Remove wrong dependency on initramfs-tools

Bug #1713169 reported by Steve Langasek on 2017-08-25
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned
Xenial
High
Steve Langasek

Bug Description

[SRU Justification]
In xenial and earlier, apparmor depends on initramfs-tools. In zesty and later, this dependency has been dropped, as explained in the Debian changelog for 2.9.0-3+exp1 and merged into Ubuntu in 2.10.95-4ubuntu1:

  * Drop dependency from apparmor on initramfs-tools: the early modules
    loading code that needed it was removed a while ago (Closes: #771240).

This is a wrong dependency in xenial as well, which also includes no early boot code. We should drop this dependency, to support building of images with initramfs-tools removed for systems that we know don't require an initramfs.

[Test case]
1. On a xenial default chroot/container install, try to run 'sudo apt purge initramfs-tools'.
2. Verify that this tries to remove apparmor.
3. Cancel the removal.
4. Install apparmor from xenial-proposed.
5. Run 'sudo apt purge initramfs-tools' again.
6. Verify that apparmor is not removed.

[Regression Potential]
If apparmor were somehow using initramfs-tools without it being obvious from the package contents, then removing initramfs-tools from the dependencies could in some rare corner cases cause misbehavior of the system. However, there are currently no Ubuntu images or stock system installs which do not pull in initramfs-tools by other paths (e.g. by way of the kernel packages) so this risk is minimal.

Steve Langasek (vorlon) on 2017-08-25
Changed in apparmor (Ubuntu):
status: New → Fix Released
Changed in apparmor (Ubuntu Xenial):
importance: Undecided → High
status: New → In Progress
assignee: nobody → Steve Langasek (vorlon)
Steve Langasek (vorlon) on 2017-08-25
description: updated

Hello Steve, or anyone else affected,

Accepted apparmor into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in apparmor (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-xenial
Steve Langasek (vorlon) wrote :
Download full text (3.1 KiB)

$ lxc launch ubuntu-daily:x
Creating faithful-bunny
Starting faithful-bunny
$ lxc exec faithful-bunny bash
root@faithful-bunny:~# apt purge initramfs-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  apparmor* cloud-initramfs-copymods* cloud-initramfs-dyn-netconf*
  console-setup* console-setup-linux* cryptsetup* initramfs-tools* kbd*
  liblxc1* lxc-common* lxd* mdadm* overlayroot* plymouth*
  plymouth-theme-ubuntu-text* snapd* ubuntu-core-launcher* ubuntu-minimal*
0 upgraded, 0 newly installed, 18 to remove and 0 not upgraded.
After this operation, 86.8 MB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
# apt-add-repository 'deb http://archive.ubuntu.com/ubuntu xenial-proposed main'
# apt update
[...]
# apt install apparmor
[...]
# apt-add-repository -r 'deb http://archive.ubuntu.com/ubuntu xenial-proposed main'
# apt update
[...]
# apt purge initramfs-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  binutils build-essential cpp cpp-5 dpkg-dev fakeroot g++ g++-5 gcc gcc-5
  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl
  libasan2 libatomic1 libc-dev-bin libc6-dev libcc1-0 libcilkrts5 libdpkg-perl
  libfakeroot libfile-fcntllock-perl libgcc-5-dev libgomp1 libisl15 libitm1
  liblsan0 libmpc3 libmpx0 libquadmath0 libstdc++-5-dev libtsan0 libubsan0
  linux-libc-dev make manpages-dev
Suggested packages:
  binutils-doc cpp-doc gcc-5-locales debian-keyring g++-multilib
  g++-5-multilib gcc-5-doc libstdc++6-5-dbg gcc-multilib autoconf automake
  libtool flex bison gdb gcc-doc gcc-5-multilib libgcc1-dbg libgomp1-dbg
  libitm1-dbg libatomic1-dbg libasan2-dbg liblsan0-dbg libtsan0-dbg
  libubsan0-dbg libcilkrts5-dbg libmpx0-dbg libquadmath0-dbg glibc-doc
  libstdc++-5-doc make-doc
The following packages will be REMOVED:
  cloud-initramfs-copymods* cloud-initramfs-dyn-netconf* console-setup*
  console-setup-linux* cryptsetup* initramfs-tools* kbd* mdadm* overlayroot*
  plymouth* plymouth-theme-ubuntu-text* ubuntu-minimal*
The following NEW packages will be installed:
  binutils build-essential cpp cpp-5 dpkg-dev fakeroot g++ g++-5 gcc gcc-5
  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl
  libasan2 libatomic1 libc-dev-bin libc6-dev libcc1-0 libcilkrts5 libdpkg-perl
  libfakeroot libfile-fcntllock-perl libgcc-5-dev libgomp1 libisl15 libitm1
  liblsan0 libmpc3 libmpx0 libquadmath0 libstdc++-5-dev libtsan0 libubsan0
  linux-libc-dev make manpages-dev
0 upgraded, 36 newly installed, 12 to remove and 0 not upgraded.
Need to get 38.3 MB of archives.
After this operation, 138 MB of additional disk space will be used.
Do you want to continue? [Y/n]
#

It's unclear to me why removing initramfs-tools wants to add all of these other packages, but I don't think that's anything to do with the apparmor SRU; and I can get a clean removal with no new packages installed by running

# apt purge build-essential binutils make-guile cpp make libdpkg-perl initramfs-tools

So I consider this...

Read more...

tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.10.95-0ubuntu2.7

---------------
apparmor (2.10.95-0ubuntu2.7) xenial; urgency=medium

  * Remove initramfs-tools from the dependencies; this isn't used and the
    dependency has been dropped in later releases. LP: #1713169.

 -- Steve Langasek <email address hidden> Fri, 25 Aug 2017 16:54:53 -0700

Changed in apparmor (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for apparmor has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers