[Pkg-utopia-maintainers] Bug#1117505: firewalld: autopkgtest needs update for new version of nftables

Mon Oct 6 21:14:26 BST 2025

On 2025-10-06, at 21:54:09 +0200, Paul Gevers wrote:
> Source: firewalld
> Version: 2.3.1-2
> Severity: serious
> X-Debbugs-CC: nftables at packages.debian.org
> Tags: sid forky
> User: debian-ci at lists.debian.org
> Usertags: needs-update
> Control: affects -1 src:nftables
> 
> Dear maintainer(s),
> 
> With a recent upload of nftables the autopkgtest of firewalld fails in 
> testing when that autopkgtest is run with the binary packages of 
> nftables from unstable. It passes when run with only packages from 
> testing. In tabular form:
> 
>                        pass            fail
> nftables               from testing    1.1.5-2
> firewalld              from testing    2.3.1-2
> all others             from testing    from testing
> 
> I copied some of the output at the bottom of this report.
> 
> Currently this regression is blocking the migration of nftables to 
> testing [1]. Of course, nftables shouldn't just break your autopkgtest 
> (or even worse, your package), but it seems to me that the change in 
> nftables was intended and your package needs to update to the new 
> situation.
> 
> If this is a real problem in your package (and not only in your 
> autopkgtest), the right binary package(s) from nftables should really 
> add a versioned Breaks on the unfixed version of (one of your) 
> package(s). Note: the Breaks is nice even if the issue is only in the 
> autopkgtest as it helps the migration software to figure out the right 
> versions to combine in the tests.
> 
> More information about this bug and the reason for filing it can be found on
> https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
> 
> Paul
> 
> [1] https://qa.debian.org/excuses.php?package=nftables
> 
> https://ci.debian.net/data/autopkgtest/testing/amd64/f/firewalld/64961657/log.gz
> 
> 2837s +++ /tmp/testsuite.dir/at-groups/211/stdout	2025-10-05 
> 17:27:01.608000000 +0000
> 2837s @@ -1,6 +1,6 @@
> 2837s  table inet firewalld {
> 2837s  chain filter_FORWARD {
> 2837s -meta nfproto ipv6 fib saddr . mark oif missing drop
> 2837s +meta nfproto ipv6 fib saddr . mark check missing drop
> 2837s  ct state established,related accept
> 2837s  ct status dnat accept
> 2837s  iifname "lo" accept
> 2837s 211. rpfilter.at:89: 211. rpfilter - loose-forward 
> (rpfilter.at:89): FAILED (rpfilter.at:101)
> 2837s 2837s 2837s autopkgtest [17:53:31]: test standard-tests

This is fixed upstream:

   https://github.com/firewalld/firewalld/commit/cc1c78b7343dc5f198f76c31c3e6f4934ab0b183

I'm running autopkgtest in qemu locally to make sure this is the only
regression.  It's very slow. :-/

J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20251006/1214e268/attachment-0001.sig>