Jonathan Wiltshire
2025-01-15 13:50:01 UTC
Reply
PermalinkSeverity: normal
Tags: bookworm
User: ***@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ***@packages.debian.org, team+pkg-***@tracker.debian.org, ***@tauware.de, ***@debian.org
Control: affects -1 + src:containerd
[ Reason ]
containerd in bookworm FTBFS on the buildds since unshare became the default.
[ Impact ]
Policy violation for containerd (must build on the autobuild network) and
inability to fix any other issues since it can't be built.
[ Tests ]
The issue is in a test anyway. Manual comparison of building 1.6.20~ds1-1 and
+deb12u1 verifies that the build is fixed in an sbuild unshare environment.
[ Risks ]
Low. Backports a single patch to the test suite which has been in sid for some
time (as part of 1.6.24~ds1-2).
This is effectively an NMU, package maintainers and patch author in CC - please
shout if you have any objections.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
diff -Nru containerd-1.6.20~ds1/debian/changelog containerd-1.6.20~ds1/debian/changelog
--- containerd-1.6.20~ds1/debian/changelog 2023-03-31 18:27:11.000000000 +0100
+++ containerd-1.6.20~ds1/debian/changelog 2025-01-15 12:18:21.000000000 +0000
@@ -1,3 +1,11 @@
+containerd (1.6.20~ds1-1+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * Backport 0011-allow-test-run-in-userns.patch to fix FTBFS
+ on builders with unshare (closes: #1070411)
+
+ -- Jonathan Wiltshire <***@debian.org> Wed, 15 Jan 2025 12:18:21 +0000
+
containerd (1.6.20~ds1-1) unstable; urgency=medium
* New upstream version 1.6.20~ds1
diff -Nru containerd-1.6.20~ds1/debian/patches/0011-allow-test-run-in-userns.patch containerd-1.6.20~ds1/debian/patches/0011-allow-test-run-in-userns.patch
--- containerd-1.6.20~ds1/debian/patches/0011-allow-test-run-in-userns.patch 1970-01-01 01:00:00.000000000 +0100
+++ containerd-1.6.20~ds1/debian/patches/0011-allow-test-run-in-userns.patch 2025-01-15 12:18:21.000000000 +0000
@@ -0,0 +1,29 @@
+From: Reinhard Tartler
+Description: Allow running tests with unshare(1)
+Last-Updated: 2024-06-11
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070411
+Forwarded: https://github.com/containerd/containerd/pull/10323
+
+Index: containerd/pkg/cri/server/sandbox_run_linux_test.go
+===================================================================
+--- containerd.orig/pkg/cri/server/sandbox_run_linux_test.go
++++ containerd/pkg/cri/server/sandbox_run_linux_test.go
+@@ -33,6 +33,7 @@ import (
+ "github.com/containerd/containerd/pkg/cri/annotations"
+ "github.com/containerd/containerd/pkg/cri/opts"
+ ostesting "github.com/containerd/containerd/pkg/os/testing"
++ "github.com/containerd/containerd/pkg/userns"
+ )
+
+ func getRunPodSandboxTestData() (*runtime.PodSandboxConfig, *imagespec.ImageConfig, func(*testing.T, string, *runtimespec.Spec)) {
+@@ -121,7 +122,9 @@ func TestLinuxSandboxContainerSpec(t *te
+ Type: runtimespec.IPCNamespace,
+ })
+ assert.Contains(t, spec.Linux.Sysctl["net.ipv4.ip_unprivileged_port_start"], "0")
+- assert.Contains(t, spec.Linux.Sysctl["net.ipv4.ping_group_range"], "0 2147483647")
++ if !userns.RunningInUserNS() {
++ assert.Contains(t, spec.Linux.Sysctl["net.ipv4.ping_group_range"], "0 2147483647")
++ }
+ },
+ },
+ "host namespace": {
diff -Nru containerd-1.6.20~ds1/debian/patches/series containerd-1.6.20~ds1/debian/patches/series
--- containerd-1.6.20~ds1/debian/patches/series 2023-03-31 18:27:11.000000000 +0100
+++ containerd-1.6.20~ds1/debian/patches/series 2025-01-15 12:17:38.000000000 +0000
@@ -6,3 +6,4 @@
0006-Fix-build-with-gccgo.patch
0007-cri-fix-integration-test-on-cgroupsv2-system.patch
0008-Add-Debian-specific-CNI-bin-dir-to-ctr-run-command.patch
+0011-allow-test-run-in-userns.patch