Sign me up Login

Details about package foomuuri

Name: foomuuri (PTS)
Uploader: Kim B. Heino <b@bbbs.net> (Debian QA page)
Description: foomuuri - multizone bidirectional nftables firewall
foomuuri-firewalld - multizone bidirectional nftables firewall - firewalld emulation

Package uploads

Upload #4

Information

Version: 0.28-1
Uploaded: 2025-04-28 07:56
Source package: foomuuri_0.28-1.dsc
Distribution: unstable
Section: net
Priority: optional
Homepage: https://github.com/FoobarOy/foomuuri
Vcs-Git: https://salsa.debian.org/debian/foomuuri.git
Vcs-Browser: https://salsa.debian.org/debian/foomuuri
Closes bugs: #1095472

Changelog

 foomuuri (0.28-1) unstable; urgency=medium
 .
   * New upstream release.
   * New maintainer (Closes: #1095472)
   * Cherry-pick commit b5cb326 from upstream to fix reprotest.
   * Add missing build-dependency "nftables", needed for reprotest.
   * Install systemd units to /usr/lib, not /lib.
   * Bump Standards-Version to 4.7.2.

QA information

Comments

No comments

Upload #3

Information

Version: 0.28-1
Uploaded: 2025-04-27 20:26
Source package: foomuuri_0.28-1.dsc
Distribution: unstable
Section: net
Priority: optional
Homepage: https://github.com/FoobarOy/foomuuri
Vcs-Git: https://salsa.debian.org/debian/foomuuri.git
Vcs-Browser: https://salsa.debian.org/debian/foomuuri
Closes bugs: #1095472

Changelog

 foomuuri (0.28-1) unstable; urgency=medium
 .
   * New upstream release.
   * New maintainer (Closes: #1095472)
   * Cherry-pick commit afecf41 from upstream to fix reprotest.
   * Add missing build-dependency "nftables", needed for tests.
   * Bump Standards-Version to 4.7.2.

QA information

Comments

  1. That old game of fix one thing and here's another.

diff -u 60-special-chains/golden.txt 60-special-chains/next.fw
[ ! -f 60-special-chains/Makefile ] || make -C 60-special-chains
check success
diff -u 20-router/golden.txt 20-router/next.fw
[ ! -f 20-router/Makefile ] || make -C 20-router
check success
diff -u 70-dscp/golden.txt 70-dscp/next.fw
[ ! -f 70-dscp/Makefile ] || make -C 70-dscp
make[2]: Leaving directory '/tmp/reprotest.hGyqbu/const_build_path/const_build_path/test'
make[1]: *** [Makefile:14: test] Error 2
make[1]: Leaving directory '/tmp/reprotest.hGyqbu/const_build_path/const_build_path'
dh_auto_build: error: make -j10 "INSTALL=install --strip-program=true" returned exit code 2
make: *** [debian/rules:4: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 862, in run
    return 0 if check_func(*check_args) else 1
                ~~~~~~~~~~^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 410, in check_auto
    dist_x0 = proc.send(("control", var_x0))
  File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 339, in corun_builds
    bctx.run_build(testbed, build, os.environ, artifact_pattern, testbed_build_pre, no_clean_on_error)
    ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 218, in run_build
    testbed.check_exec2(build_argv,
    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^
        xenv=['-i'] + ['%s=%s' % (k, v) for k, v in build.env.items()],
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        kind='build')
        ^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 63, in check_exec2
    self.bomb('"%s" failed with status %i' % (' '.join(argv), code),
    ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
              adtlog.AutopkgtestError)
              ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/reprotest/__init__.py", line 70, in bomb
    raise _type(m)
reprotest.lib.adtlog.AutopkgtestError: "su -p -s /bin/sh root -c set -e; export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; run_build() {
    mkdir -p /tmp/reprotest.hGyqbu/build-control-aux && \
    mv /tmp/reprotest.hGyqbu/build-control/ /tmp/reprotest.hGyqbu/const_build_path && \
    SETARCH_ARCH=$(uname -m) && \
    SETARCH_OPTS="$SETARCH_OPTS -R" && \
    CPU_MAX=$(nproc) && \
    CPU_MIN=$({ echo $CPU_MAX; echo 1; } | sort -n | head -n1) && \
    CPU_NUM=$CPU_MIN && \
    export CPU_LIST="$(echo $(shuf -i0-$((CPU_MAX - 1)) -n$CPU_NUM) | tr ' ' ,)" && \
    umask 0022 && \
    export REPROTEST_BUILD_PATH=/tmp/reprotest.hGyqbu/const_build_path/ && \
    export REPROTEST_UMASK=$(umask) && \
    taskset -a -c $CPU_LIST \
    setarch $SETARCH_ARCH $SETARCH_OPTS \
    sh -ec 'cd "$REPROTEST_BUILD_PATH"; unset REPROTEST_BUILD_PATH; umask "$REPROTEST_UMASK"; unset REPROTEST_UMASK; dpkg-source -x "foomuuri_0.28-1.dsc" "$(basename "$PWD")" && cd "$(basename "$PWD")" && dpkg-buildpackage --no-sign -b'
}

cleanup() {
    __c=0; \
    mv /tmp/reprotest.hGyqbu/const_build_path /tmp/reprotest.hGyqbu/build-control/ || __c=$?; \
    rm -rf /tmp/reprotest.hGyqbu/build-control-aux || __c=$?; \
    exit $__c
}

trap '( cleanup )' HUP INT QUIT ABRT TERM PIPE # FIXME doesn't quite work reliably yet

if ( run_build ); then ( cleanup ); else
    __x=$?; # save the exit code of run_build
    if ( ! false ); then
        if ( cleanup ); then :; else echo >&2 "cleanup failed with exit code $?"; fi;
    fi
    exit $__x
fi" failed with status 2
    Phil Wyett at April 27, 2025, 9 p.m. 
  2. Sorry... My bad copy and paste.

../src/foomuuri --set=etc_dir=60-special-chains --set=share_dir=../etc --set=state_dir=60-special-chains --set=run_dir=60-special-chains check
check success
diff -u 10-host/golden.txt 10-host/next.fw
[ ! -f 10-host/Makefile ] || make -C 10-host
../src/foomuuri --set=etc_dir=70-dscp --set=share_dir=../etc --set=state_dir=70-dscp --set=run_dir=70-dscp check
check success
60-cgroup/next.fw:136:27-38: Error: cgroupv2 path fails: No such file or directory
		socket cgroupv2 level 1 "user.slice" accept
		                        ^^^^^^^^^^^^
60-cgroup/next.fw:156:27-38: Error: cgroupv2 path fails: No such file or directory
		socket cgroupv2 level 1 "user.slice" accept
		                        ^^^^^^^^^^^^
60-cgroup/next.fw:179:27-40: Error: cgroupv2 path fails: No such file or directory
		socket cgroupv2 level 1 "system.slice" accept
		                        ^^^^^^^^^^^^^^
60-cgroup/next.fw:194:27-40: Error: cgroupv2 path fails: No such file or directory
		socket cgroupv2 level 1 "system.slice" accept
		                        ^^^^^^^^^^^^^^
Error: Nftables failed to check ruleset, error code 1
make[2]: *** [Makefile:16: 60-cgroup] Error 1
    Phil Wyett at April 27, 2025, 9:05 p.m. 
  3. Apparently there are no cgroupv2 slices available on reprotest. I'll fix this in upstream first. I'll do that tomorrow and upload new build then.
    Kim B. Heino at April 27, 2025, 9:13 p.m. 
  4. That is all good. Sorry I did not have time to dig into the package deeper, but today though Sunday was a work day.

You have a DD picking up the package so other feedback should be forthcoming.
    Phil Wyett at April 27, 2025, 9:24 p.m. 
  5. Thanks for all the help and testing. You're done a lot already. I updated testsuite once more to fix repro testing and uploaded a build.
    Kim B. Heino at April 28, 2025, 8:27 a.m.

Upload #2

Information

Version: 0.28-1
Uploaded: 2025-04-27 17:26
Source package: foomuuri_0.28-1.dsc
Distribution: unstable
Section: net
Priority: optional
Homepage: https://github.com/FoobarOy/foomuuri
Vcs-Git: https://salsa.debian.org/debian/foomuuri.git
Vcs-Browser: https://salsa.debian.org/debian/foomuuri
Closes bugs: #1095472

Changelog

 foomuuri (0.28-1) unstable; urgency=medium
 .
   * New upstream release.
   * New maintainer (Closes: #1095472)
   * Add missing build-dependency "nftables", needed for tests.
   * Bump Standards-Version to 4.7.2.

QA information

Comments

  1. Run reprotest again and get the below.

../src/foomuuri --set=etc_dir=60-special-chains --set=share_dir=../etc --set=state_dir=60-special-chains --set=run_dir=60-special-chains check
60-cgroup/next.fw:136:27-38: Error: cgroupv2 path fails: No such file or directory
		socket cgroupv2 level 1 "user.slice" accept
		                        ^^^^^^^^^^^^
60-cgroup/next.fw:156:27-38: Error: cgroupv2 path fails: No such file or directory
		socket cgroupv2 level 1 "user.slice" accept
		                        ^^^^^^^^^^^^
60-cgroup/next.fw:179:27-53: Error: cgroupv2 path fails: No such file or directory
		socket cgroupv2 level 2 "system.slice/sshd.service" accept
		                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
60-cgroup/next.fw:194:27-53: Error: cgroupv2 path fails: No such file or directory
		socket cgroupv2 level 2 "system.slice/sshd.service" accept
		                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Nftables failed to check ruleset, error code 1
make[2]: *** [Makefile:16: 60-cgroup] Error 1
    Phil Wyett at April 27, 2025, 6:01 p.m. 
  2. That's something I fixed 4 days ago. I cherry-picked a patch and uploaded new version.
    Kim B. Heino at April 27, 2025, 8:33 p.m.

Upload #1

Information

Version: 0.28-1
Uploaded: 2025-04-27 12:41
Source package: foomuuri_0.28-1.dsc
Distribution: unstable
Section: net
Priority: optional
Homepage: https://github.com/FoobarOy/foomuuri
Vcs-Git: https://salsa.debian.org/debian/foomuuri.git
Vcs-Browser: https://salsa.debian.org/debian/foomuuri
Closes bugs: #1095472

Changelog

 foomuuri (0.28-1) unstable; urgency=medium
 .
   * New upstream release.
   * New maintainer (Closes: #1095472)

QA information

Comments

  1. Hi Kim,

All looks good in basic testing.

Reprotesting is failng with below.

Traceback (most recent call last):
Traceback (most recent call last):
  File "/tmp/reprotest.zBOACF/const_build_path/const_build_path/test/../src/foomuuri", line 137, in run_program_rc
    proc = subprocess.run(args, check=False, stdout=subprocess.PIPE,
                          stderr=subprocess.STDOUT, encoding='utf-8',
                          env=env, timeout=60)
  File "/usr/lib/python3.13/subprocess.py", line 554, in run
    with Popen(*popenargs, **kwargs) as process:
         ~~~~~^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/subprocess.py", line 1039, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                        pass_fds, cwd, env,
                        ^^^^^^^^^^^^^^^^^^^
    ...<5 lines>...
                        gid, gids, uid, umask,
                        ^^^^^^^^^^^^^^^^^^^^^^
                        start_new_session, process_group)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/subprocess.py", line 1969, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'nft'

Regards

Phil
    Phil Wyett at April 27, 2025, 4:17 p.m. 
  2. Reproducible builds in not a blocker for upload. Should have probably led with that. :-)
    Phil Wyett at April 27, 2025, 4:25 p.m. 
  3. If you have no sponsor and need one, please file an RFS[1] bug.

[1] https://mentors.debian.net/sponsors/rfs-howto/
    Phil Wyett at April 27, 2025, 4:48 p.m. 
  4. Hi Phil,

Above runtime error is because "nft" binary ("nftables" package) is not installed on reprotesting / marked as Build-Depends. Do you prefer me creating a new package with fix, or can I do that for next version? 

I seem to have same bug in Fedora spec file. nftables is always installed there so I haven't noticed it.
    Kim B. Heino at April 27, 2025, 4:57 p.m. 
  5. Hi Kim,

As you are adopting the package, I would fix the issue and upload. It shows good intent to the DD who may sponsor the package.

You will likely already know, but as a new upstream version it should stay as '-1', you cna use 'dput -f' to force the upload.

Regards

Phil
    Phil Wyett at April 27, 2025, 5:03 p.m. 
  6. Kim,

I would also update to the latest 'Standards-Version' i.e. 4.7.2.

Ref: https://www.debian.org/doc/debian-policy/

Regards

Phil
    Phil Wyett at April 27, 2025, 5:08 p.m. 
  7. Thanks. Build-dep and standards updated, re-uploaded, RFS-bug created and commits pushed to https://salsa.debian.org/kimheino/foomuuri (as I don't have write access to https://salsa.debian.org/debian/foomuuri).

I'm the author of Foomuuri. I'm also long time (20 yeors?) Fedora maintainer but this is my first package to Debian.
    Kim B. Heino at April 27, 2025, 5:29 p.m. 
  8. Hi Kim,

I will review and add to the RFS later today, unless someone else beats me too it.

It is good to have upstream devs in the Debian community, welcome. I hope you find us friendly and easy to work with.

Write access to the packages Salsa repo may not be immediate. It may come in time as DD's see you display good work via updates etc. You know the drill. :-)

A couple of links you may like to read.

https://www.debian.org/devel/

https://www.debian.org/doc/devel-manuals
    Phil Wyett at April 27, 2025, 5:45 p.m.