Ubuntu/devel

ChangeLog

@@ -1,3 +1,7 @@
+23.3.1
+ - apt: kill dirmngr/gpg-agent without gpgconf dependency (LP: #2034273)
+ - integration tests: Fix cgroup parsing (#4402)
+
 23.3
  - Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390)
  - Fix cc_keyboard in mantic (LP: #2030788)

cloudinit/config/cc_apt_configure.py

@@ -12,6 +12,7 @@
 import os
 import pathlib
 import re
+import signal
 from textwrap import dedent
 
 from cloudinit import gpg
@@ -244,11 +245,18 @@ def apply_apt(cfg, cloud, target):
         )
     # GH: 4344 - stop gpg-agent/dirmgr daemons spawned by gpg key imports.
     # Daemons spawned by cloud-config.service on systemd v253 report (running)
-    subp.subp(
-        ["gpgconf", "--kill", "all"],
+    gpg_process_out, _err = subp.subp(
+        ["ps", "-o", "ppid,pid", "-C", "dirmngr", "-C", "gpg-agent"],
         target=target,
         capture=True,
+        rcs=[0, 1],
     )
+    gpg_pids = re.findall(r"(?P<ppid>\d+)\s+(?P<pid>\d+)", gpg_process_out)
+    root_gpg_pids = [int(pid[1]) for pid in gpg_pids if pid[0] == "1"]
+    if root_gpg_pids:
+        LOG.debug("Killing gpg-agent and dirmngr pids: %s", root_gpg_pids)
+    for gpg_pid in root_gpg_pids:
+        os.kill(gpg_pid, signal.SIGKILL)
 
 
 def debconf_set_selections(selections, target=None):

cloudinit/version.py

@@ -4,7 +4,7 @@
 #
 # This file is part of cloud-init. See LICENSE file for license information.
 
-__VERSION__ = "23.3"
+__VERSION__ = "23.3.1"
 _PACKAGED_VERSION = "@@PACKAGED_VERSION@@"
 
 FEATURES = [

debian/changelog

@@ -1,3 +1,12 @@
+cloud-init (23.3.1-0ubuntu1) mantic; urgency=medium
+
+  * New upstream bug fix release based on 23.3.1.
+    List of changes from upstream can be found at
+    https://raw.githubusercontent.com/canonical/cloud-init/23.3.1/ChangeLog
+    - Bugs fixed in this snapshot: (LP: #2034273)
+
+ -- Chad Smith <[email protected]>  Tue, 05 Sep 2023 17:03:59 -0600
+
 cloud-init (23.3-0ubuntu1) mantic; urgency=medium
 
   * d/po/templates.pot: refresh with debconf-updatepo

tests/integration_tests/bugs/test_lp1813396.py

@@ -6,7 +6,10 @@
 import pytest
 
 from tests.integration_tests.instances import IntegrationInstance
-from tests.integration_tests.util import verify_ordered_items_in_text
+from tests.integration_tests.util import (
+    verify_clean_log,
+    verify_ordered_items_in_text,
+)
 
 USER_DATA = """\
 #cloud-config
@@ -29,5 +32,10 @@ def test_gpg_no_tty(client: IntegrationInstance):
         "Imported key 'E4D304DF' from keyserver 'keyserver.ubuntu.com'",
     ]
     verify_ordered_items_in_text(to_verify, log)
-    result = client.execute("systemctl status cloud-config.service")
-    assert "CGroup" not in result.stdout
+    verify_clean_log(log)
+    processes_in_cgroup = int(
+        client.execute(
+            "systemd-cgls -u cloud-config.service 2>/dev/null | wc -l"
+        ).stdout
+    )
+    assert processes_in_cgroup < 2

tests/unittests/config/test_apt_configure_sources_list_v1.py

@@ -121,20 +121,30 @@ def apt_source_list(self, distro, mirror, mirrorcheck=None):
 
     def test_apt_v1_source_list_debian(self):
         """Test rendering of a source.list from template for debian"""
-        with mock.patch.object(subp, "subp") as mocksubp:
+        with mock.patch.object(
+            subp, "subp", return_value=("PPID   PID", "")
+        ) as mocksubp:
             self.apt_source_list(
                 "debian", "http://httpredir.debian.org/debian"
             )
         mocksubp.assert_called_once_with(
-            ["gpgconf", "--kill", "all"], capture=True, target=None
+            ["ps", "-o", "ppid,pid", "-C", "dirmngr", "-C", "gpg-agent"],
+            capture=True,
+            target=None,
+            rcs=[0, 1],
         )
 
     def test_apt_v1_source_list_ubuntu(self):
         """Test rendering of a source.list from template for ubuntu"""
-        with mock.patch.object(subp, "subp") as mocksubp:
+        with mock.patch.object(
+            subp, "subp", return_value=("PPID   PID", "")
+        ) as mocksubp:
             self.apt_source_list("ubuntu", "http://archive.ubuntu.com/ubuntu/")
         mocksubp.assert_called_once_with(
-            ["gpgconf", "--kill", "all"], capture=True, target=None
+            ["ps", "-o", "ppid,pid", "-C", "dirmngr", "-C", "gpg-agent"],
+            capture=True,
+            target=None,
+            rcs=[0, 1],
         )
 
     @staticmethod
@@ -152,7 +162,9 @@ def test_apt_v1_srcl_debian_mirrorfail(self):
         with mock.patch.object(
             util, "is_resolvable", side_effect=self.myresolve
         ) as mockresolve:
-            with mock.patch.object(subp, "subp") as mocksubp:
+            with mock.patch.object(
+                subp, "subp", return_value=("PPID   PID", "")
+            ) as mocksubp:
                 self.apt_source_list(
                     "debian",
                     [
@@ -164,15 +176,20 @@ def test_apt_v1_srcl_debian_mirrorfail(self):
         mockresolve.assert_any_call("http://does.not.exist")
         mockresolve.assert_any_call("http://httpredir.debian.org/debian")
         mocksubp.assert_called_once_with(
-            ["gpgconf", "--kill", "all"], capture=True, target=None
+            ["ps", "-o", "ppid,pid", "-C", "dirmngr", "-C", "gpg-agent"],
+            capture=True,
+            target=None,
+            rcs=[0, 1],
         )
 
     def test_apt_v1_srcl_ubuntu_mirrorfail(self):
         """Test rendering of a source.list from template for ubuntu"""
         with mock.patch.object(
             util, "is_resolvable", side_effect=self.myresolve
         ) as mockresolve:
-            with mock.patch.object(subp, "subp") as mocksubp:
+            with mock.patch.object(
+                subp, "subp", return_value=("PPID   PID", "")
+            ) as mocksubp:
                 self.apt_source_list(
                     "ubuntu",
                     [
@@ -184,7 +201,10 @@ def test_apt_v1_srcl_ubuntu_mirrorfail(self):
         mockresolve.assert_any_call("http://does.not.exist")
         mockresolve.assert_any_call("http://archive.ubuntu.com/ubuntu/")
         mocksubp.assert_called_once_with(
-            ["gpgconf", "--kill", "all"], capture=True, target=None
+            ["ps", "-o", "ppid,pid", "-C", "dirmngr", "-C", "gpg-agent"],
+            capture=True,
+            target=None,
+            rcs=[0, 1],
         )
 
     def test_apt_v1_srcl_custom(self):
@@ -194,7 +214,9 @@ def test_apt_v1_srcl_custom(self):
 
         # the second mock restores the original subp
         with mock.patch.object(util, "write_file") as mockwrite:
-            with mock.patch.object(subp, "subp") as mocksubp:
+            with mock.patch.object(
+                subp, "subp", return_value=("PPID   PID", "")
+            ) as mocksubp:
                 with mock.patch.object(
                     Distro, "get_primary_arch", return_value="amd64"
                 ):
@@ -204,7 +226,10 @@ def test_apt_v1_srcl_custom(self):
             "/etc/apt/sources.list", EXPECTED_CONVERTED_CONTENT, mode=420
         )
         mocksubp.assert_called_once_with(
-            ["gpgconf", "--kill", "all"], capture=True, target=None
+            ["ps", "-o", "ppid,pid", "-C", "dirmngr", "-C", "gpg-agent"],
+            capture=True,
+            target=None,
+            rcs=[0, 1],
         )
 
 

tests/unittests/config/test_apt_configure_sources_list_v3.py

@@ -125,7 +125,9 @@ def _apt_source_list(self, distro, cfg, cfg_on_empty=False):
             mock_shouldcfg = stack.enter_context(
                 mock.patch(cfg_func, return_value=(cfg_on_empty, "test"))
             )
-            mock_subp = stack.enter_context(mock.patch.object(subp, "subp"))
+            mock_subp = stack.enter_context(
+                mock.patch.object(subp, "subp", return_value=("PPID  PID", ""))
+            )
             cc_apt_configure.handle("test", cfg, mycloud, None)
 
             return (
@@ -237,7 +239,9 @@ def test_apt_v3_srcl_custom(self):
         mycloud = get_cloud()
 
         with mock.patch.object(util, "write_file") as mockwrite:
-            with mock.patch.object(subp, "subp") as mocksubp:
+            with mock.patch.object(
+                subp, "subp", return_value=("PPID   PID", "")
+            ) as mocksubp:
                 with mock.patch.object(
                     Distro, "get_primary_arch", return_value="amd64"
                 ):
@@ -250,7 +254,10 @@ def test_apt_v3_srcl_custom(self):
         ]
         mockwrite.assert_has_calls(calls)
         mocksubp.assert_called_once_with(
-            ["gpgconf", "--kill", "all"], capture=True, target=None
+            ["ps", "-o", "ppid,pid", "-C", "dirmngr", "-C", "gpg-agent"],
+            capture=True,
+            target=None,
+            rcs=[0, 1],
         )
 
 

tests/unittests/config/test_apt_source_v1.py

@@ -9,6 +9,7 @@
 import pathlib
 import re
 import shutil
+import signal
 import tempfile
 from unittest import mock
 from unittest.mock import call
@@ -74,7 +75,9 @@ def setUp(self):
         get_arch = apatcher.start()
         get_arch.return_value = "amd64"
         self.addCleanup(apatcher.stop)
-        subp_patcher = mock.patch.object(subp, "subp")
+        subp_patcher = mock.patch.object(
+            subp, "subp", return_value=("PPID   PID", "")
+        )
         self.m_subp = subp_patcher.start()
         self.addCleanup(subp_patcher.stop)
 
@@ -566,12 +569,24 @@ def test_apt_src_keyidonly(self):
         """Test specification of a keyid without source"""
         cfg = {"keyid": "03683F77", "filename": self.aptlistfile}
         cfg = self.wrapv1conf([cfg])
-
+        SAMPLE_GPG_AGENT_DIRMNGR_PIDS = """\
+   PPID     PID
+      1    1057
+      1    1095
+   1511    2493
+   1511    2509
+"""
         with mock.patch.object(
-            subp, "subp", return_value=("fakekey 1212", "")
+            subp,
+            "subp",
+            side_effect=[
+                ("fakekey 1212", ""),
+                (SAMPLE_GPG_AGENT_DIRMNGR_PIDS, ""),
+            ],
         ):
             with mock.patch.object(cc_apt_configure, "apt_key") as mockobj:
-                cc_apt_configure.handle("test", cfg, self.cloud, None)
+                with mock.patch.object(cc_apt_configure.os, "kill") as m_kill:
+                    cc_apt_configure.handle("test", cfg, self.cloud, None)
 
         calls = (
             call(
@@ -582,6 +597,10 @@ def test_apt_src_keyidonly(self):
             ),
         )
         mockobj.assert_has_calls(calls, any_order=True)
+        self.assertEqual(
+            ([call(1057, signal.SIGKILL), call(1095, signal.SIGKILL)]),
+            m_kill.call_args_list,
+        )
 
         # filename should be ignored on key only
         self.assertFalse(os.path.isfile(self.aptlistfile))
@@ -658,7 +677,18 @@ def test_apt_src_ppa(self):
                     target=None,
                 ),
                 mock.call(
-                    ["gpgconf", "--kill", "all"], capture=True, target=None
+                    [
+                        "ps",
+                        "-o",
+                        "ppid,pid",
+                        "-C",
+                        "dirmngr",
+                        "-C",
+                        "gpg-agent",
+                    ],
+                    capture=True,
+                    target=None,
+                    rcs=[0, 1],
                 ),
             ],
         )
@@ -681,7 +711,9 @@ def test_apt_src_ppa_tri(self):
         }
         cfg = self.wrapv1conf([cfg1, cfg2, cfg3])
 
-        with mock.patch.object(subp, "subp") as mockobj:
+        with mock.patch.object(
+            subp, "subp", return_value=("PPID   PID", "")
+        ) as mockobj:
             cc_apt_configure.handle("test", cfg, self.cloud, None)
         calls = [
             call(