Backport container stack from Jammy

For now, I am not backporting the container stack to Bionic because there we do not have the minimum Golang required version to build docker.io and runc. I'll be working to sort that out soon.

It doesn't look like this was discussed when a previous SRU of the container stack was done but I think its worth bringing up now. In the description it is mentioned that this fixes some CVEs. Is the update something that should end up in the security pocket in addition to the updates pocket?

After talking to the Security team, we agreed that once the packages land in -updates they will upload a no-change rebuild to the security pocket. I'll let them know when the packages land in -updates.

The backport of golang-1.16 to bionic is happening here:

https://bugs.launchpad.net/ubuntu/+source/golang-1.16/+bug/1967425

golang-1.16 is waiting in the Bionic NEW queue, and runc/containerd/docker.io were uploaded targeting Bionic already (runc and docker.io depend on golang-1.16). So now everything is on SRU team's hands.

Hello Lucas, or anyone else affected,

Accepted containerd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/containerd/1.5.9-0ubuntu1~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted docker.io into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/docker.io/20.10.12-0ubuntu2~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

So, I'm a little confused about the https://wiki.ubuntu.com/DockerUpdates policy here, specifically when it states “The aim is to backport the .1 release of a major version…” and the upload here is for runc 1.1.0. Is the claim here that 1.1.0 vs 1.0.1 is not a major version release? Is the policy outdated?

The others look fine.

Hello Lucas, or anyone else affected,

Accepted docker.io into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/docker.io/20.10.12-0ubuntu2~21.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted containerd into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/containerd/1.5.9-0ubuntu1~21.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted docker.io (20.10.12-0ubuntu2~20.04.1) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

golang-github-fsouza-go-dockerclient/1.6.0-2 (arm64, amd64, ppc64el, s390x, armhf)
golang-github-openshift-imagebuilder/1.1.0-2 (arm64, amd64, ppc64el, s390x, armhf)
ubuntu-fan/0.12.13 (arm64, amd64, ppc64el, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#docker.io

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

In order to fix the golang-github-fsouza-go-dockerclient/1.6.0-2 and golang-github-openshift-imagebuilder/1.1.0-2 regressions, we need to make them build with Golang 1.16 instead of the default in Focal. This is needed because the DEP-8 test tries to build the code and it uses the docker.io library which relies on Golang 1.16.

Build with Golang 1.16

Thanks for the patches, Lucas.

I built the packages locally using them and everything succeeded.

LGTM, +1.

Thanks for the review Sergio. I am going to upload both packages.

According to the latest changes in the docker.io group SRU exception approved here:

https://lists.ubuntu.com/archives/ubuntu-release/2022-April/005371.html

now, .0 releases of runc and containerd are eligible for backporting. Considering that, could we now accept runc into {focal,impish}-proposed?

docker.io is blocked on focal-proposed due to an unrelated failure with ubuntu-fan, described in bug #1968387. I found a fix for the problem and uploaded the package to Focal; now we have to wait for the SRU team to review and approve it.

# containerd verification in focal-proposed and impish-proposed

## Impish

root@container-stack-verification:~/containerd# apt source containerd
Reading package lists... Done
NOTICE: 'containerd' packaging is maintained in the 'Git' version control system at:
https://github.com/tianon/debian-containerd.git -b ubuntu
Please use:
git clone https://github.com/tianon/debian-containerd.git -b ubuntu
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 7718 kB of source archives.
Get:1 http://archive.ubuntu.com/ubuntu impish-proposed/main containerd 1.5.9-0ubuntu1~21.10.1 (dsc) [2439 B]
Get:2 http://archive.ubuntu.com/ubuntu impish-proposed/main containerd 1.5.9-0ubuntu1~21.10.1 (tar) [7695 kB]
Get:3 http://archive.ubuntu.com/ubuntu impish-proposed/main containerd 1.5.9-0ubuntu1~21.10.1 (diff) [19.9 kB]
Fetched 7718 kB in 3s (2935 kB/s)
sh: 1: dpkg-source: not found
W: Download is performed unsandboxed as root as file 'containerd_1.5.9-0ubuntu1~21.10.1.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
E: Unpack command 'dpkg-source --no-check -x containerd_1.5.9-0ubuntu1~21.10.1.dsc' failed.
N: Check if the 'dpkg-dev' package is installed.
root@container-stack-verification:~/containerd# autopkgtest ./containerd_1.5.9-0ubuntu1~21.10.1.dsc -- null
autopkgtest [19:23:14]: starting date: 2022-04-13
autopkgtest [19:23:14]: version 5.16ubuntu2
autopkgtest [19:23:14]: host container-stack-verification; command line: /usr/bin/autopkgtest './containerd_1.5.9-0ubuntu1~21.10.1.dsc' -- null
autopkgtest [19:23:14]: testbed dpkg architecture: amd64
autopkgtest [19:23:14]: testbed running kernel: Linux 5.13.0-1020-kvm #21-Ubuntu SMP Thu Mar 24 20:24:53 UTC 2022
autopkgtest [19:23:14]: @@@@@@@@@@@@@@@@@@@@ source ./containerd_1.5.9-0ubuntu1~21.10.1.dsc
.......
.......
.......
autopkgtest [19:29:45]: test basic-smoke: -----------------------]
autopkgtest [19:29:45]: test basic-smoke: - - - - - - - - - - results - - - - - - - - - -
basic-smoke PASS
autopkgtest [19:29:45]: @@@@@@@@@@@@@@@@@@@@ summary
basic-smoke PASS

## Focal

root@container-stack-verification-focal:~/containerd# apt source containerd
Reading package lists... Done
NOTICE: 'containerd' packaging is maintained in the 'Git' version control system at:
https://github.com/tianon/debian-containerd.git -b ubuntu
Please use:
git clone https://github.com/tianon/debian-containerd.git -b ubuntu
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 7718 kB of source archives.
Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/main containerd 1.5.9-0ubuntu1~20.04.1 (dsc) [2439 B]
Get:2 http://archive.ubuntu.com/ubuntu focal-proposed/main containerd 1.5.9-0ubuntu1~20.04.1 (tar) [7695 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-proposed/main containerd 1.5.9-0ubuntu1~20.04.1 (diff) [19.9 kB]
Fetched 7718 kB in 3s (2587 kB/s)
sh: 1: dpkg-source: not found
W: Download is performed unsandboxed as root as file 'containerd_1.5.9-0ubuntu1~20.04.1.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
E: Unpack command 'dpkg-source --no-check -x containerd_1.5.9-0ubuntu1~20.04....

FTR runc is still waiting for approval (Focal and Impish). The SRU exception was updated to allow that.

Hello Lucas, or anyone else affected,

Accepted runc into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/runc/1.1.0-0ubuntu1~21.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted runc into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/runc/1.1.0-0ubuntu1~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted golang-github-openshift-imagebuilder into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/golang-github-openshift-imagebuilder/1.1.0-2ubuntu0.20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted golang-github-fsouza-go-dockerclient into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/golang-github-fsouza-go-dockerclient/1.6.0-2ubuntu0.20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I accepted rustc into focal-proposed and impish-proposed, along with the two golang packages.

One request though: information about golang-github-openshift-imagebuilder and golang-github-fsouza-go-dockerclient needs to be added to the bug description, as otherwise it's not clear what those uploads are for without reading all the comments. Please copy the rationale for those to the description and add a test-case. Thank you.

Thanks for accepting the remaining packages into -proposed. I updated the description as you requested, I hope that's enough. I'll be verifying runc in impish-proposed and focal-proposed.

# Verification for Impish and Focal - remaining packages

## Focal

### runc

lucas@poseidon:/tmp/test/runc-focal$ pull-lp-source runc focal
Found runc 1.1.0-0ubuntu1~20.04.1 in focal
Good signature by Lucas Kanashiro <email address hidden> (0xF823A2729883C97C)
Downloading runc_1.1.0.orig.tar.xz from archive.ubuntu.com (1.347 MiB)
Downloading runc_1.1.0-0ubuntu1~20.04.1.debian.tar.xz from archive.ubuntu.com (0.008 MiB)
dpkg-source: informação: extraindo runc em runc-1.1.0
dpkg-source: informação: desempacotando runc_1.1.0.orig.tar.xz
dpkg-source: informação: desempacotando runc_1.1.0-0ubuntu1~20.04.1.debian.tar.xz
dpkg-source: informação: using patch list from debian/patches/series
dpkg-source: informação: aplicando test--skip_TestFactoryNewTmpfs.patch
dpkg-source: informação: aplicando test--skip-fs-related-cgroups-tests.patch
lucas@poseidon:/tmp/test/runc-focal$ pull-lp-debs runc focal
Found runc 1.1.0-0ubuntu1~20.04.1 in focal
Downloading golang-github-opencontainers-runc-dev_1.1.0-0ubuntu1~20.04.1_all.deb from archive.ubuntu.com (1.070 MiB)
Downloading runc_1.1.0-0ubuntu1~20.04.1_amd64.deb from archive.ubuntu.com (3.712 MiB)
lucas@poseidon:~/work/autopkgtest$ autopkgtest -U -s --apt-pocket=proposed -B /tmp/test/runc/*.deb /tmp/test/runc/runc_1.1.0-0ubuntu1~20.04.1.dsc -- qemu @focal.cfg
autopkgtest [09:25:28]: version 5.11ubuntu1.1
autopkgtest [09:25:28]: host poseidon; command line: /usr/bin/autopkgtest -U -s --apt-pocket=proposed -B '/tmp/test/runc/golang-github-opencontainers-runc-dev_1.1.0-0ubuntu1~20.04.1_all.deb' '/tmp/test/runc/runc_1.1.0-0ubuntu1~20.04.1_amd64.deb' '/tmp/test/runc/runc_1.1.0-0ubuntu1~20.04.1.dsc' -- qemu @focal.cfg
autopkgtest [09:25:39]: @@@@@@@@@@@@@@@@@@@@ test bed setup
.......
.......
.......
autopkgtest [09:30:03]: @@@@@@@@@@@@@@@@@@@@ summary
basic-smoke PASS
command1 PASS

### golang-github-fsouza-go-dockerclient

lucas@poseidon:/tmp/test/golang-github-fsouza-go-dockerclient$ pull-lp-source golang-github-fsouza-go-dockerclient focal
Found golang-github-fsouza-go-dockerclient 1.6.0-2ubuntu0.20.04.1 in focal
Good signature by Lucas Kanashiro <email address hidden> (0xF823A2729883C97C)
Downloading golang-github-fsouza-go-dockerclient_1.6.0.orig.tar.xz from archive.ubuntu.com (0.111 MiB)
Downloading golang-github-fsouza-go-dockerclient_1.6.0-2ubuntu0.20.04.1.debian.tar.xz from archive.ubuntu.com (0.004 MiB)
dpkg-source: informação: extraindo golang-github-fsouza-go-dockerclient em golang-github-fsouza-go-dockerclient-1.6.0
dpkg-source: informação: desempacotando golang-github-fsouza-go-dockerclient_1.6.0.orig.tar.xz
dpkg-source: informação: desempacotando golang-github-fsouza-go-dockerclient_1.6.0-2ubuntu0.20.04.1.debian.tar.xz
lucas@poseidon:/tmp/test/golang-github-fsouza-go-dockerclient$ pull-lp-debs golang-github-fsouza-go-dockerclient focal
Found golang-github-fsouza-go-dockerclient 1.6.0-2ubuntu0.20.04.1 in focal
Downloading golang-github-fsouza-go-dockerclient-dev_1.6.0-2ubuntu0.20.04.1_all.deb from archive.ubuntu.com (0.115 MiB)
lucas@poseidon:~/work/autopkgtest$ autopkgtest -U -s --apt-pocket=proposed -B /tmp/test/golang-github-fsouza-go-dockerclient/*.deb /tmp/test/go...

The verification of the Stable Release Update for containerd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package containerd - 1.5.9-0ubuntu1~20.04.1

---------------
containerd (1.5.9-0ubuntu1~20.04.1) focal; urgency=medium

  * Backport version 1.5.9-0ubuntu1 from Jammy (LP: #1955413, #1960449).
    - d/rules: set GO111MODULE to off.

 -- Lucas Kanashiro <email address hidden> Wed, 09 Feb 2022 17:23:51 -0300

This bug was fixed in the package docker.io - 20.10.12-0ubuntu2~20.04.1

---------------
docker.io (20.10.12-0ubuntu2~20.04.1) focal; urgency=medium

  * Backport version 20.10.12-0ubuntu2 from Jammy (LP: #1960449).
    - d/control: b-d on golang-1.16-go instead of golang-any.
    - d/rules: build with Golang 1.16.

 -- Lucas Kanashiro <email address hidden> Thu, 10 Feb 2022 12:03:35 -0300

This bug was fixed in the package runc - 1.1.0-0ubuntu1~20.04.1

---------------
runc (1.1.0-0ubuntu1~20.04.1) focal; urgency=medium

  * Backport version 1.1.0-0ubuntu1 from Jammy (LP: #1960449).
    - d/control: b-d on golang-1.16-go instead of golang-any.
    - d/rules: build with Golang 1.16.

 -- Lucas Kanashiro <email address hidden> Wed, 09 Feb 2022 18:00:30 -0300

This bug was fixed in the package containerd - 1.5.9-0ubuntu1~21.10.1

---------------
containerd (1.5.9-0ubuntu1~21.10.1) impish; urgency=medium

  * Backport version 1.5.9-0ubuntu1 from Jammy (LP: #1955413, #1960449).

 -- Lucas Kanashiro <email address hidden> Wed, 09 Feb 2022 17:15:51 -0300

This bug was fixed in the package docker.io - 20.10.12-0ubuntu2~21.10.1

---------------
docker.io (20.10.12-0ubuntu2~21.10.1) impish; urgency=medium

  * Backport version 20.10.12-0ubuntu2 from Jammy (LP: #1960449).

 -- Lucas Kanashiro <email address hidden> Thu, 10 Feb 2022 11:49:06 -0300

This bug was fixed in the package runc - 1.1.0-0ubuntu1~21.10.1

---------------
runc (1.1.0-0ubuntu1~21.10.1) impish; urgency=medium

  * Backport version 1.1.0-ubuntu1 from Jammy (LP: #1960449).

 -- Lucas Kanashiro <email address hidden> Wed, 09 Feb 2022 17:55:38 -0300

This bug was fixed in the package golang-github-fsouza-go-dockerclient - 1.6.0-2ubuntu0.20.04.1

---------------
golang-github-fsouza-go-dockerclient (1.6.0-2ubuntu0.20.04.1) focal; urgency=medium

  * Build with Golang 1.16 (LP: #1960449).
    - d/control: b-d on golang-1.16-go instead of golang-any.
    - d/rules: add Golang 1.16 to $PATH since it is not the default.

 -- Lucas Kanashiro <email address hidden> Wed, 06 Apr 2022 16:21:37 -0300

This bug was fixed in the package golang-github-openshift-imagebuilder - 1.1.0-2ubuntu0.20.04.1

---------------
golang-github-openshift-imagebuilder (1.1.0-2ubuntu0.20.04.1) focal; urgency=medium

  * Build with Golang 1.16 (LP: #1960449).
    - d/control: b-d on golang-1.16-go instead of golang-any.
    - d/rules: add Golang 1.16 to $PATH since it is not the default.

 -- Lucas Kanashiro <email address hidden> Wed, 06 Apr 2022 16:05:04 -0300

Hello Lucas, or anyone else affected,

Accepted golang-1.16 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/golang-1.16/1.16.2-0ubuntu1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

The fix for this bug has been awaiting testing feedback in the -proposed repository for bionic for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

golang-1.16 has been blocked in bionic-proposed because it FTBFS in i386, this issue has been tracked in this other bug:

https://bugs.launchpad.net/ubuntu/+source/golang-1.16/+bug/1983742

We were waiting the fix to get accepted to actually move on with the other SRU steps.

Anyway, the validation was done below:

root@golang-116-verification:~# dpkg -l golang-1.16-go
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============================================-============================-============================-==================================================================================================
ii golang-1.16-go 1.16.2-0ubuntu1~18.04.1 amd64 Go programming language compiler, linker, compiled stdlib
root@golang-116-verification:~# PATH=/usr/lib/go-1.16/bin:$PATH
root@golang-116-verification:~# go version
go version go1.16.2 linux/amd64
root@golang-116-verification:~# cat <<EOF >trivial.go
> package main
> func main() {}
> EOF
root@golang-116-verification:~# go run trivial.go
root@golang-116-verification:~# echo $?
0
root@golang-116-verification:~# cat <<EOF >trivialcgo.go
> package main
> import "C"
> func main() {}
> EOF
root@golang-116-verification:~# go run trivialcgo.go
root@golang-116-verification:~# echo $?
0

The runc build log is attached.

Hello Lucas, or anyone else affected,

Accepted golang-1.16 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/golang-1.16/1.16.2-0ubuntu1~18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

# Verification in a Bionic container with -proposed enabled

root@golang116-verification:~# dpkg -l | grep golang-1.16
ii golang-1.16-go 1.16.2-0ubuntu1~18.04.2 amd64 Go programming language compiler, linker, compiled stdlib
ii golang-1.16-src 1.16.2-0ubuntu1~18.04.2 amd64 Go programming language - source files
root@golang116-verification:~# PATH=/usr/lib/go-1.16/bin:$PATH
root@golang116-verification:~# go version
go version go1.16.2 linux/amd64
root@golang116-verification:~# cat <<EOF >trivial.go
> package main
> func main() {}
> EOF
root@golang116-verification:~# go run trivial.go
root@golang116-verification:~# echo $?
0
root@golang116-verification:~# cat <<EOF >trivialcgo.go
> package main
> import "C"
> func main() {}
> EOF
root@golang116-verification:~# go run trivialcgo.go
root@golang116-verification:~# echo $?
0

Hello Lucas, or anyone else affected,

Accepted runc into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/runc/1.1.0-0ubuntu1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted docker.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/docker.io/20.10.12-0ubuntu2~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted containerd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/containerd/1.5.9-0ubuntu1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted docker.io (20.10.12-0ubuntu2~18.04.1) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

docker.io/20.10.12-0ubuntu2~18.04.1 (amd64, i386, s390x, ppc64el, arm64)
ubuntu-fan/0.12.10 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#docker.io

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

runc FTBFSes in ppc64el because go-md2man is segfaulting (only ppc64el in bionic):

# apt policy go-md2man
go-md2man:
  Installed: 1.0.6+git20170603.6.23709d0+ds-1
  Candidate: 1.0.6+git20170603.6.23709d0+ds-1
  Version table:
 *** 1.0.6+git20170603.6.23709d0+ds-1 500
        500 http://us.ports.ubuntu.com/ubuntu-ports bionic/universe ppc64el Packages
        100 /var/lib/dpkg/status
# go-md2man --help
Segmentation fault (core dumped)

A simple rebuild of the package (debdiff attached) fixed this issue, and therefore the runc FTBFS in bionic, it can be seen in the PPA below:

https://launchpad.net/~lucaskanashiro/+archive/ubuntu/container-stack

The same commands above with the rebuilt version:

# apt policy go-md2man
go-md2man:
  Installed: 1.0.6+git20170603.6.23709d0+ds-1+b1~ppa1
  Candidate: 1.0.6+git20170603.6.23709d0+ds-1+b1~ppa1
  Version table:
 *** 1.0.6+git20170603.6.23709d0+ds-1+b1~ppa1 500
        500 http://ppa.launchpad.net/lucaskanashiro/container-stack/ubuntu bionic/main ppc64el Packages
        100 /var/lib/dpkg/status
     1.0.6+git20170603.6.23709d0+ds-1 500
        500 http://us.ports.ubuntu.com/ubuntu-ports bionic/universe ppc64el Packages
# go-md2man --help
Usage of go-md2man:
  -in string
     Path to file to be processed (default: stdin)
  -out string
     Path to output processed file (default: stdout)

The docker.io regression is caused by this bug:

https://bugs.launchpad.net/ubuntu/+source/debian-archive-keyring/+bug/1994013

These are my considerations for go-md2man:
- it's a rebuild for all arches, even though only ppc64el needs it. I don't see a way to only rebuild it for one arch, maybe an AA would be able to do it, but only if extraordinary circumstances warranted it I guess.
- the versioning is going from -1 to -1build1. I talked with the security team and they would have used 1ubuntu0.1, even though no change is being made, but this is because of their tooling. 1build0.1 would have been a bit better, but in this case 1build1 is fine, as no other ubuntu release is expected to get this same version and the upgrade path is safe.
- since golang uses mostly static linking, I wondered if bringing in a new build-dep after the other packages were rebuilt would be an issue. In this case, go-md2man produces a binary that is used by other packages to produce manpages, and not a library or module that is linked, so it's fine.
- the rebuild is to fix an FTBFS, which on its own usually does not warrant an SRU[1], but is allowed together with another bugfix. In this case, the rebuild is the fix at the same time, so it's fine. I was wondering if it needed a separate bug, though, but we have the case already of other packages being mentioned in this bug (the two golang-github-* ones).
- I also checked that the rebuild of go-md2man did NOT use the new backported golang 1.16, which is expected as the new golang-1.16 is not changing the default version of golang that is used in bionic.
- I also did a quick check that the output of go-md2man on an unaffected architecture (amd64) didn't change when rendering the same md document into a manpage, after the rebuild (sanity check).

1. https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases

Hello Lucas, or anyone else affected,

Accepted go-md2man into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/go-md2man/1.0.6+git20170603.6.23709d0+ds-1build1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Marking main task of go-md2man invalid, as only bionic (correctly tasked) is affected.

I was able to reproduce the go-md2man issue in a bionic ppc64el VM.

# go-md2man --help
Segmentation fault (core dumped)

I then upgraded the package to the version available in proposed, which fixes the issue for me.

# go-md2man --help
Usage of go-md2man:
  -in string
     Path to file to be processed (default: stdin)
  -out string
     Path to output processed file (default: stdout)

Thanks!

Regarding debian-archive-keyring, here are some options I can think of, in no particular order:

a) change the DEP8 test to deploy oldoldstable. That currently works with the key in bionic. oldstable and stable do not.

b) embed the new debian key in the dep8 test, and keep deploying stable. This will probably raise some eyebrows

c) SRU debian-archive-keyring. I think that is too intrusive, and could bring unknowns into the picture. For example, are old keys deprecated/revoked/expired in the new package? I did a quick test and oldoldstable can still be deployed with the new debian-archive-keyring package, but without knowing more how this keyring package is maintained and updated (the rules governing that), I would think this is riskier. That being said, it's a fact that debootstrap of debian stable currently doesn't work in bionic, and it's good we have a separate bug for it. The discussion can continue there.

d) accept that this DEP8 test as is won't pass, flag it as such, do a manual test run on the side to confirm that it passes once the new debian-archive-keyring package is installed, and call it good.

### go-md2man

Verify if in amd64 the new binary also generates the same manpage as before:

root@go-md2man-test:~# wget https://github.com/cpuguy83/go-md2man/raw/master/go-md2man.1.md
--2022-11-04 11:10:35-- https://github.com/cpuguy83/go-md2man/raw/master/go-md2man.1.md
Resolving github.com (github.com)... 140.82.121.4
Connecting to github.com (github.com)|140.82.121.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/cpuguy83/go-md2man/master/go-md2man.1.md [following]
--2022-11-04 11:10:35-- https://raw.githubusercontent.com/cpuguy83/go-md2man/master/go-md2man.1.md
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.110.133, 185.199.109.133, 185.199.111.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 668 [text/plain]
Saving to: ‘go-md2man.1.md’

go-md2man.1.md 100%[===================>] 668 --.-KB/s in 0s

2022-11-04 11:10:36 (11.1 MB/s) - ‘go-md2man.1.md’ saved [668/668]

root@go-md2man-test:~# apt policy go-md2man
go-md2man:
  Installed: 1.0.6+git20170603.6.23709d0+ds-1
  Candidate: 1.0.6+git20170603.6.23709d0+ds-1
  Version table:
 *** 1.0.6+git20170603.6.23709d0+ds-1 500
        500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
        100 /var/lib/dpkg/status
root@go-md2man-test:~# go-md2man -in=go-md2man.1.md -out=go-md2man.1.out

[... installed go-md2man from bionic-proposed ...]

root@go-md2man-test:~# apt policy go-md2man
go-md2man:
  Installed: 1.0.6+git20170603.6.23709d0+ds-1build1
  Candidate: 1.0.6+git20170603.6.23709d0+ds-1build1
  Version table:
 *** 1.0.6+git20170603.6.23709d0+ds-1build1 500
        500 http://archive.ubuntu.com/ubuntu bionic-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     1.0.6+git20170603.6.23709d0+ds-1 500
        500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
root@go-md2man-test:~# go-md2man -in=go-md2man.1.md -out=go-md2man.1.out.2
root@go-md2man-test:~# diff go-md2man.1.out go-md2man.1.out.2
root@go-md2man-test:~# echo $?
0

I did run docker.io basic-smoke test in bionic with debian-archive-keyring from Focal and it passed as expected, so the feature is working fine, the only issue is the keyring.

As discussed with Andreas and Robie, we will be adding a hint to ignore this test for this upload, and I staged a change in the git repository to fix it for the next upload:

https://github.com/tianon/debian-docker/commit/0677de09383f58ddde5f0598934c2354dbc8b4fe

The fix is basically to change to debootstrap bionic instead of debian stable in uploads targeting bionic.

Sorry about the question, but how does a commit to that github repository trickle down all the way to a future ubuntu bionic sru of docker.io?

The docker.io package has been maintained in that Github repository for a while, all the updates go through there. Next time an update targeting Bionic is required it will be prepared on top of the bionic branch of the mentioned repo, therefore, the changes in the test will be included. Does that answer your question?

MP to badtest docker.io in bionic at this specific version:

https://code.launchpad.net/~ubuntu-release/britney/+git/hints-ubuntu/+merge/432640

Thanks for filing the hint for docker.io Andreas.

I did verify runc and containerd against bionic-proposed:

## runc

autopkgtest [12:09:14]: @@@@@@@@@@@@@@@@@@@@ summary
basic-smoke PASS
command1 PASS

## containerd

autopkgtest [12:13:16]: @@@@@@@@@@@@@@@@@@@@ summary
basic-smoke PASS

So DEP-8 tests of both of them are still passing.

This bug was fixed in the package go-md2man - 1.0.6+git20170603.6.23709d0+ds-1build1

---------------
go-md2man (1.0.6+git20170603.6.23709d0+ds-1build1) bionic; urgency=medium

  * No changes rebuild to fix segfault and runc build in ppc64el (LP: #1960449).

 -- Lucas Kanashiro <email address hidden> Tue, 01 Nov 2022 12:39:14 -0300

This bug was fixed in the package docker.io - 20.10.12-0ubuntu2~18.04.1

---------------
docker.io (20.10.12-0ubuntu2~18.04.1) bionic; urgency=medium

  * Backport version 20.10.12-0ubuntu2 from Jammy (LP: #1960449).
    - Build with Golang 1.16.
      + d/control: b-d on golang-1.16-go instead of golang-any.
      + d/rules: build with Golang 1.16.
    - d/control: do not b-d on libbtrfs-dev, it is not available in Bionic

 -- Lucas Kanashiro <email address hidden> Mon, 04 Apr 2022 17:53:56 -0300

This bug was fixed in the package runc - 1.1.0-0ubuntu1~18.04.1

---------------
runc (1.1.0-0ubuntu1~18.04.1) bionic; urgency=medium

  * Backport version 1.1.0-0ubuntu1 from Jammy (LP: #1960449).
    - Build with Golang 1.16
      + d/control: b-d on golang-1.16-go instead of golang-any.
      + d/rules: add Golang 1.16 to $PATH.
    - d/rules: set GO111MODULE to off, to avoid Internet connection during the
      build.
    - d/rules: set GOCACHE to build directory.

 -- Lucas Kanashiro <email address hidden> Thu, 31 Mar 2022 16:03:03 -0300

This bug was fixed in the package golang-1.16 - 1.16.2-0ubuntu1~18.04.2

---------------
golang-1.16 (1.16.2-0ubuntu1~18.04.2) bionic; urgency=medium

  * d/helpers/goenv.sh: Don't set GO386 when building on i386.
    (LP: #1983742)
  * d/control{,.in}: Make golang-X.Y-go depend on sse2-support on
    i386.

golang-1.16 (1.16.2-0ubuntu1~18.04.1) bionic; urgency=medium

  * Backport to Bionic (LP: #1967425, #1960449).
    - Downgrade debhelper to compat level 11.
    - Remove Breaks: dh-golang (<< 1.43~).
      dh-golang/1.34.2 is available in Bionic. If you need any feature from
      newer dh-golang please try to implement it directly in the affected
      package. As reference take a look at LP #1967425.

 -- Sergio Durigan Junior <email address hidden> Fri, 05 Aug 2022 23:26:55 -0400

This bug was fixed in the package containerd - 1.5.9-0ubuntu1~18.04.1

---------------
containerd (1.5.9-0ubuntu1~18.04.1) bionic; urgency=medium

  * Backport version 1.5.9-0ubuntu1 from Jammy (LP: #1955413, #1960449).
    - d/control: do not b-d on libbtrfs-dev, it is not available in Bionic.
    - d/control: b-d on golang-1.13-go instead of golang-go.
    - d/rules: set GO111MODULE to off, to avoid Internet connection during the
      build.

 -- Lucas Kanashiro <email address hidden> Wed, 09 Feb 2022 17:38:58 -0300