launchpad-reviewers team mailing list archive

[John Chittum <mp+482782@xxxxxxxxxxxxxxxxxx>]

The proposal to merge ~jchittum/launchpad-buildd:oci-docker-ppa-pin into launchpad-buildd:master has been updated.

Description changed to:

1. I have a concern about possible leaking of the PPA, but lack context. This is being installed into the lxd backend container  used for the build. what i'm unfamiliar with is the isolation between lxd container running the build and the build context (chroot?). If there is a chance of sources.list being made available to the OCI being built, adding the following lines after installing docker.io

* apt-mark pin docker.io
* rm /etc/apt/source.list.d/canonical-server-ubuntu-lp2098106-docker-rollback-focal.list

2. I am operating under the assumption that the build  backend (lxd) is  ephemeral and fully removed between builds on a node. I'm reasonably sure this is true. Any reuse of this install will cause long term problems due to the epoch versioning.

example policy statement in an amd64 vm

root@focal-ppa-24-docker:~# apt-cache policy docker.io
docker.io:
  Installed: (none)
  Candidate: 1:24.0.7-0ubuntu2~20.04.1
  Version table:
     1:24.0.7-0ubuntu2~20.04.1 500
        500 http://ppa.launchpad.net/canonical-server/lp2098106-docker-rollback/ubuntu focal/main amd64 Packages
     26.1.3-0ubuntu1~20.04.1 500
        500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
     20.10.21-0ubuntu1~20.04.2 500
        500 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages
     19.03.8-0ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages

For more details, see:
https://code.launchpad.net/~jchittum/launchpad-buildd/+git/launchpad-buildd/+merge/482782
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~jchittum/launchpad-buildd:oci-docker-ppa-pin into launchpad-buildd:master.