Ubuntu
nss-pam-ldapd package

Merge ~jj/ubuntu/+source/nss-pam-ldapd:lp2130351-autopkgtest-apparmor into ubuntu/+source/nss-pam-ldapd:ubuntu/devel

  1. Git
  2. lp:~jj/ubuntu/+source/nss-pam-ldapd
  3. lp2130351-autopkgtest-apparmor
  4. Merge into ubuntu/devel
Proposed by Jonas Jelten
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 6d29f7b80ca5ecd37f01ee09b1e4a8911fc71287
Merged at revision: 6d29f7b80ca5ecd37f01ee09b1e4a8911fc71287
Proposed branch: ~jj/ubuntu/+source/nss-pam-ldapd:lp2130351-autopkgtest-apparmor
Merge into: ubuntu/+source/nss-pam-ldapd:ubuntu/devel
Diff against target: 82 lines (+47/-1)
2 files modified
debian/changelog (+8/-0)
debian/tests/testsuite (+39/-1)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+496111@code.launchpad.net

Description of the change

fix for bug #2130351
ppa: https://launchpad.net/~jj/+archive/ubuntu/lp2119884-openldap-fix-apparmor/

  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [amd64]
    + ✅ nss-pam-ldapd on resolute for amd64 @ 17.11.25 11:54:41 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [arm64]
    + ✅ nss-pam-ldapd on resolute for arm64 @ 17.11.25 11:56:45 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [armhf]
    + ❌ nss-pam-ldapd on resolute for armhf @ 17.11.25 11:57:55 Log️ 🗒️
      • testsuite FAIL 🟥
      • testsuite FLAKY 🟫
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [i386]
    + ❌ nss-pam-ldapd on resolute for i386 @ 17.11.25 11:54:00 Log️ 🗒️
      • testsuite FAIL 🟥
      • testsuite FAIL 🟥
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [ppc64el]
    + ✅ nss-pam-ldapd on resolute for ppc64el @ 17.11.25 11:56:40 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [riscv64]
    + ⛔ nss-pam-ldapd on resolute for riscv64 @ 17.11.25 12:11:46 Log️ 🗒️
      • testbed BAD ⛔
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [s390x]
    + ✅ nss-pam-ldapd on resolute for s390x @ 17.11.25 11:55:37 Log️ 🗒️

armhf fails because apparmor can't be accessed, i386 has always failed.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

What happens if you just ignore the apparmor_parser exit status, like we do already in other cases, like d/t/slapd[1] from src:openldap? Does the test pass?

Incidentally, we should probably standardize on this, as other tests even in openldap use different code to skip apparmor failures on armhf (like d/t/smbk5pwd). But that's for another time.

1. https://git.launchpad.net/ubuntu/+source/openldap/tree/debian/tests/slapd#n23

review: Needs Information
Revision history for this message
Jonas Jelten (jj) wrote (last edit ):

I've uploaded ubuntu2~ppa1 with isolation-machine restriction, let's see how this goes (likely the test is just skipped).

I agree we should standartize to this - the bug to resolve this in properly is #2008393 I'd say.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

There is no support for isolation-machine on armhf, the test will just be skipped then.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

As discussed in standup, the suggestion is to take the same approach as the openldap package[1] and just ignore the apparmor error (with a warning) if running on ubuntu-armhf. Then please remove the isolation-machine test restriction.

1. https://git.launchpad.net/ubuntu/+source/openldap/tree/debian/tests/slapd#n23

Revision history for this message
Jonas Jelten (jj) wrote :

added a function for allowing apparmor commands to fail if on Ubuntu+armhf

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Please make sure the ppa has the latest update from the branch, and that autopkgtests have run.

Revision history for this message
Jonas Jelten (jj) wrote :

now all incl armhf pass :)

  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [amd64]
    + ✅ nss-pam-ldapd on resolute for amd64 @ 08.12.25 14:09:49 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [arm64]
    + ✅ nss-pam-ldapd on resolute for arm64 @ 08.12.25 14:11:34 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [armhf]
    + ✅ nss-pam-ldapd on resolute for armhf @ 08.12.25 14:13:03 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [i386]
    + ❌ nss-pam-ldapd on resolute for i386 @ 08.12.25 14:09:19 Log️ 🗒️
      • testsuite FAIL 🟥
      • testsuite FAIL 🟥
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [ppc64el]
    + ✅ nss-pam-ldapd on resolute for ppc64el @ 08.12.25 14:12:28 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa2 [riscv64]
    + ⛔ nss-pam-ldapd on resolute for riscv64 @ 04.12.25 00:44:27 Log️ 🗒️
      • testbed BAD ⛔
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [s390x]
    + ✅ nss-pam-ldapd on resolute for s390x @ 08.12.25 14:13:30 Log️ 🗒️

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Sponsored:

Uploading nss-pam-ldapd_0.9.13-2ubuntu2.dsc
Uploading nss-pam-ldapd_0.9.13-2ubuntu2.debian.tar.xz
Uploading nss-pam-ldapd_0.9.13-2ubuntu2_source.buildinfo
Uploading nss-pam-ldapd_0.9.13-2ubuntu2_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 3084fe8..2fa2b4f 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+nss-pam-ldapd (0.9.13-2ubuntu2) resolute; urgency=medium
7+
8+ * d/t/testsuite: fix slapd apparmor access to test directory (LP: #2130351)
9+ - d/t/apparmor.sh: ignore apparmor control failures on Ubuntu+armhf
10+ (LP: #2008393)
11+
12+ -- Jonas Jelten <jonas.jelten@canonical.com> Wed, 12 Nov 2025 16:42:10 +0100
13+
14 nss-pam-ldapd (0.9.13-2ubuntu1) resolute; urgency=medium
15
16 * d/control: Recommends: networkd-dispatcher (LP: #2132159)
17diff --git a/debian/tests/testsuite b/debian/tests/testsuite
18index 0e070a0..1370943 100755
19--- a/debian/tests/testsuite
20+++ b/debian/tests/testsuite
21@@ -38,11 +38,40 @@ service unscd stop || true
22 # temporary file to keep nslcd debug output
23 nslcd_debug_log=`mktemp -t nslcd.debug.log.XXXXXX`
24
25+if [ "$(aa-enabled 2> /dev/null)" = "Yes" ]; then
26+ apparmor_enabled="true"
27+else
28+ apparmor_enabled="false"
29+fi
30+
31+_apparmor_check() {
32+ # allow command to fail if running on Ubuntu-armhf (due to LP: #2008393)
33+ "$@" && return 0
34+ _ret=$?
35+
36+ if [ "$(dpkg-vendor --query Vendor)-$(dpkg --print-architecture)" = "Ubuntu-armhf" ]; then
37+ echo "WARNING: failed to perform apparmor command: $*" >&2
38+ echo "On armhf and Ubuntu DEP8 infrastructure, this is not a fatal error." >&2
39+ echo "See LP: #2008393 for details." >&2
40+ return 0
41+ fi
42+
43+ echo "apparmor command failed: $*" >&2
44+ exit $_ret
45+}
46+
47+
48 # Clean up on exit
49 cleanup() {
50 echo "$script: cleaning up..."
51 service nslcd stop || true
52 service pynslcd stop || true
53+ if [ "$apparmor_enabled" = true ]; then
54+ echo "$script: restoring apparmor config for slapd..."
55+ rm /etc/apparmor.d/local/usr.sbin.slapd
56+ [ -f $tmpslapd/apparmor.bak ] && mv $tmpslapd/apparmor.bak /etc/apparmor.d/local/usr.sbin.slapd
57+ _apparmor_check apparmor_parser -W -T -r /etc/apparmor.d/usr.sbin.slapd
58+ fi
59 [ -n "$tmpslapd" ] && tests/setup_slapd.sh "$tmpslapd" clean
60 echo "$script: restoring configuration..."
61 if [ -n "$bkdir" ]
62@@ -71,10 +100,19 @@ tests/testenv.sh nss_enable \
63
64 # configure PAM?
65
66-# configure and start slapd
67+# set up test environment
68 echo "$script: setting up test slapd..."
69 tmpslapd=`mktemp -d -t slapd.XXXXXX`
70 tests/setup_slapd.sh "$tmpslapd" setup
71+# if apparmor is used, allow access to test directory
72+if [ "$apparmor_enabled" = true ]; then
73+ # this directory is like /etc/slapd
74+ echo "$script: backing up and replacing apparmor config for slapd..."
75+ [ -f /etc/apparmor.d/local/usr.sbin.slapd ] && mv /etc/apparmor.d/local/usr.sbin.slapd $tmpslapd/apparmor.bak
76+ echo "$tmpslapd/** kwr," >> /etc/apparmor.d/local/usr.sbin.slapd
77+ _apparmor_check apparmor_parser -W -T -r /etc/apparmor.d/usr.sbin.slapd
78+fi
79+# configure and start slapd
80 tests/setup_slapd.sh "$tmpslapd" start
81
82 # set up nslcd.conf

Subscribers

People subscribed via source and target branches