ubuntu-security-tools

Merge ~alexmurray/ubuntu-security-tools:umt-ulimit-pkg-exceptions-override-as-unlimited into ubuntu-security-tools:master

  1. Git
  2. lp:~alexmurray/ubuntu-security-tools
  3. umt-ulimit-pkg-exceptions-override-as-unlimited
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: 686ebcd9bae18717d082f301baf0075216223a57
Proposed branch: ~alexmurray/ubuntu-security-tools:umt-ulimit-pkg-exceptions-override-as-unlimited
Merge into: ubuntu-security-tools:master
Diff against target: 33 lines (+4/-4)
1 file modified
build-tools/umt (+4/-4)
Reviewer Review Type Date Requested Status
Seth Arnold Approve
Mark Esler Approve
Review via email: mp+428121@code.launchpad.net

Description of the change

This came up due to libbluray failing to build for amurray and eslerm on kinetic (but suceeding for sarnold) - in this case just using a ulimit value of unlimited seems more appropriate. See https://chat.canonical.com/canonical/pl/zer47dqux3ds7kpesn3kooktxe for full back story.

To post a comment you must log in.
Revision history for this message
Mark Esler (eslerm) wrote :

LGTM

review: Approve
Revision history for this message
Seth Arnold (seth-arnold) wrote :

The condition is getting a bit big, I wonder if we could more easily enumerate the negation of this if statement. The change looks fine, though, if you just want to leave it alone for now.

Thanks

review: Approve
Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks for the review Seth - I broke up the if over multiple lines in https://git.launchpad.net/ubuntu-security-tools/commit/?id=ea324c9b15363c77809e31394358149f5bde8593 which should hopefully make it easier to maintain.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

On Thu, Aug 11, 2022 at 02:36:05AM -0000, Alex Murray wrote:
> Thanks for the review Seth - I broke up the if over multiple lines in
> https://git.launchpad.net/ubuntu-security-tools/commit/?id=ea324c9b15363c77809e31394358149f5bde8593
> which should hopefully make it easier to maintain.

That'll definitely be easier to maintain, but I'm thinking more along the
lines of this (untested, not-quite-thought-out) version:

details['pkgbuild_ulimit_v'] = ulimit_pkg_exceptions[pkg_prefix] ||
    ust['pkgbuild_ulimit_v'] || 8 * 1024 * 1024 * 1024

I'm just hoping that there's an easier way to express the precedence for
where to get the setting.

Thanks

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/build-tools/umt b/build-tools/umt
index 603c412..222a32d 100755
--- a/build-tools/umt
+++ b/build-tools/umt
@@ -126,8 +126,8 @@ quirks['docker.io'] = [Quirk(quirk_docker_io_port_80,
126 'A process is already bound to port 80. It was found '126 'A process is already bound to port 80. It was found '
127 'that registry tests fail whenever this happens.')]127 'that registry tests fail whenever this happens.')]
128128
129# exceptions for creating a larger than normal ulimit when building.129# exceptions for creating a larger than normal ulimit when building. keys
130# keys are pkg name prefixes, values or the ulimit value.130# are pkg name prefixes, values are the ulimit value
131ulimit_pkg_exceptions = {131ulimit_pkg_exceptions = {
132 "gcc-": "3072000",132 "gcc-": "3072000",
133 "icedtea-web": "5242880",133 "icedtea-web": "5242880",
@@ -136,7 +136,7 @@ ulimit_pkg_exceptions = {
136 "openjdk-": "5242880",136 "openjdk-": "5242880",
137 "passenger": "5242880",137 "passenger": "5242880",
138 "tzdata": "5242880",138 "tzdata": "5242880",
139 "libbluray": "5242880",139 "libbluray": "unlimited",
140}140}
141141
142142
@@ -4138,7 +4138,7 @@ def parse_package_details(release = None, skip_sanity = False, force_component =
4138 details['pkgbuild_ulimit_v'] = ust['pkgbuild_ulimit_v']4138 details['pkgbuild_ulimit_v'] = ust['pkgbuild_ulimit_v']
4139 for pkg_prefix in ulimit_pkg_exceptions:4139 for pkg_prefix in ulimit_pkg_exceptions:
4140 if details['package'].startswith(pkg_prefix) and \4140 if details['package'].startswith(pkg_prefix) and \
4141 ('pkgbuild_ulimit_v' not in ust or ust['pkgbuild_ulimit_v'] == 'unlimited' or int(ust['pkgbuild_ulimit_v']) < int(ulimit_pkg_exceptions[pkg_prefix])):4141 ('pkgbuild_ulimit_v' not in ust or ust['pkgbuild_ulimit_v'] == 'unlimited' or ulimit_pkg_exceptions[pkg_prefix] == 'unlimited' or int(ust['pkgbuild_ulimit_v']) < int(ulimit_pkg_exceptions[pkg_prefix])):
4142 details['pkgbuild_ulimit_v'] = ulimit_pkg_exceptions[pkg_prefix]4142 details['pkgbuild_ulimit_v'] = ulimit_pkg_exceptions[pkg_prefix]
41434143
4144 # TODO: Need -sa for partner section also4144 # TODO: Need -sa for partner section also

Subscribers

People subscribed via source and target branches