Ubuntu
isc-kea package

Sync isc-kea from Debian unstable for mantic

Bug #2018075 reported by Bryce Harrington
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
isc-kea (Ubuntu)
Fix Released
Undecided
Athos Ribeiro
Ubuntu ubuntu-23.07

Bug Description

Upstream: tbd
Debian: 2.2.0-6 2.2.0-7
Ubuntu: 2.2.0-5ubuntu4

Debian new has 2.2.0-7, which may be available for merge soon.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

isc-kea (2.2.0-6) unstable; urgency=medium

  [ Andreas Hasenack ]
  * apparmor: use the apparmor nameservice abstraction.
    Use the apparmor nameservice abstraction instead of hand-picked rules.
    (Closes: #1033640, #1033639)

 -- Paride Legovini <email address hidden> Mon, 03 Apr 2023 12:48:28 +0200

isc-kea (2.2.0-5) unstable; urgency=medium

  [ Paride Legovini ]
  * d/control: update to Standards-Version 4.6.2, no changes needed

  [ Andreas Hasenack ]
  * d/t/kea-dhcp4.conf.template: retry opening a socket. Sometimes the
    `keabr0` bridge used in the DEP8 test takes a while to become ready, and
    kea-dhcp4 fails to open a socket on it. Add configuration options to
    kea-dhcp4 to retry opening the socket a few times before giving up.
    (LP: #2008932)

 -- Athos Ribeiro <email address hidden> Thu, 02 Mar 2023 14:00:17 -0300

isc-kea (2.2.0-4) unstable; urgency=medium

  [ Athos Ribeiro ]
  * d/rules: use MathJax from libjs-mathjax instead loading from external CDN

  [ Andreas Hasenack ]
  * d/t/kea-dhcp4: make the test more robust
    - increase dhclient timeout to 60s, and run in verbose mode
    - show logs in the case of failure
    - set +e inside the cleanup handler
    - fix resolv.conf regexp

 -- Athos Ribeiro <email address hidden> Mon, 27 Feb 2023 14:58:26 -0300

isc-kea (2.2.0-3) unstable; urgency=medium

  [ Andreas Hasenack ]
  * Add apparmor profiles.
    - d/control: add build-depends on dh-apparmor
    - d/usr.sbin.kea-*: add the profiles
    - d/kea-*.install: install the profiles
    - d/rules: use dh_apparmor to enable the profiles
  * d/tests: Add DEP8 test for kea-dhcp4

 -- Paride Legovini <email address hidden> Fri, 17 Feb 2023 19:59:43 +0100

isc-kea (2.2.0-2) unstable; urgency=medium

  [ Athos Ribeiro ]
  * d/tests: add simple DEP8 smoke tests
  * Set default control sockets location to /run/kea (Closes: #1014929)
    (LP: #1863100)

  [ Paride Legovini ]
  * d/control: drop dependency on lsb-base (obsolete)
  * d/salsa-ci.yml: enable the autopkgtest job
  * d/kea-common.*:
    - Do not install keactrl. The keactrl script is not systemd-aware and not
      installed by the upstream .deb packages. Remove it from the Debian
      packaging
    - Leave handling of /var/*/kea directories to systemd. No need to create
      them in packaging as the systemd units will automatically create them
      with the right ownership and permissions
  * d/*.service:
    - Do not set KEA_LOGGER_DESTINATION. The variable is meant to tell the
      daemons where to log *before* their config files are loaded. If unset
      the default is stdout, which works well with systemd
    - Do not set KEA_PIDFILE_DIR. What we set it to corresponds to the
      defaults. The documentation says that KEA_PIDFILE_DIR 'is intended
      primarily for testing'
  * d/rules: use the systemd journal for logging (Closes: #1016747)
    (LP: #2006522)
  * d/kea-doc.README.Debian: document how logging is done by default
  * d/tests/smoke-tests: check location of PID and lock files

 -- Athos Ribeiro <email address hidden> Tue, 14 Feb 2023 11:24:58 -0300

isc-kea (2.2.0-1) unstable; urgency=medium

  * New upstream version 2.2.0.
    Thanks to Daniel Baumann (Closes: #1016109)
  * debian/patches:
    - 0002-kea_admin_fix.patch: refresh patch
    - 0007-keyctrl-colored-ddns-status.patch: drop patch (fixed upstream)
    - 0009-disable-database-tests.patch: refresh patch
    - 0010-build-libco-when-gtest-is-not-enabled: drop patch (fixed upstream)
    - 0011-sphinx-set-language.patch: drop patch (fixed upstream)
  * d/kea-doc.doc-base: register documentation to doc-base
  * Lintian overrides:
    - *.lintian-overrides: adapt to 'pointed hints' syntax
    - kea-admin.l-o: bash-term-in-posix-shell (false positives)
    - d/kea-doc.l-o: add overrides for sphinx installed fonts.
      + font-in-non-font-package [usr/share/doc/kea/html/_static/fonts/*]
      + font-outside-font-dir [usr/share/doc/kea/html/_static/fonts/*]
  * d/copyright: remove file patterns made unnecessary by new release
  * d/salsa-ci.yml: add salsa CI

### Old Ubuntu Delta ###

isc-kea (2.2.0-5ubuntu4) lunar; urgency=medium

  * d/usr.sbin.kea-*: use the apparmor nameservice abstraction instead
    of hand-picked rules (LP: #2013539)

 -- Andreas Hasenack <email address hidden> Sat, 01 Apr 2023 13:30:25 -0300

isc-kea (2.2.0-5ubuntu3) lunar; urgency=medium

  * d/t/control: allow-stderr for the kea-ctrl-agent-debconf DEP8 test
    which produces stderr error messages on armhf due to apparmor not
    working in the DEP8 runners for that particular architecture
    (LP: #2014366)

 -- Andreas Hasenack <email address hidden> Fri, 31 Mar 2023 21:24:53 -0300

isc-kea (2.2.0-5ubuntu2) lunar; urgency=medium

  * d/NEWS: update with noteworthy changes (LP: #2007313)
  * Restrict access to the default RESTful API on 127.0.0.1:8000 to
    authenticated users (LP: #2007312):
    - d/kea-ctrl-agent.templates, d/po/POTFILES.in, d/po/templates.pot:
      debconf templates
    - d/control: debconf build-deps
    - d/kea-ctrl-agent.postinst: handle kea-api password creation
    - d/kea-ctrl-agent.config: prepare debconf questions
    - d/kea-ctrl-agent.postrm: purge api password file
    - d/p/0011-kea-ctrl-agent-authentication.patch: set kea-ctrl-agent
      up to require a password. The actual password is setup in
      maintainerscripts, and/or asked to the user via debconf.
    - d/t/kea-ctrl-agent.service: require a non-empty kea api password
      file
    - d/t/control, d/t/kea-ctrl-agent-debconf: test debconf options
    - d/t/smoke-tests, d/t/kea-dhcp4: support kea-ctrl-agent
      authentication

 -- Andreas Hasenack <email address hidden> Fri, 24 Mar 2023 20:13:26 -0300

isc-kea (2.2.0-5ubuntu1) lunar; urgency=medium

  * d/rules: add strict shlibs control file. kea-common ships 22 different
    shared libraries. Since they are written in C++, we ship a strict shlibs
    file instead of maintaining a bloated symbols file.

 -- Athos Ribeiro <email address hidden> Fri, 10 Mar 2023 14:52:18 -0300

Bryce Harrington (bryce)
Changed in isc-kea (Ubuntu):
milestone: none → ubuntu-23.06
Athos Ribeiro (athos-ribeiro)
Changed in isc-kea (Ubuntu):
assignee: nobody → Athos Ribeiro (athos-ribeiro)
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

The new debian releases introduced part of our Delta. Let's wait a little longer so all of our delta is merged. Then we can potentially sync this package.

Namely, we want to have the changes in experimental pulled into unstable (shlibs file changes) and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033367 acked by the debian security team.

Otherwise, we can merge this by the end of the cycle to reduce the delta (although nothing new will be pulled in given the state of the debian package atm).

Changed in isc-kea (Ubuntu):
milestone: ubuntu-23.06 → ubuntu-23.07
Revision history for this message
Andreas Hasenack (ahasenack) wrote (last edit ):

Heads up: a new upstream stable version was just announced:

https://downloads.isc.org/isc/kea/2.4.0/Kea-2.4.0-ReleaseNotes.txt

https://www.isc.org/blogs/kea-2-4-0/

Athos Ribeiro (athos-ribeiro)
Changed in isc-kea (Ubuntu):
status: New → In Progress
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Thanks, Andreas.

2.2.0 is supported until July 2024.

I believe we can stick to 2.2.0 for 23.10. Still, we should start moving towards 2.4.0 soon, to avoid any issues for the next LTS cycle.

Since we are working with Debian on kea, we can start helping to prepare 2.4.0 after 2.2.0-7 syncs in.

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

All of our delta has been forwarded to Debian and released in Debian unstable. We can now sync this one.

summary: - Merge isc-kea from Debian unstable for mantic
+ Sync isc-kea from Debian unstable for mantic
tags: added: needs-sync
removed: needs-merge
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :
Download full text (4.2 KiB)

This is the current diff between the packages in mantic and unstable:

$ git show pkg/ubuntu/devel:debian/changelog | head -n1
isc-kea (2.2.0-5ubuntu4) lunar; urgency=medium
$ git show pkg/debian/sid:debian/changelog | head -n1
isc-kea (2.2.0-8) unstable; urgency=medium

$ git diff -U1 pkg/ubuntu/devel..pkg/debian/sid -- . ':!debian/changelog'
diff --git a/debian/NEWS b/debian/NEWS
index f7dc227..ad1bd54 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,2 +1,2 @@
-isc-kea (2.2.0-5ubuntu2) lunar; urgency=medium
+isc-kea (2.2.0-8) unstable; urgency=medium

diff --git a/debian/control b/debian/control
index cc15dc3..163139a 100644
--- a/debian/control
+++ b/debian/control
@@ -3,4 +3,3 @@ Section: net
 Priority: optional
-Maintainer: Ubuntu Developers <email address hidden>
-XSBC-Original-Maintainer: Kea <email address hidden>
+Maintainer: Kea <email address hidden>
 Uploaders:
diff --git a/debian/rules b/debian/rules
index 60d2474..63e52ef 100755
--- a/debian/rules
+++ b/debian/rules
@@ -61,4 +61,8 @@ execute_after_dh_auto_install:

+# Since we do not maintain a symbols file for the libraries shipped in
+# kea-common, make the shlibs control file more strict, generating dependencies
+# such as "libkea-util 52 kea-common (= 2.2.0-5)" instead of the less strict
+# "libkea-util 52 kea-common (>= 2.2.0)".
 override_dh_makeshlibs:
- dh_makeshlibs -pkea-common -V"kea-common (= $(DEB_VERSION))"
+ dh_makeshlibs -pkea-common -V'kea-common (= ${DEB_VERSION})'
        dh_makeshlibs -Nkea-common

This should that all of our delta has been forwarded to Debian. The shlibs change in debian contain some contents with more context and changed double quotes for simple quotes. Both were done to address review comments when forwarding the patches.

The double/single quotes change has no effect on the final shlibs file:

$ diff <(dpkg-deb --ctrl-tarfile kea-common_2.2.0-5ubuntu4_amd64.deb | tar -Ox ./shlibs) <(dpkg-deb --ctrl-tarfile kea-common_2.2.0-8_amd64.deb | tar -Ox ./shlibs)
1,22c1,22
< libkea-asiodns 24 kea-common (= 2.2.0-5ubuntu4)
< libkea-asiolink 40 kea-common (= 2.2.0-5ubuntu4)
< libkea-cc 39 kea-common (= 2.2.0-5ubuntu4)
< libkea-cfgclient 36 kea-common (= 2.2.0-5ubuntu4)
< libkea-cryptolink 28 kea-common (= 2.2.0-5ubuntu4)
< libkea-d2srv 16 kea-common (= 2.2.0-5ubuntu4)
< libkea-database 35 kea-common (= 2.2.0-5ubuntu4)
< libkea-dhcp++ 54 kea-common (= 2.2.0-5ubuntu4)
< libkea-dhcp_ddns 29 kea-common (= 2.2.0-5ubuntu4)
< libkea-dhcpsrv 69 kea-common (= 2.2.0-5ubuntu4)
< libkea-dns++ 30 kea-common (= 2.2.0-5ubuntu4)
< libkea-eval 39 kea-common (= 2.2.0-5ubuntu4)
< libkea-exceptions 13 kea-common (= 2.2.0-5ubuntu4)
< libkea-hooks 57 kea-common (= 2.2.0-5ubuntu4)
< libkea-http 42 kea-common (= 2.2.0-5ubuntu4)
< libkea-log 35 kea-common (= 2.2.0-5ubuntu4)
< libkea-mysql 38 kea-common (= 2.2.0-5ubuntu4)
< libkea-pgsql 36 kea-common (= 2.2.0-5ubuntu4)
< libkea-process 40 kea-common (= 2.2.0-5ubuntu4)
< libkea-stats 18 kea-common (= 2.2.0-5ubuntu4)
< libkea-util-io 0 kea-common (= 2.2.0-5ubuntu4)
< libkea-util 52 kea-common (= 2.2.0-5ubuntu4)
---
> libkea-asiodns 24 kea-common (= 2.2.0-8)
> libkea-asiolink 40 kea...

Read more...

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Agreed, Athos. +1

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

This bug was fixed in the package isc-kea - 2.2.0-8

---------------
isc-kea (2.2.0-8) unstable; urgency=medium

  [ Athos Ribeiro ]
  * d/rules: add strict shlibs control file

  [ Andreas Hasenack ]
  * Restrict access to the default RESTful API on 127.0.0.1:8000 to
    authenticated users (Closes: #1033367) (LP #2007312):
    - Add debconf templates to restrict API access
    - d/control: add debconf build-deps
    - d/kea-ctrl-agent.postinst: handle kea-api password creation
    - d/kea-ctrl-agent.config: prepare debconf questions
    - d/kea-ctrl-agent.postrm: purge api password file
    - d/p/0011-kea-ctrl-agent-authentication.patch
    - d/t/kea-ctrl-agent.service: require a non-empty kea api password file
    - d/t/control, d/t/kea-ctrl-agent-debconf: test debconf options
    - d/t/smoke-tests, d/t/kea-dhcp4: support kea-ctrl-agent authentication
  * d/NEWS: update with noteworthy changes

 -- Athos Ribeiro <email address hidden> Tue, 04 Jul 2023 10:40:32 -0300

isc-kea (2.2.0-6) unstable; urgency=medium

  [ Andreas Hasenack ]
  * apparmor: use the apparmor nameservice abstraction.
    Use the apparmor nameservice abstraction instead of hand-picked rules.
    (Closes: #1033640, #1033639)

 -- Paride Legovini <email address hidden> Mon, 03 Apr 2023 12:48:28 +0200

Changed in isc-kea (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.