Last status can be found at: Foundations Team Updates - Thursday 04 January 2024

Distro

• Setup debian-installer building container
  • Hit d-i FTBFS, due to usrmerge, https://bugs.debian.org/1060134
  • Install & boot custom UEFI d-i image
• component-mismatch: lxml vs python-cssselect investigation, https://pad.lv/2048760
• investigate removal of dmraid (seeded & Ubiquity recommends)
  • Bug #2048766 “Please remove dmraid from the Ubuntu archive” : Bugs : dmraid package : Ubuntu
  • Merge into noble : ubiquity-drop-dmraid : lp:~slyon/ubuntu-seeds/+git/platform : Git : Code : Ubuntu Seeds
• migration: driving python3-werkzeug forward
  • Bug #2048769 “Adopt to new python-werkzeug 3.0 API” : Bugs : python-werkzeug package : Ubuntu
  • unlocking pytest-httpserver, flask-login, flask-dance
• patch piloting, Patch Pilot Hand-off 24.04 - #45 by slyon
  • systemd-hwe, netdata, rsyslog, ignition-cmake, cryptsetup, gnutls28
• sync python-ulmo after our delta was accepted (cc @ogayot)

Netplan

• review OVS autpkgtest fix, https://github.com/canonical/netplan/pull/431
• review C unittest quirks, https://github.com/canonical/netplan/pull/432
• merge Docs Starter Pack, https://github.com/canonical/netplan/pull/429
• merge Docs Howto cleanup PR, https://github.com/canonical/netplan/pull/430
• review, merge & sponsor netplan.io 0.107.1 (unstable & noble)
• prepare API & ABI drop/cleanup PR, https://github.com/canonical/netplan/pull/400

Misc

• hiring

OpenJDK

TCK-17

• Added support to run individual test targets. There are ~150 significant targets.
• Worked on setting up a VNC server for tests needing DISPLAY. Reduced failure count by 20.
• A few more minor fixes to the scripts brought down the total failure count to 2 (on amd64 and arm64)

Debian openjdk-*

• Fixed a bunch of minor issues in the copyright generator for openjdk (MR # 88)

Java FIPS provider prototype

• Started adding a Java layer to the openssl wrapper written last year
• Added a Java API and tests for DRBGs.

CRaC

• Worked on a prototype for a CRIU package augmented for CRaC. Documented learning here.

Misc

• Adoptium workgroup meeting
• Meeting with Security team to understand their openjdk-11-fips review strategy

out sick a day this week

• sbuild vs dpkg - sbuild autopkgtest correctly discovered a regression in dpkg in terms of the compression level used for zstd (LP: #2048137), which appeared as diffoscope reporting that a file matched what was expected in terms of uncompressed contents but that the compressed bytes were different
• sbuild autopkgtest also a bit broken at the moment due to side effects of restrictions on user namespaces (LP: #2048788) - while I spent some time on this one I don’t have a great answer for what to do about the sbuild ADT, especially as it was useful in finding the above bug
• refamiliarizing myself with cryptoswap work from before break, expect to be opening a curtin MP on this today

Distro

• Followed up on some +1 carryovers
  • Everything for Ubuntu was sponsored.
  • Some Debian NMU diffs still sitting around.
• Fixed ignition-cmake x cmake FTBFS (LP: #2048518)

Boot

• Working on adding the ability to test shims before ms signing

  • Tested modification for shim-signed to build without MS signed shim in a PPA
  • Implemented signature detection in ubuntu-boot-test to figure out if it’s encountering a production key vs PPA key scenario on the fly
  • TODO: update specification with this information

• Initial merge of GRUB 2.12 final for Debian: https://salsa.debian.org/mkukri/grub/

• Miscellaneous bootloader work and testing

Distro

• lomiri-thumbnailer: Synced from Debian after the Ubuntu delta was merged in Debian (see Debian bug #1031508)

Apport

• bug triaging session with @schopin
• feat: support reading report from systemd-coredump
• ci: also measure branch coverage
• test: improve debugging failed test_recent_syslog_overflow
• Reviewed add --minimum-java-release option to the build command
• test: add test_crash_suid_dumpable_debug
• apport: fix UID in report filename for suid programs
• test: make branch coverage report stable
• refactor(ui): simplify symptoms handling in run_symptoms
• Draft: feat(apport): add --from-systemd-coredump

Sponsoring

• Sponsored merge of usrmerge 38ubuntu1 for @ravi-sharma

Patch pilot

• Synced lm-sensors 1:3.6.0-8 from Debian unstable
• Uploaded SRU for elisa to lunar, jammy, focal

proposed migration

• Uploaded pycryptodome 3.20.0+dfsg-1 to Debian unstable to fix Python 3.12 support and autopkgtest on non-x86 architectures

Subiquity

• PR reviews
• spec work
• aiohttp security discussions

Distro

• retriggered autopkgtests for libcgi-application-plugin-authentication-perl to unblock libcgi-pm-perl

socat

• update to new Debian release (LP #2048408)

tang

• fix timeouts in tests (LP #2048479).

U-boot

• investigate options for supporting Lichee Pi4A

installer

• merged probert PR to get NVMe controllers listed in the probert output
• opened curtin MP adding partial support for NVMe-o-TCP drives
• subiquity PR to be opened
• spec work

distro

• dbus
  • 1.14.10-3ubuntu1 : dbus package : Ubuntu now in -proposed. Thanks @tsimonq2 for sponsoring!
  • currently blocked by apport which has failing autokpgtests
  • staged requested changes for next dbus merge in a branch in launchpad
• started investigating netplan.io blocking wpa migration because of autopkgtest failures. Retries don’t see to help. I filed bug 2048388. I also added some debug information to netplan.io testsuite which I uploaded to a PPA.

Go

• Update Go 1.21.6 and 1.20.13 releases. FIPS packages and snap will be updated next day.
• Investigating the Go 1.22 rebuild results. Will try to fix the FTBFS packages next week.

.NET

• preparing 8.0.101/8.0.1 micro-release for jammy
• initial review of FO151 - .NET Snaps
• triaged LP: #2048926 - Not getting listed in dotnet --list-runtimes so facing an error missing 6.0 runtime
• attended .NET Security Partners meeting

Ubuntu Packaging Guide

• writing articles

• reopened Discussion #30 - Should we add the sphinx-tabs extension?

• reviewed & merged PR #48 - Misc. minor fixes and updates

• canonical/sphinx-docs-starter-pack

  • Issue #164 Inconsistent help text of Makefile
  • working on optional dependency managmenet

Distro

• Uploaded systemd-hwe for Jammy, Noble, and Mantic (LP: #2046687 and LP: #2045621)
• SRU verification for systemd SRUs
• Sent a patch to fix a test case in systemd: https://github.com/systemd/systemd/pull/30854
• Generally investigating systemd test failures in LXC
• Worked on fixing issues caused by recent AppArmor changes: Merge into ubuntu/devel : ubuntu/devel : lp:~enr0n/ubuntu/+source/apparmor : Git : Code : apparmor package : Ubuntu
• Uploaded ubuntu-release-upgrader: 1:24.04.4 : ubuntu-release-upgrader package : Ubuntu
• Had conversations with Ubuntu Frame folks about systemd service ordering etc.
• Sponsored rsyslog for @xypron: 8.2312.0-2ubuntu1 : rsyslog package : Ubuntu

Misc

• Reviewed several take home tests

This is my first work week coming from the end-of-year holiday break.

dotnet

• Worked on writing the .NET Snaps specification (FO-151)
• Working on building PoC for the .NET Snaps per the specification
• Attended weekly .NET partners sync meeting

autopkgtest

• Further worked with IS to resolve a networking issue causing amd64 tests not to run see RT for details regarding the issue.
• Submitted an MP adding support for a package configuration file which specifies additional architectures for packages to run tests on for ESM releases.* Tested the above changes using ubuntu-advantage-tools and armhf for xenial.
• Cleaned up after some tests which had failed due to a lack of free space on the autopkgtest-cloud-worker unit.
• Readding / rebooting lxd remotes which had gone AWOL.
• Helped @andersson123 debug an issue with PPA tests running in production. Reviewed and merged the resulting MP.
• Submitted, merged, cowboy’ed an MP adding s390x to the list of allowed architectures for which tests run on Xenial.
• Pinged IS regarding restarting neutron for s0lp4. RT 155441 is the ticket about getting this fixed for reals.
• Updated the branch of autopkgtest used on the autopkgtest workers to branch with version number 5.20.
• Testing @hyask’s development version of prod-proposed-migration.
• Updated my MP which hides warnings from apt to use @vorlon’s “horrible shell pipeline” which better manages stderr.

Error Tracker

• Requested a staging environment for the Error Tracker in PS5 since it hasn’t magically happened post Riga. It was rejected and I discovered there actually is one but on the foundations-bastion.

ISO Tracker

• Debugged the sync-lp-bugs script on the tracker which involved playing with the postgresql configuration and authentication.
• Submitted, merged an MP which ports sync-lp-bugs to python3 and modifies the configuration file for the script.
• Added cronjobs so that the sync-lp-bugs script runs regularly.

Ubuntu

• Encountered a crash with listadmin again, found a patch upstream, updated the debian bug, created an Ubuntu bug and uploaded the fix for noble.

Misc

• SRU team member rotation.

Rust

• Published Rustup Snap; alias request is still pending
• Prepared versioned Rust 1.75 package for transitioning to the versioned package scheme
• Preparing cmake backport for Rust 1.74+ backport (due to LLVM 17 requirements)

Distro

• coming up with a list of packages (WIP) that are servers and have custom crypto configurations (mostly about TLS right now)
• also creating a testsuite for that
• force-disabled DTLS 0.9 and 1.0 in gnutls system-wide ( Merge into ubuntu/devel : noble-gnutls-disable-dtls-0.9-and-1.0 : lp:~adrien-n/ubuntu/+source/gnutls28 : Git : Code : gnutls28 package : Ubuntu )
• re-did my openssl SRU with comments taken into account and worked with Simon as he was reviewing it ( Bug #2033422 “openssl: backport to jammy “clear method store / q...” : Bugs : openssl package : Ubuntu )
• specification work for crypto config
• working on disabled TLS 1.0 and 1.1 in rabbitmq

Armhf time_t

• more packages
• new analysis run, storing results now and then I need to diff and share that again

Misc

• attending FOSDEM and did all the preparations for that

Proposed migration

• forgot about python-secretstorage vs vorta but AFAIU it was fixed in Debian

• Released apt 2.7.8 to fix valgrind crash (not running it on armhf anymore) and merged open stuff
• Released apt 2.7.9 to fix regressions from merges only visible on infrastructure (fs ordering dependant)
• Weird stuff
• Meetings
• Patch pilot tomorrow, probably should move that again

Distro

• Investigated llvm-toolchain-* autopkgtest failures. There is an interesting correlation with the new kernel (6.6 and 6.7) on Noble. Binaries built with address sanitizer are crashing (also with GCC). LP#2048768

Netplan

• Finished the 0.107.1 packaging and @slyon uploaded it.
• Reached out to the UX team for netplan status --diff testing
• Wrote a small topic about security for the Netplan docs PR#433
• Address the issue with autopkgtests and the new systemd 255 PR#431
• Proposed a better way to run the C unit tests without having to include other C files in the test files PR#432
• Added support for generating random MAC address also for networkd PR#427
• Investing autopkgtests failures with the new version of Netplan

Documentation

Packaging Guide

• PR #48: Misc. fixes and updates (templates, theme, …)

Installation Guide

• PR #1883: Misc. docs updates and fixes (build warnings, mark-up)

Autopkgtest-cloud

• Fixed autopkgtest-cloud devel environment stuck in Waiting on RabbitMQ to configure vhost: issue in service-bundle with cookies
• Investigate the diff between autopkgtest-cloud and debci: they’re just two very different codebase, not even in the same language: very hard to share anything here.
• WIP fixing the “unshare” test for autopkgtest package: dependency on debian-archive-keyring missing. Upload to PPA and test in prod env, then noble seems to be pretty broken, testing again on mantic (still WIP as of now).
• WIP writing tests for autopkgtest's handling of lack of free space, related to this MP and this bug. This is a race condition that is pretty hard to reproduce reliably. My current test hangs only 1 time out of 10 or 20 tries, so too low for working with that easily.

Auto upgrade testing

• MP to activate RELEASE_UPGRADE_NO_FORCE_OVERWRITE to test upgrades without dpkg --force-overwrite and catch more bugs. Nothing new appeared after that.

curtin

• Fixed infrastructure (proxy) issue with the Jenkins job curtin-vmtest-daily-f. Now it’s able to run, and last time, two tests ran into timeout errors, thus will need follow up work.