Ubuntu
bind-dyndb-ldap package

Merge ~ahasenack/ubuntu/+source/bind-dyndb-ldap:lunar-dyndb-ldap-dep8 into ubuntu/+source/bind-dyndb-ldap:ubuntu/lunar-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/bind-dyndb-ldap
  3. lunar-dyndb-ldap-dep8
  4. Merge into ubuntu/lunar-devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: bd8aacd8b7373103bb58c8c1a852154faed0c971
Proposed branch: ~ahasenack/ubuntu/+source/bind-dyndb-ldap:lunar-dyndb-ldap-dep8
Merge into: ubuntu/+source/bind-dyndb-ldap:ubuntu/lunar-devel
Diff against target: 328 lines (+296/-1)
4 files modified
debian/changelog (+7/-0)
debian/control (+2/-1)
debian/tests/control (+7/-0)
debian/tests/dyndb-ldap (+280/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Lucas Kanashiro (community) Approve
Canonical Server Reporter Pending
Review via email: mp+450607@code.launchpad.net

Description of the change

Rebuild bind-dyndb-ldap with current bind9-libs, and add a DEP8 test to catch future regressions like this one.

This includes the fix for #2034250, but it's not mentioned explicitly because this DEP8 test doesn't exist in lunar yet.

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/bind9-dyndb-ldap/+packages

DEP8: green locally

See https://bugs.launchpad.net/ubuntu/lunar/+source/bind-dyndb-ldap/+bug/1978849/comments/10 and https://bugs.launchpad.net/ubuntu/lunar/+source/bind-dyndb-ldap/+bug/1978849/comments/12 for details, but src:bind-dyndb-ldap really needs a rebuild everytime bind9 is updated, even if it's just a no-change rebuild. This is not because of the strict "Depends", but the actual soname of the bind9 libraries *change* with a simple rebuild as they incorporate the ubuntu version suffix.

As an example of what it looks like when the test fails, I left the focal[1] run up:

(...)
112s ## Configuring bind9 to use bind9-dyndb-ldap
112s ## Restarting bind9
112s
112s ## Checking DNS records
112s Using domain server:
112s Name: 127.0.0.1
112s Address: 127.0.0.1#53
112s Aliases:
112s
112s Host somehost.example.internal not found: 5(REFUSED)
112s ## Something failed, gathering logs
(...)
112s Sep 1 17:48:26 adt-focal-amd64-bind-dyndb-ldap-20230901-174634-juju-4d1272-pro named[2187]: loading DynDB instance 'ldap_zone' driver '/usr/lib/bind/ldap.so'
112s Sep 1 17:48:26 adt-focal-amd64-bind-dyndb-ldap-20230901-174634-juju-4d1272-pro named[2187]: failed to dynamically load instance 'ldap_zone' driver '/usr/lib/bind/ldap.so': /usr/lib/bind/ldap.so: undefined symbol: cfg_parse_buffer2 (failure)

1. https://autopkgtest.ubuntu.com/results/autopkgtest-focal-ahasenack-bind9-dyndb-ldap/focal/amd64/b/bind-dyndb-ldap/20230901_174839_8c68a@/log.gz

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

LGTM, +1.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, lucaskanashiro
Uploaders: ahasenack, lucaskanashiro
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded with rich history, and I also updated the bugs with the SRU template:

Uploading bind-dyndb-ldap_11.10-4ubuntu0.1.dsc
Uploading bind-dyndb-ldap_11.10-4ubuntu0.1.debian.tar.xz
Uploading bind-dyndb-ldap_11.10-4ubuntu0.1_source.buildinfo
Uploading bind-dyndb-ldap_11.10-4ubuntu0.1_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 9f8fa4c..86ca043 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+bind-dyndb-ldap (11.10-4ubuntu0.1) lunar; urgency=medium
7+
8+ * d/t/control, d/t/dyndb-ldap: add DEP8 test (LP: #2032650)
9+ * No-change rebuild with current bind9-libs (LP: #1978849)
10+
11+ -- Andreas Hasenack <andreas@canonical.com> Mon, 04 Sep 2023 10:40:25 -0300
12+
13 bind-dyndb-ldap (11.10-4) unstable; urgency=medium
14
15 [ Debian Janitor ]
16diff --git a/debian/control b/debian/control
17index 26a5763..0f59a7e 100644
18--- a/debian/control
19+++ b/debian/control
20@@ -1,7 +1,8 @@
21 Source: bind-dyndb-ldap
22 Section: net
23 Priority: optional
24-Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>
25+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
26+XSBC-Original-Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>
27 Uploaders: Timo Aaltonen <tjaalton@debian.org>
28 Build-Depends:
29 debhelper-compat (= 13),
30diff --git a/debian/tests/control b/debian/tests/control
31new file mode 100644
32index 0000000..f82c494
33--- /dev/null
34+++ b/debian/tests/control
35@@ -0,0 +1,7 @@
36+Tests: dyndb-ldap
37+Restrictions: isolation-container, needs-root
38+Depends: bind9,
39+ bind9-dyndb-ldap,
40+ slapd,
41+ ldap-utils,
42+ dpkg-dev
43diff --git a/debian/tests/dyndb-ldap b/debian/tests/dyndb-ldap
44new file mode 100644
45index 0000000..ac583bc
46--- /dev/null
47+++ b/debian/tests/dyndb-ldap
48@@ -0,0 +1,280 @@
49+#!/bin/bash
50+
51+set -e
52+
53+ldap_suffix="dc=example,dc=internal"
54+mydomain="example.internal"
55+myhostname="dep8"
56+ldap_admin_dn="cn=admin,${ldap_suffix}"
57+ldap_admin_pw="secret"
58+ldap_bind9_dn="uid=bind9,${ldap_suffix}"
59+ldap_bind9_rdn="uid: bind9" # match ldap_bind9_dn
60+ldap_bind9_pw="secretagain"
61+
62+cleanup() {
63+ result=$?
64+ set +e
65+ if [ ${result} -ne 0 ]; then
66+ echo "## Something failed, gathering logs"
67+ echo
68+ echo "## /var/log/syslog:"
69+ tail -n 200 /var/log/syslog
70+ echo
71+ echo "## slapd journal"
72+ journalctl -u slapd
73+ echo
74+ echo "## bind journal"
75+ journalctl -u bind
76+ fi
77+ sed -i '/include.*ldap_zone/d' /etc/bind/named.conf.local
78+ rm -f /etc/bind/named.conf.ldap_zone
79+}
80+
81+trap cleanup EXIT
82+
83+try_reload_apparmor_profile() {
84+ local apparmor_profile="${1}"
85+ local -i rc=0
86+ local arch
87+ local vendor
88+
89+ apparmor_parser -r -W -T "${apparmor_profile}" 2>&1 || rc=$?
90+ if [ ${rc} -ne 0 ]; then
91+ # This can fail on armhf in the Ubuntu DEP8 infrastructure
92+ # because that environment restricts changing apparmor profiles.
93+ # (See LP: #2008393)
94+ arch=$(dpkg --print-architecture)
95+ vendor=$(dpkg-vendor --query Vendor)
96+ if [ "${arch}" = "armhf" ] && [ "${vendor}" = "Ubuntu" ]; then
97+ echo "WARNING: failed to enforce apparmor profile."
98+ echo "On armhf and Ubuntu DEP8 infrastructure, this is not a fatal error."
99+ echo "See #2008393 for details."
100+ rc=0
101+ else
102+ echo "ERROR: failed to adjust the slapd apparmor profile for this test."
103+ fi
104+ fi
105+ return ${rc}
106+}
107+
108+adjust_apparmor_profile() {
109+ local profile_name="usr.sbin.named"
110+ local profile_path="/etc/apparmor.d/${profile_name}"
111+
112+ if [ -f "${profile_path}" ]; then
113+ if aa-status --enabled 2>/dev/null; then
114+ # Adjust apparmor so bind9 can connect to slapd's unix socket
115+ echo " /run/slapd/ldapi rw," >> "/etc/apparmor.d/local/${profile_name}"
116+ try_reload_apparmor_profile "${profile_path}"
117+ fi
118+ fi
119+}
120+
121+check_slapd_ready() {
122+ ldapwhoami -Q -Y EXTERNAL -H ldapi:/// > /dev/null 2>&1
123+}
124+
125+wait_service_ready() {
126+ local service="${1}"
127+ local check_function="${2}"
128+ local -i tries=5
129+ echo -n "Waiting for ${service} to be ready "
130+ while [ ${tries} -ne 0 ]; do
131+ echo -n "."
132+ if "${check_function}"; then
133+ echo
134+ break
135+ fi
136+ tries=$((tries-1))
137+ sleep 1s
138+ done
139+ if [ ${tries} -eq 0 ]; then
140+ echo "ERROR: ${service} is not ready"
141+ return 1
142+ fi
143+}
144+
145+setup_slapd() {
146+ local domain="$1"
147+ local password="$2"
148+ # MUST use REAL TABS as delimiters below!
149+ debconf-set-selections << EOF
150+slapd slapd/domain string ${domain}
151+slapd shared/organization string ${domain}
152+slapd slapd/password1 password ${password}
153+slapd slapd/password2 password ${password}
154+EOF
155+ rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb
156+ dpkg-reconfigure -fnoninteractive -pcritical slapd 2>&1
157+ systemctl restart slapd # http://bugs.debian.org/1010678
158+ wait_service_ready slapd check_slapd_ready
159+}
160+
161+configure_slapd_logging() {
162+ ldapmodify -Y EXTERNAL -H ldapi:/// 2>&1 <<EOF
163+dn: cn=config
164+changetype: modify
165+replace: olcLogLevel
166+olcLogLevel: stats
167+
168+EOF
169+}
170+
171+create_bind9_uid() {
172+ ldapadd -x -D "${ldap_admin_dn}" -w "${ldap_admin_pw}" <<EOF
173+dn: ${ldap_bind9_dn}
174+${ldap_bind9_rdn}
175+objectClass: simpleSecurityObject
176+objectClass: account
177+userPassword: {CRYPT}x
178+
179+EOF
180+ # this sets the password
181+ ldappasswd -x -D "${ldap_admin_dn}" -w "${ldap_admin_pw}" -s "${ldap_bind9_pw}" "${ldap_bind9_dn}"
182+
183+ # The plugin can change some attributes, like SOA records. For this test,
184+ # it's simpler to just allow it to write to the whole dns tree.
185+ ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF
186+dn: olcDatabase={1}mdb,cn=config
187+changetype: modify
188+add: olcAccess
189+olcAccess: {1}to dn.subtree="ou=dns,${ldap_suffix}" by dn.exact="${ldap_bind9_dn}" write by * none
190+
191+EOF
192+}
193+
194+
195+load_dyndb_schema() {
196+ local schema_file="/usr/share/doc/bind9-dyndb-ldap/schema.ldif.gz"
197+
198+ # https://wiki.debian.org/LDAP/OpenLDAPSetup#DNS.2FBind9
199+ zcat "${schema_file}" |
200+ sed 's/^attributeTypes:/olcAttributeTypes:/;
201+ s/^objectClasses:/olcObjectClasses:/;
202+ 1,/1.3.6.1.4.1.2428.20.0.0/ {/1.3.6.1.4.1.2428.20.0.0/!s/^/#/};
203+ 1idn: cn=dns,cn=schema,cn=config\nobjectClass: olcSchemaConfig' |
204+ ldapadd -Q -Y EXTERNAL -H ldapi:///
205+}
206+
207+load_syncprov() {
208+ ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF
209+dn: cn=module{0},cn=config
210+changetype: modify
211+add: olcModuleLoad
212+olcModuleLoad: syncprov
213+
214+EOF
215+
216+ ldapmodify -Q -Y EXTERNAL -H ldapi:/// <<EOF
217+dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config
218+changeType: add
219+objectClass: olcOverlayConfig
220+objectClass: olcSyncProvConfig
221+olcOverlay: syncprov
222+olcSpCheckpoint: 100 10
223+olcSpSessionLog: 100
224+
225+EOF
226+}
227+
228+load_dns_data() {
229+ ldapadd -x -D "${ldap_admin_dn}" -w "${ldap_admin_pw}" <<EOF
230+dn: ou=dns,${ldap_suffix}
231+objectClass: organizationalUnit
232+objectClass: top
233+ou: dns
234+
235+dn: idnsName=${mydomain},ou=dns,${ldap_suffix}
236+objectClass: top
237+objectClass: idnsZone
238+objectClass: idnsRecord
239+idnsName: ${mydomain}
240+idnsZoneActive: TRUE
241+idnsSOAmName: ${myhostname}.${mydomain}
242+idnsSOArName: root.${myhostname}.${mydomain}
243+idnsSOAserial: 1
244+idnsSOArefresh: 10800
245+idnsSOAretry: 900
246+idnsSOAexpire: 604800
247+idnsSOAminimum: 86400
248+NSRecord: ${mydomain}.
249+ARecord: 192.168.141.5
250+
251+dn: idnsName=${myhostname},idnsName=${mydomain},ou=dns,${ldap_suffix}
252+objectClass: idnsRecord
253+objectClass: top
254+idnsName: ${myhostname}
255+CNAMERecord: ${mydomain}.
256+
257+dn: idnsName=_ldap._tcp,idnsName=${mydomain},ou=dns,${ldap_suffix}
258+objectClass: idnsRecord
259+objectClass: top
260+idnsName: _ldap._tcp
261+SRVRecord: 0 100 389 ${myhostname}
262+
263+dn: idnsName=somehost,idnsName=${mydomain},ou=dns,${ldap_suffix}
264+objectClass: idnsRecord
265+objectClass: top
266+ARecord: 192.168.141.6
267+
268+EOF
269+}
270+
271+configure_dyndb() {
272+ if ! grep -qE "ldap_zone" /etc/bind/named.conf.local; then
273+ echo "include \"/etc/bind/named.conf.ldap_zone\";" >> /etc/bind/named.conf.local
274+ fi
275+ cat > /etc/bind/named.conf.ldap_zone <<EOF
276+dyndb "ldap_zone" "/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null)/bind/ldap.so" {
277+ uri "ldapi:///";
278+ base "ou=dns,${ldap_suffix}";
279+ auth_method "simple";
280+ bind_dn "${ldap_bind9_dn}";
281+ password "${ldap_bind9_pw}";
282+};
283+EOF
284+ chmod 0640 /etc/bind/named.conf.ldap_zone
285+ chgrp bind /etc/bind/named.conf.ldap_zone
286+ echo "## Restarting bind9"
287+ systemctl restart bind9.service
288+}
289+
290+echo "## Adjust bind9's apparmor profile if needed"
291+adjust_apparmor_profile
292+
293+echo "## Setting up slapd"
294+setup_slapd "${mydomain}" "${ldap_admin_pw}"
295+echo
296+
297+echo "## Configuring slapd logging"
298+configure_slapd_logging
299+echo
300+
301+echo "## Creating bind9 ldap uid"
302+create_bind9_uid
303+echo
304+
305+echo "## Loading bind9-dyndb-ldap schema"
306+load_dyndb_schema
307+echo
308+
309+echo "## Loading syncproc module"
310+load_syncprov
311+echo
312+
313+echo "## Loading DNS sample data"
314+load_dns_data
315+echo
316+
317+echo "## Configuring bind9 to use bind9-dyndb-ldap"
318+configure_dyndb
319+echo
320+
321+echo "## Checking DNS records"
322+host "somehost.${mydomain}" 127.0.0.1
323+echo
324+host "${myhostname}.${mydomain}" 127.0.0.1
325+echo
326+host -t srv "_ldap._tcp.${mydomain}" 127.0.0.1
327+echo
328+host -t soa "${mydomain}" 127.0.0.1

Subscribers

People subscribed via source and target branches