launchpad-reviewers team mailing list archive

[Tobias Koch <tobias.koch@xxxxxxxxxxxxx>]

Tobias Koch has proposed merging lp:~tobijk/launchpad-buildd/launchpad-buildd-bionic into lp:launchpad-buildd.

Commit message:
bionic compatibility

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~tobijk/launchpad-buildd/launchpad-buildd-bionic/+merge/354331

This patch makes launchpad-buildd work on Bionic.

* Introduce a utility function that allows checking OS VERSION_ID from /etc/os-release
* Based on major version id (e.g. 18 for Bionic) select matching raw.lxc settings (some parameter names have changed)
* Fix a problem with header checks where uid and gid are set to 0
* Explicitly specify a root device, which seems to be mandatory now
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~tobijk/launchpad-buildd/launchpad-buildd-bionic into lp:launchpad-buildd.

=== modified file 'lpbuildd/target/lxd.py'
--- lpbuildd/target/lxd.py	2018-06-12 23:23:13 +0000
+++ lpbuildd/target/lxd.py	2018-09-05 13:55:08 +0000
@@ -28,6 +28,7 @@
 from lpbuildd.util import (
     set_personality,
     shell_escape,
+    get_os_release
     )
 
 
@@ -276,17 +277,32 @@
         else:
             old_profile.delete()
 
-        raw_lxc_config = [
-            ("lxc.aa_profile", "unconfined"),
-            ("lxc.cap.drop", ""),
-            ("lxc.cap.drop", "sys_time sys_module"),
-            ("lxc.cgroup.devices.deny", ""),
-            ("lxc.cgroup.devices.allow", ""),
-            ("lxc.mount.auto", ""),
-            ("lxc.mount.auto", "proc:rw sys:rw"),
-            ("lxc.network.0.ipv4", ipv4_address),
-            ("lxc.network.0.ipv4.gateway", self.ipv4_network.ip),
-            ]
+        major, minor = get_os_release()
+
+        if major >= 18:
+            raw_lxc_config = [
+                ("lxc.apparmor.profile", "unconfined"),
+                ("lxc.cap.drop", ""),
+                ("lxc.cap.drop", "sys_time sys_module"),
+                ("lxc.cgroup.devices.deny", ""),
+                ("lxc.cgroup.devices.allow", ""),
+                ("lxc.mount.auto", ""),
+                ("lxc.mount.auto", "proc:rw sys:rw"),
+                ("lxc.net.0.ipv4.address", ipv4_address),
+                ("lxc.net.0.ipv4.gateway", self.ipv4_network.ip),
+                ]
+        else:
+            raw_lxc_config = [
+                ("lxc.aa_profile", "unconfined"),
+                ("lxc.cap.drop", ""),
+                ("lxc.cap.drop", "sys_time sys_module"),
+                ("lxc.cgroup.devices.deny", ""),
+                ("lxc.cgroup.devices.allow", ""),
+                ("lxc.mount.auto", ""),
+                ("lxc.mount.auto", "proc:rw sys:rw"),
+                ("lxc.network.0.ipv4", ipv4_address),
+                ("lxc.network.0.ipv4.gateway", self.ipv4_network.ip),
+                ]
         # Linux 4.4 on powerpc doesn't support all the seccomp bits that LXD
         # needs.
         if self.arch == "powerpc":
@@ -305,6 +321,11 @@
                 "parent": self.bridge_name,
                 "type": "nic",
                 },
+            "root": {
+                "path": "/",
+                "pool": "default",
+                "type": "disk",
+                },
             }
         self.client.profiles.create(self.profile_name, config, devices)
 
@@ -341,7 +362,11 @@
             hostname_file.flush()
             os.fchmod(hostname_file.fileno(), 0o644)
             self.copy_in(hostname_file.name, "/etc/hostname")
-        self.copy_in("/etc/resolv.conf", "/etc/resolv.conf")
+        if os.path.exists("/run/systemd/resolve/resolv.conf"):
+            self.copy_in("/run/systemd/resolve/resolv.conf",
+                    "/etc/resolv.conf")
+        else:
+            self.copy_in("/etc/resolv.conf", "/etc/resolv.conf")
         with tempfile.NamedTemporaryFile(mode="w+") as policy_rc_d_file:
             policy_rc_d_file.write(policy_rc_d)
             policy_rc_d_file.flush()
@@ -481,8 +506,8 @@
             data = source_file.read()
             mode = stat.S_IMODE(os.fstat(source_file.fileno()).st_mode)
             headers = {
-                "X-LXD-uid": 0,
-                "X-LXD-gid": 0,
+                "X-LXD-uid": "0",
+                "X-LXD-gid": "0",
                 "X-LXD-mode": "%#o" % mode,
                 }
             try:

=== modified file 'lpbuildd/util.py'
--- lpbuildd/util.py	2017-11-09 12:15:39 +0000
+++ lpbuildd/util.py	2018-09-05 13:55:08 +0000
@@ -44,3 +44,27 @@
         setarch_cmd.append("--uname-2.6")
 
     return setarch_cmd + args
+
+
+def get_os_release():
+    version_id = None
+
+    with file("/etc/os-release", "r") as fp:
+        for line in fp:
+            try:
+                key, value = line.strip().split("=", 1)
+            except ValueError:
+                continue
+
+            if key == "VERSION_ID":
+                version_id = value.strip('"')
+                break
+
+    if not version_id:
+        raise RuntimeError("Cannot determine OS version.")
+
+    major, minor = [int(v) for v in version_id.split(".")[0:2]]
+
+    return major, minor
+
+