Ubuntu
php-net-ldap2 package

Merge ~ahasenack/ubuntu/+source/php-net-ldap2:lunar-php-net-ldap2-apparmor-dep8 into ubuntu/+source/php-net-ldap2:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/php-net-ldap2
  3. lunar-php-net-ldap2-apparmor-dep8
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: 163c47f2cd0134fc23b30d14e3776f9fe4dce7db
Proposed branch: ~ahasenack/ubuntu/+source/php-net-ldap2:lunar-php-net-ldap2-apparmor-dep8
Merge into: ubuntu/+source/php-net-ldap2:ubuntu/devel
Diff against target: 82 lines (+44/-1)
3 files modified
debian/changelog (+8/-0)
debian/control (+2/-1)
debian/tests/upstream-testsuite (+34/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Sergio Durigan Junior (community) Approve
Canonical Server Reporter Pending
Review via email: mp+438144@code.launchpad.net

Description of the change

Adjust the slapd apparmor profile to allow slapd to read/write/lock files in the autopkgtest temporary directory.

There is the usual "apparmor on armhf in the ubuntu dep8 infrastructure" issue. I copied the approach I used in the rsyslog package[2].

While I was writing up this MP, I wondered about another way to fix this problem. Instead of adjusting the apparmor profile, we could also just make the test use a directory under /var/tmp, because that is allowed by the existing apparmor profile. Well, almost: it misses[1] the lock (k) permission I'm afraid :/ :

  /var/tmp/ rw,
  /var/tmp/** rw,

And in my testing, "k" was needed.

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/php-net-ldap2-dep8-apparmor-fix/+packages

DEP8 is green:
Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-php-net-ldap2-dep8-apparmor-fix/?format=plain)
  php-net-ldap2 @ amd64:
    01.03.23 20:16:36 Log 🗒️ ✅ Triggers: php-net-ldap2/2.2.1-1ubuntu1~ppa2

https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ahasenack-php-net-ldap2-dep8-apparmor-fix/lunar/amd64/p/php-net-ldap2/20230301_201636_84b7a@/log.gz

PHPUnit 9.6.3 by Sebastian Bergmann and contributors.

.........IIII............I.III.IIIIIIIIIII...................IIII 65 / 99 ( 65%)
IIIIIIIIIIIIIIIIIIIIII............ 99 / 99 (100%)

Time: 00:01.429, Memory: 14.00 MB

OK, but incomplete, skipped, or risky tests!
Tests: 99, Assertions: 1117, Incomplete: 45.
autopkgtest [20:16:12]: test upstream-testsuite: -----------------------]
upstream-testsuite PASS
autopkgtest [20:16:13]: test upstream-testsuite: - - - - - - - - - - results - - - - - - - - - -
autopkgtest [20:16:14]: @@@@@@@@@@@@@@@@@@@@ summary
upstream-testsuite PASS

Note: when running the DEP8 tests in a local lunar container, or even vm, with the autopkgtest runner, they fail, but in the DEP8 infrastructure (as above), they pass. ¯\_(ツ)_/¯

1. https://git.launchpad.net/ubuntu/+source/openldap/tree/debian/apparmor-profile#n38
2. https://git.launchpad.net/ubuntu/+source/rsyslog/tree/debian/tests/utils#n59

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

LGTM. Unfortunately I don't see Debian accepting such a change easily, but it's worth trying submitting it to them, I guess.

I built the package and ran autopkgtest locally, and it actually passed.

autopkgtest [16:25:00]: @@@@@@@@@@@@@@@@@@@@ summary
upstream-testsuite PASS

+1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, sergiodj
Uploaders: ahasenack, sergiodj
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded:

Uploading php-net-ldap2_2.2.1-1ubuntu1.dsc
Uploading php-net-ldap2_2.2.1-1ubuntu1.debian.tar.xz
Uploading php-net-ldap2_2.2.1-1ubuntu1_source.buildinfo
Uploading php-net-ldap2_2.2.1-1ubuntu1_source.changes

I'll probe the waters and try to send this to debian, let's see...

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I sent this to debian and it was merged.

https://salsa.debian.org/php-team/pear/php-net-ldap2/-/merge_requests/1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index b3f6a3e..25590dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
1php-net-ldap2 (2.2.1-1ubuntu1) lunar; urgency=medium
2
3 * d/t/upstream-testsuite: if apparmor is enabled, adjust the slapd
4 profile to allow access to the $AUTOPKGTEST_TMP directory
5 (LP: #2008825)
6
7 -- Andreas Hasenack <andreas@canonical.com> Tue, 28 Feb 2023 18:03:21 -0300
8
1php-net-ldap2 (2.2.1-1) unstable; urgency=medium9php-net-ldap2 (2.2.1-1) unstable; urgency=medium
210
3 * New upstream release.11 * New upstream release.
diff --git a/debian/control b/debian/control
index 5f693e5..d5b1112 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: php-net-ldap21Source: php-net-ldap2
2Section: php2Section: php
3Priority: optional3Priority: optional
4Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
5Uploaders: Benoit Mortier <benoit.mortier@opensides.be>,6Uploaders: Benoit Mortier <benoit.mortier@opensides.be>,
6 Prach Pongpanich <prach@debian.org>,7 Prach Pongpanich <prach@debian.org>,
7 Guilhem Moulin <guilhem@debian.org>8 Guilhem Moulin <guilhem@debian.org>
diff --git a/debian/tests/upstream-testsuite b/debian/tests/upstream-testsuite
index 161feb7..f12ba8e 100755
--- a/debian/tests/upstream-testsuite
+++ b/debian/tests/upstream-testsuite
@@ -4,6 +4,31 @@ set -ue
4PATH="/usr/sbin:/sbin:/usr/bin:/bin"4PATH="/usr/sbin:/sbin:/usr/bin:/bin"
5export PATH5export PATH
66
7try_reload_apparmor_profile() {
8 local apparmor_profile="${1}"
9 local -i rc=0
10 local arch
11 local vendor
12
13 apparmor_parser -r -W -T "${apparmor_profile}" || rc=$?
14 if [ ${rc} -ne 0 ]; then
15 # This can fail on armhf in the Ubuntu DEP8 infrastructure
16 # because that environment restricts changing apparmor profiles.
17 # (See LP: #2008393)
18 arch=$(dpkg --print-architecture)
19 vendor=$(dpkg-vendor --query Vendor)
20 if [ "${arch}" = "armhf" ] && [ "${vendor}" = "Ubuntu" ]; then
21 echo "WARNING: failed to enforce apparmor profile."
22 echo "On armhf and Ubuntu DEP8 infrastructure, this is not a fatal error."
23 echo "See #2008393 for details."
24 rc=0
25 else
26 echo "ERROR: failed to adjust the slapd apparmor profile for this test."
27 fi
28 fi
29 return ${rc}
30}
31
7for ((i = 0; i < 10; i++)); do32for ((i = 0; i < 10; i++)); do
8 if [ -S "/run/ldapi" ]; then33 if [ -S "/run/ldapi" ]; then
9 break34 break
@@ -12,6 +37,15 @@ for ((i = 0; i < 10; i++)); do
12 sleep 137 sleep 1
13done38done
1439
40apparmor_profile="/etc/apparmor.d/usr.sbin.slapd"
41if [ -f "${apparmor_profile}" ]; then
42 if aa-status --enabled 2>/dev/null; then
43 # Adjust apparmor so slapd can read the heimdal master key
44 echo " ${AUTOPKGTEST_TMP}/** rwk, " >> /etc/apparmor.d/local/usr.sbin.slapd
45 try_reload_apparmor_profile "${apparmor_profile}"
46 fi
47fi
48
15# see tests/HOWTO_SETUP_OPENLDAP_TESTCASE.txt and tests/ldapconfig.ini.dist49# see tests/HOWTO_SETUP_OPENLDAP_TESTCASE.txt and tests/ldapconfig.ini.dist
16SLAPD_ADDRESS="127.0.0.1"50SLAPD_ADDRESS="127.0.0.1"
17SLAPD_PORT=38951SLAPD_PORT=389

Subscribers

People subscribed via source and target branches