launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #22014
[Merge] lp:~cjwatson/launchpad-buildd/fix-core-snap-installation into lp:launchpad-buildd
Colin Watson has proposed merging lp:~cjwatson/launchpad-buildd/fix-core-snap-installation into lp:launchpad-buildd.
Commit message:
Fix snap installation within LXD containers.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Related bugs:
Bug #1730376 in launchpad-buildd: "launchpad build fails when using 'build-snaps' as build dependencies"
https://bugs.launchpad.net/launchpad-buildd/+bug/1730376
For more details, see:
https://code.launchpad.net/~cjwatson/launchpad-buildd/fix-core-snap-installation/+merge/333627
Installing the core snap has started to require loading AppArmor profiles, which requires capabilities that we were previously dropping. I don't remember exactly why I dropped those capabilities, but I think it was some combination of an excess of conservatism and cargo-culting from some bit of LXD itself.
After fixing this, some builds still fail because udev isn't installed in all our buildd chroots. I think this is a missing dependency in snapd and I've filed that as a bug, but in the meantime it's easy to work around it.
I've tested trusty, xenial, and bionic builds with this change.
--
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad-buildd/fix-core-snap-installation into lp:launchpad-buildd.
=== modified file 'debian/changelog'
--- debian/changelog 2017-11-10 22:13:03 +0000
+++ debian/changelog 2017-11-13 15:22:33 +0000
@@ -10,6 +10,11 @@
that this worked.
* Remove executable bit from
lpbuildd/target/generate_translation_templates.py.
+ * Grant mac_admin and mac_override capabilities to LXD containers. These
+ are needed to load AppArmor profiles when installing the core snap
+ (LP: #1730376).
+ * Explicitly install udev when building snaps or livefses, to work around
+ LP #1731519.
-- Colin Watson <cjwatson@xxxxxxxxxx> Thu, 09 Nov 2017 12:08:42 +0000
=== modified file 'lpbuildd/target/build_livefs.py'
--- lpbuildd/target/build_livefs.py 2017-11-10 20:55:33 +0000
+++ lpbuildd/target/build_livefs.py 2017-11-13 15:22:33 +0000
@@ -75,6 +75,8 @@
for dep in "snapd", "fuse", "squashfuse":
if self.backend.is_package_available(dep):
deps.append(dep)
+ # Work around https://bugs.launchpad.net/snapd/+bug/1731519.
+ deps.append("udev")
self.backend.run(["apt-get", "-y", "install"] + deps)
if self.args.arch == "i386":
self.backend.run([
=== modified file 'lpbuildd/target/build_snap.py'
--- lpbuildd/target/build_snap.py 2017-11-10 20:55:33 +0000
+++ lpbuildd/target/build_snap.py 2017-11-13 15:22:33 +0000
@@ -105,6 +105,8 @@
for dep in "snapd", "fuse", "squashfuse":
if self.backend.is_package_available(dep):
deps.append(dep)
+ # Work around https://bugs.launchpad.net/snapd/+bug/1731519.
+ deps.append("udev")
if self.args.branch is not None:
deps.append("bzr")
else:
=== modified file 'lpbuildd/target/lxd.py'
--- lpbuildd/target/lxd.py 2017-11-10 20:55:33 +0000
+++ lpbuildd/target/lxd.py 2017-11-13 15:22:33 +0000
@@ -279,7 +279,7 @@
raw_lxc_config = [
("lxc.aa_profile", "unconfined"),
("lxc.cap.drop", ""),
- ("lxc.cap.drop", "sys_time sys_module mac_admin mac_override"),
+ ("lxc.cap.drop", "sys_time sys_module"),
("lxc.cgroup.devices.deny", ""),
("lxc.cgroup.devices.allow", ""),
("lxc.mount.auto", ""),
=== modified file 'lpbuildd/target/tests/test_lxd.py'
--- lpbuildd/target/tests/test_lxd.py 2017-11-01 23:04:53 +0000
+++ lpbuildd/target/tests/test_lxd.py 2017-11-13 15:22:33 +0000
@@ -149,7 +149,7 @@
"raw.lxc": dedent("""\
lxc.aa_profile=unconfined
lxc.cap.drop=
- lxc.cap.drop=sys_time sys_module mac_admin mac_override
+ lxc.cap.drop=sys_time sys_module
lxc.cgroup.devices.deny=
lxc.cgroup.devices.allow=
lxc.mount.auto=
References
