Misc fixes related to Noble updates (#1065)

To update the docker image, that we use for the integration tests, to Noble we had to fix some behaviors that changed in the new release.
ubuntu · Aug 9, 2024 · 2f9beeb · 2f9beeb
2 parents 6189bfe + 293224d
commit 2f9beeb
Show file tree

Hide file tree

Showing 13 changed files with 28 additions and 24 deletions.
diff --git a/.github/workflows/cla-check.yaml b/.github/workflows/cla-check.yaml
@@ -5,7 +5,7 @@ on:
 jobs:
   cla-check:
     name: Check if CLA is signed
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     steps:
       - name: Check if CLA signed
         uses: canonical/has-signed-canonical-cla@v1

diff --git a/.github/workflows/e2e-build-images.yaml b/.github/workflows/e2e-build-images.yaml
@@ -17,7 +17,7 @@ on:
 jobs:
   supported-releases:
     name: Build matrix for supported ADSys and Ubuntu releases
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     outputs:
       matrix: ${{ steps.set-supported-releases.outputs.matrix }}
       versions: ${{ steps.set-supported-releases.outputs.versions }}
@@ -61,7 +61,7 @@ jobs:
 
   build-template:
     name: Build VM template
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     concurrency:
       group: template-build-${{ matrix.codename }}
     needs:

diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml
@@ -25,7 +25,7 @@ on:
 jobs:
   supported-releases:
     name: Build matrix for supported ADSys and Ubuntu releases
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     outputs:
       matrix: ${{ steps.set-supported-releases.outputs.matrix }}
     steps:
@@ -77,7 +77,7 @@ jobs:
 
   tests:
     name: Tests
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     needs:
       - supported-releases
     strategy:

diff --git a/.github/workflows/patch-vendored-samba.yaml b/.github/workflows/patch-vendored-samba.yaml
@@ -14,7 +14,7 @@ env:
 jobs:
   check-for-changes:
     name: Check for changes in vendored code
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     outputs:
       changed: ${{ steps.compute-diff.outputs.changed }}
       samba-ref: ${{ steps.compute-diff.outputs.samba-ref }}
@@ -48,7 +48,7 @@ jobs:
 
   patch-vendored-code:
     name: Patch vendored code
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     needs: check-for-changes
     if: ${{ needs.check-for-changes.outputs.changed == 'true' }}
     steps:

diff --git a/.github/workflows/policy-builds.yaml b/.github/workflows/policy-builds.yaml
@@ -13,7 +13,7 @@ on:
 jobs:
   build-admxgen:
     name: Build admxgen static binary
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
@@ -33,7 +33,7 @@ jobs:
 
   supported-releases:
     name: Build matrix for supported ADSys, Ubuntu, and docker releases
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     outputs:
       matrix: ${{ steps.set-supported-releases.outputs.matrix }}
     needs: build-admxgen
@@ -80,7 +80,7 @@ jobs:
 
   collect-releases:
     name: Collect supported keys on each releases
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     needs:
       - build-admxgen
       - supported-releases
@@ -119,7 +119,7 @@ jobs:
 
   generate-ad:
     name: Merge keys to generated admx/adml
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     needs: collect-releases
     strategy:
       matrix:
@@ -165,7 +165,7 @@ jobs:
 
   generate-doc:
     name: Merge keys to generated documentation
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     needs: collect-releases
     steps:
       - name: Install needed binaries
@@ -202,7 +202,7 @@ jobs:
 
   integrate:
     name: Integrate policy changes in current git tree
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     needs:
       - generate-ad
       - generate-doc
@@ -243,7 +243,7 @@ jobs:
 
   open-issue-on-fail:
     name: Open issue on failure
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     needs: integrate
     if: ${{ failure() }}
     steps:

diff --git a/.github/workflows/qa.yaml b/.github/workflows/qa.yaml
@@ -16,7 +16,7 @@ env:
 jobs:
   sanity:
     name: Code sanity
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     steps:
       - name: Install dependencies
         run: |
@@ -43,7 +43,7 @@ jobs:
 
   tests:
     name: Tests
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5

diff --git a/.github/workflows/sync-gh-jira.yaml b/.github/workflows/sync-gh-jira.yaml
@@ -4,7 +4,7 @@ on: [issues, issue_comment]
 jobs:
   sync-issues:
     name: Sync issues to Jira
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     steps:
       - uses: canonical/sync-issues-github-jira@v1
         with:

diff --git a/.github/workflows/tics-report-daily.yaml b/.github/workflows/tics-report-daily.yaml
@@ -14,7 +14,7 @@ env:
 jobs:
   tics:
     name: TIOBE TiCS Framework
-    runs-on: ubuntu-latest
+    runs-on: ${{ vars.RUNNER }}
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5

diff --git a/cmd/adsysd/integration_tests/adsys_test.go b/cmd/adsysd/integration_tests/adsys_test.go
@@ -412,7 +412,10 @@ func runDaemons() (teardown func()) {
 		go func() {
 			defer wg.Done()
 
-			if err := os.MkdirAll(socketDir, 0750); err != nil {
+			// 24.04 introduced some polkit changes that make the daemon drop root privileges before executing. In order
+			// to be able to connect to the bus and run polkitd, we need more permissions in the socket directory.
+			//nolint:gosec
+			if err := os.MkdirAll(socketDir, 0755); err != nil {
 				log.Fatalf("Setup: can’t create %s socket directory: %v", answer, err)
 			}
 

diff --git a/cmd/adsysd/integration_tests/systemdaemons/Dockerfile b/cmd/adsysd/integration_tests/systemdaemons/Dockerfile
@@ -3,10 +3,7 @@ FROM ubuntu
 
 ENV DEBIAN_FRONTEND=noninteractive
 # we need at least dbusmock 0.25 to use systemd template
-RUN \
-   apt-get update && \
-   apt-get install -y policykit-1 dbus libglib2.0-bin python3-pip python3-gi python3-dbus && \
-   pip install python-dbusmock
+RUN apt update && apt install -y polkitd dbus libglib2.0-bin python3-gi python3-dbus python3-dbusmock
 
 COPY cmd/adsysd/integration_tests/systemdaemons/*.py /
 COPY cmd/adsysd/integration_tests/systemdaemons/run_daemons /

diff --git a/cmd/adsysd/integration_tests/systemdaemons/run_daemons b/cmd/adsysd/integration_tests/systemdaemons/run_daemons
@@ -14,7 +14,7 @@ from gi.repository import GLib
 from session_daemons import start_session_bus, run_session_mocks
 from system_daemons import start_system_bus, run_system_mocks
 
-POLKIT_PATH = "/usr/libexec/polkitd"
+POLKIT_PATH = "/usr/lib/polkit-1/polkitd"
 ADSYS_POLICY_PATH_SRC = "/usr/share/polkit-1/actions.orig/com.ubuntu.adsys.policy"
 ADSYS_POLICY_PATH_DST = "/usr/share/polkit-1/actions/com.ubuntu.adsys.policy"
 

diff --git a/debian/control b/debian/control
@@ -47,6 +47,7 @@ Recommends: ${misc:Recommends},
 Suggests: curlftpfs,
           ubuntu-proxy-manager,
           python3-cepces,
+          polkitd-pkla,
 Description: ${source:Synopsis}
  ${source:Extended-Description}
 

diff --git a/internal/ad/krb5.go b/internal/ad/krb5.go
@@ -15,6 +15,9 @@ char *get_ticket_path() {
     errno = ret;
     return NULL;
   }
+  // We need to reset the errno to 0, because krb5_init_context()
+  // can alter it,  even if it succeeds.
+  errno = 0;
 
   const char* cc_name = krb5_cc_default_name(context);
   if (cc_name == NULL) {