Ubuntu
nss-pam-ldapd package

Merge ~jj/ubuntu/+source/nss-pam-ldapd:lp2130351-autopkgtest-apparmor into ubuntu/+source/nss-pam-ldapd:ubuntu/devel

  1. Git
  2. lp:~jj/ubuntu/+source/nss-pam-ldapd
  3. lp2130351-autopkgtest-apparmor
  4. Merge into ubuntu/devel
Proposed by Jonas Jelten
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 6d29f7b80ca5ecd37f01ee09b1e4a8911fc71287
Merged at revision: 6d29f7b80ca5ecd37f01ee09b1e4a8911fc71287
Proposed branch: ~jj/ubuntu/+source/nss-pam-ldapd:lp2130351-autopkgtest-apparmor
Merge into: ubuntu/+source/nss-pam-ldapd:ubuntu/devel
Diff against target: 82 lines (+47/-1)
2 files modified
debian/changelog (+8/-0)
debian/tests/testsuite (+39/-1)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+496111@code.launchpad.net

Description of the change

fix for bug #2130351
ppa: https://launchpad.net/~jj/+archive/ubuntu/lp2119884-openldap-fix-apparmor/

  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [amd64]
    + ✅ nss-pam-ldapd on resolute for amd64 @ 17.11.25 11:54:41 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [arm64]
    + ✅ nss-pam-ldapd on resolute for arm64 @ 17.11.25 11:56:45 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [armhf]
    + ❌ nss-pam-ldapd on resolute for armhf @ 17.11.25 11:57:55 Log️ 🗒️
      • testsuite FAIL 🟥
      • testsuite FLAKY 🟫
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [i386]
    + ❌ nss-pam-ldapd on resolute for i386 @ 17.11.25 11:54:00 Log️ 🗒️
      • testsuite FAIL 🟥
      • testsuite FAIL 🟥
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [ppc64el]
    + ✅ nss-pam-ldapd on resolute for ppc64el @ 17.11.25 11:56:40 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [riscv64]
    + ⛔ nss-pam-ldapd on resolute for riscv64 @ 17.11.25 12:11:46 Log️ 🗒️
      • testbed BAD ⛔
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu1~ppa5 [s390x]
    + ✅ nss-pam-ldapd on resolute for s390x @ 17.11.25 11:55:37 Log️ 🗒️

armhf fails because apparmor can't be accessed, i386 has always failed.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

What happens if you just ignore the apparmor_parser exit status, like we do already in other cases, like d/t/slapd[1] from src:openldap? Does the test pass?

Incidentally, we should probably standardize on this, as other tests even in openldap use different code to skip apparmor failures on armhf (like d/t/smbk5pwd). But that's for another time.

1. https://git.launchpad.net/ubuntu/+source/openldap/tree/debian/tests/slapd#n23

review: Needs Information
Revision history for this message
Jonas Jelten (jj) wrote (last edit ):

I've uploaded ubuntu2~ppa1 with isolation-machine restriction, let's see how this goes (likely the test is just skipped).

I agree we should standartize to this - the bug to resolve this in properly is #2008393 I'd say.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

There is no support for isolation-machine on armhf, the test will just be skipped then.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

As discussed in standup, the suggestion is to take the same approach as the openldap package[1] and just ignore the apparmor error (with a warning) if running on ubuntu-armhf. Then please remove the isolation-machine test restriction.

1. https://git.launchpad.net/ubuntu/+source/openldap/tree/debian/tests/slapd#n23

Revision history for this message
Jonas Jelten (jj) wrote :

added a function for allowing apparmor commands to fail if on Ubuntu+armhf

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Please make sure the ppa has the latest update from the branch, and that autopkgtests have run.

Revision history for this message
Jonas Jelten (jj) wrote :

now all incl armhf pass :)

  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [amd64]
    + ✅ nss-pam-ldapd on resolute for amd64 @ 08.12.25 14:09:49 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [arm64]
    + ✅ nss-pam-ldapd on resolute for arm64 @ 08.12.25 14:11:34 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [armhf]
    + ✅ nss-pam-ldapd on resolute for armhf @ 08.12.25 14:13:03 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [i386]
    + ❌ nss-pam-ldapd on resolute for i386 @ 08.12.25 14:09:19 Log️ 🗒️
      • testsuite FAIL 🟥
      • testsuite FAIL 🟥
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [ppc64el]
    + ✅ nss-pam-ldapd on resolute for ppc64el @ 08.12.25 14:12:28 Log️ 🗒️
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa2 [riscv64]
    + ⛔ nss-pam-ldapd on resolute for riscv64 @ 04.12.25 00:44:27 Log️ 🗒️
      • testbed BAD ⛔
  - nss-pam-ldapd: resolute/nss-pam-ldapd/0.9.13-2ubuntu2~ppa3 [s390x]
    + ✅ nss-pam-ldapd on resolute for s390x @ 08.12.25 14:13:30 Log️ 🗒️

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Sponsored:

Uploading nss-pam-ldapd_0.9.13-2ubuntu2.dsc
Uploading nss-pam-ldapd_0.9.13-2ubuntu2.debian.tar.xz
Uploading nss-pam-ldapd_0.9.13-2ubuntu2_source.buildinfo
Uploading nss-pam-ldapd_0.9.13-2ubuntu2_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 3084fe8..2fa2b4f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
1nss-pam-ldapd (0.9.13-2ubuntu2) resolute; urgency=medium
2
3 * d/t/testsuite: fix slapd apparmor access to test directory (LP: #2130351)
4 - d/t/apparmor.sh: ignore apparmor control failures on Ubuntu+armhf
5 (LP: #2008393)
6
7 -- Jonas Jelten <jonas.jelten@canonical.com> Wed, 12 Nov 2025 16:42:10 +0100
8
1nss-pam-ldapd (0.9.13-2ubuntu1) resolute; urgency=medium9nss-pam-ldapd (0.9.13-2ubuntu1) resolute; urgency=medium
210
3 * d/control: Recommends: networkd-dispatcher (LP: #2132159)11 * d/control: Recommends: networkd-dispatcher (LP: #2132159)
diff --git a/debian/tests/testsuite b/debian/tests/testsuite
index 0e070a0..1370943 100755
--- a/debian/tests/testsuite
+++ b/debian/tests/testsuite
@@ -38,11 +38,40 @@ service unscd stop || true
38# temporary file to keep nslcd debug output38# temporary file to keep nslcd debug output
39nslcd_debug_log=`mktemp -t nslcd.debug.log.XXXXXX`39nslcd_debug_log=`mktemp -t nslcd.debug.log.XXXXXX`
4040
41if [ "$(aa-enabled 2> /dev/null)" = "Yes" ]; then
42 apparmor_enabled="true"
43else
44 apparmor_enabled="false"
45fi
46
47_apparmor_check() {
48 # allow command to fail if running on Ubuntu-armhf (due to LP: #2008393)
49 "$@" && return 0
50 _ret=$?
51
52 if [ "$(dpkg-vendor --query Vendor)-$(dpkg --print-architecture)" = "Ubuntu-armhf" ]; then
53 echo "WARNING: failed to perform apparmor command: $*" >&2
54 echo "On armhf and Ubuntu DEP8 infrastructure, this is not a fatal error." >&2
55 echo "See LP: #2008393 for details." >&2
56 return 0
57 fi
58
59 echo "apparmor command failed: $*" >&2
60 exit $_ret
61}
62
63
41# Clean up on exit64# Clean up on exit
42cleanup() {65cleanup() {
43 echo "$script: cleaning up..."66 echo "$script: cleaning up..."
44 service nslcd stop || true67 service nslcd stop || true
45 service pynslcd stop || true68 service pynslcd stop || true
69 if [ "$apparmor_enabled" = true ]; then
70 echo "$script: restoring apparmor config for slapd..."
71 rm /etc/apparmor.d/local/usr.sbin.slapd
72 [ -f $tmpslapd/apparmor.bak ] && mv $tmpslapd/apparmor.bak /etc/apparmor.d/local/usr.sbin.slapd
73 _apparmor_check apparmor_parser -W -T -r /etc/apparmor.d/usr.sbin.slapd
74 fi
46 [ -n "$tmpslapd" ] && tests/setup_slapd.sh "$tmpslapd" clean75 [ -n "$tmpslapd" ] && tests/setup_slapd.sh "$tmpslapd" clean
47 echo "$script: restoring configuration..."76 echo "$script: restoring configuration..."
48 if [ -n "$bkdir" ]77 if [ -n "$bkdir" ]
@@ -71,10 +100,19 @@ tests/testenv.sh nss_enable \
71100
72# configure PAM?101# configure PAM?
73102
74# configure and start slapd103# set up test environment
75echo "$script: setting up test slapd..."104echo "$script: setting up test slapd..."
76tmpslapd=`mktemp -d -t slapd.XXXXXX`105tmpslapd=`mktemp -d -t slapd.XXXXXX`
77tests/setup_slapd.sh "$tmpslapd" setup106tests/setup_slapd.sh "$tmpslapd" setup
107# if apparmor is used, allow access to test directory
108if [ "$apparmor_enabled" = true ]; then
109 # this directory is like /etc/slapd
110 echo "$script: backing up and replacing apparmor config for slapd..."
111 [ -f /etc/apparmor.d/local/usr.sbin.slapd ] && mv /etc/apparmor.d/local/usr.sbin.slapd $tmpslapd/apparmor.bak
112 echo "$tmpslapd/** kwr," >> /etc/apparmor.d/local/usr.sbin.slapd
113 _apparmor_check apparmor_parser -W -T -r /etc/apparmor.d/usr.sbin.slapd
114fi
115# configure and start slapd
78tests/setup_slapd.sh "$tmpslapd" start116tests/setup_slapd.sh "$tmpslapd" start
79117
80# set up nslcd.conf118# set up nslcd.conf

Subscribers

People subscribed via source and target branches