Ubuntu
ubuntu-fan package

Merge ~sergiodj/ubuntu/+source/ubuntu-fan:fix-https-proxy-focal into ubuntu/+source/ubuntu-fan:ubuntu/focal-devel

  1. Git
  2. lp:~sergiodj/ubuntu/+source/ubuntu-fan
  3. fix-https-proxy-focal
  4. Merge into ubuntu/focal-devel
Proposed by Sergio Durigan Junior
Status: Merged
Merged at revision: 46dfb7ee22d6172acfaedd213338b62cc3a8fa3a
Proposed branch: ~sergiodj/ubuntu/+source/ubuntu-fan:fix-https-proxy-focal
Merge into: ubuntu/+source/ubuntu-fan:ubuntu/focal-devel
Diff against target: 53 lines (+16/-5)
2 files modified
debian/changelog (+7/-0)
debian/tests/docker (+9/-5)
Reviewer Review Type Date Requested Status
Andy Whitcroft (community) Approve
Lucas Kanashiro (community) Approve
Canonical Server Pending
Review via email: mp+419148@code.launchpad.net

Description of the change

This MP fixes ubuntu-fan's "docker" dep8 test and makes it properly set the $https_proxy environment variable when running on autopkgtest.u.c.

This is the MP for Focal.

This problem came to our attention when the docker.io upload got blocked on Focal due to ubuntu-fan's failure to "docker pull" the Ubuntu image while running the aforementioned test. The problem is only reproducible when we run the test in the infrastructure, so it took a long time to debug. The interesting part is that this code has been like this forever, and although we can see some random failures in the past, for the most part it worked fine. I believe there was a recent change on docker.io that uncover this issue once and for all, and now we should fix it.

You can find a PPA with the proposed changes here:

https://launchpad.net/~sergiodj/+archive/ubuntu/ubuntu-fan-proxy-fix

You can take a look at the autopkgtest results attached to the PPA (ran against -proposed in order to use the docker.io that's blocked):

https://autopkgtest.ubuntu.com/results/autopkgtest-focal-sergiodj-ubuntu-fan-proxy-fix/?format=plain

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for working on this Sergio! Since all tests are passing the behavior seems OK in the autopkgtest infrastructure.

The only thing I think we might want to change here is the version string. Instead of using 0.12.14~20.04.1 I'd propose version 0.12.13ubuntu0.1. I understand you tried to avoid 'ubuntu' in the version string because this is a Ubuntu only package, but according to this security team wiki page [1], a native package should be appended by 'ubuntu0.1' in case we do not have the same version in more than one release (which is the case here). Usually, when I see "~xx.yy.z", where xx.yy is the Ubuntu release, this is a backport of a package in a newer series. WDYT?

[1] https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation

review: Needs Information
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Monday, April 11 2022, Lucas Kanashiro wrote:

> Thanks for working on this Sergio! Since all tests are passing the behavior seems OK in the autopkgtest infrastructure.

Thanks for the review, Lucas.

> The only thing I think we might want to change here is the version
> string. Instead of using 0.12.14~20.04.1 I'd propose version
> 0.12.13ubuntu0.1. I understand you tried to avoid 'ubuntu' in the
> version string because this is a Ubuntu only package, but according to
> this security team wiki page [1], a native package should be appended
> by 'ubuntu0.1' in case we do not have the same version in more than
> one release (which is the case here). Usually, when I see "~xx.yy.z",
> where xx.yy is the Ubuntu release, this is a backport of a package in
> a newer series. WDYT?
>
> [1] https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation

I was also unsure about the version to be used here. I looked at
ubuntu-fan's publishing history on LP and thought it made sense to use
"~xx.yy.z" as the suffix, but I also understand where you're coming from
when you suggest "ubuntu0.1".

I don't have a strong opinion regarding this, so I've gladly changed the
version to be 0.12.13ubuntu0.1 instead.

Thanks,

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks Sergio, LGTM.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Monday, April 11 2022, Lucas Kanashiro wrote:

> Thanks Sergio, LGTM.

Thanks, Lucas.

Uploaded:

$ dput ubuntu-fan_0.12.13ubuntu0.1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/ubuntu-fan/ubuntu-fan_0.12.13ubuntu0.1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/ubuntu-fan/ubuntu-fan_0.12.13ubuntu0.1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-fan_0.12.13ubuntu0.1.dsc: done.
  Uploading ubuntu-fan_0.12.13ubuntu0.1.tar.xz: done.
  Uploading ubuntu-fan_0.12.13ubuntu0.1_source.buildinfo: done.
  Uploading ubuntu-fan_0.12.13ubuntu0.1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Andy Whitcroft (apw) wrote :

Yeah, crashed into that elsewhere.

+1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 8d2628c..fa5a9f8 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+ubuntu-fan (0.12.13ubuntu0.1) focal; urgency=medium
7+
8+ * d/t/docker: Don't use "https://" for $https_proxy. Set
9+ HTTPS_PROXY for docker.service as well. (LP: #1968387)
10+
11+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 08 Apr 2022 21:11:32 -0400
12+
13 ubuntu-fan (0.12.13) eoan; urgency=medium
14
15 * d/t/control: Fix missing dependencies for autopkgtests (LP: #1832238)
16diff --git a/debian/tests/docker b/debian/tests/docker
17index 9fa160b..94c7227 100644
18--- a/debian/tests/docker
19+++ b/debian/tests/docker
20@@ -11,15 +11,15 @@ https_proxy=""
21 if echo "" | nc -w 2 squid.internal 3128 >/dev/null 2>&1; then
22 INFO="Running in the Canonical CI environment"
23 http_proxy="http://squid.internal:3128"
24- https_proxy="https://squid.internal:3128"
25+ https_proxy="http://squid.internal:3128"
26 elif echo "" | nc -w 2 10.245.64.1 3128 >/dev/null 2>&1; then
27 INFO="Running in the Canonical enablement environment"
28 http_proxy="http://10.245.64.1:3128"
29- https_proxy="https://10.245.64.1:3128"
30+ https_proxy="http://10.245.64.1:3128"
31 elif echo "" | nc -w 2 91.189.89.216 3128 >/dev/null 2>&1; then
32 INFO="Running in the Canonical enablement environment"
33 http_proxy="http://91.189.89.216:3128"
34- https_proxy="https://91.189.89.216:3128"
35+ https_proxy="http://91.189.89.216:3128"
36 fi
37 export http_proxy
38 export https_proxy
39@@ -36,8 +36,12 @@ if [ -n "$http_proxy" ]; then
40 if [ ! -d /etc/systemd/system/docker.service.d ]; then
41 mkdir /etc/systemd/system/docker.service.d
42 fi
43- echo -ne "[Service]\nEnvironment=\"HTTP_PROXY=$http_proxy\"\n" \
44- >/etc/systemd/system/docker.service.d/http-proxy.conf
45+ cat > /etc/systemd/system/docker.service.d/http-proxy.conf << _EOF_
46+[Service]
47+Environment="HTTP_PROXY=$http_proxy"
48+Environment="HTTPS_PROXY=$https_proxy"
49+_EOF_
50+
51 systemctl daemon-reload
52 systemctl restart docker.service
53 fi

Subscribers

People subscribed via source and target branches