Merge ~alexmurray/ubuntu-security-tools:umt-ulimit-pkg-exceptions-override-as-unlimited into ubuntu-security-tools:master

Proposed by Alex Murray
Status: Merged
Merged at revision: 686ebcd9bae18717d082f301baf0075216223a57
Proposed branch: ~alexmurray/ubuntu-security-tools:umt-ulimit-pkg-exceptions-override-as-unlimited
Merge into: ubuntu-security-tools:master
Diff against target: 33 lines (+4/-4)
1 file modified
build-tools/umt (+4/-4)
Reviewer Review Type Date Requested Status
Seth Arnold Approve
Mark Esler Approve
Review via email: mp+428121@code.launchpad.net

Description of the change

This came up due to libbluray failing to build for amurray and eslerm on kinetic (but suceeding for sarnold) - in this case just using a ulimit value of unlimited seems more appropriate. See https://chat.canonical.com/canonical/pl/zer47dqux3ds7kpesn3kooktxe for full back story.

To post a comment you must log in.
Revision history for this message
Mark Esler (eslerm) wrote :

LGTM

review: Approve
Revision history for this message
Seth Arnold (seth-arnold) wrote :

The condition is getting a bit big, I wonder if we could more easily enumerate the negation of this if statement. The change looks fine, though, if you just want to leave it alone for now.

Thanks

review: Approve
Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks for the review Seth - I broke up the if over multiple lines in https://git.launchpad.net/ubuntu-security-tools/commit/?id=ea324c9b15363c77809e31394358149f5bde8593 which should hopefully make it easier to maintain.

Revision history for this message
Seth Arnold (seth-arnold) wrote :

On Thu, Aug 11, 2022 at 02:36:05AM -0000, Alex Murray wrote:
> Thanks for the review Seth - I broke up the if over multiple lines in
> https://git.launchpad.net/ubuntu-security-tools/commit/?id=ea324c9b15363c77809e31394358149f5bde8593
> which should hopefully make it easier to maintain.

That'll definitely be easier to maintain, but I'm thinking more along the
lines of this (untested, not-quite-thought-out) version:

details['pkgbuild_ulimit_v'] = ulimit_pkg_exceptions[pkg_prefix] ||
    ust['pkgbuild_ulimit_v'] || 8 * 1024 * 1024 * 1024

I'm just hoping that there's an easier way to express the precedence for
where to get the setting.

Thanks

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/build-tools/umt b/build-tools/umt
2index 603c412..222a32d 100755
3--- a/build-tools/umt
4+++ b/build-tools/umt
5@@ -126,8 +126,8 @@ quirks['docker.io'] = [Quirk(quirk_docker_io_port_80,
6 'A process is already bound to port 80. It was found '
7 'that registry tests fail whenever this happens.')]
8
9-# exceptions for creating a larger than normal ulimit when building.
10-# keys are pkg name prefixes, values or the ulimit value.
11+# exceptions for creating a larger than normal ulimit when building. keys
12+# are pkg name prefixes, values are the ulimit value
13 ulimit_pkg_exceptions = {
14 "gcc-": "3072000",
15 "icedtea-web": "5242880",
16@@ -136,7 +136,7 @@ ulimit_pkg_exceptions = {
17 "openjdk-": "5242880",
18 "passenger": "5242880",
19 "tzdata": "5242880",
20- "libbluray": "5242880",
21+ "libbluray": "unlimited",
22 }
23
24
25@@ -4138,7 +4138,7 @@ def parse_package_details(release = None, skip_sanity = False, force_component =
26 details['pkgbuild_ulimit_v'] = ust['pkgbuild_ulimit_v']
27 for pkg_prefix in ulimit_pkg_exceptions:
28 if details['package'].startswith(pkg_prefix) and \
29- ('pkgbuild_ulimit_v' not in ust or ust['pkgbuild_ulimit_v'] == 'unlimited' or int(ust['pkgbuild_ulimit_v']) < int(ulimit_pkg_exceptions[pkg_prefix])):
30+ ('pkgbuild_ulimit_v' not in ust or ust['pkgbuild_ulimit_v'] == 'unlimited' or ulimit_pkg_exceptions[pkg_prefix] == 'unlimited' or int(ust['pkgbuild_ulimit_v']) < int(ulimit_pkg_exceptions[pkg_prefix])):
31 details['pkgbuild_ulimit_v'] = ulimit_pkg_exceptions[pkg_prefix]
32
33 # TODO: Need -sa for partner section also

Subscribers

People subscribed via source and target branches