On Mon, Nov 1, 2021 at 6:13 AM Xu, Yanfei <[email protected]> wrote:
> update to 4.0.11 > > 1.drop two patches that have been integrated to upstream repo. > 2.drop tests-add-no-validate-when-using-download-template.patch > because it is no longer appropriate as the "download" has been > replaced with "busybox" > 3.fix the apply failure of templates-use-curl-instead-of-wget.patch > 4.update lxc from 4.0.10 to 4.0.11 > > Thanks for the patch! (and the explanation above). I've merged this to master and honister. Bruce > Signed-off-by: Yanfei Xu <[email protected]> > --- > ...omp_profile_when_compiled_libseccomp.patch | 46 ---------- > .../lxc/files/fix_c_command.patch | 36 -------- > .../templates-use-curl-instead-of-wget.patch | 23 ++--- > ...alidate-when-using-download-template.patch | 85 ------------------- > recipes-containers/lxc/lxc_git.bb | 7 +- > 5 files changed, 15 insertions(+), 182 deletions(-) > delete mode 100644 > recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch > delete mode 100644 recipes-containers/lxc/files/fix_c_command.patch > delete mode 100644 > recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch > > diff --git > a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch > b/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch > deleted file mode 100644 > index f0a58139..00000000 > --- > a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch > +++ /dev/null > @@ -1,46 +0,0 @@ > -From 3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e Mon Sep 17 00:00:00 2001 > -From: Maximilian Blenk <[email protected]> > -Date: Mon, 23 Aug 2021 22:04:40 +0200 > -Subject: [PATCH] config: enable seccomp profile only when compiled with > - libseccomp > - > -Make lxc fail if seccomp.profile is specified but lxc is compiled > -without seccomp support. Currently, seccomp.profile is silently ignored > -if is specified in such a scenario. This could lead to the false > -impression that the seccomp filter is applied while it actually isn't. > - > -Signed-off-by: Maximilian Blenk <[email protected]> > ---- > - src/lxc/confile.c | 8 ++++++++ > - 1 file changed, 8 insertions(+) > - > -Upstream-Status: Submitted [ > https://github.com/lxc/lxc/pull/3947/commits/3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e > ] > - > -diff --git a/src/lxc/confile.c b/src/lxc/confile.c > -index d8b96c6921..1cc8da15f1 100644 > ---- a/src/lxc/confile.c > -+++ b/src/lxc/confile.c > -@@ -1211,7 +1211,11 @@ static int set_config_seccomp_notify_proxy(const > char *key, const char *value, > - static int set_config_seccomp_profile(const char *key, const char *value, > - struct lxc_conf *lxc_conf, void > *data) > - { > -+#ifdef HAVE_SECCOMP > - return set_config_path_item(&lxc_conf->seccomp.seccomp, value); > -+#else > -+ return ret_set_errno(-1, ENOSYS); > -+#endif > - } > - > - static int set_config_execute_cmd(const char *key, const char *value, > -@@ -4383,7 +4387,11 @@ static int get_config_seccomp_notify_proxy(const > char *key, char *retv, int inle > - static int get_config_seccomp_profile(const char *key, char *retv, int > inlen, > - struct lxc_conf *c, void *data) > - { > -+#ifdef HAVE_SECCOMP > - return lxc_get_conf_str(retv, inlen, c->seccomp.seccomp); > -+#else > -+ return ret_errno(ENOSYS); > -+#endif > - } > - > - static int get_config_autodev(const char *key, char *retv, int inlen, > diff --git a/recipes-containers/lxc/files/fix_c_command.patch > b/recipes-containers/lxc/files/fix_c_command.patch > deleted file mode 100644 > index 1ed8dafd..00000000 > --- a/recipes-containers/lxc/files/fix_c_command.patch > +++ /dev/null > @@ -1,36 +0,0 @@ > -From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001 > -From: Maximilian Blenk <[email protected]> > -Date: Mon, 23 Aug 2021 15:39:28 +0200 > -Subject: [PATCH] attach: Fix -c command > - > -Currently, the -c command (to set the selinux context) seems to be > -broken because the passed context is ignored and always overwritten by > -the context specified in the config file. The intention behind the -c > -imho was to be able to manually overwrite this behavior. This patch > -ensures that the selinux context will be set if passed via the command > -line. > - > -Signed-off-by: Maximilian Blenk <[email protected]> > ---- > - src/lxc/tools/lxc_attach.c | 5 ++++- > - 1 file changed, 4 insertions(+), 1 deletion(-) > - > -Upstream-Status: Backport [ > https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch > ] > -Comment: No change in any hunk > - > -diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c > -index 0374d980b4..e6b388b20c 100644 > ---- a/src/lxc/tools/lxc_attach.c > -+++ b/src/lxc/tools/lxc_attach.c > -@@ -379,7 +379,10 @@ int main(int argc, char *argv[]) > - attach_options.gid = my_args.gid; > - > - // selinux_context will be NULL if not set > -- attach_options.lsm_label = selinux_context; > -+ if (selinux_context) { > -+ attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL; > -+ attach_options.lsm_label = selinux_context; > -+ } > - > - if (command.program) { > - ret = c->attach_run_wait(c, &attach_options, > command.program, > diff --git > a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch > b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch > index 156df82f..4556293a 100644 > --- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch > +++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch > @@ -1,4 +1,4 @@ > -From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001 > +From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001 > From: Joakim Roubert <[email protected]> > Date: Fri, 16 Aug 2019 07:52:48 +0200 > Subject: [PATCH] Use curl instead of wget > @@ -7,16 +7,16 @@ When curl's MIT license is preferable to wget's GPLv3. > > Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8 > Signed-off-by: Joakim Roubert <[email protected]> > - > +Signed-off-by: Yanfei Xu <[email protected]> > --- > templates/lxc-download.in | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/templates/lxc-download.in b/templates/lxc-download.in > -index d7e6128..8a4b567 100644 > +index e8570692a..f7291b0cc 100755 > --- a/templates/lxc-download.in > +++ b/templates/lxc-download.in > -@@ -74,9 +74,9 @@ cleanup() { > +@@ -75,9 +75,9 @@ cleanup() { > fi > } > > @@ -28,18 +28,18 @@ index d7e6128..8a4b567 100644 > return 0 > fi > done > -@@ -85,8 +85,8 @@ wget_wrapper() { > +@@ -86,8 +86,8 @@ wget_wrapper() { > } > > download_file() { > -- if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1"; -O "$2" > >/dev/null 2>&1; then > -- if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1"; -O "$2" > >/dev/null 2>&1; then > -+ if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1"; -o "$2" > >/dev/null 2>&1; then > -+ if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1"; -o "$2" > >/dev/null 2>&1; then > +- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ > compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1"; > -O "$2" >/dev/null 2>&1; then > +- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ > compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "http://${DOWNLOAD_SERVER}/$1"; > -O "$2" >/dev/null 2>&1; then > ++ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ > compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1"; > -o "$2" >/dev/null 2>&1; then > ++ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ > compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1"; > -o "$2" >/dev/null 2>&1; then > if [ "$3" = "noexit" ]; then > return 1 > else > -@@ -271,7 +271,7 @@ while :; do > +@@ -277,7 +277,7 @@ while :; do > done > > # Check for required binaries > @@ -48,3 +48,6 @@ index d7e6128..8a4b567 100644 > if ! command -V "${bin}" >/dev/null 2>&1; then > echo "ERROR: Missing required tool: ${bin}" 1>&2 > exit 1 > +-- > +2.27.0 > + > diff --git > a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch > b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch > deleted file mode 100644 > index f335e796..00000000 > --- > a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch > +++ /dev/null > @@ -1,85 +0,0 @@ > -From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001 > -From: Mark Asselstine <[email protected]> > -Date: Thu, 31 May 2018 15:14:26 -0400 > -Subject: [PATCH] tests: add '--no-validate' when using download template > - > -We are usually running the ptests with core-image-minimal which has no > -mechanism to validate the downloads. Validation isn't really of > -interest to this test at any rate so simply add '--no-validate' to > -avoid failing due to no GPG validation. > - > -Signed-off-by: Mark Asselstine <[email protected]> > - > ---- > - src/tests/lxc-test-apparmor-mount | 2 +- > - src/tests/lxc-test-autostart | 2 +- > - src/tests/lxc-test-no-new-privs | 2 +- > - src/tests/lxc-test-unpriv | 2 +- > - src/tests/lxc-test-usernic.in | 2 +- > - 5 files changed, 5 insertions(+), 5 deletions(-) > - > -Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount > -=================================================================== > ---- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount > -+++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount > -@@ -170,7 +170,7 @@ > - done > - fi > - > --run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a > $ARCH > -+run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r > $release -a $ARCH > - > - echo "test default confined container" > - run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile" > -Index: lxc-4.0.9/src/tests/lxc-test-autostart > -=================================================================== > ---- lxc-4.0.9.orig/src/tests/lxc-test-autostart > -+++ lxc-4.0.9/src/tests/lxc-test-autostart > -@@ -55,7 +55,7 @@ > - done > - fi > - > --lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r > $release -a $ARCH > -+lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d > ubuntu -r $release -a $ARCH > - CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c > lxc.rootfs.path -H) | sed -e 's/dir://') > - cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak > - > -Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs > -=================================================================== > ---- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs > -+++ lxc-4.0.9/src/tests/lxc-test-no-new-privs > -@@ -49,7 +49,7 @@ > - ARCH=$(dpkg --print-architecture) > - fi > - > --lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH > -+lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a > $ARCH > - echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config > - > - lxc-start -n c1 > -Index: lxc-4.0.9/src/tests/lxc-test-unpriv > -=================================================================== > ---- lxc-4.0.9.orig/src/tests/lxc-test-unpriv > -+++ lxc-4.0.9/src/tests/lxc-test-unpriv > -@@ -178,7 +178,7 @@ > - cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \ > - chown -R $TUSER: $HDIR/.cache/lxc > - > --run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d > ubuntu -r $release -a $ARCH > -+run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- > --no-validate -d ubuntu -r $release -a $ARCH > - > - # Make sure we can start it - twice > - > -Index: lxc-4.0.9/src/tests/lxc-test-usernic.in > -=================================================================== > ---- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in > -+++ lxc-4.0.9/src/tests/lxc-test-usernic.in > -@@ -147,7 +147,7 @@ > - fi > - > - # Create three containers > --run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH" > -+run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r > $release -a $ARCH" > - run_cmd "lxc-start -n b1 -d" > - p1=$(run_cmd "lxc-info -n b1 -p -H") > - > diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/ > lxc_git.bb > index f5b5128b..ba1cef5a 100644 > --- a/recipes-containers/lxc/lxc_git.bb > +++ b/recipes-containers/lxc/lxc_git.bb > @@ -46,15 +46,12 @@ SRC_URI = "git:// > github.com/lxc/lxc.git;branch=stable-4.0 \ > file://template-make-busybox-template-compatible-with-core-.patch \ > file://templates-use-curl-instead-of-wget.patch \ > file://tests-our-init-is-not-busybox.patch \ > - file://tests-add-no-validate-when-using-download-template.patch \ > file://dnsmasq.conf \ > file://lxc-net \ > - file://enable_seccomp_profile_when_compiled_libseccomp.patch \ > - file://fix_c_command.patch \ > " > > -SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874" > -PV = "4.0.10+git${SRCPV}" > +SRCREV = "48e079bf318982ae7d5684feeb7358870fa71c10" > +PV = "4.0.11+git${SRCPV}" > > S = "${WORKDIR}/git" > > -- > 2.27.0 > > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6874): https://lists.yoctoproject.org/g/meta-virtualization/message/6874 Mute This Topic: https://lists.yoctoproject.org/mt/86735924/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
