Ubuntu
php-net-ldap2 package

Merge ~ahasenack/ubuntu/+source/php-net-ldap2:lunar-php-net-ldap2-apparmor-dep8 into ubuntu/+source/php-net-ldap2:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/php-net-ldap2
  3. lunar-php-net-ldap2-apparmor-dep8
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: 163c47f2cd0134fc23b30d14e3776f9fe4dce7db
Proposed branch: ~ahasenack/ubuntu/+source/php-net-ldap2:lunar-php-net-ldap2-apparmor-dep8
Merge into: ubuntu/+source/php-net-ldap2:ubuntu/devel
Diff against target: 82 lines (+44/-1)
3 files modified
debian/changelog (+8/-0)
debian/control (+2/-1)
debian/tests/upstream-testsuite (+34/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Sergio Durigan Junior (community) Approve
Canonical Server Reporter Pending
Review via email: mp+438144@code.launchpad.net

Description of the change

Adjust the slapd apparmor profile to allow slapd to read/write/lock files in the autopkgtest temporary directory.

There is the usual "apparmor on armhf in the ubuntu dep8 infrastructure" issue. I copied the approach I used in the rsyslog package[2].

While I was writing up this MP, I wondered about another way to fix this problem. Instead of adjusting the apparmor profile, we could also just make the test use a directory under /var/tmp, because that is allowed by the existing apparmor profile. Well, almost: it misses[1] the lock (k) permission I'm afraid :/ :

  /var/tmp/ rw,
  /var/tmp/** rw,

And in my testing, "k" was needed.

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/php-net-ldap2-dep8-apparmor-fix/+packages

DEP8 is green:
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-php-net-ldap2-dep8-apparmor-fix/?format=plain)
  php-net-ldap2 @ amd64:
    01.03.23 20:16:36 Log 🗒️ ✅ Triggers: php-net-ldap2/2.2.1-1ubuntu1~ppa2

https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-php-net-ldap2-dep8-apparmor-fix/lunar/amd64/p/php-net-ldap2/20230301_201636_84b7a@/log.gz

PHPUnit 9.6.3 by Sebastian Bergmann and contributors.

.........IIII............I.III.IIIIIIIIIII...................IIII 65 / 99 ( 65%)
IIIIIIIIIIIIIIIIIIIIII............ 99 / 99 (100%)

Time: 00:01.429, Memory: 14.00 MB

OK, but incomplete, skipped, or risky tests!
Tests: 99, Assertions: 1117, Incomplete: 45.
autopkgtest [20:16:12]: test upstream-testsuite: -----------------------]
upstream-testsuite PASS
autopkgtest [20:16:13]: test upstream-testsuite: - - - - - - - - - - results - - - - - - - - - -
autopkgtest [20:16:14]: @@@@@@@@@@@@@@@@@@@@ summary
upstream-testsuite PASS

Note: when running the DEP8 tests in a local lunar container, or even vm, with the autopkgtest runner, they fail, but in the DEP8 infrastructure (as above), they pass. ¯\_(ツ)_/¯

1. https://git.launchpad.net/ubuntu/+source/openldap/tree/debian/apparmor-profile#n38
2. https://git.launchpad.net/ubuntu/+source/rsyslog/tree/debian/tests/utils#n59

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

LGTM. Unfortunately I don't see Debian accepting such a change easily, but it's worth trying submitting it to them, I guess.

I built the package and ran autopkgtest locally, and it actually passed.

autopkgtest [16:25:00]: @@@@@@@@@@@@@@@@@@@@ summary
upstream-testsuite PASS

+1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, sergiodj
Uploaders: ahasenack, sergiodj
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded:

Uploading php-net-ldap2_2.2.1-1ubuntu1.dsc
Uploading php-net-ldap2_2.2.1-1ubuntu1.debian.tar.xz
Uploading php-net-ldap2_2.2.1-1ubuntu1_source.buildinfo
Uploading php-net-ldap2_2.2.1-1ubuntu1_source.changes

I'll probe the waters and try to send this to debian, let's see...

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I sent this to debian and it was merged.

https://salsa.debian.org/php-team/pear/php-net-ldap2/-/merge_requests/1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index b3f6a3e..25590dc 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+php-net-ldap2 (2.2.1-1ubuntu1) lunar; urgency=medium
7+
8+ * d/t/upstream-testsuite: if apparmor is enabled, adjust the slapd
9+ profile to allow access to the $AUTOPKGTEST_TMP directory
10+ (LP: #2008825)
11+
12+ -- Andreas Hasenack <andreas@canonical.com> Tue, 28 Feb 2023 18:03:21 -0300
13+
14 php-net-ldap2 (2.2.1-1) unstable; urgency=medium
15
16 * New upstream release.
17diff --git a/debian/control b/debian/control
18index 5f693e5..d5b1112 100644
19--- a/debian/control
20+++ b/debian/control
21@@ -1,7 +1,8 @@
22 Source: php-net-ldap2
23 Section: php
24 Priority: optional
25-Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
26+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
27+XSBC-Original-Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
28 Uploaders: Benoit Mortier <benoit.mortier@opensides.be>,
29 Prach Pongpanich <prach@debian.org>,
30 Guilhem Moulin <guilhem@debian.org>
31diff --git a/debian/tests/upstream-testsuite b/debian/tests/upstream-testsuite
32index 161feb7..f12ba8e 100755
33--- a/debian/tests/upstream-testsuite
34+++ b/debian/tests/upstream-testsuite
35@@ -4,6 +4,31 @@ set -ue
36 PATH="/usr/sbin:/sbin:/usr/bin:/bin"
37 export PATH
38
39+try_reload_apparmor_profile() {
40+ local apparmor_profile="${1}"
41+ local -i rc=0
42+ local arch
43+ local vendor
44+
45+ apparmor_parser -r -W -T "${apparmor_profile}" || rc=$?
46+ if [ ${rc} -ne 0 ]; then
47+ # This can fail on armhf in the Ubuntu DEP8 infrastructure
48+ # because that environment restricts changing apparmor profiles.
49+ # (See LP: #2008393)
50+ arch=$(dpkg --print-architecture)
51+ vendor=$(dpkg-vendor --query Vendor)
52+ if [ "${arch}" = "armhf" ] && [ "${vendor}" = "Ubuntu" ]; then
53+ echo "WARNING: failed to enforce apparmor profile."
54+ echo "On armhf and Ubuntu DEP8 infrastructure, this is not a fatal error."
55+ echo "See #2008393 for details."
56+ rc=0
57+ else
58+ echo "ERROR: failed to adjust the slapd apparmor profile for this test."
59+ fi
60+ fi
61+ return ${rc}
62+}
63+
64 for ((i = 0; i < 10; i++)); do
65 if [ -S "/run/ldapi" ]; then
66 break
67@@ -12,6 +37,15 @@ for ((i = 0; i < 10; i++)); do
68 sleep 1
69 done
70
71+apparmor_profile="/etc/apparmor.d/usr.sbin.slapd"
72+if [ -f "${apparmor_profile}" ]; then
73+ if aa-status --enabled 2>/dev/null; then
74+ # Adjust apparmor so slapd can read the heimdal master key
75+ echo " ${AUTOPKGTEST_TMP}/** rwk, " >> /etc/apparmor.d/local/usr.sbin.slapd
76+ try_reload_apparmor_profile "${apparmor_profile}"
77+ fi
78+fi
79+
80 # see tests/HOWTO_SETUP_OPENLDAP_TESTCASE.txt and tests/ldapconfig.ini.dist
81 SLAPD_ADDRESS="127.0.0.1"
82 SLAPD_PORT=389

Subscribers

People subscribed via source and target branches