* [meta-virtualization][PATCH] lxc: update to 4.0.11
@ 2021-11-01 10:13 Xu, Yanfei
2021-11-03 14:04 ` Bruce Ashfield
0 siblings, 1 reply; 3+ messages in thread
From: Xu, Yanfei @ 2021-11-01 10:13 UTC (permalink / raw)
To: meta-virtualization
update to 4.0.11
1.drop two patches that have been integrated to upstream repo.
2.drop tests-add-no-validate-when-using-download-template.patch
because it is no longer appropriate as the "download" has been
replaced with "busybox"
3.fix the apply failure of templates-use-curl-instead-of-wget.patch
4.update lxc from 4.0.10 to 4.0.11
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
---
...omp_profile_when_compiled_libseccomp.patch | 46 ----------
.../lxc/files/fix_c_command.patch | 36 --------
.../templates-use-curl-instead-of-wget.patch | 23 ++---
...alidate-when-using-download-template.patch | 85 -------------------
recipes-containers/lxc/lxc_git.bb | 7 +-
5 files changed, 15 insertions(+), 182 deletions(-)
delete mode 100644 recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
delete mode 100644 recipes-containers/lxc/files/fix_c_command.patch
delete mode 100644 recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
diff --git a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch b/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
deleted file mode 100644
index f0a58139..00000000
--- a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e Mon Sep 17 00:00:00 2001
-From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
-Date: Mon, 23 Aug 2021 22:04:40 +0200
-Subject: [PATCH] config: enable seccomp profile only when compiled with
- libseccomp
-
-Make lxc fail if seccomp.profile is specified but lxc is compiled
-without seccomp support. Currently, seccomp.profile is silently ignored
-if is specified in such a scenario. This could lead to the false
-impression that the seccomp filter is applied while it actually isn't.
-
-Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
----
- src/lxc/confile.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-Upstream-Status: Submitted [https://github.com/lxc/lxc/pull/3947/commits/3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e]
-
-diff --git a/src/lxc/confile.c b/src/lxc/confile.c
-index d8b96c6921..1cc8da15f1 100644
---- a/src/lxc/confile.c
-+++ b/src/lxc/confile.c
-@@ -1211,7 +1211,11 @@ static int set_config_seccomp_notify_proxy(const char *key, const char *value,
- static int set_config_seccomp_profile(const char *key, const char *value,
- struct lxc_conf *lxc_conf, void *data)
- {
-+#ifdef HAVE_SECCOMP
- return set_config_path_item(&lxc_conf->seccomp.seccomp, value);
-+#else
-+ return ret_set_errno(-1, ENOSYS);
-+#endif
- }
-
- static int set_config_execute_cmd(const char *key, const char *value,
-@@ -4383,7 +4387,11 @@ static int get_config_seccomp_notify_proxy(const char *key, char *retv, int inle
- static int get_config_seccomp_profile(const char *key, char *retv, int inlen,
- struct lxc_conf *c, void *data)
- {
-+#ifdef HAVE_SECCOMP
- return lxc_get_conf_str(retv, inlen, c->seccomp.seccomp);
-+#else
-+ return ret_errno(ENOSYS);
-+#endif
- }
-
- static int get_config_autodev(const char *key, char *retv, int inlen,
diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch
deleted file mode 100644
index 1ed8dafd..00000000
--- a/recipes-containers/lxc/files/fix_c_command.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
-From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
-Date: Mon, 23 Aug 2021 15:39:28 +0200
-Subject: [PATCH] attach: Fix -c command
-
-Currently, the -c command (to set the selinux context) seems to be
-broken because the passed context is ignored and always overwritten by
-the context specified in the config file. The intention behind the -c
-imho was to be able to manually overwrite this behavior. This patch
-ensures that the selinux context will be set if passed via the command
-line.
-
-Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
----
- src/lxc/tools/lxc_attach.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
-Comment: No change in any hunk
-
-diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
-index 0374d980b4..e6b388b20c 100644
---- a/src/lxc/tools/lxc_attach.c
-+++ b/src/lxc/tools/lxc_attach.c
-@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
- attach_options.gid = my_args.gid;
-
- // selinux_context will be NULL if not set
-- attach_options.lsm_label = selinux_context;
-+ if (selinux_context) {
-+ attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
-+ attach_options.lsm_label = selinux_context;
-+ }
-
- if (command.program) {
- ret = c->attach_run_wait(c, &attach_options, command.program,
diff --git a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
index 156df82f..4556293a 100644
--- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
+++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
@@ -1,4 +1,4 @@
-From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001
+From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001
From: Joakim Roubert <joakimr@axis.com>
Date: Fri, 16 Aug 2019 07:52:48 +0200
Subject: [PATCH] Use curl instead of wget
@@ -7,16 +7,16 @@ When curl's MIT license is preferable to wget's GPLv3.
Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8
Signed-off-by: Joakim Roubert <joakimr@axis.com>
-
+Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
---
templates/lxc-download.in | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/templates/lxc-download.in b/templates/lxc-download.in
-index d7e6128..8a4b567 100644
+index e8570692a..f7291b0cc 100755
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
-@@ -74,9 +74,9 @@ cleanup() {
+@@ -75,9 +75,9 @@ cleanup() {
fi
}
@@ -28,18 +28,18 @@ index d7e6128..8a4b567 100644
return 0
fi
done
-@@ -85,8 +85,8 @@ wget_wrapper() {
+@@ -86,8 +86,8 @@ wget_wrapper() {
}
download_file() {
-- if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-- if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-+ if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
-+ if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
+- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
+- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
++ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
++ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
if [ "$3" = "noexit" ]; then
return 1
else
-@@ -271,7 +271,7 @@ while :; do
+@@ -277,7 +277,7 @@ while :; do
done
# Check for required binaries
@@ -48,3 +48,6 @@ index d7e6128..8a4b567 100644
if ! command -V "${bin}" >/dev/null 2>&1; then
echo "ERROR: Missing required tool: ${bin}" 1>&2
exit 1
+--
+2.27.0
+
diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
deleted file mode 100644
index f335e796..00000000
--- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
-From: Mark Asselstine <mark.asselstine@windriver.com>
-Date: Thu, 31 May 2018 15:14:26 -0400
-Subject: [PATCH] tests: add '--no-validate' when using download template
-
-We are usually running the ptests with core-image-minimal which has no
-mechanism to validate the downloads. Validation isn't really of
-interest to this test at any rate so simply add '--no-validate' to
-avoid failing due to no GPG validation.
-
-Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
-
----
- src/tests/lxc-test-apparmor-mount | 2 +-
- src/tests/lxc-test-autostart | 2 +-
- src/tests/lxc-test-no-new-privs | 2 +-
- src/tests/lxc-test-unpriv | 2 +-
- src/tests/lxc-test-usernic.in | 2 +-
- 5 files changed, 5 insertions(+), 5 deletions(-)
-
-Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount
-+++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount
-@@ -170,7 +170,7 @@
- done
- fi
-
--run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a $ARCH
-+run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r $release -a $ARCH
-
- echo "test default confined container"
- run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
-Index: lxc-4.0.9/src/tests/lxc-test-autostart
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-autostart
-+++ lxc-4.0.9/src/tests/lxc-test-autostart
-@@ -55,7 +55,7 @@
- done
- fi
-
--lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r $release -a $ARCH
-+lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d ubuntu -r $release -a $ARCH
- CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://')
- cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak
-
-Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs
-+++ lxc-4.0.9/src/tests/lxc-test-no-new-privs
-@@ -49,7 +49,7 @@
- ARCH=$(dpkg --print-architecture)
- fi
-
--lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
-+lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a $ARCH
- echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
-
- lxc-start -n c1
-Index: lxc-4.0.9/src/tests/lxc-test-unpriv
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-unpriv
-+++ lxc-4.0.9/src/tests/lxc-test-unpriv
-@@ -178,7 +178,7 @@
- cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
- chown -R $TUSER: $HDIR/.cache/lxc
-
--run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d ubuntu -r $release -a $ARCH
-+run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- --no-validate -d ubuntu -r $release -a $ARCH
-
- # Make sure we can start it - twice
-
-Index: lxc-4.0.9/src/tests/lxc-test-usernic.in
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in
-+++ lxc-4.0.9/src/tests/lxc-test-usernic.in
-@@ -147,7 +147,7 @@
- fi
-
- # Create three containers
--run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
-+run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r $release -a $ARCH"
- run_cmd "lxc-start -n b1 -d"
- p1=$(run_cmd "lxc-info -n b1 -p -H")
-
diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/lxc_git.bb
index f5b5128b..ba1cef5a 100644
--- a/recipes-containers/lxc/lxc_git.bb
+++ b/recipes-containers/lxc/lxc_git.bb
@@ -46,15 +46,12 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \
file://template-make-busybox-template-compatible-with-core-.patch \
file://templates-use-curl-instead-of-wget.patch \
file://tests-our-init-is-not-busybox.patch \
- file://tests-add-no-validate-when-using-download-template.patch \
file://dnsmasq.conf \
file://lxc-net \
- file://enable_seccomp_profile_when_compiled_libseccomp.patch \
- file://fix_c_command.patch \
"
-SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"
-PV = "4.0.10+git${SRCPV}"
+SRCREV = "48e079bf318982ae7d5684feeb7358870fa71c10"
+PV = "4.0.11+git${SRCPV}"
S = "${WORKDIR}/git"
--
2.27.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [meta-virtualization][PATCH] lxc: update to 4.0.11
2021-11-01 10:13 [meta-virtualization][PATCH] lxc: update to 4.0.11 Xu, Yanfei
@ 2021-11-03 14:04 ` Bruce Ashfield
0 siblings, 0 replies; 3+ messages in thread
From: Bruce Ashfield @ 2021-11-03 14:04 UTC (permalink / raw)
To: Xu, Yanfei; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 13990 bytes --]
On Mon, Nov 1, 2021 at 6:13 AM Xu, Yanfei <yanfei.xu@windriver.com> wrote:
> update to 4.0.11
>
> 1.drop two patches that have been integrated to upstream repo.
> 2.drop tests-add-no-validate-when-using-download-template.patch
> because it is no longer appropriate as the "download" has been
> replaced with "busybox"
> 3.fix the apply failure of templates-use-curl-instead-of-wget.patch
> 4.update lxc from 4.0.10 to 4.0.11
>
>
Thanks for the patch! (and the explanation above).
I've merged this to master and honister.
Bruce
> Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
> ---
> ...omp_profile_when_compiled_libseccomp.patch | 46 ----------
> .../lxc/files/fix_c_command.patch | 36 --------
> .../templates-use-curl-instead-of-wget.patch | 23 ++---
> ...alidate-when-using-download-template.patch | 85 -------------------
> recipes-containers/lxc/lxc_git.bb | 7 +-
> 5 files changed, 15 insertions(+), 182 deletions(-)
> delete mode 100644
> recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
> delete mode 100644 recipes-containers/lxc/files/fix_c_command.patch
> delete mode 100644
> recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
>
> diff --git
> a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
> b/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
> deleted file mode 100644
> index f0a58139..00000000
> ---
> a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
> +++ /dev/null
> @@ -1,46 +0,0 @@
> -From 3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e Mon Sep 17 00:00:00 2001
> -From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> -Date: Mon, 23 Aug 2021 22:04:40 +0200
> -Subject: [PATCH] config: enable seccomp profile only when compiled with
> - libseccomp
> -
> -Make lxc fail if seccomp.profile is specified but lxc is compiled
> -without seccomp support. Currently, seccomp.profile is silently ignored
> -if is specified in such a scenario. This could lead to the false
> -impression that the seccomp filter is applied while it actually isn't.
> -
> -Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> ----
> - src/lxc/confile.c | 8 ++++++++
> - 1 file changed, 8 insertions(+)
> -
> -Upstream-Status: Submitted [
> https://github.com/lxc/lxc/pull/3947/commits/3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e
> ]
> -
> -diff --git a/src/lxc/confile.c b/src/lxc/confile.c
> -index d8b96c6921..1cc8da15f1 100644
> ---- a/src/lxc/confile.c
> -+++ b/src/lxc/confile.c
> -@@ -1211,7 +1211,11 @@ static int set_config_seccomp_notify_proxy(const
> char *key, const char *value,
> - static int set_config_seccomp_profile(const char *key, const char *value,
> - struct lxc_conf *lxc_conf, void
> *data)
> - {
> -+#ifdef HAVE_SECCOMP
> - return set_config_path_item(&lxc_conf->seccomp.seccomp, value);
> -+#else
> -+ return ret_set_errno(-1, ENOSYS);
> -+#endif
> - }
> -
> - static int set_config_execute_cmd(const char *key, const char *value,
> -@@ -4383,7 +4387,11 @@ static int get_config_seccomp_notify_proxy(const
> char *key, char *retv, int inle
> - static int get_config_seccomp_profile(const char *key, char *retv, int
> inlen,
> - struct lxc_conf *c, void *data)
> - {
> -+#ifdef HAVE_SECCOMP
> - return lxc_get_conf_str(retv, inlen, c->seccomp.seccomp);
> -+#else
> -+ return ret_errno(ENOSYS);
> -+#endif
> - }
> -
> - static int get_config_autodev(const char *key, char *retv, int inlen,
> diff --git a/recipes-containers/lxc/files/fix_c_command.patch
> b/recipes-containers/lxc/files/fix_c_command.patch
> deleted file mode 100644
> index 1ed8dafd..00000000
> --- a/recipes-containers/lxc/files/fix_c_command.patch
> +++ /dev/null
> @@ -1,36 +0,0 @@
> -From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
> -From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> -Date: Mon, 23 Aug 2021 15:39:28 +0200
> -Subject: [PATCH] attach: Fix -c command
> -
> -Currently, the -c command (to set the selinux context) seems to be
> -broken because the passed context is ignored and always overwritten by
> -the context specified in the config file. The intention behind the -c
> -imho was to be able to manually overwrite this behavior. This patch
> -ensures that the selinux context will be set if passed via the command
> -line.
> -
> -Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> ----
> - src/lxc/tools/lxc_attach.c | 5 ++++-
> - 1 file changed, 4 insertions(+), 1 deletion(-)
> -
> -Upstream-Status: Backport [
> https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch
> ]
> -Comment: No change in any hunk
> -
> -diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
> -index 0374d980b4..e6b388b20c 100644
> ---- a/src/lxc/tools/lxc_attach.c
> -+++ b/src/lxc/tools/lxc_attach.c
> -@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
> - attach_options.gid = my_args.gid;
> -
> - // selinux_context will be NULL if not set
> -- attach_options.lsm_label = selinux_context;
> -+ if (selinux_context) {
> -+ attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
> -+ attach_options.lsm_label = selinux_context;
> -+ }
> -
> - if (command.program) {
> - ret = c->attach_run_wait(c, &attach_options,
> command.program,
> diff --git
> a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
> b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
> index 156df82f..4556293a 100644
> --- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
> +++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
> @@ -1,4 +1,4 @@
> -From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001
> +From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001
> From: Joakim Roubert <joakimr@axis.com>
> Date: Fri, 16 Aug 2019 07:52:48 +0200
> Subject: [PATCH] Use curl instead of wget
> @@ -7,16 +7,16 @@ When curl's MIT license is preferable to wget's GPLv3.
>
> Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8
> Signed-off-by: Joakim Roubert <joakimr@axis.com>
> -
> +Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
> ---
> templates/lxc-download.in | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/templates/lxc-download.in b/templates/lxc-download.in
> -index d7e6128..8a4b567 100644
> +index e8570692a..f7291b0cc 100755
> --- a/templates/lxc-download.in
> +++ b/templates/lxc-download.in
> -@@ -74,9 +74,9 @@ cleanup() {
> +@@ -75,9 +75,9 @@ cleanup() {
> fi
> }
>
> @@ -28,18 +28,18 @@ index d7e6128..8a4b567 100644
> return 0
> fi
> done
> -@@ -85,8 +85,8 @@ wget_wrapper() {
> +@@ -86,8 +86,8 @@ wget_wrapper() {
> }
>
> download_file() {
> -- if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2"
> >/dev/null 2>&1; then
> -- if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2"
> >/dev/null 2>&1; then
> -+ if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2"
> >/dev/null 2>&1; then
> -+ if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2"
> >/dev/null 2>&1; then
> +- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@
> compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1"
> -O "$2" >/dev/null 2>&1; then
> +- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@
> compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "http://${DOWNLOAD_SERVER}/$1"
> -O "$2" >/dev/null 2>&1; then
> ++ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@
> compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1"
> -o "$2" >/dev/null 2>&1; then
> ++ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@
> compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1"
> -o "$2" >/dev/null 2>&1; then
> if [ "$3" = "noexit" ]; then
> return 1
> else
> -@@ -271,7 +271,7 @@ while :; do
> +@@ -277,7 +277,7 @@ while :; do
> done
>
> # Check for required binaries
> @@ -48,3 +48,6 @@ index d7e6128..8a4b567 100644
> if ! command -V "${bin}" >/dev/null 2>&1; then
> echo "ERROR: Missing required tool: ${bin}" 1>&2
> exit 1
> +--
> +2.27.0
> +
> diff --git
> a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> deleted file mode 100644
> index f335e796..00000000
> ---
> a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> +++ /dev/null
> @@ -1,85 +0,0 @@
> -From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
> -From: Mark Asselstine <mark.asselstine@windriver.com>
> -Date: Thu, 31 May 2018 15:14:26 -0400
> -Subject: [PATCH] tests: add '--no-validate' when using download template
> -
> -We are usually running the ptests with core-image-minimal which has no
> -mechanism to validate the downloads. Validation isn't really of
> -interest to this test at any rate so simply add '--no-validate' to
> -avoid failing due to no GPG validation.
> -
> -Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
> -
> ----
> - src/tests/lxc-test-apparmor-mount | 2 +-
> - src/tests/lxc-test-autostart | 2 +-
> - src/tests/lxc-test-no-new-privs | 2 +-
> - src/tests/lxc-test-unpriv | 2 +-
> - src/tests/lxc-test-usernic.in | 2 +-
> - 5 files changed, 5 insertions(+), 5 deletions(-)
> -
> -Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount
> -+++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount
> -@@ -170,7 +170,7 @@
> - done
> - fi
> -
> --run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a
> $ARCH
> -+run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r
> $release -a $ARCH
> -
> - echo "test default confined container"
> - run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
> -Index: lxc-4.0.9/src/tests/lxc-test-autostart
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-autostart
> -+++ lxc-4.0.9/src/tests/lxc-test-autostart
> -@@ -55,7 +55,7 @@
> - done
> - fi
> -
> --lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r
> $release -a $ARCH
> -+lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d
> ubuntu -r $release -a $ARCH
> - CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c
> lxc.rootfs.path -H) | sed -e 's/dir://')
> - cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak
> -
> -Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs
> -+++ lxc-4.0.9/src/tests/lxc-test-no-new-privs
> -@@ -49,7 +49,7 @@
> - ARCH=$(dpkg --print-architecture)
> - fi
> -
> --lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
> -+lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a
> $ARCH
> - echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
> -
> - lxc-start -n c1
> -Index: lxc-4.0.9/src/tests/lxc-test-unpriv
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-unpriv
> -+++ lxc-4.0.9/src/tests/lxc-test-unpriv
> -@@ -178,7 +178,7 @@
> - cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
> - chown -R $TUSER: $HDIR/.cache/lxc
> -
> --run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d
> ubuntu -r $release -a $ARCH
> -+run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" --
> --no-validate -d ubuntu -r $release -a $ARCH
> -
> - # Make sure we can start it - twice
> -
> -Index: lxc-4.0.9/src/tests/lxc-test-usernic.in
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in
> -+++ lxc-4.0.9/src/tests/lxc-test-usernic.in
> -@@ -147,7 +147,7 @@
> - fi
> -
> - # Create three containers
> --run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
> -+run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r
> $release -a $ARCH"
> - run_cmd "lxc-start -n b1 -d"
> - p1=$(run_cmd "lxc-info -n b1 -p -H")
> -
> diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/
> lxc_git.bb
> index f5b5128b..ba1cef5a 100644
> --- a/recipes-containers/lxc/lxc_git.bb
> +++ b/recipes-containers/lxc/lxc_git.bb
> @@ -46,15 +46,12 @@ SRC_URI = "git://
> github.com/lxc/lxc.git;branch=stable-4.0 \
> file://template-make-busybox-template-compatible-with-core-.patch \
> file://templates-use-curl-instead-of-wget.patch \
> file://tests-our-init-is-not-busybox.patch \
> - file://tests-add-no-validate-when-using-download-template.patch \
> file://dnsmasq.conf \
> file://lxc-net \
> - file://enable_seccomp_profile_when_compiled_libseccomp.patch \
> - file://fix_c_command.patch \
> "
>
> -SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"
> -PV = "4.0.10+git${SRCPV}"
> +SRCREV = "48e079bf318982ae7d5684feeb7358870fa71c10"
> +PV = "4.0.11+git${SRCPV}"
>
> S = "${WORKDIR}/git"
>
> --
> 2.27.0
>
>
>
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II
[-- Attachment #2: Type: text/html, Size: 18213 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [meta-virtualization][PATCH] lxc: update to 4.0.11
[not found] <16B36487B2CCE6B7.13000@lists.yoctoproject.org>
@ 2021-11-02 2:34 ` Xu, Yanfei
0 siblings, 0 replies; 3+ messages in thread
From: Xu, Yanfei @ 2021-11-02 2:34 UTC (permalink / raw)
To: meta-virtualization
On 11/1/21 6:13 PM, Xu, Yanfei wrote:
> diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> deleted file mode 100644
> index f335e796..00000000
> --- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> +++ /dev/null
> @@ -1,85 +0,0 @@
> -From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
> -From: Mark Asselstine<mark.asselstine@windriver.com>
> -Date: Thu, 31 May 2018 15:14:26 -0400
> -Subject: [PATCH] tests: add '--no-validate' when using download template
> -
> -We are usually running the ptests with core-image-minimal which has no
> -mechanism to validate the downloads. Validation isn't really of
> -interest to this test at any rate so simply add '--no-validate' to
> -avoid failing due to no GPG validation.
> -
> -Signed-off-by: Mark Asselstine<mark.asselstine@windriver.com>
> -
The reason about dropping this patch refer to the commit of lxc:
commit 82b850ddaa21e0f4d713e764bd57d3d9235fd319
Author: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon Aug 16 17:40:45 2021 +0200
tests: use busybox in lxc-test-no-new-privs
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
diff --git a/src/tests/lxc-test-no-new-privs
b/src/tests/lxc-test-no-new-privs
index cfcb43bd6..64988a011 100755
--- a/src/tests/lxc-test-no-new-privs
+++ b/src/tests/lxc-test-no-new-privs
@@ -44,63 +44,26 @@ lxc.net.0.link = lxcbr0
EOF
fi
-ARCH=i386
-if type dpkg >/dev/null 2>&1; then
- ARCH=$(dpkg --print-architecture)
-fi
-
-lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
+lxc-create -t busybox -n c1
echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
......
Thanks,
Yanfei
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-03 14:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-01 10:13 [meta-virtualization][PATCH] lxc: update to 4.0.11 Xu, Yanfei
2021-11-03 14:04 ` Bruce Ashfield
[not found] <16B36487B2CCE6B7.13000@lists.yoctoproject.org>
2021-11-02 2:34 ` Xu, Yanfei
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).