launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #32286
[Merge] ~jchittum/launchpad-buildd:oci-docker-ppa-pin into launchpad-buildd:master
The proposal to merge ~jchittum/launchpad-buildd:oci-docker-ppa-pin into launchpad-buildd:master has been updated.
Description changed to:
1. I have a concern about possible leaking of the PPA, but lack context. This is being installed into the lxd backend container used for the build. what i'm unfamiliar with is the isolation between lxd container running the build and the build context (chroot?). If there is a chance of sources.list being made available to the OCI being built, adding the following lines after installing docker.io
* apt-mark pin docker.io
* rm /etc/apt/source.list.d/canonical-server-ubuntu-lp2098106-docker-rollback-focal.list
2. I am operating under the assumption that the build backend (lxd) is ephemeral and fully removed between builds on a node. I'm reasonably sure this is true. Any reuse of this install will cause long term problems due to the epoch versioning.
example policy statement in an amd64 vm
root@focal-ppa-24-docker:~# apt-cache policy docker.io
docker.io:
Installed: (none)
Candidate: 1:24.0.7-0ubuntu2~20.04.1
Version table:
1:24.0.7-0ubuntu2~20.04.1 500
500 http://ppa.launchpad.net/canonical-server/lp2098106-docker-rollback/ubuntu focal/main amd64 Packages
26.1.3-0ubuntu1~20.04.1 500
500 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
20.10.21-0ubuntu1~20.04.2 500
500 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages
19.03.8-0ubuntu1 500
500 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
For more details, see:
https://code.launchpad.net/~jchittum/launchpad-buildd/+git/launchpad-buildd/+merge/482782
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~jchittum/launchpad-buildd:oci-docker-ppa-pin into launchpad-buildd:master.
References