error parsing AppArmor version

The attachment "apparmor_version.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

This is a major regression and completely breaks containers, thus bumping prioritity.

Upstream fix: https://github.com/containers/common/pull/1689

The patch above was copied from https://github.com/containers/common/pull/1689 and needs to be applied against the golang-github-containers-common_0.50.1+ds1-4 package in both lunar and mantic.

noble-proposed has a newer version with the fix, still pending migration to noble at this time

I've uploaded the patch above to mantic after building it in a mantic VM and starting an ubuntu container as root. This convinced me the package actually works.

https://launchpad.net/ubuntu/mantic/+upload/32203235/+files/golang-github-containers-common_0.50.1+ds1-4ubuntu1.dsc

https://launchpad.net/ubuntu/mantic/+upload/32203236/+files/libpod_4.3.1+ds1-8ubuntu1.dsc

Note that this consists of two uploads:

a) the actual code-change in containers/common
b) rebuilding podman to pick up this code change

they need to be accepted and built in this oder.

Hah! Should have checked the queue before uploading mine :). Thanks!

Hm. I'm pretty sure this needs fixing in noble, too; the patch was merged upstream since the most recent containers-common release.

Siretart, how do you plan to handle this in Debian?

Hello Claudio, or anyone else affected,

Accepted golang-github-containers-common into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/golang-github-containers-common/0.50.1+ds1-4ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I'm not sure if I got the update right, but I still get

```
podman pull docker.io/library/caddy:latest
podman run --restart always -d --name caddy caddy
=>
Error: install profile containers-default-0.50.1: generate default profile into pipe: get AppArmor version: convert AppArmor patch version: strconv.Atoi: parsing "0~alpha2": invalid syntax
```

Is the version still wrong? I have this in /etc/apt/sources.list.d/ubuntu-mantic-proposed.list:

```
deb http://ports.ubuntu.com/ubuntu-ports mantic-proposed main universe restricted
```

This in /etc/apt/preferences.d/proposed-updates:

```
Package: *
Pin: release a=mantic-proposed
Pin-Priority: 400
```

Installed with

```
apt install golang-github-containers-common/mantic-proposed
```

And apt says it's now on mantic-proposed

```
# apt info golang-github-containers-common
Package: golang-github-containers-common
Version: 0.50.1+ds1-4ubuntu1
Priority: optional
Section: universe/devel
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: Debian Go Packaging Team <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 90.1 kB
Depends: container-network-stack, golang-github-containers-image
Recommends: netavark
Breaks: buildah (<< 1.19.2+dfsg1-2~~)
Homepage: https://github.com/containers/common
Download-Size: 35.3 kB
APT-Manual-Installed: yes
APT-Sources: http://ports.ubuntu.com/ubuntu-ports mantic-proposed/universe arm64 Packages
Description: Common files for github.com/containers repositories
 This package contains common configuration files for use by
 other container projects.
```

@raof -- the update of https://launchpad.net/ubuntu/+source/golang-github-containers-common/0.50.1+ds1-4ubuntu1 alone is not expected to fix anything.

It is still an important update because it is the code fix that needs to be picked up in podman. Unfortuantely, the upload was rejected because I misplaced a ':' in the debian/changelog. I've re-uploaded a fixed package and it is currently waiting approval.

Please test https://launchpad.net/ubuntu/+source/libpod/4.3.1+ds1-8ubuntu1 which is expected to actually fix this issue.

you can check the queue status at https://launchpad.net/ubuntu/mantic/+queue?queue_state=1

Hello Claudio, or anyone else affected,

Accepted libpod into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libpod/4.3.1+ds1-8ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Yeah, I accepted the containers-common upload because (a) that was ready to go and (b) it needed to be built before the podman upload would build.

@siretart - as far as I can tell this patch is not available in any containers/common release, so this bug will apply to noble, as well.

It seems like it'd apply to unstable (although I don't know if unstable has a version of apparmor that'll trigger the bug); do you plan to patch Debian (which will sync into noble), or shall I upload a containers-common/libpod pair to noble to fix that as well?

Guys, everything works again. Thank you. :)

I've installed these versions

* podman/mantic-proposed,4.3.1+ds1-8ubuntu1
* podman-docker/mantic-proposed,4.3.1+ds1-8ubuntu1
* golang-github-containers-common/mantic-proposed,0.50.1+ds1-4ubuntu1

Testing was performed with 5 different failing containers (e.g. caddy, samba, etc.). All of them were down before the fix and couldn't be started. Now I could re-create them and they're all healthy and working.

Chris, you are correct, I was under the wrong assumption that noble would have moved on from an apparmor pre-release.

I've just uploaded the patch to sid as golang-github-containers-common_0.56.0+ds1-4_source.changes -- Please sync of from there when it becomes available, I've put the launchpad bug closure in the debian/changelog for your convenience.

Thank you. podman is again working as expected after installing the updates from mantic-proposed.

Any prediction about when the patched versions will be released from proposed into mantic?

It's only just met the 7-day aging requirement, and the riscv64 build failed (which I'm retrying).

It should be releasable to mantic-updates soon.

This bug was fixed in the package golang-github-containers-common - 0.56.0+ds1-4

---------------
golang-github-containers-common (0.56.0+ds1-4) unstable; urgency=medium

  * backport patch to fix apparmor parsing LP: #2040082

 -- Reinhard Tartler <email address hidden> Wed, 15 Nov 2023 07:00:25 -0500

I have installed the following proposed versions on a raspberry pi 400 arm64 running mantic, and can confirm that I am now able to run podman containers as root without issue.

golang-github-containers-common/mantic-proposed,now 0.50.1+ds1-4ubuntu1 all [installed]
podman-docker/mantic-proposed,now 4.3.1+ds1-8ubuntu1 arm64 [installed]
podman/mantic-proposed,now 4.3.1+ds1-8ubuntu1 arm64 [installed]

This bug was fixed in the package libpod - 4.3.1+ds1-8ubuntu1

---------------
libpod (4.3.1+ds1-8ubuntu1) mantic; urgency=medium

  * Rebuild against newer containers/common to fix apparmor parsing,
    Fixes LP: #2040082

 -- Reinhard Tartler <email address hidden> Tue, 14 Nov 2023 11:42:52 +0000

This bug was fixed in the package golang-github-containers-common - 0.50.1+ds1-4ubuntu1

---------------
golang-github-containers-common (0.50.1+ds1-4ubuntu1) mantic; urgency=medium

  * apparmor: fix parsing beta/alpha version, LP: #2040082

 -- Reinhard Tartler <email address hidden> Sun, 12 Nov 2023 00:44:57 +0000

The verification of the Stable Release Update for libpod has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

I confirm that this is still broken on noble as of today, but installing the rebuild from -proposed does fix it: https://launchpad.net/ubuntu/+source/libpod/4.7.2+ds1-2build1/+build/27032773

It only seems stuck in long autopkgtest queues, so marking as "fix committed".

This bug was fixed in the package libpod - 4.7.2+ds1-2build1

---------------
libpod (4.7.2+ds1-2build1) noble; urgency=medium

  * Rebuild to pick up fixed golang-github-containers-common (LP: #2040082)
  * debian/control: Bump dependency on golang-github-containers-common to
    ensure we get the patched version.

 -- Christopher James Halse Rogers <email address hidden> Thu, 30 Nov 2023 14:07:19 +1100