Ubuntu
python-ldap package

Merge ~jj/ubuntu/+source/python-ldap:lp2130351-autopkgtest-apparmor into ubuntu/+source/python-ldap:ubuntu/devel

  1. Git
  2. lp:~jj/ubuntu/+source/python-ldap
  3. lp2130351-autopkgtest-apparmor
  4. Merge into ubuntu/devel
Proposed by Jonas Jelten
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 95bbc07e0f21947c1342c204435d787e88c2c712
Merged at revision: 95bbc07e0f21947c1342c204435d787e88c2c712
Proposed branch: ~jj/ubuntu/+source/python-ldap:lp2130351-autopkgtest-apparmor
Merge into: ubuntu/+source/python-ldap:ubuntu/devel
Diff against target: 135 lines (+78/-2)
6 files modified
debian/changelog (+9/-0)
debian/control (+2/-1)
debian/tests/apparmor.sh (+58/-0)
debian/tests/control (+1/-1)
debian/tests/startserver (+4/-0)
debian/tests/upstream (+4/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Andreas Hasenack Approve
Canonical Server Reporter Pending
Review via email: mp+496113@code.launchpad.net

Description of the change

fix for bug #2130351
ppa: https://launchpad.net/~jj/+archive/ubuntu/lp2119884-openldap-fix-apparmor/

  - python-ldap: resolute/python-ldap/3.4.4-2ubuntu1~ppa4 [amd64]
    + ✅ python-ldap on resolute for amd64 @ 17.11.25 11:53:01 Log️ 🗒️
  - python-ldap: resolute/python-ldap/3.4.4-2ubuntu1~ppa4 [arm64]
    + ✅ python-ldap on resolute for arm64 @ 17.11.25 11:53:53 Log️ 🗒️
  - python-ldap: resolute/python-ldap/3.4.4-2ubuntu1~ppa4 [armhf]
    + ❌ python-ldap on resolute for armhf @ 17.11.25 11:55:05 Log️ 🗒️
      • upstream FAIL 🟥
      • startserver FAIL 🟥
  - python-ldap: resolute/python-ldap/3.4.4-2ubuntu1~ppa4 [i386]
    + ❌ python-ldap on resolute for i386 @ 17.11.25 11:52:53 Log️ 🗒️
      • 76s FAIL 🟥
      • 76s FAIL 🟥
      • 76s FAIL 🟥
  - python-ldap: resolute/python-ldap/3.4.4-2ubuntu1~ppa4 [ppc64el]
    + ✅ python-ldap on resolute for ppc64el @ 17.11.25 11:53:17 Log️ 🗒️
  - python-ldap: resolute/python-ldap/3.4.4-2ubuntu1~ppa4 [riscv64]
    + ⛔ python-ldap on resolute for riscv64 @ 17.11.25 12:01:24 Log️ 🗒️
      • testbed BAD ⛔
  - python-ldap: resolute/python-ldap/3.4.4-2ubuntu1~ppa4 [s390x]
    + ✅ python-ldap on resolute for s390x @ 17.11.25 11:53:21 Log️ 🗒️

armhf fails because apparmor can't be accessed, i386 has failed in previous releases.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

What happens if you just ignore the apparmor_parser exit status, like we do already in other cases, like d/t/slapd[1] from src:openldap? Does the test pass?

Incidentally, we should probably standardize on this, as other tests even in openldap use different code to skip apparmor failures on armhf (like d/t/smbk5pwd). But that's for another time.

1. https://git.launchpad.net/ubuntu/+source/openldap/tree/debian/tests/slapd#n23

review: Needs Information
Revision history for this message
Jonas Jelten (jj) wrote (last edit ):

I've uploaded ubuntu2~ppa1 with isolation-machine restriction, let's see how this goes (likely the test is just skipped).

I agree we should standartize to this - the bug to resolve this in properly is #2008393 I'd say.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

There is no support for isolation-machine on armhf, the test will just be skipped then.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

As discussed in standup, the suggestion is to take the same approach as the openldap package[1] and just ignore the apparmor error (with a warning) if running on ubuntu-armhf. Then please remove the isolation-machine test restriction.

1. https://git.launchpad.net/ubuntu/+source/openldap/tree/debian/tests/slapd#n23

Revision history for this message
Jonas Jelten (jj) wrote :

added a function for allowing apparmor commands to fail if on Ubuntu+armhf

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Comments inline.

Revision history for this message
Jonas Jelten (jj) wrote :

simplified the function to not use a temp dir.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

needs-sudo restriction

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Looks good, +1 after adding the restriction.

Revision history for this message
Jonas Jelten (jj) wrote :

added the needs-sudo-restriction, thx.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The ppa9 upload of python-ldap has a couple of build failures without logs, typical of an infrastructure problem. I can't retry them, because I don't own the ppa. I triggered a new dep8 run, but I don't think it will find the ppa9 package published because of the FTBFS.

Since this is a devel upload, I'll go ahead and sponsor. If the real migration hits problems, we'll just fix them.

+1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, jj
Uploaders: ahasenack
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Sponsored:
Uploading python-ldap_3.4.4-2ubuntu1.dsc
Uploading python-ldap_3.4.4-2ubuntu1.debian.tar.xz
Uploading python-ldap_3.4.4-2ubuntu1_source.buildinfo
Uploading python-ldap_3.4.4-2ubuntu1_source.changes

Revision history for this message
Andreas Hasenack (ahasenack) wrote (last edit ):

 84s allowing /tmp/autopkgtest.1r6Pve/autopkgtest_tmp in apparmor...
 84s reverting apparmor adjustments...
 84s /tmp/autopkgtest.1r6Pve/build.KCc/src/debian/tests/upstream: 54: cannot create /etc/apparmor.d/local/usr.sbin.slapd: Permission denied
 84s rm: cannot remove '/etc/apparmor.d/local/usr.sbin.slapd': No such file or directory
 84s autopkgtest [18:16:34]: test upstream: -----------------------]

This needs root/sudo:

        # this directory is like /etc/slapd
        echo "allowing $_apparmor_allowdir in apparmor..."
        echo "$_apparmor_allowdir/** kwr," >> /etc/apparmor.d/local/usr.sbin.slapd

Well, too late now, it's uploaded. New PR and new bug is needed.

Revision history for this message
Jonas Jelten (jj) wrote :

new MR with fix at: https://code.launchpad.net/~jj/ubuntu/+source/python-ldap/+git/python-ldap/+merge/497057

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index ed43841..b543b15 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+python-ldap (3.4.4-2ubuntu1) resolute; urgency=medium
7+
8+ * d/t/{startserver,upstream}: fix slapd apparmor access to test directory
9+ (LP: #2130351)
10+ - d/t/apparmor.sh: ignore apparmor control failures on Ubuntu+armhf
11+ (LP: #2008393)
12+
13+ -- Jonas Jelten <jonas.jelten@canonical.com> Tue, 11 Nov 2025 17:53:15 +0100
14+
15 python-ldap (3.4.4-2) unstable; urgency=medium
16
17 * Team Upload
18diff --git a/debian/control b/debian/control
19index 0f8c0af..3b9c487 100644
20--- a/debian/control
21+++ b/debian/control
22@@ -1,7 +1,8 @@
23 Source: python-ldap
24 Section: python
25 Priority: optional
26-Maintainer: Debian Python Team <team+python@tracker.debian.org>
27+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
28+XSBC-Original-Maintainer: Debian Python Team <team+python@tracker.debian.org>
29 Uploaders:
30 Willem van den Akker <wvdakker@wilsoft.nl>,
31 Michael Fladischer <fladi@debian.org>,
32diff --git a/debian/tests/apparmor.sh b/debian/tests/apparmor.sh
33new file mode 100644
34index 0000000..7308195
35--- /dev/null
36+++ b/debian/tests/apparmor.sh
37@@ -0,0 +1,58 @@
38+# apparmor profile adjustments during testing
39+
40+if command -v aa-enabled > /dev/null; then
41+ apparmor_enabled=$(test "$(aa-enabled)" = "Yes" && echo true || echo false)
42+else
43+ apparmor_enabled=false
44+fi
45+
46+_apparmor_check() {
47+ # allow command to fail if running on Ubuntu-armhf (due to LP: #2008393)
48+ "$@" && return 0
49+ _ret=$?
50+
51+ if [ "$(dpkg-vendor --query Vendor)-$(dpkg --print-architecture)" = "Ubuntu-armhf" ]; then
52+ echo "WARNING: failed to perform apparmor command: $*" >&2
53+ echo "On armhf and Ubuntu DEP8 infrastructure, this is not a fatal error." >&2
54+ echo "See LP: #2008393 for details." >&2
55+ return 0
56+ fi
57+
58+ echo "apparmor command failed: $*" >&2
59+ exit $_ret
60+}
61+
62+_apparmor_cleanup() {
63+ if [ "$apparmor_enabled" = true ]; then
64+ echo "reverting apparmor adjustments..."
65+ sudo rm /etc/apparmor.d/local/usr.sbin.slapd
66+
67+ if [ -f /etc/apparmor.d/local/usr.sbin.slapd.bak ]; then
68+ sudo mv /etc/apparmor.d/local/usr.sbin.slapd.bak /etc/apparmor.d/local/usr.sbin.slapd
69+ fi
70+
71+ _apparmor_check sudo apparmor_parser -W -T -r /etc/apparmor.d/usr.sbin.slapd
72+ fi
73+}
74+
75+apparmor_setup() {
76+ # if apparmor is used, allow access to test directory
77+ if [ "$apparmor_enabled" = true ]; then
78+ _apparmor_allowdir=$1
79+ if [ -z "$_apparmor_allowdir" ]; then
80+ echo "no directory to allow given to apparmor_setup"
81+ exit 1
82+ fi
83+ trap "_apparmor_cleanup" EXIT
84+
85+ if [ -f /etc/apparmor.d/local/usr.sbin.slapd ]; then
86+ sudo mv /etc/apparmor.d/local/usr.sbin.slapd /etc/apparmor.d/local/usr.sbin.slapd.bak
87+ fi
88+
89+ # this directory is like /etc/slapd
90+ echo "allowing $_apparmor_allowdir in apparmor..."
91+ echo "$_apparmor_allowdir/** kwr," >> /etc/apparmor.d/local/usr.sbin.slapd
92+
93+ _apparmor_check sudo apparmor_parser -W -T -r /etc/apparmor.d/usr.sbin.slapd
94+ fi
95+}
96diff --git a/debian/tests/control b/debian/tests/control
97index adad8c0..dd2e537 100644
98--- a/debian/tests/control
99+++ b/debian/tests/control
100@@ -5,4 +5,4 @@ Depends:
101 slapd,
102 @,
103 @builddeps@,
104-Restrictions: allow-stderr
105+Restrictions: allow-stderr, needs-sudo
106diff --git a/debian/tests/startserver b/debian/tests/startserver
107index 17f0ed3..3259dec 100644
108--- a/debian/tests/startserver
109+++ b/debian/tests/startserver
110@@ -2,6 +2,10 @@
111
112 set -e
113
114+. debian/tests/apparmor.sh
115+
116+apparmor_setup ${AUTOPKGTEST_TMP}
117+
118 cd ${AUTOPKGTEST_TMP}
119 for p in $(py3versions -s); do
120 $p -c "import slapdtest; server = slapdtest.SlapdObject(); server.start(); assert server.port > 0 and server.port < 65536; server.stop()"
121diff --git a/debian/tests/upstream b/debian/tests/upstream
122index ec5712b..c8e1513 100644
123--- a/debian/tests/upstream
124+++ b/debian/tests/upstream
125@@ -2,6 +2,10 @@
126
127 set -e
128
129+. debian/tests/apparmor.sh
130+
131+apparmor_setup ${AUTOPKGTEST_TMP}
132+
133 cp -r Tests ${AUTOPKGTEST_TMP}
134 cd ${AUTOPKGTEST_TMP}
135 for p in $(py3versions -s); do

Subscribers

People subscribed via source and target branches