1. meta-virtualization@lists.yoctoproject.org
  2. Messages
   Date   
Re: [[PATCH] botocore: Fix rejecting URLs with unsafe characters in is_valid_endpoint_url()

Bruce Ashfield
 

merged.

Bruce

In message: [meta-virtualization] [[PATCH] botocore: Fix rejecting URLs with unsafe characters in is_valid_endpoint_url()
on 21/03/2023 Wentao Zhang wrote:

The function is_valid_endpoint_url() in botocore is designed to validate
endpoint URLs, but it fails to detect unsafe characters with Python 3.9.5+
and other versions carrying bpo-43882 fix. The issue is caused by urlsplit()
silently stripping LF, CR, and HT characters while splitting the URL,
which disarms the validator in botocore.

This patch detects unsafe characters in is_valid_endpoint_url() and
is_valid_ipv6_endpoint_url() early, in order to fix rejecting invalid URLs
with unsafe characters.

Signed-off-by: Wentao Zhang <wentao.zhang@...>
---
...Ls-with-unsafe-characters-in-is_vali.patch | 58 +++++++++++++++++++
.../python/python3-botocore_1.20.51.bb | 2 +
2 files changed, 60 insertions(+)
create mode 100644 recipes-devtools/python/python3-botocore/0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch

diff --git a/recipes-devtools/python/python3-botocore/0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch b/recipes-devtools/python/python3-botocore/0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch
new file mode 100644
index 0000000..6a43608
--- /dev/null
+++ b/recipes-devtools/python/python3-botocore/0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch
@@ -0,0 +1,58 @@
+From 370cdf7d708c92bf21a42f15392f7be330cf8f80 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@...>
+Date: Fri, 7 May 2021 19:54:16 +0200
+Subject: [PATCH] Fix rejecting URLs with unsafe characters in
+ is_valid_endpoint_url() (#2381)
+
+Detect unsafe characters in is_valid_endpoint_url()
+and is_valid_ipv6_endpoint_url() early, in order to fix rejecting
+invalid URLs with Python 3.9.5+ and other versions carrying bpo-43882
+fix. In these versions, urlsplit() silently strips LF, CR and HT
+characters while splitting the URL, effectively disarming the validator
+in botocore.
+
+The solution is based on a similar fix in Django.
+
+Fixes #2377
+---
+ botocore/utils.py | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/botocore/utils.py b/botocore/utils.py
+index 378972248..d35dd64bb 100644
+--- a/botocore/utils.py
++++ b/botocore/utils.py
+@@ -173,6 +173,10 @@ ZONE_ID_PAT = "(?:%25|%)(?:[" + UNRESERVED_PAT + "]|%[a-fA-F0-9]{2})+"
+ IPV6_ADDRZ_PAT = r"\[" + IPV6_PAT + r"(?:" + ZONE_ID_PAT + r")?\]"
+ IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT + "$")
+
++# These are the characters that are stripped by post-bpo-43882 urlparse().
++UNSAFE_URL_CHARS = frozenset('\t\r\n')
++
++
+ def ensure_boolean(val):
+ """Ensures a boolean value if a string or boolean is provided
+
+@@ -977,6 +981,8 @@ class ArgumentGenerator(object):
+
+
+ def is_valid_ipv6_endpoint_url(endpoint_url):
++ if UNSAFE_URL_CHARS.intersection(endpoint_url):
++ return False
+ netloc = urlparse(endpoint_url).netloc
+ return IPV6_ADDRZ_RE.match(netloc) is not None
+
+@@ -990,6 +996,10 @@ def is_valid_endpoint_url(endpoint_url):
+ :return: True if the endpoint url is valid. False otherwise.
+
+ """
++ # post-bpo-43882 urlsplit() strips unsafe characters from URL, causing
++ # it to pass hostname validation below. Detect them early to fix that.
++ if UNSAFE_URL_CHARS.intersection(endpoint_url):
++ return False
+ parts = urlsplit(endpoint_url)
+ hostname = parts.hostname
+ if hostname is None:
+--
+2.25.1
+
diff --git a/recipes-devtools/python/python3-botocore_1.20.51.bb b/recipes-devtools/python/python3-botocore_1.20.51.bb
index ca506f6..f71db1f 100644
--- a/recipes-devtools/python/python3-botocore_1.20.51.bb
+++ b/recipes-devtools/python/python3-botocore_1.20.51.bb
@@ -8,3 +8,5 @@ SRC_URI[sha256sum] = "c853d6c2321e2f2328282c7d49d7b1a06201826ba0e7049c6975ab5f22
inherit pypi setuptools3

RDEPENDS:${PN} += "python3-jmespath python3-dateutil python3-logging"
+
+SRC_URI += "file://0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch"
--
2.25.1
Re: busybox_1.36.0.bb doesn't exist

Bruce Ashfield
 

mickledore hasn't been released, and will come from oe-core master. So
I'm not sure what you are using, but it is 1.36.0 for the version
there.

I only branch meta-virt once I've stabilized post release of oe-core,
which is typically a week or so after release.

Bruce

On Tue, Mar 21, 2023 at 7:58 PM Ze Zhang <zhangze.linux@...> wrote:

hi, I use the master branch of meta-virtualization,
my yocto version is : mickledore, but it has busybox version 1.35,
and there is no mickledore branch in meta-virtualization, maybe you should create a mickledore branch for meta-virtualization.
thanks a lot.

Bruce Ashfield <bruce.ashfield@...> 于2023年3月21日周二 20:45写道:

On Tue, Mar 21, 2023 at 8:38 AM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@...> wrote:

This is a bump that I do everytime OE core updates their busybox, I'm
just completing some runtime tests and should have it pushed today.
Actually, cancel what I said above. I hadn't had my coffee yet, and I
thought this was about the runtime/init changes I have pending in
master.

What meta-virtualization branch are you using ? My just updated
oe-core has busybox 1.36.0, which matches the PV in
meta-virtualization, so you should have no issues.

Bruce

Bruce

On Mon, Mar 20, 2023 at 10:29 PM Ze Zhang <zhangze.linux@...> wrote:


HI,

in this file meta-virtualization/tree/master/recipes-core/busybox)/busybox-initrd_1.36.0.bb

busybox-initrd_1.36.0.bb should not include busybox_${PV}.bb, because busybox_1.36.0.bb doesn't exist.

require recipes-core/busybox/busybox_${PV}.bb



https://github.com/lgirdk/meta-virtualization/issues/6


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
Re: busybox_1.36.0.bb doesn't exist

Bruce Ashfield
 

On Tue, Mar 21, 2023 at 8:38 AM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@...> wrote:

This is a bump that I do everytime OE core updates their busybox, I'm
just completing some runtime tests and should have it pushed today.
Actually, cancel what I said above. I hadn't had my coffee yet, and I
thought this was about the runtime/init changes I have pending in
master.

What meta-virtualization branch are you using ? My just updated
oe-core has busybox 1.36.0, which matches the PV in
meta-virtualization, so you should have no issues.

Bruce

Bruce

On Mon, Mar 20, 2023 at 10:29 PM Ze Zhang <zhangze.linux@...> wrote:


HI,

in this file meta-virtualization/tree/master/recipes-core/busybox)/busybox-initrd_1.36.0.bb

busybox-initrd_1.36.0.bb should not include busybox_${PV}.bb, because busybox_1.36.0.bb doesn't exist.

require recipes-core/busybox/busybox_${PV}.bb



https://github.com/lgirdk/meta-virtualization/issues/6


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
Re: busybox_1.36.0.bb doesn't exist

Bruce Ashfield
 

This is a bump that I do everytime OE core updates their busybox, I'm
just completing some runtime tests and should have it pushed today.

Bruce

On Mon, Mar 20, 2023 at 10:29 PM Ze Zhang <zhangze.linux@...> wrote:


HI,

in this file meta-virtualization/tree/master/recipes-core/busybox)/busybox-initrd_1.36.0.bb

busybox-initrd_1.36.0.bb should not include busybox_${PV}.bb, because busybox_1.36.0.bb doesn't exist.

require recipes-core/busybox/busybox_${PV}.bb



https://github.com/lgirdk/meta-virtualization/issues/6
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
[[PATCH] botocore: Fix rejecting URLs with unsafe characters in is_valid_endpoint_url()

Wentao Zhang
 

The function is_valid_endpoint_url() in botocore is designed to validate
endpoint URLs, but it fails to detect unsafe characters with Python 3.9.5+
and other versions carrying bpo-43882 fix. The issue is caused by urlsplit()
silently stripping LF, CR, and HT characters while splitting the URL,
which disarms the validator in botocore.

This patch detects unsafe characters in is_valid_endpoint_url() and
is_valid_ipv6_endpoint_url() early, in order to fix rejecting invalid URLs
with unsafe characters.

Signed-off-by: Wentao Zhang <wentao.zhang@...>
---
...Ls-with-unsafe-characters-in-is_vali.patch | 58 +++++++++++++++++++
.../python/python3-botocore_1.20.51.bb | 2 +
2 files changed, 60 insertions(+)
create mode 100644 recipes-devtools/python/python3-botocore/0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch

diff --git a/recipes-devtools/python/python3-botocore/0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch b/recipes-devtools/python/python3-botocore/0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch
new file mode 100644
index 0000000..6a43608
--- /dev/null
+++ b/recipes-devtools/python/python3-botocore/0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch
@@ -0,0 +1,58 @@
+From 370cdf7d708c92bf21a42f15392f7be330cf8f80 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@...>
+Date: Fri, 7 May 2021 19:54:16 +0200
+Subject: [PATCH] Fix rejecting URLs with unsafe characters in
+ is_valid_endpoint_url() (#2381)
+
+Detect unsafe characters in is_valid_endpoint_url()
+and is_valid_ipv6_endpoint_url() early, in order to fix rejecting
+invalid URLs with Python 3.9.5+ and other versions carrying bpo-43882
+fix. In these versions, urlsplit() silently strips LF, CR and HT
+characters while splitting the URL, effectively disarming the validator
+in botocore.
+
+The solution is based on a similar fix in Django.
+
+Fixes #2377
+---
+ botocore/utils.py | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/botocore/utils.py b/botocore/utils.py
+index 378972248..d35dd64bb 100644
+--- a/botocore/utils.py
++++ b/botocore/utils.py
+@@ -173,6 +173,10 @@ ZONE_ID_PAT = "(?:%25|%)(?:[" + UNRESERVED_PAT + "]|%[a-fA-F0-9]{2})+"
+ IPV6_ADDRZ_PAT = r"\[" + IPV6_PAT + r"(?:" + ZONE_ID_PAT + r")?\]"
+ IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT + "$")
+
++# These are the characters that are stripped by post-bpo-43882 urlparse().
++UNSAFE_URL_CHARS = frozenset('\t\r\n')
++
++
+ def ensure_boolean(val):
+ """Ensures a boolean value if a string or boolean is provided
+
+@@ -977,6 +981,8 @@ class ArgumentGenerator(object):
+
+
+ def is_valid_ipv6_endpoint_url(endpoint_url):
++ if UNSAFE_URL_CHARS.intersection(endpoint_url):
++ return False
+ netloc = urlparse(endpoint_url).netloc
+ return IPV6_ADDRZ_RE.match(netloc) is not None
+
+@@ -990,6 +996,10 @@ def is_valid_endpoint_url(endpoint_url):
+ :return: True if the endpoint url is valid. False otherwise.
+
+ """
++ # post-bpo-43882 urlsplit() strips unsafe characters from URL, causing
++ # it to pass hostname validation below. Detect them early to fix that.
++ if UNSAFE_URL_CHARS.intersection(endpoint_url):
++ return False
+ parts = urlsplit(endpoint_url)
+ hostname = parts.hostname
+ if hostname is None:
+--
+2.25.1
+
diff --git a/recipes-devtools/python/python3-botocore_1.20.51.bb b/recipes-devtools/python/python3-botocore_1.20.51.bb
index ca506f6..f71db1f 100644
--- a/recipes-devtools/python/python3-botocore_1.20.51.bb
+++ b/recipes-devtools/python/python3-botocore_1.20.51.bb
@@ -8,3 +8,5 @@ SRC_URI[sha256sum] = "c853d6c2321e2f2328282c7d49d7b1a06201826ba0e7049c6975ab5f22
inherit pypi setuptools3

RDEPENDS:${PN} += "python3-jmespath python3-dateutil python3-logging"
+
+SRC_URI += "file://0001-Fix-rejecting-URLs-with-unsafe-characters-in-is_vali.patch"
--
2.25.1
Re: meta-virt fails check-layer-nightly

Bruce Ashfield
 

On Sun, Mar 19, 2023 at 3:39 PM Alexandre Belloni
<alexandre.belloni@...> wrote:

Hi Bruce,

check-layer-nightly is failing for meta-virt:

ERROR: Nothing RPROVIDES '${VIRTUAL-RUNTIME_container_networking}' (but /home/pokybuild/yocto-worker/check-layer-nightly/build/meta-virtualization/recipes-containers/podman/podman_git.bb RDEPENDS on or otherwise requires it)
Aha. These recipes need the defaults that are supplied when the
virtualization distro feature is specified.

What is the exact command the nightly check is running ? I can't locate it here.

I'll add a skip recipe on the users of those namespaces if
virtualization isn't enabled and/or set a basic default.

Bruce


--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
Re: [PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it

Bruce Ashfield
 

This didn't apply cleanly to master-next, but I resolved the conflict
and pushed it to master-next.

I'm testing now.

If I missed an older patch, or otherwise dropped something to mix up
the context, please send new patches.

Bruce


On Tue, Feb 28, 2023 at 9:38 PM Xiangyu Chen
<xiangyu.chen@...> wrote:

From: Xiangyu Chen <xiangyu.chen@...>

Hi Bruce,

Recently we found that the lxc ptest has lots of failure cases as below log-1, after checking the
code, some cases failed due to related the init progess. For example, lxc-test-exit-code need to
start container as daemon, but if using bash as init, the container cannot start correctly.

So added a busybox init utils checking in lxc-busybox template, if current system busybox contains
init then use it, after applying this patch, the ptest result as log-2.


######## 1og-1: ptest without patch #######

Starting LXC ptest ###
FAIL: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
FAIL: lxc-test-attach
PASS: lxc-test-automount
FAIL: lxc-test-autostart
PASS: lxc-test-basic
FAIL: lxc-test-capabilities
FAIL: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
FAIL: lxc-test-clonetest
FAIL: lxc-test-concurrent
PASS: lxc-test-config-jump-table
FAIL: lxc-test-console
FAIL: lxc-test-console-log
FAIL: lxc-test-containertests
FAIL: lxc-test-createconfig
FAIL: lxc-test-createtest
PASS: lxc-test-criu-check-feature
FAIL: lxc-test-cve-2019-5736
FAIL: lxc-test-destroytest
FAIL: lxc-test-device-add-remove
FAIL: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
FAIL: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
FAIL: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
FAIL: lxc-test-proc-pid
FAIL: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
FAIL: lxc-test-rootfs
FAIL: lxc-test-rootfs-options
FAIL: lxc-test-saveconfig
FAIL: lxc-test-share-ns
FAIL: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
FAIL: lxc-test-snapshot
FAIL: lxc-test-startone
SKIPPED: lxc-test-state-server
FAIL: lxc-test-symlink
FAIL: lxc-test-sys-mixed
FAIL: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils





Results:
PASSED = 17
FAILED = 37
SKIPPED = 3
(for details check individual test log in ./logs directory)


###########log-2: ptest with patch ###################
root@intel-x86-64:/usr/lib64/lxc/ptest# ./run-ptest
### Starting LXC ptest ###
PASS: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
PASS: lxc-test-attach
PASS: lxc-test-automount
PASS: lxc-test-autostart
PASS: lxc-test-basic
PASS: lxc-test-capabilities
PASS: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
PASS: lxc-test-clonetest
PASS: lxc-test-concurrent
PASS: lxc-test-config-jump-table
PASS: lxc-test-console
PASS: lxc-test-console-log
PASS: lxc-test-containertests
PASS: lxc-test-createconfig
PASS: lxc-test-createtest
PASS: lxc-test-criu-check-feature
PASS: lxc-test-cve-2019-5736
PASS: lxc-test-destroytest
PASS: lxc-test-device-add-remove
PASS: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
PASS: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
PASS: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
PASS: lxc-test-proc-pid
PASS: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
PASS: lxc-test-rootfs
PASS: lxc-test-rootfs-options
PASS: lxc-test-saveconfig
PASS: lxc-test-share-ns
PASS: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
PASS: lxc-test-snapshot
PASS: lxc-test-startone
SKIPPED: lxc-test-state-server
PASS: lxc-test-symlink
PASS: lxc-test-sys-mixed
PASS: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils

Results:
PASSED = 47
FAILED = 7
SKIPPED = 3
(for details check individual test log in ./logs directory)




Xiangyu Chen (1):
lxc: templates/lxc-busybox.in: if busybox contains init then use it

...box-contains-init-use-it-in-containe.patch | 45 +++++++++++++++++++
recipes-containers/lxc/lxc_git.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 recipes-containers/lxc/files/0001-template-if-busybox-contains-init-use-it-in-containe.patch

--
2.34.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
Re: [PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it

Bruce Ashfield
 

On Mon, Mar 13, 2023 at 3:18 AM Xiangyu Chen
<xiangyu.chen@...> wrote:

Hi Bruce,

On 3/13/23 08:46, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On Wed, Mar 8, 2023 at 10:49 PM Xiangyu Chen
<xiangyu.chen@...> wrote:
Hi Bruce,


Sorry for being late,

On 3/8/23 12:00, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On Thu, Mar 2, 2023 at 8:17 PM Xiangyu Chen
<xiangyu.chen@...> wrote:
Hi Bruce,


On 3/3/23 05:24, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

In message: [meta-virtualization][PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it
on 01/03/2023 Xiangyu Chen wrote:

From: Xiangyu Chen <xiangyu.chen@...>

Hi Bruce,

Recently we found that the lxc ptest has lots of failure cases as below log-1, after checking the
code, some cases failed due to related the init progess. For example, lxc-test-exit-code need to
start container as daemon, but if using bash as init, the container cannot start correctly.
Is there an indication of what busybox is providing that bash isn't ?
In my local setup, when using bash as container init, the container
doesn't support "reboot" and cannot start correctly in a daemon mode,
test step as below:

lxc-create -t busybox -n t

lxc-start -n t -d

lxc-ls -f

the container "t" status still in "STOPPED", but when we use a busybox
init instead of bash, the container status is correct in daemon mode.
I'm setting up to test this myself, but generally speaking we should
include this detail in the commit log.
Thanks, if we find the final root cause, I'll add our discussion
information into the commit and send a v2 patch :p


I don't like to force this in the ptest, while for actual lxc containers
we still allow bash, which means it may not be functional.
This is a common template for lxc, but I am not sure whether others
still need bash as lxc container init, so I based the patch

"template-make-busybox-template-compatible-with-core-.patch" to add the
busybox back.
That's the part that concerns me. Why does our bash behave differently
than in other lxc integrations and other distros ?
Currently, the behavior is when using lxc with busybox template in
daemon mode, the status still stay in "STOPPED", but it's working well
in foreground mode.

Do you have the ability to run the same simple tests you have above on
a desktop distro ?
I have setup a virtualbox today and did some test with trace, here is
something I was found:

As above mentioned, lxc working well in foreground mode but something
wrong with daemon mode, according to manual of lxc-start, the foreground
mode attach the tty to /dev/console, but daemon mode doesn't.
And to confirm, this is running on something like ubuntu, using the
ubuntu bash ?
It was a virtualbox VM with openSUSE Leap 15.5, lxc version is 4.0.12,
bash version is 4.4.23, busybox using master branch and was built by myself.


When using busybox as init, the container run as daemon is normal:

localhost:~ # lxc-create --version
4.0.12
localhost:~ # lxc-create -t busybox -n t-bb
localhost:~ # lxc-start -n t-bb -d
localhost:~ # lxc-ls -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
t-bb RUNNING 0 - - - false
localhost:~ # lxc-stop -n t-bb
localhost:~ # lxc-ls -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
t-bb STOPPED 0 - - - false
localhost:~ #
localhost:~ #


The strace log:

#####log of "strace -f lxc-start -n t-bb -d" #######

execve("/usr/bin/lxc-start", ["lxc-start", "-n", "t-bb", "-d"],
0x7ffe0ef0e300 /* 57 vars */) = 0
... loading and mapping libraries for lxc ...

[pid 23053] execve("/sbin/init", ["/sbin/init"], 0x563be8d3fae0 /* 2
vars */ <unfinished ...>

... loading and mapping libraries for /sbin/init in container...

[pid 23053] reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2,
LINUX_REBOOT_CMD_CAD_OFF) = -1 EINVAL (Invalid argument)
[pid 23053] openat(AT_FDCWD, "/dev/null", O_RDWR) = 3
[pid 23053] close(3) = 0
[pid 23053] ioctl(0, VT_OPENQRY, 0x7ffd8e2e5b28) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 23053] brk(NULL) = 0x19ea000
[pid 23053] brk(0x1a0b000) = 0x1a0b000
[pid 23053] ioctl(0, TCGETS, 0x7ffd8e2e5a90) = -1 ENOTTY (Inappropriate
ioctl for device)
[pid 23053] chdir("/") = 0
[pid 23053] setsid() = -1 EPERM (Operation not permitted)
[pid 23053] openat(AT_FDCWD, "/etc/inittab", O_RDONLY) = 3
[pid 23053] fstat(3, {st_mode=S_IFREG|0644, st_size=97, ...}) = 0
[pid 23053] read(3, "::sysinit:/etc/init.d/rcS\ntty1::"..., 4096) = 97
[pid 23053] read(3, "", 4096) = 0
[pid 23053] close(3) = 0

.... add signal process callback ....

[pid 23054] execve("/etc/init.d/rcS", ["/etc/init.d/rcS"], 0x19ea2a0 /*
6 vars */ <unfinished ...>

.... loading and mapping libraries for running /etc/init.d/rcS .....

[pid 23055] execve("/bin/syslogd", ["/bin/syslogd"], 0x1308670 /* 8 vars
*/) = 0

.....

[pid 23056] execve("/bin/mount", ["/bin/mount", "-a"], 0x13086b8 /* 8
vars */ <unfinished ...>

...

[pid 23057] execve("/bin/udhcpc", ["/bin/udhcpc"], 0x1308670 /* 8 vars
*/) = 0

...

[pid 23058] execve("/bin/getty", ["/bin/getty", "-L", "tty1", "115200",
"vt100"], 0x19ea2a0 /* 6 vars */ <unfinished ...>

...

[pid 23061] execve("/bin/sh", ["/bin/sh"], 0x13d02a0 /* 6 vars */
<unfinished ...>

[pid 23061] ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
...
[pid 23061] ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0

[pid 23061] openat(AT_FDCWD, "/dev/tty", O_RDWR) = 3
[pid 23061] fcntl(3, F_DUPFD_CLOEXEC, 10) = 10
[pid 23061] close(3 <unfinished ...>
[pid 23061] <... close resumed>) = 0
[pid 23061] ioctl(10, TIOCGPGRP <unfinished ...>
[pid 23061] <... ioctl resumed>, [8]) = 0
[pid 23061] getpgrp() = 8
...
[pid 23061] setpgid(0, 8 <unfinished ...>
[pid 23061] <... setpgid resumed>) = -1 EPERM (Operation not permitted)
[pid 23061] ioctl(10, TIOCSPGRP, [8] <unfinished ...>
[pid 23061] <... ioctl resumed>) = 0
[pid 23061] ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 23061] ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost -isig
-icanon -echo ...} <unfinished ...>
[pid 23061] <... ioctl resumed>) = 0
[pid 23061] ioctl(0, TIOCGWINSZ, {ws_row=0, ws_col=0, ws_xpixel=0,
ws_ypixel=0}) = 0
[pid 23061] geteuid() = 0
[pid 23061] openat(AT_FDCWD, "/etc/passwd", O_RDONLY) = 3
[pid 23061] fstat(3, <unfinished ...>
[pid 23061] <... fstat resumed>{st_mode=S_IFREG|0644, st_size=30, ...}) = 0
[pid 23061] read(3, <unfinished ...>
[pid 23061] <... read resumed>"root:x:0:0:root:/root:/bin/sh\n", 4096) = 30
[pid 23061] close(3 <unfinished ...>
[pid 23061] <... close resumed>) = 0
[pid 23061] geteuid( <unfinished ...>
[pid 23061] <... geteuid resumed>) = 0
[pid 23061] fstat(1, <unfinished ...>
[pid 23061] <... fstat resumed>{st_mode=S_IFCHR|0620,
st_rdev=makedev(0x88, 0x2), ...}) = 0
[pid 23061] rt_sigaction(SIGWINCH, {sa_handler=0x4b9ce8, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fc7eecdcd50},
<unfinished ...>
[pid 23061] <... rt_sigaction resumed>{sa_handler=SIG_DFL, sa_mask=[],
sa_flags=0}, 8) = 0
[pid 23061] write(1, "/ # ", 4 <unfinished ...>
[pid 23061] <... write resumed>) = 4
[pid 23061] poll([{fd=0, events=POLLIN}], 1, -1 <unfinished ...>
############end of "strace -f lxc-start -n t-bb -d" ###############



When using bash as init, the container can run in foreground mode:

localhost:~ # lxc-create -t busybox -n t-bash
localhost:~ # lxc-start -n t-bash -d
localhost:~ # lxc-ls -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
t-bash STOPPED 0 - - - false
t-bb STOPPED 0 - - - false
localhost:~ # lxc-start -n t-bash -F
init-4.4#
init-4.4#
init-4.4# /sbin/init --version
GNU bash, version 4.4.23(1)-release (x86_64-suse-linux-gnu)
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
init-4.4# exit
exit
localhost:~ #

The strace log:

#####log of "strace -f lxc-start -n bash -d" #######

[pid 22977] execve("/sbin/init", ["/sbin/init"], 0x562a9b3d80f0 /* 2
vars */ <unfinished ...>
.... loading and mapping libraries .......
[pid 22977] openat(AT_FDCWD, "/dev/tty", O_RDWR|O_NONBLOCK) = -1 ENXIO
(No such device or address)
[pid 22977] ioctl(0, TCGETS, 0x7ffc1d039fa0) = -1 ENOTTY (Inappropriate
ioctl for device)
[pid 22977] stat("/usr/lib/locale/locale-archive", 0x7ffc1d03a110) = -1
ENOENT (No such file or directory)
[pid 22977] brk(NULL) = 0x562bad4cf000
[pid 22977] brk(0x562bad4f0000) = 0x562bad4f0000
[pid 22977] getuid() = 0
[pid 22977] getgid() = 0
[pid 22977] geteuid() = 0
[pid 22977] getegid() = 0
[pid 22977] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 22977] ioctl(0, TCGETS, 0x7ffc1d03a120) = -1 ENOTTY (Inappropriate
ioctl for device)
[pid 22977] ioctl(-1, TIOCGPGRP, 0x7ffc1d03a194) = -1 EBADF (Bad file
descriptor)
[pid 22977] sysinfo({uptime=5034, loads=[13568, 5344, 992],
totalram=4115214336, freeram=1067577344, sharedram=30674944,
bufferram=1994752, totalswap=2148507648, freeswap=2148507648, procs=381,
totalhigh=0, freehigh=0, mem_unit=1}) = 0
.... add signal process callback and start process network
configurations in /etc ....

[pid 22977] openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
[pid 22977] lseek(3, 0, SEEK_CUR) = 0
[pid 22977] fstat(3, {st_mode=S_IFREG|0644, st_size=30, ...}) = 0
[pid 22977] read(3, "root:x:0:0:root:/root:/bin/sh\n", 4096) = 30
[pid 22977] close(3) = 0
[pid 22977] getppid() = 0
[pid 22977] getpid() = 1
[pid 22977] getpgrp() = 1
[pid 22977] ioctl(2, TIOCGPGRP, 0x7ffc1d03a064) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 22977] rt_sigaction(SIGCHLD, {sa_handler=0x562bacebdb50,
sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7fdb74971d50}, {sa_handler=SIG_DFL, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fdb74971d50}, 8) = 0
[pid 22977] ioctl(2, TIOCGPGRP, 0x7ffc1d03a044) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 22977] prlimit64(0, RLIMIT_NPROC, NULL, {rlim_cur=15574,
rlim_max=15574}) = 0
[pid 22977] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 22977] fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
[pid 22977] fstat(0, {st_mode=S_IFCHR|0666, st_rdev=makedev(0x1, 0x3),
...}) = 0
[pid 22977] lseek(0, 0, SEEK_CUR) = 0
[pid 22977] read(0, "", 1) = 0
[pid 22977] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 22977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 22977] exit_group(0) = ?
[pid 22977] +++ exited with 0 +++
#####end of "strace -f lxc-start -n bash -d" #######

I'm not seeing anything obvious in the traces. I do wish we had a root
cause as to why bash cannot go into daemon mode, while busybox can.

I'm going to soak these on master next for a bit and watch for issues.

Bruce


Br,

Xiangyu


I was enable the lxc debug trace as below when start a container with
daemon mode (part of init related log and remove timestamp and full
source code path)

##### lxc-start -n t -o /tmp/log.txt -l TRACE -d #####

start - /src/lxc/start.c:post_start:2205 - Started "/sbin/init" with pid
"871"
start - /src/lxc/start.c:lxc_serve_state_clients:483 - Set container
state to RUNNING

<<<<<<<<< we can see the bash as init was starting, and lxc update mode

start - /src/lxc/start.c:lxc_serve_state_clients:486 - No state clients
registered
mainloop - /src/lxc/mainloop.c:__epoll_open:493 - Created epoll instance
mainloop - /mainloop.c:__epoll_open:493 - Created epoll instance
start - /src/lxc/start.c:lxc_poll:626 - Mainloop is ready
start - /src/lxc/start.c:signal_handler:396 - Received signal
ssi_signo(17) for ssi_pid(871), si_signo(17), si_pid(871)
start - /src/lxc/start.c:signal_handler:464 - Container init process 871
exited

<<<<<<<<<< seems something wrong with the init, it exited and lxc got
the exit signal.

start - /src/lxc/start.c:lxc_poll:643 - Closed console mainloop
start - /src/lxc/start.c:lxc_poll:648 - Closed mainloop
start - /src/lxc/start.c:lxc_poll:651 - Closed signal file descriptor 7
..... removed some networking teminating related trace .....
start - /src/lxc/start.c:lxc_serve_state_clients:483 - Set container
state to STOPPING

<<<<<<<<<<< now the lxc set container mode back to stop mode.

start - /src/lxc/start.c:lxc_serve_state_clients:486 - No state clients
registered
##### end of lxc-start -n t -o /tmp/log.txt -l TRACE -d #####


Let's use strace to see what happens in container(part of init related log):

#####strace -s 1024 -f lxc-start -n t -d #####

[pid 1211] execve("/sbin/init", ["/sbin/init"], 0x55a07c90eb30 /* 1 var
*/ <unfinished ...>
......

[pid 1211] ioctl(2, TIOCGPGRP, 0x7fffe212610c) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 1211] rt_sigaction(SIGCHLD, {sa_handler=0x5632e07dcec0,
sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f1237db3190}, {sa_handler=SIG_DFL, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1237db3190}, 8) = 0
[pid 1211] ioctl(2, TIOCGPGRP, 0x7fffe21260ec) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 1211] prlimit64(0, RLIMIT_NPROC, NULL, {rlim_cur=3818,
rlim_max=3818}) = 0
[pid 1211] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 1211] fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
[pid 1211] newfstatat(0, "", {st_mode=S_IFCHR|0666,
st_rdev=makedev(0x1, 0x3), ...}, AT_EMPTY_PATH) = 0
[pid 1211] lseek(0, 0, SEEK_CUR) = 0
[pid 1211] read(0, "", 1) = 0
[pid 1211] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 1211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 1211] exit_group(0) = ?
[pid 1211] +++ exited with 0 +++
#####end of strace -s 1024 -f lxc-start -n t -d #####

it looks that seems bash stdi/o/err cannot attach the available caused
this issue, right?
It does look like that. When busybox is used as init, do you have a
similar strace ? I'd like to do that comparison.

Bruce


I don't want to force this switch to busybox, without understanding if
we are the only ones seeing this issue .. since that means we are
simply hiding an issue, versus fixing it.
Yes indeed, if someone is using systemd as init, they need to add extra
configurations to setup busybox and keep default systemd init cannot be
replaced by busybox in local.conf .


Thanks,

Xiangyu

Bruce
There are other init options in meta-virt, like the docker tini, if we
had to enforce something, I'd rather that than busybox.
Good to hear the tini :)

Indeed, enable the busybox-init might need lots of additional effort to
take care of system which using systemd, otherwise, /sbin/init always to
be covered by busybox.

Bruce
Br,

Xiangyu


So added a busybox init utils checking in lxc-busybox template, if current system busybox contains
init then use it, after applying this patch, the ptest result as log-2.


######## 1og-1: ptest without patch #######

Starting LXC ptest ###
FAIL: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
FAIL: lxc-test-attach
PASS: lxc-test-automount
FAIL: lxc-test-autostart
PASS: lxc-test-basic
FAIL: lxc-test-capabilities
FAIL: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
FAIL: lxc-test-clonetest
FAIL: lxc-test-concurrent
PASS: lxc-test-config-jump-table
FAIL: lxc-test-console
FAIL: lxc-test-console-log
FAIL: lxc-test-containertests
FAIL: lxc-test-createconfig
FAIL: lxc-test-createtest
PASS: lxc-test-criu-check-feature
FAIL: lxc-test-cve-2019-5736
FAIL: lxc-test-destroytest
FAIL: lxc-test-device-add-remove
FAIL: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
FAIL: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
FAIL: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
FAIL: lxc-test-proc-pid
FAIL: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
FAIL: lxc-test-rootfs
FAIL: lxc-test-rootfs-options
FAIL: lxc-test-saveconfig
FAIL: lxc-test-share-ns
FAIL: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
FAIL: lxc-test-snapshot
FAIL: lxc-test-startone
SKIPPED: lxc-test-state-server
FAIL: lxc-test-symlink
FAIL: lxc-test-sys-mixed
FAIL: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils





Results:
PASSED = 17
FAILED = 37
SKIPPED = 3
(for details check individual test log in ./logs directory)


###########log-2: ptest with patch ###################
root@intel-x86-64:/usr/lib64/lxc/ptest# ./run-ptest
### Starting LXC ptest ###
PASS: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
PASS: lxc-test-attach
PASS: lxc-test-automount
PASS: lxc-test-autostart
PASS: lxc-test-basic
PASS: lxc-test-capabilities
PASS: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
PASS: lxc-test-clonetest
PASS: lxc-test-concurrent
PASS: lxc-test-config-jump-table
PASS: lxc-test-console
PASS: lxc-test-console-log
PASS: lxc-test-containertests
PASS: lxc-test-createconfig
PASS: lxc-test-createtest
PASS: lxc-test-criu-check-feature
PASS: lxc-test-cve-2019-5736
PASS: lxc-test-destroytest
PASS: lxc-test-device-add-remove
PASS: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
PASS: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
PASS: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
PASS: lxc-test-proc-pid
PASS: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
PASS: lxc-test-rootfs
PASS: lxc-test-rootfs-options
PASS: lxc-test-saveconfig
PASS: lxc-test-share-ns
PASS: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
PASS: lxc-test-snapshot
PASS: lxc-test-startone
SKIPPED: lxc-test-state-server
PASS: lxc-test-symlink
PASS: lxc-test-sys-mixed
PASS: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils

Results:
PASSED = 47
FAILED = 7
SKIPPED = 3
(for details check individual test log in ./logs directory)




Xiangyu Chen (1):
lxc: templates/lxc-busybox.in: if busybox contains init then use it

...box-contains-init-use-it-in-containe.patch | 45 +++++++++++++++++++
recipes-containers/lxc/lxc_git.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 recipes-containers/lxc/files/0001-template-if-busybox-contains-init-use-it-in-containe.patch

--
2.34.1


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
Re: [kirkstone][PATCH 0/2] fix the template of lxc download failure on kirkstone

Bruce Ashfield
 

In message: [meta-virtualization][kirkstone][PATCH 0/2] fix the template of lxc download failure on kirkstone
on 17/03/2023 Xiangyu Chen wrote:

From: Xiangyu Chen <xiangyu.chen@...>

Hi Bruce,

This series of patch to fix the template of lxc-download on kirkstone.

When we using a download container command[1], the lxc-create would report missing
"fi" error, this has been already fixed on master, so backport those changes in
templates-use-curl-instead-of-wget.patch to kirkstone.

05f316f70a4d : lxc: update to 5.x and meson
211918936180 : treewide: bulk update patches with status field

After backport those changes, the lxc-create with download template still has
failure, after checking the image website url, it was redirected to a mirror
site, so curl need to add a -L option to support url redirect, the version of
curl in kirkstone also need to add an option -f to use return an error code to
tell the caller when http/https has errors.
Thanks for the explanation, you answered my questions about
"is this an issue in master" and "why aren't these just cherr picks".

These are merged to kirkstone.

Bruce



[1] lxc-create -t download -n test -- --dist archlinux --release current --arch arm64


Xiangyu Chen (2):
lxc: backport changes from master for
templates-use-curl-instead-of-wget.patch
lxc: add -L and -f for curl in
templates-use-curl-instead-of-wget.patch

.../templates-use-curl-instead-of-wget.patch | 40 ++++++++++---------
1 file changed, 21 insertions(+), 19 deletions(-)

--
2.34.1
[kirkstone][PATCH 2/2] lxc: add -L and -f for curl in templates-use-curl-instead-of-wget.patch

Xiangyu Chen
 

From: Xiangyu Chen <xiangyu.chen@...>

Add support of redirect option -L for curl, the
linuxcontainers.org sometimes redirect to other
mirror site such like us.lxd.images.canonical.com,
this would cause the lxc-download script report
download failed.

The version of curl in kirkstone also need to add an
option -f to use an error code to tell the caller
when http/https has errors.

Reproduce and verified on following command:
lxc-create -t download -n test -- --dist archlinux --release current --arch arm64

Signed-off-by: Xiangyu Chen <xiangyu.chen@...>
---
.../lxc/files/templates-use-curl-instead-of-wget.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
index ff5c5f6..a334723 100644
--- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
+++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
@@ -35,7 +35,7 @@ index a62ddf482..690307338 100755

download_file() {
- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-+ if ! curl_wrapper --user-agent "lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
++ if ! curl_wrapper -L -f --user-agent "lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
if [ "$3" = "noexit" ]; then
return 1
else
--
2.34.1
[kirkstone][PATCH 1/2] lxc: backport changes from master for templates-use-curl-instead-of-wget.patch

Xiangyu Chen
 

From: Xiangyu Chen <xiangyu.chen@...>

backport the changes of templates-use-curl-instead-of-wget.patch
from master in following commits:

05f316f70a4d : lxc: update to 5.x and meson
211918936180 : treewide: bulk update patches with status field

Signed-off-by: Xiangyu Chen <xiangyu.chen@...>
---
.../templates-use-curl-instead-of-wget.patch | 40 ++++++++++---------
1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
index f06e596..ff5c5f6 100644
--- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
+++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
@@ -1,22 +1,24 @@
-From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001
-From: Joakim Roubert <joakimr@...>
-Date: Fri, 16 Aug 2019 07:52:48 +0200
-Subject: [PATCH] Use curl instead of wget
+From 3e4cb0b738649f7750413cefbcfdb2115213ad0d Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@...>
+Date: Sun, 14 Aug 2022 14:08:56 -0400
+Subject: [PATCH] download: Use curl instead of wget

When curl's MIT license is preferable to wget's GPLv3.

-Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8
+Upstream-Status: Inappropriate [embedded specific]
+
Signed-off-by: Joakim Roubert <joakimr@...>
Signed-off-by: Yanfei Xu <yanfei.xu@...>
+Signed-off-by: Bruce Ashfield <bruce.ashfield@...>
---
- templates/lxc-download.in | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
+ templates/lxc-download.in | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)

-Index: git/templates/lxc-download.in
-===================================================================
---- git.orig/templates/lxc-download.in
-+++ git/templates/lxc-download.in
-@@ -59,9 +59,9 @@
+diff --git a/templates/lxc-download.in b/templates/lxc-download.in
+index a62ddf482..690307338 100755
+--- a/templates/lxc-download.in
++++ b/templates/lxc-download.in
+@@ -59,9 +59,9 @@ cleanup() {
fi
}

@@ -28,19 +30,16 @@ Index: git/templates/lxc-download.in
return 0
fi
done
-@@ -70,8 +70,9 @@
+@@ -70,7 +70,7 @@ wget_wrapper() {
}

download_file() {
- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-- if [ "$3" = "noexit" ]; then
-+ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
-+ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
-+ if [ "$3" = "noexit" ]; then
++ if ! curl_wrapper --user-agent "lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
+ if [ "$3" = "noexit" ]; then
return 1
else
- echo "ERROR: Failed to download https://${DOWNLOAD_SERVER}/$1" 1>&2
-@@ -176,7 +177,7 @@
+@@ -176,7 +176,7 @@ while :; do
done

# Check for required binaries
@@ -49,3 +48,6 @@ Index: git/templates/lxc-download.in
if ! command -V "${bin}" >/dev/null 2>&1; then
echo "ERROR: Missing required tool: ${bin}" 1>&2
exit 1
+--
+2.25.1
+
--
2.34.1
[kirkstone][PATCH 0/2] fix the template of lxc download failure on kirkstone

Xiangyu Chen
 

From: Xiangyu Chen <xiangyu.chen@...>

Hi Bruce,

This series of patch to fix the template of lxc-download on kirkstone.

When we using a download container command[1], the lxc-create would report missing
"fi" error, this has been already fixed on master, so backport those changes in
templates-use-curl-instead-of-wget.patch to kirkstone.

05f316f70a4d : lxc: update to 5.x and meson
211918936180 : treewide: bulk update patches with status field

After backport those changes, the lxc-create with download template still has
failure, after checking the image website url, it was redirected to a mirror
site, so curl need to add a -L option to support url redirect, the version of
curl in kirkstone also need to add an option -f to use return an error code to
tell the caller when http/https has errors.


[1] lxc-create -t download -n test -- --dist archlinux --release current --arch arm64


Xiangyu Chen (2):
lxc: backport changes from master for
templates-use-curl-instead-of-wget.patch
lxc: add -L and -f for curl in
templates-use-curl-instead-of-wget.patch

.../templates-use-curl-instead-of-wget.patch | 40 ++++++++++---------
1 file changed, 21 insertions(+), 19 deletions(-)

--
2.34.1
[PATCH] lxc: add -L option for curl in templates-use-curl-instead-of-wget.patch

Xiangyu Chen
 

From: Xiangyu Chen <xiangyu.chen@...>

Add support of redirect option for curl, the
linuxcontainers.org sometimes redirect to
other mirror site such like us.lxd.images.canonical.com,
this would cause the lxc-download script report
download failed.

Reproduce and verified on following command:
lxc-create -t download -n test -- --dist archlinux --release current --arch arm64

Signed-off-by: Xiangyu Chen <xiangyu.chen@...>
---
.../lxc/files/templates-use-curl-instead-of-wget.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
index ff5c5f6..e9af833 100644
--- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
+++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
@@ -35,7 +35,7 @@ index a62ddf482..690307338 100755

download_file() {
- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-+ if ! curl_wrapper --user-agent "lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
++ if ! curl_wrapper -L --user-agent "lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
if [ "$3" = "noexit" ]; then
return 1
else
--
2.34.1
Re: [PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it

Xiangyu Chen
 

Hi Bruce,

On 3/13/23 08:46, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On Wed, Mar 8, 2023 at 10:49 PM Xiangyu Chen
<xiangyu.chen@...> wrote:
Hi Bruce,


Sorry for being late,

On 3/8/23 12:00, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On Thu, Mar 2, 2023 at 8:17 PM Xiangyu Chen
<xiangyu.chen@...> wrote:
Hi Bruce,


On 3/3/23 05:24, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

In message: [meta-virtualization][PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it
on 01/03/2023 Xiangyu Chen wrote:

From: Xiangyu Chen <xiangyu.chen@...>

Hi Bruce,

Recently we found that the lxc ptest has lots of failure cases as below log-1, after checking the
code, some cases failed due to related the init progess. For example, lxc-test-exit-code need to
start container as daemon, but if using bash as init, the container cannot start correctly.
Is there an indication of what busybox is providing that bash isn't ?
In my local setup, when using bash as container init, the container
doesn't support "reboot" and cannot start correctly in a daemon mode,
test step as below:

lxc-create -t busybox -n t

lxc-start -n t -d

lxc-ls -f

the container "t" status still in "STOPPED", but when we use a busybox
init instead of bash, the container status is correct in daemon mode.
I'm setting up to test this myself, but generally speaking we should
include this detail in the commit log.
Thanks, if we find the final root cause, I'll add our discussion
information into the commit and send a v2 patch :p


I don't like to force this in the ptest, while for actual lxc containers
we still allow bash, which means it may not be functional.
This is a common template for lxc, but I am not sure whether others
still need bash as lxc container init, so I based the patch

"template-make-busybox-template-compatible-with-core-.patch" to add the
busybox back.
That's the part that concerns me. Why does our bash behave differently
than in other lxc integrations and other distros ?
Currently, the behavior is when using lxc with busybox template in
daemon mode, the status still stay in "STOPPED", but it's working well
in foreground mode.

Do you have the ability to run the same simple tests you have above on
a desktop distro ?
I have setup a virtualbox today and did some test with trace, here is
something I was found:

As above mentioned, lxc working well in foreground mode but something
wrong with daemon mode, according to manual of lxc-start, the foreground
mode attach the tty to /dev/console, but daemon mode doesn't.
And to confirm, this is running on something like ubuntu, using the
ubuntu bash ?
It was a virtualbox VM with openSUSE Leap 15.5, lxc version is 4.0.12, bash version is 4.4.23, busybox using master branch and was built by myself.


When using busybox as init, the container run as daemon is normal:

localhost:~ # lxc-create --version
4.0.12
localhost:~ # lxc-create -t busybox -n t-bb
localhost:~ # lxc-start -n t-bb -d
localhost:~ # lxc-ls -f
NAME STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
t-bb RUNNING 0         -      -    -    false
localhost:~ # lxc-stop -n t-bb
localhost:~ # lxc-ls -f
NAME STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
t-bb STOPPED 0         -      -    -    false
localhost:~ #
localhost:~ #


The strace log:

#####log of "strace -f  lxc-start -n t-bb -d" #######

execve("/usr/bin/lxc-start", ["lxc-start", "-n", "t-bb", "-d"], 0x7ffe0ef0e300 /* 57 vars */) = 0
... loading and mapping libraries for lxc ...

[pid 23053] execve("/sbin/init", ["/sbin/init"], 0x563be8d3fae0 /* 2 vars */ <unfinished ...>

... loading and mapping libraries for /sbin/init in container...

[pid 23053] reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_CAD_OFF) = -1 EINVAL (Invalid argument)
[pid 23053] openat(AT_FDCWD, "/dev/null", O_RDWR) = 3
[pid 23053] close(3)                    = 0
[pid 23053] ioctl(0, VT_OPENQRY, 0x7ffd8e2e5b28) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 23053] brk(NULL)                   = 0x19ea000
[pid 23053] brk(0x1a0b000)              = 0x1a0b000
[pid 23053] ioctl(0, TCGETS, 0x7ffd8e2e5a90) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 23053] chdir("/")                  = 0
[pid 23053] setsid()                    = -1 EPERM (Operation not permitted)
[pid 23053] openat(AT_FDCWD, "/etc/inittab", O_RDONLY) = 3
[pid 23053] fstat(3, {st_mode=S_IFREG|0644, st_size=97, ...}) = 0
[pid 23053] read(3, "::sysinit:/etc/init.d/rcS\ntty1::"..., 4096) = 97
[pid 23053] read(3, "", 4096)           = 0
[pid 23053] close(3)                    = 0

.... add signal process callback ....

[pid 23054] execve("/etc/init.d/rcS", ["/etc/init.d/rcS"], 0x19ea2a0 /* 6 vars */ <unfinished ...>

.... loading and mapping libraries for running /etc/init.d/rcS .....

[pid 23055] execve("/bin/syslogd", ["/bin/syslogd"], 0x1308670 /* 8 vars */) = 0

.....

[pid 23056] execve("/bin/mount", ["/bin/mount", "-a"], 0x13086b8 /* 8 vars */ <unfinished ...>

...

[pid 23057] execve("/bin/udhcpc", ["/bin/udhcpc"], 0x1308670 /* 8 vars */) = 0

...

[pid 23058] execve("/bin/getty", ["/bin/getty", "-L", "tty1", "115200", "vt100"], 0x19ea2a0 /* 6 vars */ <unfinished ...>

...

[pid 23061] execve("/bin/sh", ["/bin/sh"], 0x13d02a0 /* 6 vars */ <unfinished ...>

[pid 23061] ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
...
[pid 23061] ioctl(1, TCGETS, {B38400 opost isig icanon echo ...}) = 0

[pid 23061] openat(AT_FDCWD, "/dev/tty", O_RDWR) = 3
[pid 23061] fcntl(3, F_DUPFD_CLOEXEC, 10) = 10
[pid 23061] close(3 <unfinished ...>
[pid 23061] <... close resumed>)        = 0
[pid 23061] ioctl(10, TIOCGPGRP <unfinished ...>
[pid 23061] <... ioctl resumed>, [8])   = 0
[pid 23061] getpgrp()                   = 8
...
[pid 23061] setpgid(0, 8 <unfinished ...>
[pid 23061] <... setpgid resumed>)      = -1 EPERM (Operation not permitted)
[pid 23061] ioctl(10, TIOCSPGRP, [8] <unfinished ...>
[pid 23061] <... ioctl resumed>)        = 0
[pid 23061] ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 23061] ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost -isig -icanon -echo ...} <unfinished ...>
[pid 23061] <... ioctl resumed>)        = 0
[pid 23061] ioctl(0, TIOCGWINSZ, {ws_row=0, ws_col=0, ws_xpixel=0, ws_ypixel=0}) = 0
[pid 23061] geteuid()                   = 0
[pid 23061] openat(AT_FDCWD, "/etc/passwd", O_RDONLY) = 3
[pid 23061] fstat(3,  <unfinished ...>
[pid 23061] <... fstat resumed>{st_mode=S_IFREG|0644, st_size=30, ...}) = 0
[pid 23061] read(3,  <unfinished ...>
[pid 23061] <... read resumed>"root:x:0:0:root:/root:/bin/sh\n", 4096) = 30
[pid 23061] close(3 <unfinished ...>
[pid 23061] <... close resumed>)        = 0
[pid 23061] geteuid( <unfinished ...>
[pid 23061] <... geteuid resumed>)      = 0
[pid 23061] fstat(1,  <unfinished ...>
[pid 23061] <... fstat resumed>{st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0x2), ...}) = 0
[pid 23061] rt_sigaction(SIGWINCH, {sa_handler=0x4b9ce8, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fc7eecdcd50},  <unfinished ...>
[pid 23061] <... rt_sigaction resumed>{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
[pid 23061] write(1, "/ # ", 4 <unfinished ...>
[pid 23061] <... write resumed>)        = 4
[pid 23061] poll([{fd=0, events=POLLIN}], 1, -1 <unfinished ...>
############end of "strace -f  lxc-start -n t-bb -d" ###############



When using bash as init, the container can run in foreground mode:

localhost:~ # lxc-create -t busybox -n t-bash
localhost:~ # lxc-start -n t-bash -d
localhost:~ # lxc-ls -f
NAME   STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
t-bash STOPPED 0         -      -    -    false
t-bb   STOPPED 0         -      -    -    false
localhost:~ # lxc-start -n t-bash -F
init-4.4#
init-4.4#
init-4.4# /sbin/init --version
GNU bash, version 4.4.23(1)-release (x86_64-suse-linux-gnu)
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
init-4.4# exit
exit
localhost:~ #

The strace log:

#####log of "strace -f  lxc-start -n bash -d" #######

[pid 22977] execve("/sbin/init", ["/sbin/init"], 0x562a9b3d80f0 /* 2 vars */ <unfinished ...>
.... loading and mapping libraries .......
[pid 22977] openat(AT_FDCWD, "/dev/tty", O_RDWR|O_NONBLOCK) = -1 ENXIO (No such device or address)
[pid 22977] ioctl(0, TCGETS, 0x7ffc1d039fa0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 22977] stat("/usr/lib/locale/locale-archive", 0x7ffc1d03a110) = -1 ENOENT (No such file or directory)
[pid 22977] brk(NULL)                   = 0x562bad4cf000
[pid 22977] brk(0x562bad4f0000)         = 0x562bad4f0000
[pid 22977] getuid()                    = 0
[pid 22977] getgid()                    = 0
[pid 22977] geteuid()                   = 0
[pid 22977] getegid()                   = 0
[pid 22977] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 22977] ioctl(0, TCGETS, 0x7ffc1d03a120) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 22977] ioctl(-1, TIOCGPGRP, 0x7ffc1d03a194) = -1 EBADF (Bad file descriptor)
[pid 22977] sysinfo({uptime=5034, loads=[13568, 5344, 992], totalram=4115214336, freeram=1067577344, sharedram=30674944, bufferram=1994752, totalswap=2148507648, freeswap=2148507648, procs=381, totalhigh=0, freehigh=0, mem_unit=1}) = 0
.... add signal process callback and start process network configurations in /etc ....

[pid 22977] openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
[pid 22977] lseek(3, 0, SEEK_CUR)       = 0
[pid 22977] fstat(3, {st_mode=S_IFREG|0644, st_size=30, ...}) = 0
[pid 22977] read(3, "root:x:0:0:root:/root:/bin/sh\n", 4096) = 30
[pid 22977] close(3)                    = 0
[pid 22977] getppid()                   = 0
[pid 22977] getpid()                    = 1
[pid 22977] getpgrp()                   = 1
[pid 22977] ioctl(2, TIOCGPGRP, 0x7ffc1d03a064) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 22977] rt_sigaction(SIGCHLD, {sa_handler=0x562bacebdb50, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fdb74971d50}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7fdb74971d50}, 8) = 0
[pid 22977] ioctl(2, TIOCGPGRP, 0x7ffc1d03a044) = -1 ENOTTY (Inappropriate ioctl for device)
[pid 22977] prlimit64(0, RLIMIT_NPROC, NULL, {rlim_cur=15574, rlim_max=15574}) = 0
[pid 22977] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 22977] fcntl(0, F_GETFL)           = 0x8002 (flags O_RDWR|O_LARGEFILE)
[pid 22977] fstat(0, {st_mode=S_IFCHR|0666, st_rdev=makedev(0x1, 0x3), ...}) = 0
[pid 22977] lseek(0, 0, SEEK_CUR)       = 0
[pid 22977] read(0, "", 1)              = 0
[pid 22977] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 22977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 22977] exit_group(0)               = ?
[pid 22977] +++ exited with 0 +++
#####end of "strace -f  lxc-start -n bash -d" #######



Br,

Xiangyu


I was enable the lxc debug trace as below when start a container with
daemon mode (part of init related log and remove timestamp and full
source code path)

##### lxc-start -n t -o /tmp/log.txt -l TRACE -d #####

start - /src/lxc/start.c:post_start:2205 - Started "/sbin/init" with pid
"871"
start - /src/lxc/start.c:lxc_serve_state_clients:483 - Set container
state to RUNNING

<<<<<<<<< we can see the bash as init was starting, and lxc update mode

start - /src/lxc/start.c:lxc_serve_state_clients:486 - No state clients
registered
mainloop - /src/lxc/mainloop.c:__epoll_open:493 - Created epoll instance
mainloop - /mainloop.c:__epoll_open:493 - Created epoll instance
start - /src/lxc/start.c:lxc_poll:626 - Mainloop is ready
start - /src/lxc/start.c:signal_handler:396 - Received signal
ssi_signo(17) for ssi_pid(871), si_signo(17), si_pid(871)
start - /src/lxc/start.c:signal_handler:464 - Container init process 871
exited

<<<<<<<<<< seems something wrong with the init, it exited and lxc got
the exit signal.

start - /src/lxc/start.c:lxc_poll:643 - Closed console mainloop
start - /src/lxc/start.c:lxc_poll:648 - Closed mainloop
start - /src/lxc/start.c:lxc_poll:651 - Closed signal file descriptor 7
..... removed some networking teminating related trace .....
start - /src/lxc/start.c:lxc_serve_state_clients:483 - Set container
state to STOPPING

<<<<<<<<<<< now the lxc set container mode back to stop mode.

start - /src/lxc/start.c:lxc_serve_state_clients:486 - No state clients
registered
##### end of lxc-start -n t -o /tmp/log.txt -l TRACE -d #####


Let's use strace to see what happens in container(part of init related log):

#####strace -s 1024 -f lxc-start -n t -d #####

[pid 1211] execve("/sbin/init", ["/sbin/init"], 0x55a07c90eb30 /* 1 var
*/ <unfinished ...>
......

[pid 1211] ioctl(2, TIOCGPGRP, 0x7fffe212610c) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 1211] rt_sigaction(SIGCHLD, {sa_handler=0x5632e07dcec0,
sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f1237db3190}, {sa_handler=SIG_DFL, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1237db3190}, 8) = 0
[pid 1211] ioctl(2, TIOCGPGRP, 0x7fffe21260ec) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 1211] prlimit64(0, RLIMIT_NPROC, NULL, {rlim_cur=3818,
rlim_max=3818}) = 0
[pid 1211] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 1211] fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
[pid 1211] newfstatat(0, "", {st_mode=S_IFCHR|0666,
st_rdev=makedev(0x1, 0x3), ...}, AT_EMPTY_PATH) = 0
[pid 1211] lseek(0, 0, SEEK_CUR) = 0
[pid 1211] read(0, "", 1) = 0
[pid 1211] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 1211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 1211] exit_group(0) = ?
[pid 1211] +++ exited with 0 +++
#####end of strace -s 1024 -f lxc-start -n t -d #####

it looks that seems bash stdi/o/err cannot attach the available caused
this issue, right?
It does look like that. When busybox is used as init, do you have a
similar strace ? I'd like to do that comparison.

Bruce


I don't want to force this switch to busybox, without understanding if
we are the only ones seeing this issue .. since that means we are
simply hiding an issue, versus fixing it.
Yes indeed, if someone is using systemd as init, they need to add extra
configurations to setup busybox and keep default systemd init cannot be
replaced by busybox in local.conf .


Thanks,

Xiangyu

Bruce
There are other init options in meta-virt, like the docker tini, if we
had to enforce something, I'd rather that than busybox.
Good to hear the tini :)

Indeed, enable the busybox-init might need lots of additional effort to
take care of system which using systemd, otherwise, /sbin/init always to
be covered by busybox.

Bruce
Br,

Xiangyu


So added a busybox init utils checking in lxc-busybox template, if current system busybox contains
init then use it, after applying this patch, the ptest result as log-2.


######## 1og-1: ptest without patch #######

Starting LXC ptest ###
FAIL: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
FAIL: lxc-test-attach
PASS: lxc-test-automount
FAIL: lxc-test-autostart
PASS: lxc-test-basic
FAIL: lxc-test-capabilities
FAIL: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
FAIL: lxc-test-clonetest
FAIL: lxc-test-concurrent
PASS: lxc-test-config-jump-table
FAIL: lxc-test-console
FAIL: lxc-test-console-log
FAIL: lxc-test-containertests
FAIL: lxc-test-createconfig
FAIL: lxc-test-createtest
PASS: lxc-test-criu-check-feature
FAIL: lxc-test-cve-2019-5736
FAIL: lxc-test-destroytest
FAIL: lxc-test-device-add-remove
FAIL: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
FAIL: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
FAIL: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
FAIL: lxc-test-proc-pid
FAIL: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
FAIL: lxc-test-rootfs
FAIL: lxc-test-rootfs-options
FAIL: lxc-test-saveconfig
FAIL: lxc-test-share-ns
FAIL: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
FAIL: lxc-test-snapshot
FAIL: lxc-test-startone
SKIPPED: lxc-test-state-server
FAIL: lxc-test-symlink
FAIL: lxc-test-sys-mixed
FAIL: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils





Results:
PASSED = 17
FAILED = 37
SKIPPED = 3
(for details check individual test log in ./logs directory)


###########log-2: ptest with patch ###################
root@intel-x86-64:/usr/lib64/lxc/ptest# ./run-ptest
### Starting LXC ptest ###
PASS: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
PASS: lxc-test-attach
PASS: lxc-test-automount
PASS: lxc-test-autostart
PASS: lxc-test-basic
PASS: lxc-test-capabilities
PASS: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
PASS: lxc-test-clonetest
PASS: lxc-test-concurrent
PASS: lxc-test-config-jump-table
PASS: lxc-test-console
PASS: lxc-test-console-log
PASS: lxc-test-containertests
PASS: lxc-test-createconfig
PASS: lxc-test-createtest
PASS: lxc-test-criu-check-feature
PASS: lxc-test-cve-2019-5736
PASS: lxc-test-destroytest
PASS: lxc-test-device-add-remove
PASS: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
PASS: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
PASS: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
PASS: lxc-test-proc-pid
PASS: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
PASS: lxc-test-rootfs
PASS: lxc-test-rootfs-options
PASS: lxc-test-saveconfig
PASS: lxc-test-share-ns
PASS: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
PASS: lxc-test-snapshot
PASS: lxc-test-startone
SKIPPED: lxc-test-state-server
PASS: lxc-test-symlink
PASS: lxc-test-sys-mixed
PASS: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils

Results:
PASSED = 47
FAILED = 7
SKIPPED = 3
(for details check individual test log in ./logs directory)




Xiangyu Chen (1):
lxc: templates/lxc-busybox.in: if busybox contains init then use it

...box-contains-init-use-it-in-containe.patch | 45 +++++++++++++++++++
recipes-containers/lxc/lxc_git.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 recipes-containers/lxc/files/0001-template-if-busybox-contains-init-use-it-in-containe.patch

--
2.34.1

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
Re: [PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it

Bruce Ashfield
 

On Wed, Mar 8, 2023 at 10:49 PM Xiangyu Chen
<xiangyu.chen@...> wrote:

Hi Bruce,


Sorry for being late,

On 3/8/23 12:00, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On Thu, Mar 2, 2023 at 8:17 PM Xiangyu Chen
<xiangyu.chen@...> wrote:
Hi Bruce,


On 3/3/23 05:24, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

In message: [meta-virtualization][PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it
on 01/03/2023 Xiangyu Chen wrote:

From: Xiangyu Chen <xiangyu.chen@...>

Hi Bruce,

Recently we found that the lxc ptest has lots of failure cases as below log-1, after checking the
code, some cases failed due to related the init progess. For example, lxc-test-exit-code need to
start container as daemon, but if using bash as init, the container cannot start correctly.
Is there an indication of what busybox is providing that bash isn't ?
In my local setup, when using bash as container init, the container
doesn't support "reboot" and cannot start correctly in a daemon mode,
test step as below:

lxc-create -t busybox -n t

lxc-start -n t -d

lxc-ls -f

the container "t" status still in "STOPPED", but when we use a busybox
init instead of bash, the container status is correct in daemon mode.
I'm setting up to test this myself, but generally speaking we should
include this detail in the commit log.
Thanks, if we find the final root cause, I'll add our discussion
information into the commit and send a v2 patch :p



I don't like to force this in the ptest, while for actual lxc containers
we still allow bash, which means it may not be functional.
This is a common template for lxc, but I am not sure whether others
still need bash as lxc container init, so I based the patch

"template-make-busybox-template-compatible-with-core-.patch" to add the
busybox back.
That's the part that concerns me. Why does our bash behave differently
than in other lxc integrations and other distros ?
Currently, the behavior is when using lxc with busybox template in
daemon mode, the status still stay in "STOPPED", but it's working well
in foreground mode.

Do you have the ability to run the same simple tests you have above on
a desktop distro ?
I have setup a virtualbox today and did some test with trace, here is
something I was found:

As above mentioned, lxc working well in foreground mode but something
wrong with daemon mode, according to manual of lxc-start, the foreground
mode attach the tty to /dev/console, but daemon mode doesn't.
And to confirm, this is running on something like ubuntu, using the
ubuntu bash ?


I was enable the lxc debug trace as below when start a container with
daemon mode (part of init related log and remove timestamp and full
source code path)

##### lxc-start -n t -o /tmp/log.txt -l TRACE -d #####

start - /src/lxc/start.c:post_start:2205 - Started "/sbin/init" with pid
"871"
start - /src/lxc/start.c:lxc_serve_state_clients:483 - Set container
state to RUNNING

<<<<<<<<< we can see the bash as init was starting, and lxc update mode

start - /src/lxc/start.c:lxc_serve_state_clients:486 - No state clients
registered
mainloop - /src/lxc/mainloop.c:__epoll_open:493 - Created epoll instance
mainloop - /mainloop.c:__epoll_open:493 - Created epoll instance
start - /src/lxc/start.c:lxc_poll:626 - Mainloop is ready
start - /src/lxc/start.c:signal_handler:396 - Received signal
ssi_signo(17) for ssi_pid(871), si_signo(17), si_pid(871)
start - /src/lxc/start.c:signal_handler:464 - Container init process 871
exited

<<<<<<<<<< seems something wrong with the init, it exited and lxc got
the exit signal.

start - /src/lxc/start.c:lxc_poll:643 - Closed console mainloop
start - /src/lxc/start.c:lxc_poll:648 - Closed mainloop
start - /src/lxc/start.c:lxc_poll:651 - Closed signal file descriptor 7
..... removed some networking teminating related trace .....
start - /src/lxc/start.c:lxc_serve_state_clients:483 - Set container
state to STOPPING

<<<<<<<<<<< now the lxc set container mode back to stop mode.

start - /src/lxc/start.c:lxc_serve_state_clients:486 - No state clients
registered
##### end of lxc-start -n t -o /tmp/log.txt -l TRACE -d #####


Let's use strace to see what happens in container(part of init related log):

#####strace -s 1024 -f lxc-start -n t -d #####

[pid 1211] execve("/sbin/init", ["/sbin/init"], 0x55a07c90eb30 /* 1 var
*/ <unfinished ...>
......

[pid 1211] ioctl(2, TIOCGPGRP, 0x7fffe212610c) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 1211] rt_sigaction(SIGCHLD, {sa_handler=0x5632e07dcec0,
sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART,
sa_restorer=0x7f1237db3190}, {sa_handler=SIG_DFL, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1237db3190}, 8) = 0
[pid 1211] ioctl(2, TIOCGPGRP, 0x7fffe21260ec) = -1 ENOTTY
(Inappropriate ioctl for device)
[pid 1211] prlimit64(0, RLIMIT_NPROC, NULL, {rlim_cur=3818,
rlim_max=3818}) = 0
[pid 1211] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid 1211] fcntl(0, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
[pid 1211] newfstatat(0, "", {st_mode=S_IFCHR|0666,
st_rdev=makedev(0x1, 0x3), ...}, AT_EMPTY_PATH) = 0
[pid 1211] lseek(0, 0, SEEK_CUR) = 0
[pid 1211] read(0, "", 1) = 0
[pid 1211] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid 1211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 1211] exit_group(0) = ?
[pid 1211] +++ exited with 0 +++
#####end of strace -s 1024 -f lxc-start -n t -d #####

it looks that seems bash stdi/o/err cannot attach the available caused
this issue, right?
It does look like that. When busybox is used as init, do you have a
similar strace ? I'd like to do that comparison.

Bruce



I don't want to force this switch to busybox, without understanding if
we are the only ones seeing this issue .. since that means we are
simply hiding an issue, versus fixing it.
Yes indeed, if someone is using systemd as init, they need to add extra
configurations to setup busybox and keep default systemd init cannot be
replaced by busybox in local.conf .


Thanks,

Xiangyu

Bruce
There are other init options in meta-virt, like the docker tini, if we
had to enforce something, I'd rather that than busybox.
Good to hear the tini :)

Indeed, enable the busybox-init might need lots of additional effort to
take care of system which using systemd, otherwise, /sbin/init always to
be covered by busybox.

Bruce
Br,

Xiangyu


So added a busybox init utils checking in lxc-busybox template, if current system busybox contains
init then use it, after applying this patch, the ptest result as log-2.


######## 1og-1: ptest without patch #######

Starting LXC ptest ###
FAIL: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
FAIL: lxc-test-attach
PASS: lxc-test-automount
FAIL: lxc-test-autostart
PASS: lxc-test-basic
FAIL: lxc-test-capabilities
FAIL: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
FAIL: lxc-test-clonetest
FAIL: lxc-test-concurrent
PASS: lxc-test-config-jump-table
FAIL: lxc-test-console
FAIL: lxc-test-console-log
FAIL: lxc-test-containertests
FAIL: lxc-test-createconfig
FAIL: lxc-test-createtest
PASS: lxc-test-criu-check-feature
FAIL: lxc-test-cve-2019-5736
FAIL: lxc-test-destroytest
FAIL: lxc-test-device-add-remove
FAIL: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
FAIL: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
FAIL: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
FAIL: lxc-test-proc-pid
FAIL: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
FAIL: lxc-test-rootfs
FAIL: lxc-test-rootfs-options
FAIL: lxc-test-saveconfig
FAIL: lxc-test-share-ns
FAIL: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
FAIL: lxc-test-snapshot
FAIL: lxc-test-startone
SKIPPED: lxc-test-state-server
FAIL: lxc-test-symlink
FAIL: lxc-test-sys-mixed
FAIL: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils





Results:
PASSED = 17
FAILED = 37
SKIPPED = 3
(for details check individual test log in ./logs directory)


###########log-2: ptest with patch ###################
root@intel-x86-64:/usr/lib64/lxc/ptest# ./run-ptest
### Starting LXC ptest ###
PASS: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
PASS: lxc-test-attach
PASS: lxc-test-automount
PASS: lxc-test-autostart
PASS: lxc-test-basic
PASS: lxc-test-capabilities
PASS: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
PASS: lxc-test-clonetest
PASS: lxc-test-concurrent
PASS: lxc-test-config-jump-table
PASS: lxc-test-console
PASS: lxc-test-console-log
PASS: lxc-test-containertests
PASS: lxc-test-createconfig
PASS: lxc-test-createtest
PASS: lxc-test-criu-check-feature
PASS: lxc-test-cve-2019-5736
PASS: lxc-test-destroytest
PASS: lxc-test-device-add-remove
PASS: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
PASS: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
PASS: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
PASS: lxc-test-proc-pid
PASS: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
PASS: lxc-test-rootfs
PASS: lxc-test-rootfs-options
PASS: lxc-test-saveconfig
PASS: lxc-test-share-ns
PASS: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
PASS: lxc-test-snapshot
PASS: lxc-test-startone
SKIPPED: lxc-test-state-server
PASS: lxc-test-symlink
PASS: lxc-test-sys-mixed
PASS: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils

Results:
PASSED = 47
FAILED = 7
SKIPPED = 3
(for details check individual test log in ./logs directory)




Xiangyu Chen (1):
lxc: templates/lxc-busybox.in: if busybox contains init then use it

...box-contains-init-use-it-in-containe.patch | 45 +++++++++++++++++++
recipes-containers/lxc/lxc_git.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 recipes-containers/lxc/files/0001-template-if-busybox-contains-init-use-it-in-containe.patch

--
2.34.1



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
Re: go breakage in master

Jose Quaresma
 



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 28/02/2023 à(s) 03:32:
On Mon, Feb 27, 2023 at 10:15 PM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@...> wrote:
>
> On Mon, Feb 27, 2023 at 6:01 PM Jose Quaresma <quaresma.jose@...> wrote:
> >
> > Hi Bruce,
> >
> > I have seen recently some weird issues on the crypto/elliptic that is deprecated and replaced by crypto/ecdh on the 1.20 release [1].
> > It looks like the crypto/elliptic is now no more than a compatibility wrapper and the new crypto/ecdh don't implement the P-224 curves [2].
> >
> > Are you facing something like this?
>
> That is one of them, yes.
>
> By removing the sharedlink, I was able to get it to build again. I
> pushed a WIP patch to master-next just today.

For now we are using the same workaround of not using the sharedlink.

I have submit a bug about this issue
https://github.com/golang/go/issues/58966

Jose
 

My mistake, I pushed it to master.

So if you are still seeing this with a master from today, my fix isn't
holding and we need to look into it more.

Bruce

>
> Bruce
>
> >
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).Add
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).Add
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).CombinedMult
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).CombinedMult
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).Double
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).Double
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).IsOnCurve
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).IsOnCurve
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).Params
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).Params
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).ScalarBaseMult
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).ScalarBaseMult
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).ScalarMult
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).ScalarMult
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).Unmarshal
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).Unmarshal
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).UnmarshalCompressed
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).UnmarshalCompressed
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).normalizeScalar
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).normalizeScalar
> > type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P224Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P224Point]).pointFromAffine
> >
> > [1] https://tip.golang.org/doc/go1.20
> > [2] https://words.filippo.io/dispatches/go-1-20-cryptography
> >
> > Jose
> >
> > Bruce Ashfield <bruce.ashfield@...> escreveu no dia quinta, 23/02/2023 à(s) 13:29:
> >>
> >> Just a heads up that some of the go applications are breaking in master.
> >>
> >> I'm aware of the issue, and have a general fix in progress.
> >>
> >> Bruce
> >>
> >> --
> >> - Thou shalt not follow the NULL pointer, for chaos and madness await
> >> thee at its end
> >> - "Use the force Harry" - Gandalf, Star Trek II
> >>
> >>
> >>
> >
> >
> > --
> > Best regards,
> >
> > José Quaresma
>
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end
> - "Use the force Harry" - Gandalf, Star Trek II
>
>
>


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma
Re: [PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it

Xiangyu Chen
 

Hi Bruce,


Sorry for being late,

On 3/8/23 12:00, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

On Thu, Mar 2, 2023 at 8:17 PM Xiangyu Chen
<xiangyu.chen@...> wrote:
Hi Bruce,


On 3/3/23 05:24, Bruce Ashfield wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know the content is safe.

In message: [meta-virtualization][PATCH 0/1] lxc: templates/lxc-busybox.in: if busybox contains init then use it
on 01/03/2023 Xiangyu Chen wrote:

From: Xiangyu Chen <xiangyu.chen@...>

Hi Bruce,

Recently we found that the lxc ptest has lots of failure cases as below log-1, after checking the
code, some cases failed due to related the init progess. For example, lxc-test-exit-code need to
start container as daemon, but if using bash as init, the container cannot start correctly.
Is there an indication of what busybox is providing that bash isn't ?
In my local setup, when using bash as container init, the container
doesn't support "reboot" and cannot start correctly in a daemon mode,
test step as below:

lxc-create -t busybox -n t

lxc-start -n t -d

lxc-ls -f

the container "t" status still in "STOPPED", but when we use a busybox
init instead of bash, the container status is correct in daemon mode.
I'm setting up to test this myself, but generally speaking we should
include this detail in the commit log.
Thanks, if we find the final root cause, I'll add our discussion information into the commit and send a v2 patch :p



I don't like to force this in the ptest, while for actual lxc containers
we still allow bash, which means it may not be functional.
This is a common template for lxc, but I am not sure whether others
still need bash as lxc container init, so I based the patch

"template-make-busybox-template-compatible-with-core-.patch" to add the
busybox back.
That's the part that concerns me. Why does our bash behave differently
than in other lxc integrations and other distros ?
Currently, the behavior is when using lxc with busybox template in daemon mode, the status still stay in "STOPPED", but it's working well in foreground mode.

Do you have the ability to run the same simple tests you have above on
a desktop distro ?
I have setup a virtualbox today and did some test with trace, here is something I was found:

As above mentioned,  lxc working well in foreground mode but something wrong with daemon mode, according to manual of lxc-start, the foreground mode attach the tty to /dev/console, but daemon mode doesn't.

I was enable the lxc debug trace as below when start a container with daemon mode (part of init related log and remove timestamp and full source code path)

##### lxc-start -n t -o /tmp/log.txt -l TRACE  -d #####

start - /src/lxc/start.c:post_start:2205 - Started "/sbin/init" with pid "871"
start - /src/lxc/start.c:lxc_serve_state_clients:483 - Set container state to RUNNING

<<<<<<<<< we can see the bash as init was starting, and lxc update mode

start - /src/lxc/start.c:lxc_serve_state_clients:486 - No state clients registered
mainloop - /src/lxc/mainloop.c:__epoll_open:493 - Created epoll instance
mainloop - /mainloop.c:__epoll_open:493 - Created epoll instance
start - /src/lxc/start.c:lxc_poll:626 - Mainloop is ready
start - /src/lxc/start.c:signal_handler:396 - Received signal ssi_signo(17) for ssi_pid(871), si_signo(17), si_pid(871)
start - /src/lxc/start.c:signal_handler:464 - Container init process 871 exited

<<<<<<<<<< seems something wrong with the init, it exited and lxc got the exit signal.

start - /src/lxc/start.c:lxc_poll:643 - Closed console mainloop
start - /src/lxc/start.c:lxc_poll:648 - Closed mainloop
start - /src/lxc/start.c:lxc_poll:651 - Closed signal file descriptor 7
..... removed some networking teminating related trace .....
start - /src/lxc/start.c:lxc_serve_state_clients:483 - Set container state to STOPPING

<<<<<<<<<<< now the lxc set container mode back to stop mode.

start - /src/lxc/start.c:lxc_serve_state_clients:486 - No state clients registered
##### end of lxc-start -n t -o /tmp/log.txt -l TRACE  -d #####


Let's use strace to see what happens in container(part of init related log):

#####strace -s 1024 -f lxc-start -n t -d #####

[pid  1211] execve("/sbin/init", ["/sbin/init"], 0x55a07c90eb30 /* 1 var */ <unfinished ...>
......

[pid  1211] ioctl(2, TIOCGPGRP, 0x7fffe212610c) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  1211] rt_sigaction(SIGCHLD, {sa_handler=0x5632e07dcec0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1237db3190}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f1237db3190}, 8) = 0
[pid  1211] ioctl(2, TIOCGPGRP, 0x7fffe21260ec) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  1211] prlimit64(0, RLIMIT_NPROC, NULL, {rlim_cur=3818, rlim_max=3818}) = 0
[pid  1211] rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
[pid  1211] fcntl(0, F_GETFL)           = 0x8002 (flags O_RDWR|O_LARGEFILE)
[pid  1211] newfstatat(0, "", {st_mode=S_IFCHR|0666, st_rdev=makedev(0x1, 0x3), ...}, AT_EMPTY_PATH) = 0
[pid  1211] lseek(0, 0, SEEK_CUR)       = 0
[pid  1211] read(0, "", 1)              = 0
[pid  1211] rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
[pid  1211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  1211] exit_group(0)               = ?
[pid  1211] +++ exited with 0 +++
#####end of strace -s 1024 -f lxc-start -n t -d #####

it looks that seems bash stdi/o/err cannot attach the available caused this issue, right?


I don't want to force this switch to busybox, without understanding if
we are the only ones seeing this issue .. since that means we are
simply hiding an issue, versus fixing it.
Yes indeed, if someone is using systemd as init, they need to add extra configurations to setup busybox and keep default systemd init cannot be replaced by busybox in local.conf .


Thanks,

Xiangyu

Bruce
There are other init options in meta-virt, like the docker tini, if we
had to enforce something, I'd rather that than busybox.
Good to hear the tini :)

Indeed, enable the busybox-init might need lots of additional effort to
take care of system which using systemd, otherwise, /sbin/init always to
be covered by busybox.

Bruce
Br,

Xiangyu


So added a busybox init utils checking in lxc-busybox template, if current system busybox contains
init then use it, after applying this patch, the ptest result as log-2.


######## 1og-1: ptest without patch #######

Starting LXC ptest ###
FAIL: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
FAIL: lxc-test-attach
PASS: lxc-test-automount
FAIL: lxc-test-autostart
PASS: lxc-test-basic
FAIL: lxc-test-capabilities
FAIL: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
FAIL: lxc-test-clonetest
FAIL: lxc-test-concurrent
PASS: lxc-test-config-jump-table
FAIL: lxc-test-console
FAIL: lxc-test-console-log
FAIL: lxc-test-containertests
FAIL: lxc-test-createconfig
FAIL: lxc-test-createtest
PASS: lxc-test-criu-check-feature
FAIL: lxc-test-cve-2019-5736
FAIL: lxc-test-destroytest
FAIL: lxc-test-device-add-remove
FAIL: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
FAIL: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
FAIL: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
FAIL: lxc-test-proc-pid
FAIL: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
FAIL: lxc-test-rootfs
FAIL: lxc-test-rootfs-options
FAIL: lxc-test-saveconfig
FAIL: lxc-test-share-ns
FAIL: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
FAIL: lxc-test-snapshot
FAIL: lxc-test-startone
SKIPPED: lxc-test-state-server
FAIL: lxc-test-symlink
FAIL: lxc-test-sys-mixed
FAIL: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils





Results:
PASSED = 17
FAILED = 37
SKIPPED = 3
(for details check individual test log in ./logs directory)


###########log-2: ptest with patch ###################
root@intel-x86-64:/usr/lib64/lxc/ptest# ./run-ptest
### Starting LXC ptest ###
PASS: lxc-test-api-reboot
SKIPPED: lxc-test-apparmor
PASS: lxc-test-apparmor-generated
FAIL: lxc-test-apparmor-mount
PASS: lxc-test-arch-parse
PASS: lxc-test-attach
PASS: lxc-test-automount
PASS: lxc-test-autostart
PASS: lxc-test-basic
PASS: lxc-test-capabilities
PASS: lxc-test-cgpath
PASS: lxc-test-checkpoint-restore
FAIL: lxc-test-cloneconfig
PASS: lxc-test-clonetest
PASS: lxc-test-concurrent
PASS: lxc-test-config-jump-table
PASS: lxc-test-console
PASS: lxc-test-console-log
PASS: lxc-test-containertests
PASS: lxc-test-createconfig
PASS: lxc-test-createtest
PASS: lxc-test-criu-check-feature
PASS: lxc-test-cve-2019-5736
PASS: lxc-test-destroytest
PASS: lxc-test-device-add-remove
PASS: lxc-test-exit-code
FAIL: lxc-test-get_item
PASS: lxc-test-getkeys
PASS: lxc-test-list
PASS: lxc-test-locktests
PASS: lxc-test-lxc-attach
PASS: lxc-test-lxcpath
PASS: lxc-test-may-control
PASS: lxc-test-mount-injection
FAIL: lxc-test-no-new-privs
PASS: lxc-test-parse-config-file
PASS: lxc-test-proc-pid
PASS: lxc-test-procsys
PASS: lxc-test-raw-clone
PASS: lxc-test-reboot
PASS: lxc-test-rootfs
PASS: lxc-test-rootfs-options
PASS: lxc-test-saveconfig
PASS: lxc-test-share-ns
PASS: lxc-test-shortlived
SKIPPED: lxc-test-shutdowntest
FAIL: lxc-test-snapdeps
PASS: lxc-test-snapshot
PASS: lxc-test-startone
SKIPPED: lxc-test-state-server
PASS: lxc-test-symlink
PASS: lxc-test-sys-mixed
PASS: lxc-test-sysctls
FAIL: lxc-test-unpriv
FAIL: lxc-test-usernic
PASS: lxc-test-usernsexec
PASS: lxc-test-utils

Results:
PASSED = 47
FAILED = 7
SKIPPED = 3
(for details check individual test log in ./logs directory)




Xiangyu Chen (1):
lxc: templates/lxc-busybox.in: if busybox contains init then use it

...box-contains-init-use-it-in-containe.patch | 45 +++++++++++++++++++
recipes-containers/lxc/lxc_git.bb | 1 +
2 files changed, 46 insertions(+)
create mode 100644 recipes-containers/lxc/files/0001-template-if-busybox-contains-init-use-it-in-containe.patch

--
2.34.1


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
Re: [PATCH] lxc: skip lxc-test-apparmor-mount and lxc-test-get_item in ptest

Bruce Ashfield
 

merged.

I'm still holding the template patch while we investigate the bash/busybox differences a bit more.

Bruce

In message: [meta-virtualization][PATCH] lxc: skip lxc-test-apparmor-mount and lxc-test-get_item in ptest
on 01/03/2023 Xiangyu Chen wrote:

From: Xiangyu Chen <xiangyu.chen@...>

lxc-test-apparmor-mount and lxc-test-get_item related to apparmor,
since the lxc-test-apparmor has been already skipped, so also skip
those two cases.

Signed-off-by: Xiangyu Chen <xiangyu.chen@...>
---
recipes-containers/lxc/files/run-ptest | 3 +++
1 file changed, 3 insertions(+)

diff --git a/recipes-containers/lxc/files/run-ptest b/recipes-containers/lxc/files/run-ptest
index 3f3a75f..2e5af3c 100644
--- a/recipes-containers/lxc/files/run-ptest
+++ b/recipes-containers/lxc/files/run-ptest
@@ -9,6 +9,9 @@ dmesg -n 1
blacklist=""
# Not applicable
blacklist="$blacklist lxc-test-apparmor"
+blacklist="$blacklist lxc-test-apparmor-mount"
+#lxc-test-get_item would report Built without AppArmor support error
+blacklist="$blacklist lxc-test-get_item"
# These currently hang so skip them until someone fixes them up
blacklist="$blacklist lxc-test-shutdowntest"
blacklist="$blacklist lxc-test-state-server"
--
2.34.1
Re: [PATCH v2] yq: drop {LINKSHARED}

Bruce Ashfield
 

v2 looks much better!

merged.

Bruce

In message: [meta-virtualization] [PATCH v2] yq: drop {LINKSHARED}
on 08/03/2023 Yu, Mingli wrote:

From: Mingli Yu <mingli.yu@...>

Redefine do_compile logic to drop {LINKSHARED} to fix the
below build failure.
WARNING: /build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/temp/run.do_compile.923432:185 exit 1 from 'aarch64-wrs-linux-go install -linkshared -p 48 -v -ldflags="-r /usr/lib64/go/pkg/linux_arm64_dynlink -I /lib64/ld-linux-aarch64.so.1 -extldflags ' -mcpu=cortex-a53 -march=armv8-a+crc -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot -Wl,-rpath-link=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot/usr/lib64/go/pkg/linux_arm64_dynlink -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fmacro-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/yq-4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1=/usr/src/debug/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0 -fdebug-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/yq-4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1=/usr/src/debug/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0 -fmacro-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/build=/usr/src/debug/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0 -fdebug-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/build=/usr/src/debug/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0 -fdebug-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot= -fmacro-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot= -fdebug-prefix-map=/build/tmp-glibc/work/cortexa53-wrs-linux/yq/4.30.8+gitdd6cf3df146f3e2c0f8c765a6ef9e35780ad8cc1-r0/recipe-sysroot-native= -Wl,-z,relro,-z,now'" -trimpath -buildmode=pie `go_list_packages`'

Before the patch:
# rpm -ql yq
/usr
/usr/bin
/usr/bin/yq

# du -sh /usr/bin/yq
5.2M /usr/bin/yq

After the patch:
# rpm -ql yq
/usr
/usr/bin
/usr/bin/yq

# du -sh /usr/bin/yq
9.0M /usr/bin/yq

Signed-off-by: Mingli Yu <mingli.yu@...>
---
recipes-devtools/yq/yq_git.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/recipes-devtools/yq/yq_git.bb b/recipes-devtools/yq/yq_git.bb
index 45f2f970..bd474a79 100644
--- a/recipes-devtools/yq/yq_git.bb
+++ b/recipes-devtools/yq/yq_git.bb
@@ -50,7 +50,7 @@ GO_IMPORT = "github.com/mikefarah/yq"

inherit go ptest

-do_compile:prepend() {
+do_compile() {
# arrange for some of the golang built ins to be found
(
cd ${WORKDIR}/build/src/
@@ -60,6 +60,7 @@ do_compile:prepend() {
# arrange for the fetched dependencies to be found
export GOPATH="${GOPATH}:${WORKDIR}/build/vendor/"
export GO111MODULE=off
+ ${GO} install ${GOBUILDFLAGS} `go_list_packages`
}

do_install:append() {
--
2.25.1
Re: [PATCH] kubernetes: upgrade to 1.26.1

Bruce Ashfield
 

I haven't forgotten about this, I'm still working on a joint upgrade
to multiple recipes and stacks related to kubernetes, so it is taking
a bit longer than I'd like for the update.

Bruce

In message: [meta-virtualization][PATCH] kubernetes: upgrade to 1.26.1
on 03/02/2023 Chen Qi wrote:

Changes include:
1. Update SRC_URI an SRCREV
2. Change 0001-hack-lib-golang.sh-use-CC-from-environment.patch to also
remove the 'export CC=xxx' for amd64. The original patch is a little
strange, it removes such statements for other archs but leaves amd64
untouched. If we're using CC from our environment, we use it for all
targets.
3. Adapt 0001-build-golang.sh-convert-remaining-go-calls-to-use.patch to
the 1.26.1 version.
4. Comment out the 'make file_generated' command. I'm not sure why it's
needed in the past, but for 1.26.1, it does seem to be necessary.

This upgrade is tested on qemux86-64 & qemuarm64: k8s + containerd + flannel.

Signed-off-by: Chen Qi <Qi.Chen@...>
---
...sh-convert-remaining-go-calls-to-use.patch | 39 +++++++++++--------
...ib-golang.sh-use-CC-from-environment.patch | 25 +++++++-----
.../kubernetes/kubernetes_git.bb | 8 ++--
3 files changed, 43 insertions(+), 29 deletions(-)

diff --git a/recipes-containers/kubernetes/kubernetes/0001-build-golang.sh-convert-remaining-go-calls-to-use.patch b/recipes-containers/kubernetes/kubernetes/0001-build-golang.sh-convert-remaining-go-calls-to-use.patch
index 8c6644a..6849549 100644
--- a/recipes-containers/kubernetes/kubernetes/0001-build-golang.sh-convert-remaining-go-calls-to-use.patch
+++ b/recipes-containers/kubernetes/kubernetes/0001-build-golang.sh-convert-remaining-go-calls-to-use.patch
@@ -1,18 +1,22 @@
-From 9973a66665992c49593595ae1eb70848907ea6a9 Mon Sep 17 00:00:00 2001
-From: Bruce Ashfield <bruce.ashfield@...>
-Date: Wed, 12 Aug 2020 16:01:49 +0000
-Subject: [PATCH] build/golang.sh: convert remaining 'go' calls to use
+From 3a357f4bb769a4127f5107f4ae21ee8f12279677 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@...>
+Date: Thu, 2 Feb 2023 22:29:07 -0800
+Subject: [PATCH 2/2] golang.sh: convert go to $GO

-Signed-off-by: Bruce Ashfield <bruce.ashfield@...>
+Upstream-Status: Inappropriate [OE Specific]
+
+[The patch was original created by Bruce.]
+
+Signed-off-by: Chen Qi <Qi.Chen@...>
---
hack/lib/golang.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

-Index: kubernetes-v1.24.0+git8b1b4db3834ddf7cf1b97137180f413cb9e2186f/hack/lib/golang.sh
-===================================================================
---- kubernetes-v1.24.0+git8b1b4db3834ddf7cf1b97137180f413cb9e2186f.orig/hack/lib/golang.sh
-+++ kubernetes-v1.24.0+git8b1b4db3834ddf7cf1b97137180f413cb9e2186f/hack/lib/golang.sh
-@@ -652,7 +652,7 @@
+diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
+index 0ed2d719dd1..c2ea9e10186 100755
+--- a/hack/lib/golang.sh
++++ b/hack/lib/golang.sh
+@@ -676,7 +676,7 @@ kube::golang::build_some_binaries() {
kube::golang::create_coverage_dummy_test "${package}"
kube::util::trap_add "kube::golang::delete_coverage_dummy_test \"${package}\"" EXIT

@@ -21,23 +25,23 @@ Index: kubernetes-v1.24.0+git8b1b4db3834ddf7cf1b97137180f413cb9e2186f/hack/lib/g
-covermode count \
-coverpkg k8s.io/...,k8s.io/kubernetes/vendor/k8s.io/... \
"${build_args[@]}" \
-@@ -664,13 +664,13 @@
+@@ -688,13 +688,13 @@ kube::golang::build_some_binaries() {
done
if [[ "${#uncovered[@]}" != 0 ]]; then
V=2 kube::log::info "Building ${uncovered[*]} without coverage..."
-- go install "${build_args[@]}" "${uncovered[@]}"
-+ $GO install "${build_args[@]}" "${uncovered[@]}"
+- GO111MODULE=on GOPROXY=off go install "${build_args[@]}" "${uncovered[@]}"
++ GO111MODULE=on GOPROXY=off $GO install "${build_args[@]}" "${uncovered[@]}"
else
V=2 kube::log::info "Nothing to build without coverage."
fi
else
V=2 kube::log::info "Coverage is disabled."
-- go install "${build_args[@]}" "$@"
-+ $GO install "${build_args[@]}" "$@"
+- GO111MODULE=on GOPROXY=off go install "${build_args[@]}" "$@"
++ GO111MODULE=on GOPROXY=off $GO install "${build_args[@]}" "$@"
fi
}

-@@ -729,7 +729,7 @@
+@@ -756,7 +756,7 @@ kube::golang::build_binaries_for_platform() {
testpkg=$(dirname "${test}")

mkdir -p "$(dirname "${outfile}")"
@@ -46,3 +50,6 @@ Index: kubernetes-v1.24.0+git8b1b4db3834ddf7cf1b97137180f413cb9e2186f/hack/lib/g
${goflags:+"${goflags[@]}"} \
-gcflags="${gogcflags}" \
-asmflags="${goasmflags}" \
+--
+2.37.1
+
diff --git a/recipes-containers/kubernetes/kubernetes/0001-hack-lib-golang.sh-use-CC-from-environment.patch b/recipes-containers/kubernetes/kubernetes/0001-hack-lib-golang.sh-use-CC-from-environment.patch
index 1c4555a..c81bd1a 100644
--- a/recipes-containers/kubernetes/kubernetes/0001-hack-lib-golang.sh-use-CC-from-environment.patch
+++ b/recipes-containers/kubernetes/kubernetes/0001-hack-lib-golang.sh-use-CC-from-environment.patch
@@ -1,21 +1,25 @@
-From 9cbb2d523d481053d405ebac830c2074b00d3417 Mon Sep 17 00:00:00 2001
+From 116ccf93eef322db23e3bd4f35b12be09ebfbde5 Mon Sep 17 00:00:00 2001
From: Koen Kooi <koen.kooi@...>
Date: Mon, 23 Jul 2018 15:28:02 +0200
-Subject: [PATCH] hack/lib/golang.sh: use CC from environment
+Subject: [PATCH 1/2] hack/lib/golang.sh: use CC from environment

Toolchain tupples differs, especially when using vendor provides ones.

Upstream-status: Inappropriate [embedded specific]
Signed-off-by: Koen Kooi <koen.kooi@...>
---
- hack/lib/golang.sh | 4 ----
- 1 file changed, 4 deletions(-)
+ hack/lib/golang.sh | 5 -----
+ 1 file changed, 5 deletions(-)

-Index: kubernetes-v1.21.1+git45da3fc33872083fb225c1a8c4d03e530d6f7630/hack/lib/golang.sh
-===================================================================
---- kubernetes-v1.21.1+git45da3fc33872083fb225c1a8c4d03e530d6f7630.orig/hack/lib/golang.sh
-+++ kubernetes-v1.21.1+git45da3fc33872083fb225c1a8c4d03e530d6f7630/hack/lib/golang.sh
-@@ -414,19 +414,15 @@
+diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
+index fb97ee76783..0ed2d719dd1 100755
+--- a/hack/lib/golang.sh
++++ b/hack/lib/golang.sh
+@@ -419,23 +419,18 @@ kube::golang::set_platform_envs() {
+ case "${platform}" in
+ "linux/amd64")
+ export CGO_ENABLED=1
+- export CC=${KUBE_LINUX_AMD64_CC:-x86_64-linux-gnu-gcc}
;;
"linux/arm")
export CGO_ENABLED=1
@@ -35,3 +39,6 @@ Index: kubernetes-v1.21.1+git45da3fc33872083fb225c1a8c4d03e530d6f7630/hack/lib/g
;;
esac
fi
+--
+2.37.1
+
diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index 31ef135..af26a39 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -5,8 +5,8 @@ applications across multiple hosts, providing basic mechanisms for deployment, \
maintenance, and scaling of applications. \
"

-PV = "v1.24.0+git${SRCREV_kubernetes}"
-SRCREV_kubernetes = "8b1b4db3834ddf7cf1b97137180f413cb9e2186f"
+PV = "v1.26.1+git${SRCREV_kubernetes}"
+SRCREV_kubernetes = "8f94681cd294aa8cfd3407b8191f6c70214973a4"
SRCREV_kubernetes-release = "7c1aa83dac555de6f05500911467b70aca4949f0"
PE = "1"

@@ -22,7 +22,7 @@ PV:class-devupstream = "v1.23-alpha+git${SRCPV}"

SRCREV_FORMAT ?= "kubernetes_release"

-SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.24;name=kubernetes;protocol=https;destsuffix=git/src/github.com/kubernetes/kubernetes \
+SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.26;name=kubernetes;protocol=https;destsuffix=git/src/github.com/kubernetes/kubernetes \
git://github.com/kubernetes/release;branch=master;name=kubernetes-release;destsuffix=git/release;protocol=https"

SRC_URI:append = " \
@@ -69,7 +69,7 @@ do_compile() {
export CC="${BUILD_CC}"
export LD="${BUILD_LD}"

- make generated_files GO="go" KUBE_BUILD_PLATFORMS="${HOST_GOOS}/${BUILD_GOARCH}"
+ #make generated_files GO="go" KUBE_BUILD_PLATFORMS="${HOST_GOOS}/${BUILD_GOARCH}"

# Build the target binaries
export GOARCH="${TARGET_GOARCH}"
--
2.37.1
1 - 20 of 7948