xtables-addons fails to build after ip_route_me_harder() signature change

Both proposed attached debdiff's have been tested on Groovy and Focal with different kernel versions and built successfully for all supported architectures.

Please do not promote the proposed changes to xtables-addons (3.8-2ubuntu0.3) for Focal. These changes break the build of west-chambers-dkms and the ip{6}_route_me_harder() compatibility needs to be done in a different way.

The changes proposed by the previous version attached for focal (3.8-2ubuntu0.3) turned out not compatible with how west-chamber-dkms uses the same headers to build itself. Working around the issues on west-chamber would make its build process even farther from the standards.

Therefore I'm proposing that instead of patching west-chamber of xtables-addons even more we backport the proposed fix from groovy back to focal. The changes from focal to groovy are mostly related to ABI compatibility anyway and this would be the cleaner way to fix the build issues in focal.

Hello Kleber, or anyone else affected,

Accepted xtables-addons into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xtables-addons/3.9-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

xtables-addons 3.9-1ubuntu0.1 FTBS and a new version (3.9-1ubuntu0.2) has already been uploaded and it's waiting on the queue for review.

Hello Kleber, or anyone else affected,

Accepted xtables-addons into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xtables-addons/3.9-1ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

The Groovy fix looks fine.

Backporting the Groovy package to Focal also looks fine to me on principle. Even though it is a major upstream version update, the actual functional upstream change is just to enable building against Linux 5.6, and that's what we're fixing here anyway. I also note that the Linux 5.6 fix was already backported to Focal anyway, so there's actually no functional change at all in the backport...

...except for change-download-to-dbip.patch, which was added by Debian in the package in Groovy, and Focal doesn't appear to have it. Backporting from Groovy to Focal would introduce this functional change.

I think this needs further analysis. Does this change fix something that's already completely broken? Or are there use cases that users may be depending on that will break as a result of this change?

Confirmed that xtables-addons-dkms=3.9-1ubuntu0.2 from groovy-proposed can be built and modules loaded with both an older 5.8 and the latest kernel in -proposed:

$ dkms status
xtables-addons, 3.9, 5.8.0-41-generic, x86_64: installed
xtables-addons, 3.9, 5.8.0-45-generic, x86_64: installed

The autopkgtests are also successful with the latest 5.8.0-45-generic kernel

amd64: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy/groovy/amd64/x/xtables-addons/20210302_154128_b4358@/log.gz
arm64: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy/groovy/arm64/x/xtables-addons/20210302_154349_b10ad@/log.gz
armhf: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy/groovy/armhf/x/xtables-addons/20210302_153858_b4358@/log.gz
ppc64el: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy/groovy/ppc64el/x/xtables-addons/20210302_153536_c6864@/log.gz
s390x: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-groovy/groovy/s390x/x/xtables-addons/20210302_153348_b4358@/log.gz

Thanks.

Hi Robie,

Thank you for you review.

Regarding the additional change for Focal (change-download-to-dbip.patch), the script it patches (geoip/xt_geoip_dl) is completely broken in 3.8-1 and 3.8-2.

The URL it uses to download the geoip from maxmind doesn't work anymore, and the build script which uses the database ('geoip/xt_geoip_build') has been changed in v3.8 to use DBIP. So even if it worked the downloaded database files would be useless.

So it seems safe to make this change in Focal as well as users can't use the download script currently.

This bug was fixed in the package xtables-addons - 3.9-1ubuntu0.2

---------------
xtables-addons (3.9-1ubuntu0.2) groovy; urgency=medium

  * Adjust for changed signature of ip_route_me_harder (LP: #1915177)
    - 0001-ip_route_me_harder-compat.patch

 -- Kleber Sacilotto de Souza <email address hidden> Tue, 09 Feb 2021 18:51:57 +0100

The verification of the Stable Release Update for xtables-addons has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Running focal 5.8.0-44-generic latest versions of xtables-addons-dkms and xtables-addonns-common from repositories still appear to be 3.8-2ubuntu0.2
From the above it would appear the fixed version should be 3.9-1ubuntu0.2

Will the new version appear sometime soon?
I upgraded one PC to Groovy, which allowed me to install xtables-addons-dkms succesfully, unfortunately other stuff no less important (to me, anyway) no longer runs, and there is very little chance of an upgrade before the next LTS in a year's time. Sorry to burden you with my problems.
THANKS FOR YOUR EFFORTS.

Hello Kleber, or anyone else affected,

Accepted xtables-addons into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xtables-addons/3.9-1ubuntu0.2~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

running Ubuntu 20.04.2, kernel 5.8.0-44-generic
selected Synaptic --> Setting --> Repositories --> DeveloperOptions --> Prereleased(focal proposed)
installed xtables-addon-dkms v. 3.9-1ubuntu0.2-20.04.1
which compiled and installed succesfully

Tested bu running:
"iptables -A INPUT -p tcp -m geoip --source-country CN -j TARPIT --tarpit"
(which succeed, with no errors - and had previously failed.)

Thanks to all who contributed!!

Thanks MikeR for your tests!

I can also confirm that xtables-addons 3.9-1ubuntu0.2~20.04.1 can be installed and compiled with both 5.4 and 5.8 kernels in Focal:

$ dkms status
xtables-addons, 3.9, 5.4.0-66-generic, x86_64: installed
xtables-addons, 3.9, 5.8.0-45-generic, x86_64: installed

The autopkgtest with the latest kernels in -proposed were also successful:

* focal/linux amd64: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-focal/focal/amd64/x/xtables-addons/20210311_100438_52f1a@/log.gz
* focal/linux-hwe-5.8 amd64: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-focal/focal/amd64/x/xtables-addons/20210311_100607_a6229@/log.gz

Thank you!

One more data point
$ dkms status
xtables-addons, 3.9, 5.8.0-44-generic, x86_64: installed
xtables-addons, 3.9, 5.8.0-45-generic, x86_64: installed

minor data point: geoip appears to be working

This bug was fixed in the package xtables-addons - 3.9-1ubuntu0.2~20.04.1

---------------
xtables-addons (3.9-1ubuntu0.2~20.04.1) focal; urgency=medium

  * Adjust for changed signature of ip_route_me_harder (LP: #1915177)
    - 0001-ip_route_me_harder-compat.patch

 -- Kleber Sacilotto de Souza <email address hidden> Tue, 16 Feb 2021 10:51:01 +0100

Thanks!!