Bionic dep8 tests are failing
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| iptables (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Bionic |
Fix Released
|
Undecided
|
Andreas Hasenack | ||
Bug Description
[ Impact ]
This bug does not affect users directly, but it's a problem everytime iptables is SRUed to Bionic. We could hint the DEP8 tests, in which case they would all be ignored (uncluding the ones that actually work), or fix it. By itself, fixing DEP8 is not worth an SRU, but since we are fixing a segfault (in #1992454), we can ship the DEP8 fixes with it and make future SRUs easier and of better quality (since the tests now run correctly).
The actual fixes are two:
- since many iptables commands exit non-zero when the help parameter is given (-h/--help), instead of relying on that, we grep the output. Since bash's pipefail option is not set, it's the grep exit status that will be checked.
- the iptables-
Later versions of iptables have either flipped the exit status of the -h option (but not for all commands, annoyingly), so this fix is not needed after bionic. In other cases, the problematic test was just removed from d/t/control.
[ Test Plan ]
Verify in the autopkgtest report that the DEP8 tests ran and are all green.
[ Where problems could occur ]
This is fixing the existing DEP8 tests, which have been red for bionic since ever. If the fix fails, the tests will remain red, so no change.
I'm assuming that the test goal of the multiple calls to iptables binaries with just the "-h/--help" option is to see if they run and don't crash. This is now being wrapped by a grep filter. If the iptables binary crashes, but still produces the expected help output, then it will be considered a green run, even though there was a problem.
[ Other Info ]
This fix is being included in the same upload as bug #1992454.
[ Original Description]
The Bionic DEP8 tests for iptables are in bad shape[1], even in the migration-
There are two types of failures:
a) some commands have an exit status of 1 when called with the -h (for help) option, which is what some tests do
b) iptables-
I'll propose:
a) grep the help output instead of relying on the exit status
b) call the command with the -d (dump) option. That doesn't exit 0 in the success case, and actually dumps data when there are tables to do so
1. https:/
| Changed in iptables (Ubuntu Bionic): | |
| status: | New → In Progress |
| assignee: | nobody → Andreas Hasenack (ahasenack) |
| Changed in iptables (Ubuntu): | |
| assignee: | Andreas Hasenack (ahasenack) → nobody |
| status: | In Progress → Fix Released |
| tags: | added: server-todo |
| description: | updated |
| description: | updated |
| description: | updated |
| description: | updated |
| description: | updated |
| Timo Aaltonen (tjaalton) wrote Please test proposed package | #1 |
| Changed in iptables (Ubuntu Bionic): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed verification-needed-bionic |
| Andreas Hasenack (ahasenack) wrote | #2 |
| tags: |
added: verification-done-bionic removed: verification-needed-bionic |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in iptables (Ubuntu Bionic): | |
| status: | Fix Committed → Fix Released |
| Brian Murray (brian-murray) wrote Update Released | #4 |
Hello Andreas, or anyone else affected,
Accepted iptables into bionic-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.