When the server raises an exception in a HTTP request handler context,
more often than not, the exception is sent back to the client in the
body.
Additionally, the message of the exception (if any), is also copied as
is in a x-error-msg HTTP header.
That said, HTTP headers must obey strict rules. The "\r\n" sequence
indicate the end of the current HTTP header. When using aiohttp, the
library rejects any header that has a "\r" or "\n" in its value:
ValueError: Newline or carriage return character detected in HTTP status message or header. This is a potential security issue.
As an example, any curtin.util.ProcessExecutionError exception will
contain "\n" characters when converted into a string.
We now encode the error message as JSON before copying it in the HTTP
header.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
Remove swap space size allocation suggestion. It often won't be used on
smaller installs anyhow.
Drop /boot size to the min instead of max.
Add esp size min into the mix.
(which more than cancels out the /boot change to min)
Reduce padding to max(2G, 50% source min)
When doing an offline install, ubuntu-drivers would sometimes list a
package that is available in the archive but not present in the pool.
This is not something we would expect since we run apt-get update (with
only the pool configured when offline) in the install tree.
However, it turned out that we create the overlay with the lower layers
specified in the wrong order - which essentially makes APT indexes
visible in the source tree also visible in the OEM/third-party driver
overlay.
When calling setup_overlay(lowers=[a, b, c]), Subiquity invokes mount
with lowerdir=c🅱️a (in the reverse order).
This means that c is top, b is middle and a is bottom.
For the OEM and third-party drivers, we build overlays that are based
on:
* the source tree
* the configured tree
* the install tree
Unfortunately, we were doing the opposite. Fixed by reversing the order of
the lower layers.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
Controllers have started, but we have decided that no refresh check
is needed, so no check_task was started (or assigned).
GET /refresh is called, resulting in:
DEBUG subiquity.server.server:446 request to /refresh?wait=true crashed
Traceback (most recent call last):
File "subiquity/server/controllers/refresh.py", line 233, in GET
await self.check_task.wait()
AttributeError: 'NoneType' object has no attribute 'wait'
Detecting the bootloader is an obvious choice for real installs, but
is a source of glitches in CI. Default to UEFI, and if tests want
something else they should pass a specific --bootloader.