Your message dated Thu, 8 Aug 2024 09:49:39 +0100
with message-id <zrsgo9h1u4q4o...@remnant.pseudorandom.co.uk>
and subject line Re: Bug#1033147: accountsservice: autopkgtest fails when using
a bookworm kernel
has caused the Debian Bug report #1033147,
regarding accountsservice: autopkgtest regression: times out when run on
bookworm kernel
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1033147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033147
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: accountsservice
Version: 22.08.8-6
Severity: serious
Control: tags -1 bookworm-ignore
User: debian...@lists.debian.org
Usertags: timeout
Dear maintainer(s),
Your package has an autopkgtest, great. However, it fails when run on a
bookworm kernel. Last month I started to upgrade the workers of
ci.debian.net on some architectures. The architectures that I upgraded
now fail with a timeout. I could reproduce the issue on amd64 locally (I
run bookworm) while on ci.d.n it still passes (amd64 on ci.d.n still
runs bullseye). Please let me know if you have difficulty getting
information from the test and you want me to extract something from the
testbed.
The release team has announced [1] that failing autopkgtest on amd64 and
arm64 are considered RC in testing. [Release Team member hat on] Because
we're currently in the hard freeze for bookworm, I have marked this bug
as bookworm-ignore. Targeted fixes are still welcome.
More information about this bug and the reason for filing it can be
found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
Paul
[1] https://lists.debian.org/debian-devel-announce/2019/07/msg00002.html
https://ci.debian.net/data/autopkgtest/testing/arm64/a/accountsservice/32778735/log.gz
autopkgtest [22:30:43]: test pygi.py: [-----------------------
autopkgtest [01:17:24]: ERROR: timed out on command "su -s /bin/bash
debci -c set -e; export USER=`id -nu`; . /etc/profile >/dev/null 2>&1 ||
true; . ~/.profile >/dev/null 2>&1 || true;
buildtree="/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/build.ItQ/src"; mkdir
-p -m 1777 -- "/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/pygi.py-artifacts";
export
AUTOPKGTEST_ARTIFACTS="/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/pygi.py-artifacts";
export ADT_ARTIFACTS="$AUTOPKGTEST_ARTIFACTS"; mkdir -p -m 755
"/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/autopkgtest_tmp"; export
AUTOPKGTEST_TMP="/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/autopkgtest_tmp";
export ADTTMP="$AUTOPKGTEST_TMP"; export DEBIAN_FRONTEND=noninteractive;
export LANG=C.UTF-8; export DEB_BUILD_OPTIONS=parallel=4; unset LANGUAGE
LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
LC_IDENTIFICATION LC_ALL;cd "$buildtree"; chmod +x
/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/build.ItQ/src/debian/tests/pygi.py;
exec /tmp/autopkgtest-lxc.cjt8dc2h/downtmp/wrapper.sh
--script-pid-file=/tmp/autopkgtest_script_pid
--stderr=/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/pygi.py-stderr
--stdout=/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/pygi.py-stdout --
/tmp/autopkgtest-lxc.cjt8dc2h/downtmp/build.ItQ/src/debian/tests/pygi.py
;" (kind: test)
autopkgtest [01:17:24]: test pygi.py: -----------------------]
OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
On Thu, 08 Aug 2024 at 08:28:04 +0200, Paul Gevers wrote:
> I confirm that on ci.d.n the test in unstable now passes on a bookworm
> kernel on amd64, armel, armhf, i386 and ppc64el and I have lifted the block.
> The other architectures don't run on a bookworm kernel, but I assume those
> would be fine too. So, from my point of view it's fine to close this bug.
Thanks, doing so now.
There is a genuine bug in accountsservice's debian/tests/, which is
that it doesn't declare the isolation-container restriction; but that
doesn't affect a-v-lxc, a-v-qemu, or a-v-podman --init, only a-v-podman
without --init, and the fix is so easy that I'm going to team-upload it
instead of reporting the bug separately.
> > The test failure I saw under a-v-podman is concerning, but probably
> > ought to be a separate bug report
This turns out to be #1078205 in systemd.
>From the accountsservice side, I'm testing a workaround that can be
included in accountsservice's tests (gracefully skipping integration.py
if we don't have CAP_SYS_ADMIN in the capability bounding set).
>From the autopkgtest/debci side, if it's consistent with debci's security
model, running the test with
autopkgtest ... -- podman --init autopkgtest/systemd/debian:sid --
--cap-add=CAP_SYS_ADMIN
instead of just
autopkgtest ... -- podman --init autopkgtest/systemd/debian:sid
should provide the same coverage as with lxc. (It would probably be best
to check with the podman team what the security impact of that option is -
I'm unsure whether it implies a sandbox escape, or whether it just weakens
hardening.)
smcv
--- End Message ---
