[Touch-packages] [Bug 2061726] [NEW] rsyslog apparmor denial on reading /proc/sys/net/ipv6/conf/all/disable_ipv6

Public bug reported: One of our Cockpit integration tests [1] spotted an AppArmor regression in rsyslogd. This is coincidental, the test passes and it doesn't do anything with rsyslogd -- just something happens to happen in the background to trigger this (and I can actually reproduce it locally

[Touch-packages] [Bug 2061055] Re: Joining IPA domain does not restart ssh -- 'sshd.service' alias is not set up by default

Yeah, I could live with that -- but TBH I still consider this mostly a bug in openssh. querying the status of sshd.service really should work. Arch, RHEL, Fedora, OpenSUSE etc. all call this sshd.service. -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 2061055] Re: Joining IPA domain does not restart ssh -- 'sshd.service' alias is not set up by default

Timo: It doesn't fail on Debian. See the "That works in Debian because.." in the description (TL/DR: Debian doesn't enable ssh.socket, but ssh.service, which sets up the symlink) ** Description changed: Joining a FreeIPA domain reconfigures SSH. E.g. it enables GSSAPI authentication in

[Touch-packages] [Bug 2061055] [NEW] Joining IPA domain does not restart ssh -- 'sshd.service' alias is not set up by default

Public bug reported: Joining a FreeIPA domain reconfigures SSH. E.g. it enables GSSAPI authentication in /etc/ssh/sshd_config.d/04-ipa.conf . After that, it tries to restart sshd, but that fails as "sshd.service" is not a thing on Ubuntu: 2024-04-12T03:10:57Z DEBUG args=['/bin/systemctl',

[Touch-packages] [Bug 2060615] Re: [noble] two versions of perl-modules are published, breaking pbuilder/debootstrap

Yay, today this is finally fixed, pbuilder creation and building a noble VM image finally works again \o/ Thanks! ** Changed in: perl (Ubuntu Noble) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 2060615] Re: [noble] two versions of perl-modules are published, breaking debootstrap

Aside from curl this can be reproduced most quickly with sudo /usr/sbin/debootstrap --include=build-essential noble /tmp/n http://archive.ubuntu.com/ubuntu Errors were encountered while processing: perl libdpkg-perl libperl5.38t64:amd64 dpkg-dev build-essential These are all ultimately

[Touch-packages] [Bug 2060615] Re: [noble] two versions of perl-modules are published, breaking debootstrap

I wonder where that comes from -- https://launchpad.net/ubuntu/+source/perl/+publishinghistory says that 5.38.2-3 was deleted, but only from noble-updates. In noble proper it is merely "superseded". https://launchpad.net/ubuntu/+source/perl/5.38.2-3 doesn't show it being published anyway, and it's

[Touch-packages] [Bug 2060615] [NEW] [noble] two versions of perl-modules are published, breaking pbuilder/debootstrap

Public bug reported: For the last two weeks, building noble VM images for our CI has been broken. Most of it was uninstallability due to the xz reset, but for the last three days, `pbuilder --create` has failed [2] because it gets perl and perl-modules-5.38 in two different versions: 2024-04-08

[Touch-packages] [Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"

** Changed in: chrony (Ubuntu) Status: New => Won't Fix ** Changed in: gnutls28 (Ubuntu) Status: New => Won't Fix ** Changed in: libvirt (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which

[Touch-packages] [Bug 2046477] Re: Enable unprivileged user namespace restrictions by default

Just to make sure that we really talk about the same thing: This bug sounds like it is *intended* that unshare --user --map-root-user /bin/bash -c whoami (as unpriv user) now fails in current Ubuntu 24.04 noble. That still worked in released 23.10. I am starting to test Cockpit on the

[Touch-packages] [Bug 2056768] [NEW] apparmor="DENIED" operation="open" class="file" profile="rsyslogd" name="/run/systemd/sessions/"

Public bug reported: There is an AppArmor regression in current noble. In cockpit we recently started to test on noble (to prevent the "major regressions after release" fiasco from 23.10 again). For some weird reason, rsyslog is installed *by default* [1] in the cloud images. That is a rather

[Touch-packages] [Bug 2047082] Re: upgrading openssh-server failed: rescue-ssh.target is a disabled or a static unit not running, not starting it.

Fun, this isn't even reliable. The first atttempt failed: https://cockpit-logs.us-east-1.linodeobjects.com/image-refresh- logs/ubuntu-stable-20231219-223939.log I retried the build now, no package or environment changes. Only daytime and timing (race conditions). Perhaps some interaction with

[Touch-packages] [Bug 2047082] Re: upgrading openssh-server failed: rescue-ssh.target is a disabled or a static unit not running, not starting it.

Argh -- I missed the alternative truth in that rescue-ssh.target shell code. So this message should pretty much *always* appear -- it's nonsense to actually try and restart rescue-ssh.target in the postinst, *always*. But it is a red herring due to the || true. The upgrade failed on something

[Touch-packages] [Bug 2047082] [NEW] upgrading openssh-server always shows error: rescue-ssh.target is a disabled or a static unit not running, not starting it.

Public bug reported: In our project we regularly build Ubuntu VM images for current 23.10 (stable). In https://github.com/cockpit-project/bots/issues/5691 we ran into an upgrade failure of openssh-server. It starts with the current cloud image and then apt upgrades it, with

[Touch-packages] [Bug 2037703] Re: dpkg-reconfigure openssh-server doesn't ask questions again

-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/2037703 Title: dpkg-reconfigure openssh-server doesn't ask questions again Status in openssh package in Ubuntu: New Bug

[Touch-packages] [Bug 2037703] Re: dpkg-reconfigure openssh-server doesn't ask questions again

We just ran into this in https://github.com/cockpit- project/bots/issues/5691 when trying to refresh our Ubuntu 23.10 mantic VM image. It starts with the current cloud image and then apt upgrades it, with "DEBIAN_FRONTEND=noninteractive". openssh was updated a few days ago indeed: Setting up

[Touch-packages] [Bug 2046158] Re: Updating wireguard-peer.allowed-ips gets wrong default netmask for IPv6 addresses

Excellent, thanks Danilo for the super fast fix! ⭐ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2046158 Title: Updating wireguard-peer.allowed-ips gets wrong

[Touch-packages] [Bug 2046158] Re: Updating wireguard-peer.allowed-ips gets wrong default netmask for IPv6 addresses

** Description changed: In https://cockpit-project.org/ we have an integration test for NM+wireguard integration. That test starts with an IPv4-only connection: # cat /etc/netplan/90-NM-b5edee2d-c736-4827-bae3-c95e349cb73b.yaml network: - version: 2 - tunnels: - wg0: -

[Touch-packages] [Bug 2046158] [NEW] Updating wireguard-peer.allowed-ips gets wrong default netmask for IPv6 addresses

Public bug reported: In https://cockpit-project.org/ we have an integration test for NM+wireguard integration. That test starts with an IPv4-only connection: # cat /etc/netplan/90-NM-b5edee2d-c736-4827-bae3-c95e349cb73b.yaml network: version: 2 tunnels: wg0: renderer:

[Touch-packages] [Bug 2040483] Re: AppArmor denies crun sending signals to containers (stop, kill)

I also tried aa-disable usr.bin.crun but that doesn't work either. I guess it's not really crun, but profile="containers-default-0.50.1", but that is created dynamically -- it's not anywhere in /etc/apparmor.d/. I grepped the whole file system for that: grep: /usr/lib/podman/rootlessport:

[Touch-packages] [Bug 2040483] Re: AppArmor denies crun sending signals to containers (stop, kill)

I tried a more targeted workaround, with aa-complain /etc/apparmor.d/usr.bin.crun or alternatively (without apparmor-utils, which isn't on the default cloud image): sed -i '/flags=/ s/unconfined/complain/' /etc/apparmor.d/usr.bin.crun but for some reason that breaks podman entirely: #

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Similar issue: https://gitlab.com/libvirt/libvirt/-/issues/548 . These two may want a common fix with "allow qemu to read sysfs"? ** Bug watch added: gitlab.com/libvirt/libvirt/-/issues #548 https://gitlab.com/libvirt/libvirt/-/issues/548 -- You received this bug notification because you are

[Touch-packages] [Bug 2019122] Re: Autopkgtest failure

https://github.com/martinpitt/umockdev/issues/208 Thanks Heinrich! ** Bug watch added: github.com/martinpitt/umockdev/issues #208 https://github.com/martinpitt/umockdev/issues/208 ** Changed in: umockdev (Ubuntu) Status: New => In Progress -- You received this bug notification

[Touch-packages] [Bug 1982482] Re: SSH password login not attempted/denied

D'oh! # cat /etc/ssh/sshd_config.d/10-cloudimg-settings.conf PasswordAuthentication no rm + restart sshd, everything is hunky-dory. Sorry for the noise! ** Changed in: openssh (Ubuntu Kinetic) Status: New => Invalid -- You received this bug notification because you are a member of

[Touch-packages] [Bug 1982482] Re: SSH password login not attempted/denied

I set LogLevel=DEBUG in /etc/ssh/sshd_config, systemctl restart sshd, and I'm none the wiser: debug1: Forked child 1652. debug1: Set /proc/self/oom_score_adj to 0 debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 debug1: inetd sockets after dupping: 4, 4 Connection from 127.0.0.1 port 45396

[Touch-packages] [Bug 1982482] [NEW] SSH password login not attempted/denied

Public bug reported: I am in the process of updating our CI for Cockpit to kinetic [1]. I get a lot of test failures because SSH password login is broken. This can be replicated with a clean cloud instance, so it's not something that our VM build scripts do:   curl -L -O

[Touch-packages] [Bug 1966416] Re: pam_faillock does not actually deny login after given number of failures

Ouch, thanks Marc! Indeed our previous seddery was broken, it should have left the pam_deny/pam_permit lines. With this it works just fine: --- /tmp/common-auth.orig 2022-04-01 07:16:26.072608984 +0200 +++ /tmp/common-auth.faillock 2022-04-01 07:14:20.246707861 +0200 @@ -16,6 +16,8 @@ #

[Touch-packages] [Bug 1966416] [NEW] pam_faillock does not actually deny login after given number of failures

Public bug reported: ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libpam-modules 1.4.0-11ubuntu1 I just noticed that Ubuntu 22.04 changed from the old pam_tally2 module to the more widespread pam_faillock one. \o/ However, locking (denying logins) does not actually seem to work.

[Touch-packages] [Bug 1962035] Re: apparmor blocks VM installation when automatic UEFI firmware is set

it -1 --noautoconsole --cdrom /var/lib/libvirt/novell.iso --autostart ** Package changed: apparmor (Ubuntu) => libvirt (Ubuntu) ** Changed in: libvirt (Ubuntu) Status: New => Triaged ** Changed in: libvirt (Ubuntu) Assignee: (unassigned) => Martin Pitt (pitti) -- You received this bu

[Touch-packages] [Bug 1962035] Re: apparmor blocks VM installation when automatic UEFI firmware is set

** Bug watch added: Debian Bug tracker #1006324 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006324 ** Also affects: apparmor (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006324 Importance: Unknown Status: Unknown -- You received this bug notification

[Touch-packages] [Bug 1945321] Re: umockdev 0.16.3-1 breaks autopkgtest of bolt

> I am in contact with Christian now, and hope to sort this out soon. Sorry -- I meant Christian Kellner, bolt's upstream, not you :-) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to umockdev in Ubuntu.

[Touch-packages] [Bug 1945321] Re: umockdev 0.16.3-1 breaks autopkgtest of bolt

Christian, as I write above I believe this really needs to be fixed in bolt's tests. The umockdev change was a bug fix which bolt's tests (incorrectly) worked around. So I hope you don't mind that I flipped the affected package around? I am in contact with Christian now, and hope to sort this out

[Touch-packages] [Bug 1945321] Re: umockdev 0.16.3-1 breaks autopkgtest of bolt

) Status: New => In Progress ** Changed in: bolt (Ubuntu) Assignee: (unassigned) => Martin Pitt (pitti) ** Changed in: umockdev (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is s

[Touch-packages] [Bug 1934995] Re: Broken on ppc64el (toolchain bug?)

Indeed the open(2) manpage is misleading in that regard. The actual definition in fcntl.h is like this: extern int open (const char *__file, int __oflag, ...) __nonnull ((1)); (with a few variants, but they all use varargs). So I did the same in umockdev for full header compatibility. --

[Touch-packages] [Bug 1934995] Re: Broken on ppc64el (toolchain bug?)

Dang, we already found a ppc64el SIGBUS issue in 0.16.0, which got fixed in https://github.com/martinpitt/umockdev/commit/277c80243a . But this is reported against 0.16.1 already. There is a tiny chance that https://github.com/martinpitt/umockdev/commit/264cabbb will magically fix this, but

[Touch-packages] [Bug 1916485] Re: test -x fails inside shell scripts in containers

I've been scratching my head over this regression [1] for a while now, in the context of running a hirsute container on a 20.04 host (in particular, a GitHub workflow machine) In my case, the symptom is that after upgrading glibc, `which` is broken; that of course also uses faccessat(), similar to

[Touch-packages] [Bug 1831467] Re: test-umockdev tests flaky on armhf (and sometimes other archs)

https://salsa.debian.org/debian/umockdev/-/commit/87b476aee2 should hopefully help. I uploaded 0.14.2 to Debian unstable now, it should auto-sync into Groovy soon. Thanks Dan for tackling this! ** Changed in: umockdev (Ubuntu Groovy) Status: In Progress => Fix Committed -- You received

[Touch-packages] [Bug 1837233] Re: [bionic] Manual IPv6 routes are not set

Nevermind then, this is working well enough for a stable release. ** Changed in: network-manager (Ubuntu Bionic) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu.

[Touch-packages] [Bug 1837233] Re: [bionic] Manual IPv6 routes are not set

I confirm that using a valid IP works better: In the config: route1=fe80:2::/60,fe80::99,42 # ip -6 route show dev eth2 fe80::/64 proto kernel metric 101 pref medium fe80::/64 proto kernel metric 256 pref medium fe80:2::/60 via fe80::99 proto static metric 42 pref medium It's still missing the

[Touch-packages] [Bug 1837233] Re: [bionic] Manual IPv6 routes are not set

The journal says why: NetworkManager[1295]: [1563552648.1667] platform: route-sync: failure to add IPv6 route: 1:2::/60 via 1:2::3 dev 6 metric 42 mss 0 rt-src user: No route to host (113) NetworkManager[1295]: [1563552648.1672] device (eth2): failed to apply manual IPv6 configuration

[Touch-packages] [Bug 1837233] [NEW] [bionic] Manual IPv6 routes are not set

Public bug reported: I have a system connection like this: -- /etc/NetworkManager/system-connections/eth2 --- [connection] id=eth2 uuid=c73fb4d2-8383-4d03-a87c-04c8251961bd type=ethernet gateway-ping-timeout=12 interface-name=eth2 permissions= timestamp=1563551266 [ethernet]

[Touch-packages] [Bug 1831296] Re: __main__.SeccompTest is failing on Ubuntu CI

Thanks Dan! I landed your PR, so it should apply to the next upstream CI run. ** Changed in: systemd (Ubuntu Eoan) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in

[Touch-packages] [Bug 1829829] Re: Ubuntu CI has been flaky for a week

Indeed the downstream tests fail like this as well: http://autopkgtest.ubuntu.com/packages/systemd/eoan/amd64 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1829829 Title:

[Touch-packages] [Bug 1819589] Re: Ubuntu CI is broken

That worked. ** Changed in: systemd (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1819589 Title: Ubuntu CI is

[Touch-packages] [Bug 1819589] Re: Ubuntu CI is broken

Should be fixed with https://salsa.debian.org/systemd- team/systemd/commit/bd89a706b18796074d50bcf2a0cbd29de56ac542 . I'll close this once the retried PRs go green. ** Changed in: systemd (Ubuntu) Assignee: (unassigned) => Martin Pitt (pitti) ** Changed in: systemd (Ubuntu) Sta

[Touch-packages] [Bug 1817344] Re: Ubuntu CI that runs tests via autopkgtest for systemd on GitHub reports the wrong results

Thanks Iain! I'll keep an eye on this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1817344 Title: Ubuntu CI that runs tests via autopkgtest for systemd on GitHub

[Touch-packages] [Bug 1817344] Re: Ubuntu CI that runs tests via autopkgtest for systemd on GitHub reports the wrong results

Another example: https://github.com/systemd/systemd/pull/11802 refers to the correct amd64 log https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac /autopkgtest-bionic-upstream-systemd-ci-systemd-ci/bionic/amd64/s /systemd-upstream/20190222_161608_7fe1f@/log.gz

[Touch-packages] [Bug 1817344] Re: Ubuntu CI that runs tests via autopkgtest for systemd on GitHub reports the wrong results

It seems to me that the logs are internally consistent, i. e. the mentioned UPSTREAM_PULL_REQUEST in the log does match the test results. But they get sent to the wrong PR, i. e. to the wrong statuses API. E. g.

[Touch-packages] [Bug 1787396] Re: ss crashes when using --no-header

I confirm this on Ubuntu 18.04 (bionic) with 4.15.0-2ubuntu1. It is fixed in 18.10 (cosmic) with 4.18.0-1ubuntu2. ** Also affects: iproute2 (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: iproute2 (Ubuntu Bionic) Status: New => Confirmed ** Changed in:

[Touch-packages] [Bug 1750654] [NEW] "lxc-create -B best" fails on non-btrfs/zfs system

Public bug reported: As per documentation, the `-B best` option should automatically select the best backingstore, falling back all the way to dir. But apparently it doesn't, at least not in artful's 2.1.0-0ubuntu1: $ sudo lxc-create -B best --name=autopkgtest-xenial -t ubuntu -- -r xenial

[Touch-packages] [Bug 1707898] Re: systemd translations are not synced with upstream

Thanks Gunnar, nice work! I cherry-picked the patches in https://salsa.debian.org/systemd-team/systemd/commit/87f54958bc24 . The debian/ changes were already in Debian master. ** Changed in: systemd (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification

[Touch-packages] [Bug 1707898] Re: systemd translations are not synced with upstream

I confirmed that the current "ninja -C build-deb/ systemd-pot" command also builds a complete .pot file with policykit-1 installed (unsurprisingly, as this also just calls gettext). So that part is fine. What is really bad however, is to build-depend against policykit-1: The following NEW

[Touch-packages] [Bug 1707898] Re: systemd translations are not synced with upstream

Thanks Gunnar for tracking this down! Adding a policykit-1 build dependency requires some thought, as that also build-depends on systemd [1], thus this is circular. Also, there was a lot of effort with making systemd bootstrappable without excessive dependencies. But I think it's fine to add this

[Touch-packages] [Bug 1707898] Re: systemd translations are not synced with upstream

@Gunnar: This patch does not actually work: ❱❱❱ xgettext -f "po/POTFILES.in" -o "build-deb/po/systemd.pot" --join-existing xgettext: warning: file 'src/core/org.freedesktop.systemd1.policy.in.in' extension 'policy' is unknown; will try C xgettext: warning: file

[Touch-packages] [Bug 1707898] Re: systemd translations are not synced with upstream

I committed the first hunk to Debian, this makes sense: https://salsa.debian.org/systemd-team/systemd/commit/18d8c2df133b8af The second is too hackish for a permanent downstream delta, IMHO: This should rather be fixed upstream, as upstream polkit (as well as Debian's and Ubuntu's older versions)

[Touch-packages] [Bug 1727202] Re: [17.10 regression] AppArmor ntp denial: Failed name lookup - disconnected path

The most plausible explanation for enumerating /usr/local/bin/ is that ntpd has some hooks.d/ mechanism which gets called after syncing the time, and that runs a shell in between. So IMHO this should be allowed. -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1741227] Re: apparmor denial to several paths to binaries

The most plausible explanation for enumerating /usr/local/bin/ is that ntpd has some hooks.d/ mechanism which gets called after syncing the time, and that runs a shell in between. So IMHO this should be allowed. -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1727202] Re: [17.10 regression] AppArmor ntp denial: Failed name lookup - disconnected path

I locally ran Cockpit tests on our current Ubuntu 17.10 image and re- confirm that I got the "disconnected path" error. I then upgraded the ntp package to artful-proposed, and *that* violation is now gone. As others already saw, I now get a test failure on apparmor="DENIED" operation="open"

[Touch-packages] [Bug 1727202] Re: [17.10 regression] AppArmor denial: Failed name lookup - disconnected path

Thanks Christian! Indeed this is rather hard to reproduce locally, but that PR seems to address this. I'll let you know if it doesn't after it lands. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu.

[Touch-packages] [Bug 1153671] Re: Port to python3-launchpadlib

Once you do this, these fallbacks should be cleaned up: http://bazaar.launchpad.net/~apport-hackers/apport/trunk/view/head:/apport/crashdb_impl/launchpad.py#L30 http://bazaar.launchpad.net/~apport-hackers/apport/trunk/view/head:/apport/crashdb_impl/launchpad.py#L137 -- You received this bug

[Touch-packages] [Bug 1725348] Re: Systemd - Bypassing MemoryDenyWriteExecution policy

Patches backported into Debian packaging git: https://anonscm.debian.org/cgit/pkg- systemd/systemd.git/commit/?id=9bba5469f2b95ea9 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu.

[Touch-packages] [Bug 1727202] [NEW] [17.10 regression] AppArmor denial: Failed name lookup - disconnected path

Public bug reported: Merely installing and starting ntp.service in Ubuntu 17.10 now causes this AppArmor violation: audit: type=1400 audit(1508915894.215:25): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/ntpd"

[Touch-packages] [Bug 1574706] Re: Disabling the welcome wizard doesn’t dismiss it

With the demise of the Ubuntu phone (rest in peace, *tear*) this is obsolete now. ** Changed in: autopkgtest (Ubuntu) Status: Incomplete => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity8 in Ubuntu.

[Touch-packages] [Bug 1716034] Re: Network manager stops managing Ethernet links after upgrade

FTR, I don't want to blame the NetworkManager 1.2.6 SRU to xenial - that new upstream version now evades the version test in the postinst, but of course it's still that version test which is at fault. I don't see how we can use a simple version test to determine the situation that we want

[Touch-packages] [Bug 1716034] Re: Network manager stops managing Ethernet links after upgrade

I'm sorry, I mean bug 1676547. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1716034 Title: Network manager stops managing Ethernet links after upgrade Status

[Touch-packages] [Bug 1716034] Re: Network manager stops managing Ethernet links after upgrade

Is that any better with the fix in bug 1690992? That sounds very much like a duplicate? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1716034 Title: Network

[Touch-packages] [Bug 1689820] Re: /usr/lib/packagekit/packagekitd:11:pkgCache::Iterator:AcqPackageKitStatus::updateStatus:AcqPackageKitStatus::Fail:pkgAcquire::Worker::RunMessages:pkgAcquire::Worker:

I ran the description's test case and confirm that the crash is now fixed. Furthermore, other operations like "pkcon refresh", "pkcon get- updates", "pkcon update", and "pkcon install bash-doc" all worked fine, as before. ** Tags removed: verification-needed verification-needed-xenial ** Tags

[Touch-packages] [Bug 1689820] Re: /usr/lib/packagekit/packagekitd:11:pkgCache::Iterator:AcqPackageKitStatus::updateStatus:AcqPackageKitStatus::Fail:pkgAcquire::Worker::RunMessages:pkgAcquire::Worker:

** Description changed: The Ubuntu Error Tracker has been receiving reports about a problem regarding packagekit. This problem was most recently seen with package version 0.8.17-4ubuntu6~gcc5.4ubuntu1.1, the problem page at

[Touch-packages] [Bug 1689820] Re: /usr/lib/packagekit/packagekitd:11:pkgCache::Iterator:AcqPackageKitStatus::updateStatus:AcqPackageKitStatus::Fail:pkgAcquire::Worker::RunMessages:pkgAcquire::Worker:

ium ** Changed in: packagekit (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: packagekit (Ubuntu Xenial) Assignee: (unassigned) => Martin Pitt (pitti) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is s

[Touch-packages] [Bug 1696480] Re: python3-dbusmock / test_no_adapters test fails with bluez 5.45

I released 0.16.8 upstream and uploaded it to Debian unstable, from where it should autosync into Ubuntu devel soon. ** Changed in: python-dbusmock (Ubuntu) Status: Triaged => Fix Committed ** Changed in: python-dbusmock Status: Fix Committed => Fix Released -- You received this

[Touch-packages] [Bug 1696480] Re: python3-dbusmock / test_no_adapters test fails with bluez 5.45

Thanks Daniel! PR merged upstream. There are a few other test deprecation warnings/failures I'm looking into before doing a release. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu.

[Touch-packages] [Bug 1694438] Re: [16.04] Cannot download packages whilst offline - when using ifupdown

This also affects PackageKit 1.0.1-2 in Debian Jessie. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu. https://bugs.launchpad.net/bugs/1694438 Title: [16.04] Cannot download packages whilst offline -

[Touch-packages] [Bug 1694438] [NEW] [16.04] Cannot download packages whilst offline - when using ifupdown

Public bug reported: I am using 16.04 with the main ethernet interface being managed by ifupdown, and others by NetworkManager. Apparently PK's pk_network_get_network_state() does not properly recognize this and thinks it is offline: # pkcon update Getting updates

[Touch-packages] [Bug 1689820] Re: /usr/lib/packagekit/packagekitd:11:pkgCache::Iterator:AcqPackageKitStatus::updateStatus:AcqPackageKitStatus::Fail:pkgAcquire::Worker::RunMessages:pkgAcquire::Worker:

I confirmed that this is fixed in zesty. ** Changed in: packagekit (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to packagekit in Ubuntu. https://bugs.launchpad.net/bugs/1689820

[Touch-packages] [Bug 1689820] Re: /usr/lib/packagekit/packagekitd:11:pkgCache::Iterator:AcqPackageKitStatus::updateStatus:AcqPackageKitStatus::Fail:pkgAcquire::Worker::RunMessages:pkgAcquire::Worker:

This is quite simple to reproduce: $ pkcon get-updates Getting updates [=] Loading cache [=] Querying [=] Finished

[Touch-packages] [Bug 1650827] Re: /usr/lib/dovecot/dovecot-lda: "Failed name lookup - disconnected path"

** Summary changed: - "Failed name lookup - disconnected path" + /usr/lib/dovecot/dovecot-lda: "Failed name lookup - disconnected path" -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

Re: [Touch-packages] [Bug 103436] Re: sshd not reconfigured by /etc/network

Hey Perry, Perry E. Metzger [2017-03-20 13:11 -0400]: > That bug report was a decade ago. Yeah, I know :-) > So far as I know, this is still an issue for your users, because sshd > does not, on its own, change its network address when one changes > networks. I would not remove this because if

[Touch-packages] [Bug 103436] Re: sshd not reconfigured by /etc/network

I filed bug 1674330 about dropping the hack. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/103436 Title: sshd not reconfigured by /etc/network Status in openssh package

[Touch-packages] [Bug 1674330] [NEW] Please consider dropping /etc/network/if-up.d/openssh-server

Public bug reported: The /etc/network/if-up.d/openssh-server hack was introduced ten years ago [1] as a response to bug 103436. At least from today's perspective this isn't justified: I can't seem to be able to actually reproduce that issue: I can start a VM with no network interfaces, remove

[Touch-packages] [Bug 103436] Re: sshd not reconfigured by /etc/network

Perry, I just revisited this: - /etc/network/if-up.d/openssh-server hack introduces a race (you run into connection errors after bringing up a new interface as sshd stops listening briefly while being reloaded). - I can't seem to be able to actually reproduce that issue: I can start a VM with

Re: [Touch-packages] [Bug 1647031] Re:systemd-resolved’s127.0.0.53 server does not follow CNAME records

Blaisorblade [2017-03-15 15:03 -]: > Another corner case seems to be binaries linked against musl libc, since > they do not use NSS. Note that this is generally broken and cannot be supported, regardless of the DNS resolver. These binaries could also not resolve winbind host names, YP, LDAP,

[Touch-packages] [Bug 1647031] Re: systemd-resolved’s 127.0.0.53 server does not follow CNAME records

Yes, there, see "man resolved.conf". But I'd recommend a separate file to avoid changing the package-provided conffile: sudo mkdir -p /etc/systemd/resolved.conf.d printf "[Resolve]\nDNSSEC=no\n" | sudo tee /etc/systemd/resolved.conf.d/no-dnssec.conf -- You received this bug notification

[Touch-packages] [Bug 1647031] Re: systemd-resolved’s 127.0.0.53 server does not follow CNAME records

Note: We keep DNSSEC=allow-downgrade during development to collect feedback, but switch it off for stable releases (we did so in yakkety and should do so again in zesty). So if you have some trouble which is DNSSEC related, it would be good to get a debug output of resolved while it's failing to

[Touch-packages] [Bug 1647031] Re: systemd-resolved’s 127.0.0.53 server does not follow CNAME records

Fixed upstream: https://github.com/systemd/systemd/commit/e8d23f92b50a97bb3 ** Changed in: systemd (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu.

[Touch-packages] [Bug 1647485] Re: NVMe symlinks broken by devices with spaces in model or serial strings

I cherry-picked the patches into the Debian packaging branch, so that on next upload zesty can be synced again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1647485

[Touch-packages] [Bug 1649453] Re: systemd starts postfix before resolver

@Scott: https://git.launchpad.net/postfix/commit/?h=stable/v3.1=1a190cf17cc02 looks rather complicated and also creates an unmanaged config file. Why not just always add those After= to the .service? If resolved is not enabled, then After=systemd-resolved is a no-op (it's only ordering, not a

[Touch-packages] [Bug 1644330] Re: resolved: correctly handle address families with /etc/hosts lookups

The fix landed in master: https://github.com/systemd/systemd/commit/4050e04b ** Changed in: systemd (Ubuntu) Status: In Progress => Fix Committed ** Changed in: systemd (Ubuntu) Milestone: ubuntu-16.12 => None -- You received this bug notification because you are a member of Ubuntu

Re: [Touch-packages] [Bug 1642966] Re: package cups-daemon 2.1.3-4 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1

Till Kamppeter [2016-12-19 16:48 -]: > Then edit the file /lib/systemd/system/cups.path adding a line > "PartOf=cups.service" to the [Unit] section, so that the file looks like > this: > > -- > [Unit] > Description=CUPS Scheduler > PartOf=cups.service I suppose that cups.path is only

[Touch-packages] [Bug 1644330] Re: systemd-resolved assumes that /etc/hosts for one address family means it doesn't ask DNS for another

See the summary from https://github.com/systemd/systemd/pull/4808: I can't convince Lennart about falling back to DNS for IPv6 if hosts has an IPv4 entry -- if hosts has some answer, it should be considered authoritative, and we should not mix different sources for the same query. Often /etc/hosts

[Touch-packages] [Bug 1648806] Re: Arbitrary code execution through crafted CrashDB or Package/Source fields in .crash files

@Benjamin: Argh, I had to uncommit/recommit these three as the CVE numbers came in at the last minute, and apparently got the commit messages the wrong way around (meh @ not having rebase in bzr..) I did some surgery on the branch and the commit messages are correct now. When I created the fixes

[Touch-packages] [Bug 1648806] Re: Arbitrary code execution through crafted CrashDB or Package/Source fields in .crash files

New upstream release with the fixes: https://launchpad.net/apport/trunk/2.20.4 Note that Brian committed some changes to trunk in the last 1.5 hours, so we had some mid-air collection. I force-pushed trunk and will put back his commits on top. ** Changed in: apport Status: In Progress =>

[Touch-packages] [Bug 1519499] Re: Shutdown failure: Assertion 'sd_id128_randomize() >= 0' failed at ../src/core/dbus.c:657, function bus_on_connection(). Aborting.

This is likely fixed in current systemd versions already, but the recent commit https://github.com/systemd/systemd/commit/ad2706db7cce should fix the remaining traces of this. Current systemd package in https://launchpad.net/~pitti/+archive/ubuntu/systemd contains this patch, if you want to give

[Touch-packages] [Bug 1641328] Re: Ordering of mdns4_minimal and resolve in /etc/nsswitch.conf causes mDNS lookups to fail

** Tags added: resolve -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1641328 Title: Ordering of mdns4_minimal and resolve in /etc/nsswitch.conf causes mDNS lookups to

Re: [Touch-packages] [Bug 1636912] Re: systemd-networkd runs too late for cloud-init.service (net)

Ryan Harper [2016-12-06 12:54 -]: > The following change should go against systemd-networkd-wait- > online.service > > + # Ensure that DNS is working before reaching online target > + After=systemd-networkd-resolvconf-update.service For the record, this should be the other way around -- add

[Touch-packages] [Bug 1648068] Re: systemd-resolved.service hangs a long time on shutdown

Unfortunately resolvconf does not have a --no-scripts or similar option that would disable running the update.d/ hooks. One possible local workaround is to change /lib/systemd/system/systemd- resolved.service.d/resolvconf.conf from ExecStopPost=+/bin/sh -c '[ ! -e /run/resolvconf/enable-updates

[Touch-packages] [Bug 1648068] Re: systemd-resolved.service hangs a long time on shutdown

https://anonscm.debian.org/cgit/pkg- systemd/systemd.git/commit/?id=dbda116b2 ** Changed in: systemd (Ubuntu) Status: Triaged => Fix Committed ** Changed in: systemd (Ubuntu) Assignee: (unassigned) => Martin Pitt (pitti) -- You received this bug notification becau

[Touch-packages] [Bug 1647031] Re: systemd-resolved’s 127.0.0.53 server does not follow CNAME records

@Anders: ah, so you removed libnss-resolve, but manually enabled systemd-resolved.service? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1647031 Title:

[Touch-packages] [Bug 1647031] Re: systemd-resolved’s 127.0.0.53 server does not follow CNAME records

I confirm the fact that "dig @127.0.0.53 wiki.freedesktop.org" only gives the CNAME response, not the resolution of "annarchy.freedesktop.org." as well, which is sufficient to confirm the fix. But nevertheless, firefox, wget, ping etc. on wiki.freedesktop.org all work fine, but these use NSS.

[Touch-packages] [Bug 1517257] Re: apport-retrace should install and use gdb for target release

... and change the original patch to only install gdb into the sandbox if it matches the host architecture, as otherwise it'd be a waste. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu.

[Touch-packages] [Bug 1517257] Re: apport-retrace should install and use gdb for target release

Idea from sprint discussion: In apport: - Don't try to run gdb from the retracing target sandbox - Add --gdb-root argument to apport-retrace that will set PATH, LD_LIBRARY_PATH, and possibly some env var to specify the gdb plugin dir to appropriate subdirs of . Calling "gdb" should then

  1   2   3   4   5   6   7   8   9   10   >