[meta-virtualization][PATCH] lxc: update to 4.0.11

[meta-virtualization][PATCH] lxc: update to 4.0.11

[Xu, Yanfei]

update to 4.0.11

1.drop two patches that have been integrated to upstream repo.
2.drop tests-add-no-validate-when-using-download-template.patch
  because it is no longer appropriate as the "download" has been
  replaced with "busybox"
3.fix the apply failure of templates-use-curl-instead-of-wget.patch
4.update lxc from 4.0.10 to 4.0.11

Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
---
 ...omp_profile_when_compiled_libseccomp.patch | 46 ----------
 .../lxc/files/fix_c_command.patch             | 36 --------
 .../templates-use-curl-instead-of-wget.patch  | 23 ++---
 ...alidate-when-using-download-template.patch | 85 -------------------
 recipes-containers/lxc/lxc_git.bb             |  7 +-
 5 files changed, 15 insertions(+), 182 deletions(-)
 delete mode 100644 recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
 delete mode 100644 recipes-containers/lxc/files/fix_c_command.patch
 delete mode 100644 recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch

diff --git a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch b/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
deleted file mode 100644
index f0a58139..00000000
--- a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e Mon Sep 17 00:00:00 2001
-From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
-Date: Mon, 23 Aug 2021 22:04:40 +0200
-Subject: [PATCH] config: enable seccomp profile only when compiled with
- libseccomp
-
-Make lxc fail if seccomp.profile is specified but lxc is compiled
-without seccomp support. Currently, seccomp.profile is silently ignored
-if is specified in such a scenario. This could lead to the false
-impression that the seccomp filter is applied while it actually isn't.
-
-Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
----
- src/lxc/confile.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-Upstream-Status: Submitted [https://github.com/lxc/lxc/pull/3947/commits/3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e]
-
-diff --git a/src/lxc/confile.c b/src/lxc/confile.c
-index d8b96c6921..1cc8da15f1 100644
---- a/src/lxc/confile.c
-+++ b/src/lxc/confile.c
-@@ -1211,7 +1211,11 @@ static int set_config_seccomp_notify_proxy(const char *key, const char *value,
- static int set_config_seccomp_profile(const char *key, const char *value,
- 				      struct lxc_conf *lxc_conf, void *data)
- {
-+#ifdef HAVE_SECCOMP
- 	return set_config_path_item(&lxc_conf->seccomp.seccomp, value);
-+#else
-+	return ret_set_errno(-1, ENOSYS);
-+#endif
- }
- 
- static int set_config_execute_cmd(const char *key, const char *value,
-@@ -4383,7 +4387,11 @@ static int get_config_seccomp_notify_proxy(const char *key, char *retv, int inle
- static int get_config_seccomp_profile(const char *key, char *retv, int inlen,
- 				      struct lxc_conf *c, void *data)
- {
-+#ifdef HAVE_SECCOMP
- 	return lxc_get_conf_str(retv, inlen, c->seccomp.seccomp);
-+#else
-+	return ret_errno(ENOSYS);
-+#endif
- }
- 
- static int get_config_autodev(const char *key, char *retv, int inlen,
diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch
deleted file mode 100644
index 1ed8dafd..00000000
--- a/recipes-containers/lxc/files/fix_c_command.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
-From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
-Date: Mon, 23 Aug 2021 15:39:28 +0200
-Subject: [PATCH] attach: Fix -c command
-
-Currently, the -c command (to set the selinux context) seems to be
-broken because the passed context is ignored and always overwritten by
-the context specified in the config file. The intention behind the -c
-imho was to be able to manually overwrite this behavior. This patch
-ensures that the selinux context will be set if passed via the command
-line.
-
-Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
----
- src/lxc/tools/lxc_attach.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
-Comment: No change in any hunk
-
-diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
-index 0374d980b4..e6b388b20c 100644
---- a/src/lxc/tools/lxc_attach.c
-+++ b/src/lxc/tools/lxc_attach.c
-@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
- 		attach_options.gid = my_args.gid;
- 
- 	// selinux_context will be NULL if not set
--	attach_options.lsm_label = selinux_context;
-+	if (selinux_context) {
-+		attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
-+		attach_options.lsm_label = selinux_context;
-+	}
- 
- 	if (command.program) {
- 		ret = c->attach_run_wait(c, &attach_options, command.program,
diff --git a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
index 156df82f..4556293a 100644
--- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
+++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
@@ -1,4 +1,4 @@
-From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001
+From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001
 From: Joakim Roubert <joakimr@axis.com>
 Date: Fri, 16 Aug 2019 07:52:48 +0200
 Subject: [PATCH] Use curl instead of wget
@@ -7,16 +7,16 @@ When curl's MIT license is preferable to wget's GPLv3.
 
 Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8
 Signed-off-by: Joakim Roubert <joakimr@axis.com>
-
+Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
 ---
  templates/lxc-download.in | 10 +++++-----
  1 file changed, 5 insertions(+), 5 deletions(-)
 
 diff --git a/templates/lxc-download.in b/templates/lxc-download.in
-index d7e6128..8a4b567 100644
+index e8570692a..f7291b0cc 100755
 --- a/templates/lxc-download.in
 +++ b/templates/lxc-download.in
-@@ -74,9 +74,9 @@ cleanup() {
+@@ -75,9 +75,9 @@ cleanup() {
    fi
  }
  
@@ -28,18 +28,18 @@ index d7e6128..8a4b567 100644
        return 0
      fi
    done
-@@ -85,8 +85,8 @@ wget_wrapper() {
+@@ -86,8 +86,8 @@ wget_wrapper() {
  }
  
  download_file() {
--  if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
--    if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-+  if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
-+    if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
+-  if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
+-    if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
++  if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
++    if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
        if [ "$3" = "noexit" ]; then
          return 1
        else
-@@ -271,7 +271,7 @@ while :; do
+@@ -277,7 +277,7 @@ while :; do
  done
  
  # Check for required binaries
@@ -48,3 +48,6 @@ index d7e6128..8a4b567 100644
    if ! command -V "${bin}" >/dev/null 2>&1; then
      echo "ERROR: Missing required tool: ${bin}" 1>&2
      exit 1
+-- 
+2.27.0
+
diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
deleted file mode 100644
index f335e796..00000000
--- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
-From: Mark Asselstine <mark.asselstine@windriver.com>
-Date: Thu, 31 May 2018 15:14:26 -0400
-Subject: [PATCH] tests: add '--no-validate' when using download template
-
-We are usually running the ptests with core-image-minimal which has no
-mechanism to validate the downloads. Validation isn't really of
-interest to this test at any rate so simply add '--no-validate' to
-avoid failing due to no GPG validation.
-
-Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
-
----
- src/tests/lxc-test-apparmor-mount | 2 +-
- src/tests/lxc-test-autostart      | 2 +-
- src/tests/lxc-test-no-new-privs   | 2 +-
- src/tests/lxc-test-unpriv         | 2 +-
- src/tests/lxc-test-usernic.in     | 2 +-
- 5 files changed, 5 insertions(+), 5 deletions(-)
-
-Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount
-+++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount
-@@ -170,7 +170,7 @@
-     done
- fi
- 
--run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a $ARCH
-+run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r $release -a $ARCH
- 
- echo "test default confined container"
- run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
-Index: lxc-4.0.9/src/tests/lxc-test-autostart
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-autostart
-+++ lxc-4.0.9/src/tests/lxc-test-autostart
-@@ -55,7 +55,7 @@
-     done
- fi
- 
--lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r $release -a $ARCH
-+lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d ubuntu -r $release -a $ARCH
- CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://')
- cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak
- 
-Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs
-+++ lxc-4.0.9/src/tests/lxc-test-no-new-privs
-@@ -49,7 +49,7 @@
- 	ARCH=$(dpkg --print-architecture)
- fi
- 
--lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
-+lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a $ARCH
- echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
- 
- lxc-start -n c1
-Index: lxc-4.0.9/src/tests/lxc-test-unpriv
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-unpriv
-+++ lxc-4.0.9/src/tests/lxc-test-unpriv
-@@ -178,7 +178,7 @@
-     cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
-     chown -R $TUSER: $HDIR/.cache/lxc
- 
--run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d ubuntu -r $release -a $ARCH
-+run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- --no-validate -d ubuntu -r $release -a $ARCH
- 
- # Make sure we can start it - twice
- 
-Index: lxc-4.0.9/src/tests/lxc-test-usernic.in
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in
-+++ lxc-4.0.9/src/tests/lxc-test-usernic.in
-@@ -147,7 +147,7 @@
- fi
- 
- # Create three containers
--run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
-+run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r $release -a $ARCH"
- run_cmd "lxc-start -n b1 -d"
- p1=$(run_cmd "lxc-info -n b1 -p -H")
- 
diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/lxc_git.bb
index f5b5128b..ba1cef5a 100644
--- a/recipes-containers/lxc/lxc_git.bb
+++ b/recipes-containers/lxc/lxc_git.bb
@@ -46,15 +46,12 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \
 	file://template-make-busybox-template-compatible-with-core-.patch \
 	file://templates-use-curl-instead-of-wget.patch \
 	file://tests-our-init-is-not-busybox.patch \
-	file://tests-add-no-validate-when-using-download-template.patch \
 	file://dnsmasq.conf \
 	file://lxc-net \
-        file://enable_seccomp_profile_when_compiled_libseccomp.patch \
-        file://fix_c_command.patch \
 	"
 
-SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"
-PV = "4.0.10+git${SRCPV}"
+SRCREV = "48e079bf318982ae7d5684feeb7358870fa71c10"
+PV = "4.0.11+git${SRCPV}"
 
 S = "${WORKDIR}/git"
 
-- 
2.27.0

Re: [meta-virtualization][PATCH] lxc: update to 4.0.11

[Bruce Ashfield]

[-- Attachment #1: Type: text/plain, Size: 13990 bytes --]

On Mon, Nov 1, 2021 at 6:13 AM Xu, Yanfei <yanfei.xu@windriver.com> wrote:

> update to 4.0.11
>
> 1.drop two patches that have been integrated to upstream repo.
> 2.drop tests-add-no-validate-when-using-download-template.patch
>   because it is no longer appropriate as the "download" has been
>   replaced with "busybox"
> 3.fix the apply failure of templates-use-curl-instead-of-wget.patch
> 4.update lxc from 4.0.10 to 4.0.11
>
>
Thanks for the patch! (and the explanation above).

I've merged this to master and honister.

Bruce



> Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
> ---
>  ...omp_profile_when_compiled_libseccomp.patch | 46 ----------
>  .../lxc/files/fix_c_command.patch             | 36 --------
>  .../templates-use-curl-instead-of-wget.patch  | 23 ++---
>  ...alidate-when-using-download-template.patch | 85 -------------------
>  recipes-containers/lxc/lxc_git.bb             |  7 +-
>  5 files changed, 15 insertions(+), 182 deletions(-)
>  delete mode 100644
> recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
>  delete mode 100644 recipes-containers/lxc/files/fix_c_command.patch
>  delete mode 100644
> recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
>
> diff --git
> a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
> b/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
> deleted file mode 100644
> index f0a58139..00000000
> ---
> a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
> +++ /dev/null
> @@ -1,46 +0,0 @@
> -From 3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e Mon Sep 17 00:00:00 2001
> -From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> -Date: Mon, 23 Aug 2021 22:04:40 +0200
> -Subject: [PATCH] config: enable seccomp profile only when compiled with
> - libseccomp
> -
> -Make lxc fail if seccomp.profile is specified but lxc is compiled
> -without seccomp support. Currently, seccomp.profile is silently ignored
> -if is specified in such a scenario. This could lead to the false
> -impression that the seccomp filter is applied while it actually isn't.
> -
> -Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> ----
> - src/lxc/confile.c | 8 ++++++++
> - 1 file changed, 8 insertions(+)
> -
> -Upstream-Status: Submitted [
> https://github.com/lxc/lxc/pull/3947/commits/3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e
> ]
> -
> -diff --git a/src/lxc/confile.c b/src/lxc/confile.c
> -index d8b96c6921..1cc8da15f1 100644
> ---- a/src/lxc/confile.c
> -+++ b/src/lxc/confile.c
> -@@ -1211,7 +1211,11 @@ static int set_config_seccomp_notify_proxy(const
> char *key, const char *value,
> - static int set_config_seccomp_profile(const char *key, const char *value,
> -                                     struct lxc_conf *lxc_conf, void
> *data)
> - {
> -+#ifdef HAVE_SECCOMP
> -       return set_config_path_item(&lxc_conf->seccomp.seccomp, value);
> -+#else
> -+      return ret_set_errno(-1, ENOSYS);
> -+#endif
> - }
> -
> - static int set_config_execute_cmd(const char *key, const char *value,
> -@@ -4383,7 +4387,11 @@ static int get_config_seccomp_notify_proxy(const
> char *key, char *retv, int inle
> - static int get_config_seccomp_profile(const char *key, char *retv, int
> inlen,
> -                                     struct lxc_conf *c, void *data)
> - {
> -+#ifdef HAVE_SECCOMP
> -       return lxc_get_conf_str(retv, inlen, c->seccomp.seccomp);
> -+#else
> -+      return ret_errno(ENOSYS);
> -+#endif
> - }
> -
> - static int get_config_autodev(const char *key, char *retv, int inlen,
> diff --git a/recipes-containers/lxc/files/fix_c_command.patch
> b/recipes-containers/lxc/files/fix_c_command.patch
> deleted file mode 100644
> index 1ed8dafd..00000000
> --- a/recipes-containers/lxc/files/fix_c_command.patch
> +++ /dev/null
> @@ -1,36 +0,0 @@
> -From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
> -From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> -Date: Mon, 23 Aug 2021 15:39:28 +0200
> -Subject: [PATCH] attach: Fix -c command
> -
> -Currently, the -c command (to set the selinux context) seems to be
> -broken because the passed context is ignored and always overwritten by
> -the context specified in the config file. The intention behind the -c
> -imho was to be able to manually overwrite this behavior. This patch
> -ensures that the selinux context will be set if passed via the command
> -line.
> -
> -Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
> ----
> - src/lxc/tools/lxc_attach.c | 5 ++++-
> - 1 file changed, 4 insertions(+), 1 deletion(-)
> -
> -Upstream-Status: Backport [
> https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch
> ]
> -Comment: No change in any hunk
> -
> -diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
> -index 0374d980b4..e6b388b20c 100644
> ---- a/src/lxc/tools/lxc_attach.c
> -+++ b/src/lxc/tools/lxc_attach.c
> -@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
> -               attach_options.gid = my_args.gid;
> -
> -       // selinux_context will be NULL if not set
> --      attach_options.lsm_label = selinux_context;
> -+      if (selinux_context) {
> -+              attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
> -+              attach_options.lsm_label = selinux_context;
> -+      }
> -
> -       if (command.program) {
> -               ret = c->attach_run_wait(c, &attach_options,
> command.program,
> diff --git
> a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
> b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
> index 156df82f..4556293a 100644
> --- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
> +++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
> @@ -1,4 +1,4 @@
> -From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001
> +From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001
>  From: Joakim Roubert <joakimr@axis.com>
>  Date: Fri, 16 Aug 2019 07:52:48 +0200
>  Subject: [PATCH] Use curl instead of wget
> @@ -7,16 +7,16 @@ When curl's MIT license is preferable to wget's GPLv3.
>
>  Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8
>  Signed-off-by: Joakim Roubert <joakimr@axis.com>
> -
> +Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
>  ---
>   templates/lxc-download.in | 10 +++++-----
>   1 file changed, 5 insertions(+), 5 deletions(-)
>
>  diff --git a/templates/lxc-download.in b/templates/lxc-download.in
> -index d7e6128..8a4b567 100644
> +index e8570692a..f7291b0cc 100755
>  --- a/templates/lxc-download.in
>  +++ b/templates/lxc-download.in
> -@@ -74,9 +74,9 @@ cleanup() {
> +@@ -75,9 +75,9 @@ cleanup() {
>     fi
>   }
>
> @@ -28,18 +28,18 @@ index d7e6128..8a4b567 100644
>         return 0
>       fi
>     done
> -@@ -85,8 +85,8 @@ wget_wrapper() {
> +@@ -86,8 +86,8 @@ wget_wrapper() {
>   }
>
>   download_file() {
> --  if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2"
> >/dev/null 2>&1; then
> --    if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2"
> >/dev/null 2>&1; then
> -+  if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2"
> >/dev/null 2>&1; then
> -+    if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2"
> >/dev/null 2>&1; then
> +-  if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@
> compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1"
> -O "$2" >/dev/null 2>&1; then
> +-    if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@
> compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "http://${DOWNLOAD_SERVER}/$1"
> -O "$2" >/dev/null 2>&1; then
> ++  if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@
> compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1"
> -o "$2" >/dev/null 2>&1; then
> ++    if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@
> compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1"
> -o "$2" >/dev/null 2>&1; then
>         if [ "$3" = "noexit" ]; then
>           return 1
>         else
> -@@ -271,7 +271,7 @@ while :; do
> +@@ -277,7 +277,7 @@ while :; do
>   done
>
>   # Check for required binaries
> @@ -48,3 +48,6 @@ index d7e6128..8a4b567 100644
>     if ! command -V "${bin}" >/dev/null 2>&1; then
>       echo "ERROR: Missing required tool: ${bin}" 1>&2
>       exit 1
> +--
> +2.27.0
> +
> diff --git
> a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> deleted file mode 100644
> index f335e796..00000000
> ---
> a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> +++ /dev/null
> @@ -1,85 +0,0 @@
> -From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
> -From: Mark Asselstine <mark.asselstine@windriver.com>
> -Date: Thu, 31 May 2018 15:14:26 -0400
> -Subject: [PATCH] tests: add '--no-validate' when using download template
> -
> -We are usually running the ptests with core-image-minimal which has no
> -mechanism to validate the downloads. Validation isn't really of
> -interest to this test at any rate so simply add '--no-validate' to
> -avoid failing due to no GPG validation.
> -
> -Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
> -
> ----
> - src/tests/lxc-test-apparmor-mount | 2 +-
> - src/tests/lxc-test-autostart      | 2 +-
> - src/tests/lxc-test-no-new-privs   | 2 +-
> - src/tests/lxc-test-unpriv         | 2 +-
> - src/tests/lxc-test-usernic.in     | 2 +-
> - 5 files changed, 5 insertions(+), 5 deletions(-)
> -
> -Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount
> -+++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount
> -@@ -170,7 +170,7 @@
> -     done
> - fi
> -
> --run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a
> $ARCH
> -+run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r
> $release -a $ARCH
> -
> - echo "test default confined container"
> - run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
> -Index: lxc-4.0.9/src/tests/lxc-test-autostart
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-autostart
> -+++ lxc-4.0.9/src/tests/lxc-test-autostart
> -@@ -55,7 +55,7 @@
> -     done
> - fi
> -
> --lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r
> $release -a $ARCH
> -+lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d
> ubuntu -r $release -a $ARCH
> - CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c
> lxc.rootfs.path -H) | sed -e 's/dir://')
> - cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak
> -
> -Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs
> -+++ lxc-4.0.9/src/tests/lxc-test-no-new-privs
> -@@ -49,7 +49,7 @@
> -       ARCH=$(dpkg --print-architecture)
> - fi
> -
> --lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
> -+lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a
> $ARCH
> - echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
> -
> - lxc-start -n c1
> -Index: lxc-4.0.9/src/tests/lxc-test-unpriv
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-unpriv
> -+++ lxc-4.0.9/src/tests/lxc-test-unpriv
> -@@ -178,7 +178,7 @@
> -     cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
> -     chown -R $TUSER: $HDIR/.cache/lxc
> -
> --run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d
> ubuntu -r $release -a $ARCH
> -+run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" --
> --no-validate -d ubuntu -r $release -a $ARCH
> -
> - # Make sure we can start it - twice
> -
> -Index: lxc-4.0.9/src/tests/lxc-test-usernic.in
> -===================================================================
> ---- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in
> -+++ lxc-4.0.9/src/tests/lxc-test-usernic.in
> -@@ -147,7 +147,7 @@
> - fi
> -
> - # Create three containers
> --run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
> -+run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r
> $release -a $ARCH"
> - run_cmd "lxc-start -n b1 -d"
> - p1=$(run_cmd "lxc-info -n b1 -p -H")
> -
> diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/
> lxc_git.bb
> index f5b5128b..ba1cef5a 100644
> --- a/recipes-containers/lxc/lxc_git.bb
> +++ b/recipes-containers/lxc/lxc_git.bb
> @@ -46,15 +46,12 @@ SRC_URI = "git://
> github.com/lxc/lxc.git;branch=stable-4.0 \
>         file://template-make-busybox-template-compatible-with-core-.patch \
>         file://templates-use-curl-instead-of-wget.patch \
>         file://tests-our-init-is-not-busybox.patch \
> -       file://tests-add-no-validate-when-using-download-template.patch \
>         file://dnsmasq.conf \
>         file://lxc-net \
> -        file://enable_seccomp_profile_when_compiled_libseccomp.patch \
> -        file://fix_c_command.patch \
>         "
>
> -SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"
> -PV = "4.0.10+git${SRCPV}"
> +SRCREV = "48e079bf318982ae7d5684feeb7358870fa71c10"
> +PV = "4.0.11+git${SRCPV}"
>
>  S = "${WORKDIR}/git"
>
> --
> 2.27.0
>
>
> 
>
>

-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II

[-- Attachment #2: Type: text/html, Size: 18213 bytes --]

Re: [meta-virtualization][PATCH] lxc: update to 4.0.11

[Xu, Yanfei]

On 11/1/21 6:13 PM, Xu, Yanfei wrote:
> diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> deleted file mode 100644
> index f335e796..00000000
> --- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
> +++ /dev/null
> @@ -1,85 +0,0 @@
> -From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
> -From: Mark Asselstine<mark.asselstine@windriver.com>
> -Date: Thu, 31 May 2018 15:14:26 -0400
> -Subject: [PATCH] tests: add '--no-validate' when using download template
> -
> -We are usually running the ptests with core-image-minimal which has no
> -mechanism to validate the downloads. Validation isn't really of
> -interest to this test at any rate so simply add '--no-validate' to
> -avoid failing due to no GPG validation.
> -
> -Signed-off-by: Mark Asselstine<mark.asselstine@windriver.com>
> -

The reason about dropping this patch refer to the commit of lxc:

commit 82b850ddaa21e0f4d713e764bd57d3d9235fd319
Author: Christian Brauner <christian.brauner@ubuntu.com>
Date:   Mon Aug 16 17:40:45 2021 +0200

     tests: use busybox in lxc-test-no-new-privs

     Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/tests/lxc-test-no-new-privs 
b/src/tests/lxc-test-no-new-privs
index cfcb43bd6..64988a011 100755
--- a/src/tests/lxc-test-no-new-privs
+++ b/src/tests/lxc-test-no-new-privs
@@ -44,63 +44,26 @@ lxc.net.0.link = lxcbr0
  EOF
  fi

-ARCH=i386
-if type dpkg >/dev/null 2>&1; then
-       ARCH=$(dpkg --print-architecture)
-fi
-
-lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
+lxc-create -t busybox -n c1
  echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config

......


Thanks,
Yanfei