the bug description now), so we have confidence in this test plan.
Given this is already fixed in questing and resolute, I am opting not to fix plucky. ** Description changed: + [Impact] + + This is most easily observed in upstream systemd's CI, in places where + noble is used in the test environment. + + To pass systemd credentials into the test VMs, mkosi passes `-smbios + type=11,path=/path/to/credential` to qemu. However, in the relevant + codepath in qemu, there is a buffer overrun resulting in the following + errors across many tests[1]: + + 9300s [ 1.227017] systemd[1]: Failed to base64 decode credential 'tty.virtual.tty1.agetty.autologin', ignoring: File name too long + 9300s [ 1.227468] systemd[1]: Failed to base64 decode credential 'tty.console.login.noauth', ignoring: Invalid argument + 9300s [ 1.227900] systemd[1]: Failed to base64 decode credential 'vmm.notify_socket', ignoring: File name too long + 9300s [ 1.228222] systemd[1]: Failed to base64 decode credential 'keyfile', ignoring: File name too long + 9300s [ 1.228489] systemd[1]: Failed to base64 decode credential 'journal.storage', ignoring: File name too long + 9300s [ 1.228896] systemd[1]: Failed to base64 decode credential 'firstboot.locale', ignoring: File name too long + 9300s [ 1.229202] systemd[1]: Failed to base64 decode credential 'systemd.extra-unit.emergency-exit.service', ignoring: Invalid argument + 9300s [ 1.229499] systemd[1]: Failed to base64 decode credential 'systemd.unit-dropin.emergency.target', ignoring: File name too long + 9300s [ 1.232585] systemd[1]: Failed to base64 decode credential 'ssh.authorized_keys.root', ignoring: Invalid argument + 9300s [ 1.232940] systemd[1]: Failed to base64 decode credential 'firstboot.timezone', ignoring: File name too long + 9300s [ 1.233291] systemd[1]: Failed to base64 decode credential 'userdb.user.testuser', ignoring: File name too long + 9300s [ 1.233626] systemd[1]: Failed to base64 decode credential 'journal.forward_to_socket', ignoring: File name too long + 9300s [ 1.234083] systemd[1]: Failed to base64 decode credential 'tty.console.agetty.autologin', ignoring: File name too long + 9300s [ 1.234297] systemd[1]: Failed to base64 decode credential 'systemd.unit-dropin.TEST-85-NETWORK-NetworkdDHCPClientTests.service', ignoring: File name too long + + This issue was already reported and fixed in upstream QEMU[2][3], and is + present in questing and newer. + + [Test Plan] + + The upstream systemd CI will be used for testing. The noble-proposed + pocket will be enabled, and it will be demonstrated that when qemu from + noble-proposed is used in the relevant tests, the "Failed to base64 + decode credential" issue is gone, and the test are then able to proceed. + + To provide some confidence that this patch will be sufficient, a PPA + version of qemu with this patch was used in the CI[4]. + + [Where problems could occur] + + The patch is very limited in scope, as it relates specifically to + parsing qemu's -smbios type=11,... command line arguments. + + [Other info] + + [1] https://autopkgtest.ubuntu.com/results/autopkgtest-noble-upstream-systemd-ci-systemd-ci/noble/amd64/s/systemd-upstream/20251105_011617_4b557@/log.gz + [2] https://gitlab.com/qemu-project/qemu/-/issues/2879 + [3] https://gitlab.com/qemu-project/qemu/-/commit/a7a05f5f6a4085afbede315e749b1c67e78c966b + [4] https://autopkgtest.ubuntu.com/results/autopkgtest-noble-upstream-systemd-ci-systemd-ci/noble/amd64/s/systemd-upstream/20251113_065034_05107@/log.gz + + + [Original Description] + Upstream bug: https://gitlab.com/qemu-project/qemu/-/issues/2879 Upstream fix: https://gitlab.com/qemu-project/qemu/-/commit/a7a05f5f6a4085afbede315e749b1c67e78c966b Please backport the fix to Noble ** Changed in: qemu (Ubuntu Noble) Assignee: Hector CAO (hectorcao) => Nick Rosbrook (enr0n) ** Changed in: qemu (Ubuntu Noble) Status: Incomplete => In Progress ** Changed in: qemu (Ubuntu Plucky) Status: Incomplete => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2127974 Title: -smbios type=11,path=xxx results in buffer overrun due to missing null terminator To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2127974/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
