FTBFS due to conflict with vendored source in docker.io

Bug #1946376 reported by Dan Bungert
This bug affects 1 person
Affects Status Importance Assigned to Milestone
crowdsec (Ubuntu)
Fix Released
docker.io (Ubuntu)
Fix Released
Lucas Kanashiro
golang-github-containers-buildah (Ubuntu)
golang-github-containers-common (Ubuntu)
golang-github-containers-image (Ubuntu)
golang-github-crowdsecurity-go-cs-bouncer (Ubuntu)
golang-github-fsouza-go-dockerclient (Ubuntu)
golang-github-openshift-imagebuilder (Ubuntu)
golang-github-tonistiigi-fsutil (Ubuntu)

Bug Description

Attempts to build crowdsec fail like so:
# github.com/crowdsecurity/crowdsec/pkg/metabase
src/github.com/crowdsecurity/crowdsec/pkg/metabase/container.go:65:3: cannot use "github.com/docker/go-connections/nat".PortMap{...} (type "github.com/docker/go-connections/nat".PortMap) as type "github.com/docker/docker/vendor/github.com/docker/go-connections/nat".PortMap in field value

crowdsec depends on golang-github-docker-docker-dev and golang-github-docker-go-connections-dev.

golang-github-docker-docker-dev includes a vendored source directory, which includes things from golang-github-docker-go-connections-dev.

By modifying golang-github-docker-docker-dev to no longer include this vendored source directory, we can enable crowdsec to build after some modest adjustments to crowdesc's build-depends.

However, there are other packages with dependencies on golang-github-docker-docker-dev, and 6 of these do require build-dependency tweaks. A sample of this transition can be seen at:

Dan Bungert (dbungert)
tags: added: update-excuse
Revision history for this message
Dan Bungert (dbungert) wrote :

The 6 linked packages is only a subset of affected packages. My reverse-depends check didn't find podman, so I assume other packages may be missing from the list.

Revision history for this message
Dan Bungert (dbungert) wrote :

Proposal for addressing this:

The following packages contain vendored source:
* golang-github-containernetworking-plugins-dev
* golang-github-docker-docker-dev

This can cause problems if other packages end up including both the
package containing the vendored source, and the equivalent
non-vendored source.

To address this, I propose the following:
1) Make adjustments to packages that need build-dependency changes and
can be done in a way that is compatible with both the current and
proposed versions of {containernetworking-plugins,docker-docker}-dev:
* golang-github-containers-buildah
* golang-github-containers-common
* golang-github-containers-image
* golang-github-fsouza-go-dockerclient
* golang-github-openshift-imagebuilder
* golang-github-tonistiigi-fsutil
* prometheus
* skopeo
* golang-github-opencontainers-specs (just sync from Debian)

By starting with these over half the affected packages can be solved
now and not have to be uploaded in lockstep with the changes, since
the changes they need are compatible with packages in jammy or
jammy-proposed right now and are also compatible with the proposed
changes for later steps.

2) Do these in lockstep
* golang-github-containernetworking-plugins - devendor the dev package
* docker.io - devendor the dev package
* crowdsec - patch for build-depends
* runc - sync unchanged from Debian
* libpod - sync + patch for build-depends

Two other packages have build-depends on the packages that provide
vendored source, but are not affected by the changes
* golang-github-samalba-dockerclient
* golang-gthub-containers-dnsname

See ppa-patches.tgz for a dirty version of the debdiffs above.
If we wish to proceed I will cleanup the package versions and request

Revision history for this message
Dan Bungert (dbungert) wrote :
Revision history for this message
Benjamin Drung (bdrung) wrote :

golang-github-crowdsecurity-go-cs-bouncer also fails to build because it depends on crowdsec.

Changed in crowdsec (Ubuntu):
importance: Undecided → High
Changed in golang-github-crowdsecurity-go-cs-bouncer (Ubuntu):
importance: Undecided → High
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Since this is becoming a bigger problem every release, the Server team decided to split the docker.io library and application binary packages into different source packages. With that, we can keep providing (major) updates of the application across all supported releases without affecting reverse dependencies of the library.

The idea is to make src:docker.io provide the library, devendoring code from it and adding proper runtime dependencies (ideally, the library will become a sync with Debian when possible). This will fix this bug. And also create src:docker.io-app which will provide the application, this package will keep getting updates in all supported releases.

Changed in docker.io (Ubuntu):
status: New → Triaged
assignee: nobody → Lucas Kanashiro (lucaskanashiro)
tags: added: server-todo
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package docker.io - 20.10.24+dfsg1-1ubuntu2

docker.io (20.10.24+dfsg1-1ubuntu2) mantic; urgency=medium

  * d/p/test--skip-daemon-oci-linux-pbuilder-tests.patch: always skip engine
    test TestGetSourceMount which is failing in LP. The Debian maintainer
    already skipped this test when the package is built with pbuilder, now
    this condition has been removed and the test is always skipped.

docker.io (20.10.24+dfsg1-1ubuntu1) mantic; urgency=medium

  * Merge from Debian unstable (LP: #2022390, #1946376). Make src:docker.io
    follow Debian and src:docker.io-app is going to ship the application and
    documentation with vendorized dependencies so we can keep updating just the
    application across all supported releases.
  * Added changes:
    - d/control: remove binary paragraghs for docker.io and docker-doc.
    - d/docker-doc.docs: removed together with the docker-doc binary package.
    - d/docker.io.*: remove all packaging related files associated to the
      docker.io binary package.
    - d/p/engine-allow-exclude-unit-test.patch: add patch to allow excluding
      extra directories when running engine unit tests.
    - d/rules:
      + Do not run aufs related unit tests in the engine component.
      + Do not install apparmor profile for docker.io.
      + remove override_dh_gencontrol, since docker.io binary package was also
    - d/tests: remove since all tests are related to the docker application
      provided by docker.io binary package.
    - d/golang-github-docker-docker-dev.docs: install NOTICE files to comply
      with Apache license.

 -- Lucas Kanashiro <email address hidden> Tue, 06 Jun 2023 21:29:06 -0300

Changed in docker.io (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

With the new golang-github-docker-docker-dev, crowdsec built fine:


And I believe all other packages in the excuses page waiting for crowdsec will also build fine, they are:

- golang-github-crowdsecurity-go-cs-bouncer
- crowdsec-firewall-bouncer
- crowdsec-custom-bouncer

Changed in crowdsec (Ubuntu):
status: New → Fix Released
tags: removed: server-todo
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.