Ubuntu
libvirt package

Merge ~paelzer/ubuntu/+source/libvirt:lp-1927519-profile-recreate-bionic into ubuntu/+source/libvirt:ubuntu/bionic-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/libvirt
  3. lp-1927519-profile-recreate-bionic
  4. Merge into ubuntu/bionic-devel
Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: 9c086c0ddf27e0b048710f00d1f80f755c274f06
Proposed branch: ~paelzer/ubuntu/+source/libvirt:lp-1927519-profile-recreate-bionic
Merge into: ubuntu/+source/libvirt:ubuntu/bionic-devel
Diff against target: 176 lines (+148/-0)
4 files modified
debian/changelog (+9/-0)
debian/patches/series (+2/-0)
debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch (+71/-0)
debian/patches/ubuntu/skip-new-pdwtags.patch (+66/-0)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Canonical Server Pending
git-ubuntu import Pending
Review via email: mp+412064@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4717

~paelzer/ubuntu/+source/libvirt:lp-1927519-profile-recreate-bionic updated
99b5598... by Christian Ehrhardt 

changelog: avoid issues with backported dwarves 1.21 (LP: #1951438)

Signed-off-by: Christian Ehrhardt <email address hidden>

6303b66... by Christian Ehrhardt 

d/p/u/skip-new-pdwtags.patch: avoid issues with backported dwarves 1.21 (LP: #1951438)

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Christian.

I'm OK with the change (it's exactly the same as the one proposed in the other MPs), but I'm seeing two build failures on the PPA: amd64 and i386. I don't think they're related, and I took the liberty to retrigger them, but I will wait until we know for sure before I approve this. Also, as with the other MPs, autopkgtest hasn't run for this one yet.

review: Needs Information
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Both builds failed again, so I will wait for your assessment here before proceeding :-).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Yeah I've seen these as well and worked on them.
It was a present by a backport and a perfect example of a backport meant well but regressing in release.
For some nice details see https://bugs.launchpad.net/ubuntu/+source/dwarves-dfsg/+bug/1951438

I have added a patch that turns this behavior back for libvirt "as it was before" which I have uploaded to the PPA and now pushed to this branch.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI - libvirt - 4.0.0-1ubuntu8.20~bionicppa4 built fine now

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Christian. Two small nits in the new patch, but otherwise LGTM. +1

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libvirt_4.0.0-1ubuntu8.20.dsc: done.
  Uploading libvirt_4.0.0-1ubuntu8.20.debian.tar.xz: done.
  Uploading libvirt_4.0.0-1ubuntu8.20_source.buildinfo: done.
  Uploading libvirt_4.0.0-1ubuntu8.20_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index d84d6e5..9ba6453 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+libvirt (4.0.0-1ubuntu8.20) bionic; urgency=medium
7+
8+ * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch:
9+ avoid issues due to corrupted apparmor profiles (LP: #1927519)
10+ * d/p/u/skip-new-pdwtags.patch: avoid issues with backported
11+ dwarves 1.21 (LP: #1951438)
12+
13+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 18 Nov 2021 10:24:01 +0100
14+
15 libvirt (4.0.0-1ubuntu8.19) bionic; urgency=medium
16
17 * d/p/lp1915811-fix-numa-topology.patch: Fix NUMA topology population for
18diff --git a/debian/patches/series b/debian/patches/series
19index 1c61459..c369509 100644
20--- a/debian/patches/series
21+++ b/debian/patches/series
22@@ -140,3 +140,5 @@ ubuntu/lp-1844455-node_device_conf-Don-t-leak-physical_function.patch
23 ubuntu-aa/lp-1847361-load-versioned-module.patch
24 ubuntu/CVE-2020-10703.patch
25 ubuntu/lp1915811-fix-numa-topology.patch
26+ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
27+ubuntu/skip-new-pdwtags.patch
28diff --git a/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch b/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
29new file mode 100644
30index 0000000..1960a78
31--- /dev/null
32+++ b/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch
33@@ -0,0 +1,71 @@
34+From 4ab33415db31d0e77015bb852cab4a08dd0efd40 Mon Sep 17 00:00:00 2001
35+From: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
36+Date: Tue, 2 Nov 2021 16:04:45 +0200
37+Subject: [PATCH] virt-aa-helper: Purge profile if corrupted
38+MIME-Version: 1.0
39+Content-Type: text/plain; charset=UTF-8
40+Content-Transfer-Encoding: 8bit
41+
42+This commit aims to address the bug reported in [1] and [2].
43+If the profile is corrupted (0-size) the VM cannot be launched.
44+To overcome this, check if the profile exists and if it has 0 size
45+remove it.
46+
47+[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084
48+[2] https://bugs.launchpad.net/bugs/1927519
49+
50+Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
51+Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
52+Reviewed-by: Ján Tomko <jtomko@redhat.com>
53+
54+Origin: backport, https://libvirt.org/git/?p=libvirt.git;a=commit;h=4ab33415db
55+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927519
56+Last-Update: 2021-11-18
57+
58+---
59+ src/security/virt-aa-helper.c | 20 +++++++++++++++++++-
60+ 1 file changed, 19 insertions(+), 1 deletion(-)
61+
62+--- a/src/security/virt-aa-helper.c
63++++ b/src/security/virt-aa-helper.c
64+@@ -1348,6 +1348,8 @@ main(int argc, char **argv)
65+ int rc = -1;
66+ char *profile = NULL;
67+ char *include_file = NULL;
68++ off_t size;
69++ bool purged = 0;
70+
71+ if (virGettextInitialize() < 0 ||
72+ virThreadInitialize() < 0 ||
73+@@ -1402,6 +1404,22 @@ main(int argc, char **argv)
74+ if (ctl->cmd == 'c' && virFileExists(profile))
75+ vah_error(ctl, 1, _("profile exists"));
76+
77++ /*
78++ * Rare cases can leave corrupted empty files behind breaking
79++ * the guest. An empty file is never correct as virt-aa-helper
80++ * would at least add the basic rules, therefore clean this up
81++ * for a proper refresh.
82++ */
83++ if (virFileExists(profile)) {
84++ size = virFileLength(profile, -1);
85++ if (size == 0) {
86++ vah_warning(_("Profile of 0 size detected, will attempt to remove it"));
87++ if ((rc = parserRemove(ctl->uuid) != 0))
88++ vah_error(ctl, 1, _("could not remove profile"));
89++ unlink(profile);
90++ purged = true;
91++ }
92++ }
93+ if (ctl->append && ctl->newfile) {
94+ if (vah_add_file(&buf, ctl->newfile, "rwk") != 0)
95+ goto cleanup;
96+@@ -1450,7 +1468,7 @@ main(int argc, char **argv)
97+
98+
99+ /* create the profile from TEMPLATE */
100+- if (ctl->cmd == 'c') {
101++ if (ctl->cmd == 'c' || purged) {
102+ char *tmp = NULL;
103+ if (virAsprintfQuiet(&tmp, " #include <libvirt/%s.files>\n",
104+ ctl->uuid) == -1) {
105diff --git a/debian/patches/ubuntu/skip-new-pdwtags.patch b/debian/patches/ubuntu/skip-new-pdwtags.patch
106new file mode 100644
107index 0000000..4152871
108--- /dev/null
109+++ b/debian/patches/ubuntu/skip-new-pdwtags.patch
110@@ -0,0 +1,66 @@
111+Description: Skip pdwtags check to avoid FTBFS
112+ This was always skipped in bionic for the original pdwtags being
113+ insufficient. But since the backport of 1.21 it works but the compared
114+ expected output mismatches all over the place.
115+ This might be resolved using other dwaves or reverting it, for now
116+ we let it skip the test as it always had avoiding to re-adapt after
117+ changes to dwarves are done.
118+ .
119+ If we know it will stay as-is we might update the expected output to match
120+ the now aligned content.
121+Forwarded: not-needed
122+X-Not-Forwarded-Reason: Ubuntu specific due to the dwarves backport
123+Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
124+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1951438
125+Last-Update: 2021-11-18
126+--- a/src/Makefile.am
127++++ b/src/Makefile.am
128+@@ -587,47 +587,7 @@ struct_prefix = ($(libs_prefix)|$(other_
129+ # the newest of the two, in case configure options changed and a stale
130+ # file is left around from an earlier build.
131+ PDWTAGS = \
132+- $(AM_V_GEN)if (pdwtags --help) > /dev/null 2>&1; then \
133+- o=`ls -t $(<:.lo=.$(OBJEXT)) \
134+- $(subst /,/.libs/,$(<:.lo=.$(OBJEXT))) \
135+- 2>/dev/null | sed -n 1p`; \
136+- test -f "$$o" || { echo ".o for $< not found" >&2; exit 1; }; \
137+- pdwtags --verbose $$o > $(@F)-t1 2> $(@F)-t2; \
138+- if test ! -s $(@F)-t1 && test -s $(@F)-t2; then \
139+- rm -rf $(@F)-t?; \
140+- echo 'WARNING: pdwtags appears broken; skipping the $@ test' >&2;\
141+- else \
142+- $(PERL) -0777 -n \
143+- -e 'foreach my $$p (split m!\n*(?:$(r1)|$(r2))\n!) {' \
144+- -e ' if ($$p =~ /^(struct|enum) $(struct_prefix)/ ||' \
145+- -e ' $$p =~ /^enum \{/) {' \
146+- -e ' $$p =~ s!\t*/\*.*?\*/!!sg;' \
147+- -e ' $$p =~ s!\s+\n!\n!sg;' \
148+- -e ' $$p =~ s!\s+$$!!;' \
149+- -e ' $$p =~ s!\t! !g;' \
150+- -e ' print "$$p\n";' \
151+- -e ' $$n++;' \
152+- -e ' }' \
153+- -e '}' \
154+- -e 'BEGIN {' \
155+- -e ' print "/* -*- c -*- */\n";' \
156+- -e '}' \
157+- -e 'END {' \
158+- -e ' if ($$n < 1) {' \
159+- -e ' warn "WARNING: your pdwtags program is too old\n";' \
160+- -e ' warn "WARNING: skipping the $@ test\n";' \
161+- -e ' warn "WARNING: install dwarves-1.3 or newer\n";' \
162+- -e ' exit 8;' \
163+- -e ' }' \
164+- -e '}' \
165+- < $(@F)-t1 > $(@F)-t3; \
166+- case $$? in 8) rm -f $(@F)-t?; exit 0;; 0) ;; *) exit 1;; esac;\
167+- diff -u $(@)s $(@F)-t3; st=$$?; rm -f $(@F)-t?; exit $$st; \
168+- fi; \
169+- else \
170+- echo 'WARNING: you lack pdwtags; skipping the $@ test' >&2; \
171+- echo 'WARNING: install the dwarves package to get pdwtags' >&2; \
172+- fi
173++ $(AM_V_GEN) echo 'WARNING: pdwtags 1.12 known to be broken; skipping the $@ test' >&2;
174+
175+ # .libs/libvirt.so is built by libtool as a side-effect of the Makefile
176+ # rule for libvirt.la. However, checking symbols relies on Linux ELF layout

Subscribers

People subscribed via source and target branches