Date   

Re: [PATCH] dynamic-layers/raspberrypi: drop linux-yocto 5.10 bbappend

Bruce Ashfield
 

merged.

Bruce

In message: [meta-virtualization] [PATCH] dynamic-layers/raspberrypi: drop linux-yocto 5.10 bbappend
on 12/08/2022 Martin Jansa wrote:

* the inc file was dropped in:
58f5ac6 kernel: drop 5.10 .inc
but this .bbappend still causes parsing error, because 5.10 recipes
were removed from oe-core
---
.../recipes-kernel/linux/linux-yocto_5.10.bbappend | 6 ------
1 file changed, 6 deletions(-)
delete mode 100644 dynamic-layers/raspberrypi/recipes-kernel/linux/linux-yocto_5.10.bbappend

diff --git a/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-yocto_5.10.bbappend b/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-yocto_5.10.bbappend
deleted file mode 100644
index f279ef7..0000000
--- a/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-yocto_5.10.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# Enable use of the linux-yocto 5.10 kernel for the Raspberry Pi 4
-KBRANCH:raspberrypi4-64 ?= "v5.10/standard/bcm-2xxx-rpi"
-KMACHINE:raspberrypi4-64 ?= "bcm-2xxx-rpi4"
-COMPATIBLE_MACHINE:raspberrypi4-64 = "(raspberrypi4-64)"
-
-require linux-yocto_xen-rpi.inc
--
2.35.1



[PATCH] dynamic-layers/raspberrypi: drop linux-yocto 5.10 bbappend

Martin Jansa
 

* the inc file was dropped in:
58f5ac6 kernel: drop 5.10 .inc
but this .bbappend still causes parsing error, because 5.10 recipes
were removed from oe-core
---
.../recipes-kernel/linux/linux-yocto_5.10.bbappend | 6 ------
1 file changed, 6 deletions(-)
delete mode 100644 dynamic-layers/raspberrypi/recipes-kernel/linux/linux-yocto_5.10.bbappend

diff --git a/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-yocto_5.10.bbappend b/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-yocto_5.10.bbappend
deleted file mode 100644
index f279ef7..0000000
--- a/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-yocto_5.10.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# Enable use of the linux-yocto 5.10 kernel for the Raspberry Pi 4
-KBRANCH:raspberrypi4-64 ?= "v5.10/standard/bcm-2xxx-rpi"
-KMACHINE:raspberrypi4-64 ?= "bcm-2xxx-rpi4"
-COMPATIBLE_MACHINE:raspberrypi4-64 = "(raspberrypi4-64)"
-
-require linux-yocto_xen-rpi.inc
--
2.35.1


[meta-virt][PATCH 1/1] ceph: Fix CVE-2021-3979

Joe Slater
 

Ceph-volume does not properly control key sizes.

Cherry-pick from github.com/ceph/ceph.git.

Signed-off-by: Joe Slater <joe.slater@...>
---
.../ceph/ceph/CVE-2021-3979.patch | 158 ++++++++++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 1 +
2 files changed, 159 insertions(+)
create mode 100644 recipes-extended/ceph/ceph/CVE-2021-3979.patch

diff --git a/recipes-extended/ceph/ceph/CVE-2021-3979.patch b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
new file mode 100644
index 00000000..081b32ba
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
@@ -0,0 +1,158 @@
+From 47c33179f9a15ae95cc1579a421be89378602656 Mon Sep 17 00:00:00 2001
+From: Guillaume Abrioux <gabrioux@...>
+Date: Tue, 25 Jan 2022 10:25:53 +0100
+Subject: [PATCH] ceph-volume: honour osd_dmcrypt_key_size option
+
+ceph-volume doesn't honour osd_dmcrypt_key_size.
+It means the default size is always applied.
+
+It also changes the default value in `get_key_size_from_conf()`
+
+From cryptsetup manpage:
+
+> For XTS mode you can optionally set a key size of 512 bits with the -s option.
+
+Using more than 512bits will end up with the following error message:
+
+```
+Key size in XTS mode must be 256 or 512 bits.
+```
+
+Fixes: https://tracker.ceph.com/issues/54006
+
+Signed-off-by: Guillaume Abrioux <gabrioux@...>
+
+Upstream-Status: Backport
+ github.com/ceph/ceph.git
+ equivalent to cherry-pick of commit 47c33179f9a15ae95cc1579a421be89378602656
+
+CVE: CVE-2021-3979
+
+Signed-off-by: Joe Slater <joe.slater@...>
+---
+ .../ceph_volume/tests/util/test_encryption.py | 41 +++++++++++++------
+ .../ceph_volume/util/encryption.py | 34 ++++++++++-----
+ 2 files changed, 51 insertions(+), 24 deletions(-)
+
+diff --git a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+index e1420b440d3..c86dc50b7c7 100644
+--- a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
++++ b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+@@ -1,5 +1,31 @@
+ from ceph_volume.util import encryption
++import base64
+
++class TestGetKeySize(object):
++ def test_get_size_from_conf_default(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
++
++ def test_get_size_from_conf_custom(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=256
++ ''')
++ assert encryption.get_key_size_from_conf() == '256'
++
++ def test_get_size_from_conf_custom_invalid(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=1024
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
+
+ class TestStatus(object):
+
+@@ -37,17 +63,6 @@ class TestDmcryptClose(object):
+
+ class TestDmcryptKey(object):
+
+- def test_dmcrypt_with_default_size(self, conf_ceph_stub):
+- conf_ceph_stub('[global]\nfsid=asdf-lkjh')
+- result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
+-
+- def test_dmcrypt_with_custom_size(self, conf_ceph_stub):
+- conf_ceph_stub('''
+- [global]
+- fsid=asdf
+- [osd]
+- osd_dmcrypt_size=8
+- ''')
++ def test_dmcrypt(self):
+ result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
++ assert len(base64.b64decode(result)) == 128
+diff --git a/src/ceph-volume/ceph_volume/util/encryption.py b/src/ceph-volume/ceph_volume/util/encryption.py
+index 72a0ccf121e..2a2c03337b6 100644
+--- a/src/ceph-volume/ceph_volume/util/encryption.py
++++ b/src/ceph-volume/ceph_volume/util/encryption.py
+@@ -9,21 +9,29 @@ from .disk import lsblk, device_family, get_part_entry_type
+
+ logger = logging.getLogger(__name__)
+
+-
+-def create_dmcrypt_key():
++def get_key_size_from_conf():
+ """
+- Create the secret dm-crypt key used to decrypt a device.
++ Return the osd dmcrypt key size from config file.
++ Default is 512.
+ """
+- # get the customizable dmcrypt key size (in bits) from ceph.conf fallback
+- # to the default of 1024
+- dmcrypt_key_size = conf.ceph.get_safe(
++ default_key_size = '512'
++ key_size = conf.ceph.get_safe(
+ 'osd',
+ 'osd_dmcrypt_key_size',
+- default=1024,
+- )
+- # The size of the key is defined in bits, so we must transform that
+- # value to bytes (dividing by 8) because we read in bytes, not bits
+- random_string = os.urandom(int(dmcrypt_key_size / 8))
++ default='512')
++
++ if key_size not in ['256', '512']:
++ logger.warning(("Invalid value set for osd_dmcrypt_key_size ({}). "
++ "Falling back to {}bits".format(key_size, default_key_size)))
++ return default_key_size
++
++ return key_size
++
++def create_dmcrypt_key():
++ """
++ Create the secret dm-crypt key (KEK) used to encrypt/decrypt the Volume Key.
++ """
++ random_string = os.urandom(128)
+ key = base64.b64encode(random_string).decode('utf-8')
+ return key
+
+@@ -38,6 +46,8 @@ def luks_format(key, device):
+ command = [
+ 'cryptsetup',
+ '--batch-mode', # do not prompt
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file', # misnomer, should be key
+ '-', # because we indicate stdin for the key here
+ 'luksFormat',
+@@ -83,6 +93,8 @@ def luks_open(key, device, mapping):
+ """
+ command = [
+ 'cryptsetup',
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file',
+ '-',
+ '--allow-discards', # allow discards (aka TRIM) requests for device
+--
+2.35.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.15.bb
index 0fb32b26..f2ece8c7 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
file://0001-buffer.h-add-missing-header-file-due-to-gcc-upgrade.patch \
file://0002-common-fix-FTBFS-due-to-dout-need_dynamic-on-GCC-12.patch \
+ file://CVE-2021-3979.patch \
"

SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.35.1


Re: [meta-virt][kirkstone][PATCH 1/1] ceph: Fix CVE-1021-3979

Joe Slater
 

No, you didn't miss it. I'll send it in an hour or so. Joe

-----Original Message-----
From: Bruce Ashfield <bruce.ashfield@...>
Sent: Wednesday, August 10, 2022 11:35 AM
To: Slater, Joseph <joe.slater@...>
Cc: meta-virtualization@...; MacLeod, Randy
<Randy.MacLeod@...>
Subject: Re: [meta-virtualization] [meta-virt][kirkstone][PATCH 1/1] ceph: Fix
CVE-1021-3979

On Wed, Aug 10, 2022 at 2:26 PM Slater, Joseph <joe.slater@...>
wrote:



-----Original Message-----
From: Bruce Ashfield <bruce.ashfield@...>
Sent: Wednesday, August 10, 2022 11:03 AM
To: Slater, Joseph <joe.slater@...>
Cc: meta-virtualization@...; MacLeod, Randy
<Randy.MacLeod@...>
Subject: Re: [meta-virtualization] [meta-virt][kirkstone][PATCH 1/1]
ceph: Fix
CVE-1021-3979

What about master ? Does it have the same issue ?
Yes, and I have the patch for that. You cannot cherry-pick between
the branches because recipe context is different. The source patch is the
same. I used kirkstone first for internal reasons.
In order to merge this to kirkstone, it needs to be on master first.

So there should be two sends of the patch, one for master and then another for
kirkstone (if it can't be cherry picked).

If you sent the one to master and I missed it, my apologies ... gmail threads
strangely at times.

Bruce

Joe


Bruce

On Wed, Aug 10, 2022 at 1:39 PM Joe Slater <joe.slater@...>
wrote:

Ceph-volume does not properly control key sizes.

Cherry-pick from github.com/ceph/ceph.git.

Signed-off-by: Joe Slater <joe.slater@...>
---
.../ceph/ceph/CVE-2021-3979.patch | 158 ++++++++++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 1 +
2 files changed, 159 insertions(+) create mode 100644
recipes-extended/ceph/ceph/CVE-2021-3979.patch

diff --git a/recipes-extended/ceph/ceph/CVE-2021-3979.patch
b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
new file mode 100644
index 00000000..081b32ba
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
@@ -0,0 +1,158 @@
+From 47c33179f9a15ae95cc1579a421be89378602656 Mon Sep 17
00:00:00
+2001
+From: Guillaume Abrioux <gabrioux@...>
+Date: Tue, 25 Jan 2022 10:25:53 +0100
+Subject: [PATCH] ceph-volume: honour osd_dmcrypt_key_size option
+
+ceph-volume doesn't honour osd_dmcrypt_key_size.
+It means the default size is always applied.
+
+It also changes the default value in `get_key_size_from_conf()`
+
+From cryptsetup manpage:
+
+> For XTS mode you can optionally set a key size of 512 bits with
+> the -s
option.
+
+Using more than 512bits will end up with the following error message:
+
+```
+Key size in XTS mode must be 256 or 512 bits.
+```
+
+Fixes: https://tracker.ceph.com/issues/54006
+
+Signed-off-by: Guillaume Abrioux <gabrioux@...>
+
+Upstream-Status: Backport
+ github.com/ceph/ceph.git
+ equivalent to cherry-pick of commit
+47c33179f9a15ae95cc1579a421be89378602656
+
+CVE: CVE-2021-3979
+
+Signed-off-by: Joe Slater <joe.slater@...>
+---
+ .../ceph_volume/tests/util/test_encryption.py | 41 +++++++++++++------
+ .../ceph_volume/util/encryption.py | 34 ++++++++++-----
+ 2 files changed, 51 insertions(+), 24 deletions(-)
+
+diff --git
+a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+index e1420b440d3..c86dc50b7c7 100644
+--- a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
++++ b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+@@ -1,5 +1,31 @@
+ from ceph_volume.util import encryption
++import base64
+
++class TestGetKeySize(object):
++ def test_get_size_from_conf_default(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
++
++ def test_get_size_from_conf_custom(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=256
++ ''')
++ assert encryption.get_key_size_from_conf() == '256'
++
++ def test_get_size_from_conf_custom_invalid(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=1024
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
+
+ class TestStatus(object):
+
+@@ -37,17 +63,6 @@ class TestDmcryptClose(object):
+
+ class TestDmcryptKey(object):
+
+- def test_dmcrypt_with_default_size(self, conf_ceph_stub):
+- conf_ceph_stub('[global]\nfsid=asdf-lkjh')
+- result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
+-
+- def test_dmcrypt_with_custom_size(self, conf_ceph_stub):
+- conf_ceph_stub('''
+- [global]
+- fsid=asdf
+- [osd]
+- osd_dmcrypt_size=8
+- ''')
++ def test_dmcrypt(self):
+ result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
++ assert len(base64.b64decode(result)) == 128
+diff --git a/src/ceph-volume/ceph_volume/util/encryption.py
+b/src/ceph-volume/ceph_volume/util/encryption.py
+index 72a0ccf121e..2a2c03337b6 100644
+--- a/src/ceph-volume/ceph_volume/util/encryption.py
++++ b/src/ceph-volume/ceph_volume/util/encryption.py
+@@ -9,21 +9,29 @@ from .disk import lsblk, device_family,
+get_part_entry_type
+
+ logger = logging.getLogger(__name__)
+
+-
+-def create_dmcrypt_key():
++def get_key_size_from_conf():
+ """
+- Create the secret dm-crypt key used to decrypt a device.
++ Return the osd dmcrypt key size from config file.
++ Default is 512.
+ """
+- # get the customizable dmcrypt key size (in bits) from ceph.conf
fallback
+- # to the default of 1024
+- dmcrypt_key_size = conf.ceph.get_safe(
++ default_key_size = '512'
++ key_size = conf.ceph.get_safe(
+ 'osd',
+ 'osd_dmcrypt_key_size',
+- default=1024,
+- )
+- # The size of the key is defined in bits, so we must transform that
+- # value to bytes (dividing by 8) because we read in bytes, not bits
+- random_string = os.urandom(int(dmcrypt_key_size / 8))
++ default='512')
++
++ if key_size not in ['256', '512']:
++ logger.warning(("Invalid value set for osd_dmcrypt_key_size ({}). "
++ "Falling back to {}bits".format(key_size, default_key_size)))
++ return default_key_size
++
++ return key_size
++
++def create_dmcrypt_key():
++ """
++ Create the secret dm-crypt key (KEK) used to encrypt/decrypt
++the Volume
Key.
++ """
++ random_string = os.urandom(128)
+ key = base64.b64encode(random_string).decode('utf-8')
+ return key
+
+@@ -38,6 +46,8 @@ def luks_format(key, device):
+ command = [
+ 'cryptsetup',
+ '--batch-mode', # do not prompt
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file', # misnomer, should be key
+ '-', # because we indicate stdin for the key here
+ 'luksFormat',
+@@ -83,6 +93,8 @@ def luks_open(key, device, mapping):
+ """
+ command = [
+ 'cryptsetup',
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file',
+ '-',
+ '--allow-discards', # allow discards (aka TRIM)
+requests for device
+--
+2.35.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
b/recipes-extended/ceph/ceph_15.2.15.bb
index 17dbcf35..b13ebb70 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -14,6 +14,7 @@ SRC_URI =
"http://download.ceph.com/tarballs/ceph-
${PV}.tar.gz \
file://ceph.conf \
file://0001-cmake-add-support-for-python3.10.patch \

file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
+ file://CVE-2021-3979.patch \
"

SRC_URI[sha256sum] =
"5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.35.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness
await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at
its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [meta-virt][kirkstone][PATCH 1/1] ceph: Fix CVE-1021-3979

Bruce Ashfield
 

On Wed, Aug 10, 2022 at 2:26 PM Slater, Joseph <joe.slater@...> wrote:



-----Original Message-----
From: Bruce Ashfield <bruce.ashfield@...>
Sent: Wednesday, August 10, 2022 11:03 AM
To: Slater, Joseph <joe.slater@...>
Cc: meta-virtualization@...; MacLeod, Randy
<Randy.MacLeod@...>
Subject: Re: [meta-virtualization] [meta-virt][kirkstone][PATCH 1/1] ceph: Fix
CVE-1021-3979

What about master ? Does it have the same issue ?
Yes, and I have the patch for that. You cannot cherry-pick between the branches because
recipe context is different. The source patch is the same. I used kirkstone first for internal reasons.
In order to merge this to kirkstone, it needs to be on master first.

So there should be two sends of the patch, one for master and then
another for kirkstone (if it can't be cherry picked).

If you sent the one to master and I missed it, my apologies ... gmail
threads strangely at times.

Bruce

Joe


Bruce

On Wed, Aug 10, 2022 at 1:39 PM Joe Slater <joe.slater@...> wrote:

Ceph-volume does not properly control key sizes.

Cherry-pick from github.com/ceph/ceph.git.

Signed-off-by: Joe Slater <joe.slater@...>
---
.../ceph/ceph/CVE-2021-3979.patch | 158 ++++++++++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 1 +
2 files changed, 159 insertions(+)
create mode 100644 recipes-extended/ceph/ceph/CVE-2021-3979.patch

diff --git a/recipes-extended/ceph/ceph/CVE-2021-3979.patch
b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
new file mode 100644
index 00000000..081b32ba
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
@@ -0,0 +1,158 @@
+From 47c33179f9a15ae95cc1579a421be89378602656 Mon Sep 17 00:00:00
+2001
+From: Guillaume Abrioux <gabrioux@...>
+Date: Tue, 25 Jan 2022 10:25:53 +0100
+Subject: [PATCH] ceph-volume: honour osd_dmcrypt_key_size option
+
+ceph-volume doesn't honour osd_dmcrypt_key_size.
+It means the default size is always applied.
+
+It also changes the default value in `get_key_size_from_conf()`
+
+From cryptsetup manpage:
+
+> For XTS mode you can optionally set a key size of 512 bits with the -s
option.
+
+Using more than 512bits will end up with the following error message:
+
+```
+Key size in XTS mode must be 256 or 512 bits.
+```
+
+Fixes: https://tracker.ceph.com/issues/54006
+
+Signed-off-by: Guillaume Abrioux <gabrioux@...>
+
+Upstream-Status: Backport
+ github.com/ceph/ceph.git
+ equivalent to cherry-pick of commit
+47c33179f9a15ae95cc1579a421be89378602656
+
+CVE: CVE-2021-3979
+
+Signed-off-by: Joe Slater <joe.slater@...>
+---
+ .../ceph_volume/tests/util/test_encryption.py | 41 +++++++++++++------
+ .../ceph_volume/util/encryption.py | 34 ++++++++++-----
+ 2 files changed, 51 insertions(+), 24 deletions(-)
+
+diff --git
+a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+index e1420b440d3..c86dc50b7c7 100644
+--- a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
++++ b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+@@ -1,5 +1,31 @@
+ from ceph_volume.util import encryption
++import base64
+
++class TestGetKeySize(object):
++ def test_get_size_from_conf_default(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
++
++ def test_get_size_from_conf_custom(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=256
++ ''')
++ assert encryption.get_key_size_from_conf() == '256'
++
++ def test_get_size_from_conf_custom_invalid(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=1024
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
+
+ class TestStatus(object):
+
+@@ -37,17 +63,6 @@ class TestDmcryptClose(object):
+
+ class TestDmcryptKey(object):
+
+- def test_dmcrypt_with_default_size(self, conf_ceph_stub):
+- conf_ceph_stub('[global]\nfsid=asdf-lkjh')
+- result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
+-
+- def test_dmcrypt_with_custom_size(self, conf_ceph_stub):
+- conf_ceph_stub('''
+- [global]
+- fsid=asdf
+- [osd]
+- osd_dmcrypt_size=8
+- ''')
++ def test_dmcrypt(self):
+ result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
++ assert len(base64.b64decode(result)) == 128
+diff --git a/src/ceph-volume/ceph_volume/util/encryption.py
+b/src/ceph-volume/ceph_volume/util/encryption.py
+index 72a0ccf121e..2a2c03337b6 100644
+--- a/src/ceph-volume/ceph_volume/util/encryption.py
++++ b/src/ceph-volume/ceph_volume/util/encryption.py
+@@ -9,21 +9,29 @@ from .disk import lsblk, device_family,
+get_part_entry_type
+
+ logger = logging.getLogger(__name__)
+
+-
+-def create_dmcrypt_key():
++def get_key_size_from_conf():
+ """
+- Create the secret dm-crypt key used to decrypt a device.
++ Return the osd dmcrypt key size from config file.
++ Default is 512.
+ """
+- # get the customizable dmcrypt key size (in bits) from ceph.conf fallback
+- # to the default of 1024
+- dmcrypt_key_size = conf.ceph.get_safe(
++ default_key_size = '512'
++ key_size = conf.ceph.get_safe(
+ 'osd',
+ 'osd_dmcrypt_key_size',
+- default=1024,
+- )
+- # The size of the key is defined in bits, so we must transform that
+- # value to bytes (dividing by 8) because we read in bytes, not bits
+- random_string = os.urandom(int(dmcrypt_key_size / 8))
++ default='512')
++
++ if key_size not in ['256', '512']:
++ logger.warning(("Invalid value set for osd_dmcrypt_key_size ({}). "
++ "Falling back to {}bits".format(key_size, default_key_size)))
++ return default_key_size
++
++ return key_size
++
++def create_dmcrypt_key():
++ """
++ Create the secret dm-crypt key (KEK) used to encrypt/decrypt the Volume
Key.
++ """
++ random_string = os.urandom(128)
+ key = base64.b64encode(random_string).decode('utf-8')
+ return key
+
+@@ -38,6 +46,8 @@ def luks_format(key, device):
+ command = [
+ 'cryptsetup',
+ '--batch-mode', # do not prompt
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file', # misnomer, should be key
+ '-', # because we indicate stdin for the key here
+ 'luksFormat',
+@@ -83,6 +93,8 @@ def luks_open(key, device, mapping):
+ """
+ command = [
+ 'cryptsetup',
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file',
+ '-',
+ '--allow-discards', # allow discards (aka TRIM) requests
+for device
+--
+2.35.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
b/recipes-extended/ceph/ceph_15.2.15.bb
index 17dbcf35..b13ebb70 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-
${PV}.tar.gz \
file://ceph.conf \
file://0001-cmake-add-support-for-python3.10.patch \

file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
+ file://CVE-2021-3979.patch \
"

SRC_URI[sha256sum] =
"5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.35.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at
its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [meta-virt][kirkstone][PATCH 1/1] ceph: Fix CVE-1021-3979

Joe Slater
 

-----Original Message-----
From: Bruce Ashfield <bruce.ashfield@...>
Sent: Wednesday, August 10, 2022 11:03 AM
To: Slater, Joseph <joe.slater@...>
Cc: meta-virtualization@...; MacLeod, Randy
<Randy.MacLeod@...>
Subject: Re: [meta-virtualization] [meta-virt][kirkstone][PATCH 1/1] ceph: Fix
CVE-1021-3979

What about master ? Does it have the same issue ?
Yes, and I have the patch for that. You cannot cherry-pick between the branches because
recipe context is different. The source patch is the same. I used kirkstone first for internal reasons.

Joe


Bruce

On Wed, Aug 10, 2022 at 1:39 PM Joe Slater <joe.slater@...> wrote:

Ceph-volume does not properly control key sizes.

Cherry-pick from github.com/ceph/ceph.git.

Signed-off-by: Joe Slater <joe.slater@...>
---
.../ceph/ceph/CVE-2021-3979.patch | 158 ++++++++++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 1 +
2 files changed, 159 insertions(+)
create mode 100644 recipes-extended/ceph/ceph/CVE-2021-3979.patch

diff --git a/recipes-extended/ceph/ceph/CVE-2021-3979.patch
b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
new file mode 100644
index 00000000..081b32ba
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
@@ -0,0 +1,158 @@
+From 47c33179f9a15ae95cc1579a421be89378602656 Mon Sep 17 00:00:00
+2001
+From: Guillaume Abrioux <gabrioux@...>
+Date: Tue, 25 Jan 2022 10:25:53 +0100
+Subject: [PATCH] ceph-volume: honour osd_dmcrypt_key_size option
+
+ceph-volume doesn't honour osd_dmcrypt_key_size.
+It means the default size is always applied.
+
+It also changes the default value in `get_key_size_from_conf()`
+
+From cryptsetup manpage:
+
+> For XTS mode you can optionally set a key size of 512 bits with the -s
option.
+
+Using more than 512bits will end up with the following error message:
+
+```
+Key size in XTS mode must be 256 or 512 bits.
+```
+
+Fixes: https://tracker.ceph.com/issues/54006
+
+Signed-off-by: Guillaume Abrioux <gabrioux@...>
+
+Upstream-Status: Backport
+ github.com/ceph/ceph.git
+ equivalent to cherry-pick of commit
+47c33179f9a15ae95cc1579a421be89378602656
+
+CVE: CVE-2021-3979
+
+Signed-off-by: Joe Slater <joe.slater@...>
+---
+ .../ceph_volume/tests/util/test_encryption.py | 41 +++++++++++++------
+ .../ceph_volume/util/encryption.py | 34 ++++++++++-----
+ 2 files changed, 51 insertions(+), 24 deletions(-)
+
+diff --git
+a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+index e1420b440d3..c86dc50b7c7 100644
+--- a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
++++ b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+@@ -1,5 +1,31 @@
+ from ceph_volume.util import encryption
++import base64
+
++class TestGetKeySize(object):
++ def test_get_size_from_conf_default(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
++
++ def test_get_size_from_conf_custom(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=256
++ ''')
++ assert encryption.get_key_size_from_conf() == '256'
++
++ def test_get_size_from_conf_custom_invalid(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=1024
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
+
+ class TestStatus(object):
+
+@@ -37,17 +63,6 @@ class TestDmcryptClose(object):
+
+ class TestDmcryptKey(object):
+
+- def test_dmcrypt_with_default_size(self, conf_ceph_stub):
+- conf_ceph_stub('[global]\nfsid=asdf-lkjh')
+- result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
+-
+- def test_dmcrypt_with_custom_size(self, conf_ceph_stub):
+- conf_ceph_stub('''
+- [global]
+- fsid=asdf
+- [osd]
+- osd_dmcrypt_size=8
+- ''')
++ def test_dmcrypt(self):
+ result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
++ assert len(base64.b64decode(result)) == 128
+diff --git a/src/ceph-volume/ceph_volume/util/encryption.py
+b/src/ceph-volume/ceph_volume/util/encryption.py
+index 72a0ccf121e..2a2c03337b6 100644
+--- a/src/ceph-volume/ceph_volume/util/encryption.py
++++ b/src/ceph-volume/ceph_volume/util/encryption.py
+@@ -9,21 +9,29 @@ from .disk import lsblk, device_family,
+get_part_entry_type
+
+ logger = logging.getLogger(__name__)
+
+-
+-def create_dmcrypt_key():
++def get_key_size_from_conf():
+ """
+- Create the secret dm-crypt key used to decrypt a device.
++ Return the osd dmcrypt key size from config file.
++ Default is 512.
+ """
+- # get the customizable dmcrypt key size (in bits) from ceph.conf fallback
+- # to the default of 1024
+- dmcrypt_key_size = conf.ceph.get_safe(
++ default_key_size = '512'
++ key_size = conf.ceph.get_safe(
+ 'osd',
+ 'osd_dmcrypt_key_size',
+- default=1024,
+- )
+- # The size of the key is defined in bits, so we must transform that
+- # value to bytes (dividing by 8) because we read in bytes, not bits
+- random_string = os.urandom(int(dmcrypt_key_size / 8))
++ default='512')
++
++ if key_size not in ['256', '512']:
++ logger.warning(("Invalid value set for osd_dmcrypt_key_size ({}). "
++ "Falling back to {}bits".format(key_size, default_key_size)))
++ return default_key_size
++
++ return key_size
++
++def create_dmcrypt_key():
++ """
++ Create the secret dm-crypt key (KEK) used to encrypt/decrypt the Volume
Key.
++ """
++ random_string = os.urandom(128)
+ key = base64.b64encode(random_string).decode('utf-8')
+ return key
+
+@@ -38,6 +46,8 @@ def luks_format(key, device):
+ command = [
+ 'cryptsetup',
+ '--batch-mode', # do not prompt
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file', # misnomer, should be key
+ '-', # because we indicate stdin for the key here
+ 'luksFormat',
+@@ -83,6 +93,8 @@ def luks_open(key, device, mapping):
+ """
+ command = [
+ 'cryptsetup',
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file',
+ '-',
+ '--allow-discards', # allow discards (aka TRIM) requests
+for device
+--
+2.35.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
b/recipes-extended/ceph/ceph_15.2.15.bb
index 17dbcf35..b13ebb70 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-
${PV}.tar.gz \
file://ceph.conf \
file://0001-cmake-add-support-for-python3.10.patch \

file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
+ file://CVE-2021-3979.patch \
"

SRC_URI[sha256sum] =
"5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.35.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at
its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [meta-virt][kirkstone][PATCH 1/1] ceph: Fix CVE-1021-3979

Bruce Ashfield
 

What about master ? Does it have the same issue ?

Bruce

On Wed, Aug 10, 2022 at 1:39 PM Joe Slater <joe.slater@...> wrote:

Ceph-volume does not properly control key sizes.

Cherry-pick from github.com/ceph/ceph.git.

Signed-off-by: Joe Slater <joe.slater@...>
---
.../ceph/ceph/CVE-2021-3979.patch | 158 ++++++++++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 1 +
2 files changed, 159 insertions(+)
create mode 100644 recipes-extended/ceph/ceph/CVE-2021-3979.patch

diff --git a/recipes-extended/ceph/ceph/CVE-2021-3979.patch b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
new file mode 100644
index 00000000..081b32ba
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
@@ -0,0 +1,158 @@
+From 47c33179f9a15ae95cc1579a421be89378602656 Mon Sep 17 00:00:00 2001
+From: Guillaume Abrioux <gabrioux@...>
+Date: Tue, 25 Jan 2022 10:25:53 +0100
+Subject: [PATCH] ceph-volume: honour osd_dmcrypt_key_size option
+
+ceph-volume doesn't honour osd_dmcrypt_key_size.
+It means the default size is always applied.
+
+It also changes the default value in `get_key_size_from_conf()`
+
+From cryptsetup manpage:
+
+> For XTS mode you can optionally set a key size of 512 bits with the -s option.
+
+Using more than 512bits will end up with the following error message:
+
+```
+Key size in XTS mode must be 256 or 512 bits.
+```
+
+Fixes: https://tracker.ceph.com/issues/54006
+
+Signed-off-by: Guillaume Abrioux <gabrioux@...>
+
+Upstream-Status: Backport
+ github.com/ceph/ceph.git
+ equivalent to cherry-pick of commit 47c33179f9a15ae95cc1579a421be89378602656
+
+CVE: CVE-2021-3979
+
+Signed-off-by: Joe Slater <joe.slater@...>
+---
+ .../ceph_volume/tests/util/test_encryption.py | 41 +++++++++++++------
+ .../ceph_volume/util/encryption.py | 34 ++++++++++-----
+ 2 files changed, 51 insertions(+), 24 deletions(-)
+
+diff --git a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+index e1420b440d3..c86dc50b7c7 100644
+--- a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
++++ b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+@@ -1,5 +1,31 @@
+ from ceph_volume.util import encryption
++import base64
+
++class TestGetKeySize(object):
++ def test_get_size_from_conf_default(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
++
++ def test_get_size_from_conf_custom(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=256
++ ''')
++ assert encryption.get_key_size_from_conf() == '256'
++
++ def test_get_size_from_conf_custom_invalid(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=1024
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
+
+ class TestStatus(object):
+
+@@ -37,17 +63,6 @@ class TestDmcryptClose(object):
+
+ class TestDmcryptKey(object):
+
+- def test_dmcrypt_with_default_size(self, conf_ceph_stub):
+- conf_ceph_stub('[global]\nfsid=asdf-lkjh')
+- result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
+-
+- def test_dmcrypt_with_custom_size(self, conf_ceph_stub):
+- conf_ceph_stub('''
+- [global]
+- fsid=asdf
+- [osd]
+- osd_dmcrypt_size=8
+- ''')
++ def test_dmcrypt(self):
+ result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
++ assert len(base64.b64decode(result)) == 128
+diff --git a/src/ceph-volume/ceph_volume/util/encryption.py b/src/ceph-volume/ceph_volume/util/encryption.py
+index 72a0ccf121e..2a2c03337b6 100644
+--- a/src/ceph-volume/ceph_volume/util/encryption.py
++++ b/src/ceph-volume/ceph_volume/util/encryption.py
+@@ -9,21 +9,29 @@ from .disk import lsblk, device_family, get_part_entry_type
+
+ logger = logging.getLogger(__name__)
+
+-
+-def create_dmcrypt_key():
++def get_key_size_from_conf():
+ """
+- Create the secret dm-crypt key used to decrypt a device.
++ Return the osd dmcrypt key size from config file.
++ Default is 512.
+ """
+- # get the customizable dmcrypt key size (in bits) from ceph.conf fallback
+- # to the default of 1024
+- dmcrypt_key_size = conf.ceph.get_safe(
++ default_key_size = '512'
++ key_size = conf.ceph.get_safe(
+ 'osd',
+ 'osd_dmcrypt_key_size',
+- default=1024,
+- )
+- # The size of the key is defined in bits, so we must transform that
+- # value to bytes (dividing by 8) because we read in bytes, not bits
+- random_string = os.urandom(int(dmcrypt_key_size / 8))
++ default='512')
++
++ if key_size not in ['256', '512']:
++ logger.warning(("Invalid value set for osd_dmcrypt_key_size ({}). "
++ "Falling back to {}bits".format(key_size, default_key_size)))
++ return default_key_size
++
++ return key_size
++
++def create_dmcrypt_key():
++ """
++ Create the secret dm-crypt key (KEK) used to encrypt/decrypt the Volume Key.
++ """
++ random_string = os.urandom(128)
+ key = base64.b64encode(random_string).decode('utf-8')
+ return key
+
+@@ -38,6 +46,8 @@ def luks_format(key, device):
+ command = [
+ 'cryptsetup',
+ '--batch-mode', # do not prompt
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file', # misnomer, should be key
+ '-', # because we indicate stdin for the key here
+ 'luksFormat',
+@@ -83,6 +93,8 @@ def luks_open(key, device, mapping):
+ """
+ command = [
+ 'cryptsetup',
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file',
+ '-',
+ '--allow-discards', # allow discards (aka TRIM) requests for device
+--
+2.35.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.15.bb
index 17dbcf35..b13ebb70 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
file://ceph.conf \
file://0001-cmake-add-support-for-python3.10.patch \
file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
+ file://CVE-2021-3979.patch \
"

SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.35.1



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


[meta-virt][kirkstone][PATCH 1/1] ceph: Fix CVE-1021-3979

Joe Slater
 

Ceph-volume does not properly control key sizes.

Cherry-pick from github.com/ceph/ceph.git.

Signed-off-by: Joe Slater <joe.slater@...>
---
.../ceph/ceph/CVE-2021-3979.patch | 158 ++++++++++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 1 +
2 files changed, 159 insertions(+)
create mode 100644 recipes-extended/ceph/ceph/CVE-2021-3979.patch

diff --git a/recipes-extended/ceph/ceph/CVE-2021-3979.patch b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
new file mode 100644
index 00000000..081b32ba
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
@@ -0,0 +1,158 @@
+From 47c33179f9a15ae95cc1579a421be89378602656 Mon Sep 17 00:00:00 2001
+From: Guillaume Abrioux <gabrioux@...>
+Date: Tue, 25 Jan 2022 10:25:53 +0100
+Subject: [PATCH] ceph-volume: honour osd_dmcrypt_key_size option
+
+ceph-volume doesn't honour osd_dmcrypt_key_size.
+It means the default size is always applied.
+
+It also changes the default value in `get_key_size_from_conf()`
+
+From cryptsetup manpage:
+
+> For XTS mode you can optionally set a key size of 512 bits with the -s option.
+
+Using more than 512bits will end up with the following error message:
+
+```
+Key size in XTS mode must be 256 or 512 bits.
+```
+
+Fixes: https://tracker.ceph.com/issues/54006
+
+Signed-off-by: Guillaume Abrioux <gabrioux@...>
+
+Upstream-Status: Backport
+ github.com/ceph/ceph.git
+ equivalent to cherry-pick of commit 47c33179f9a15ae95cc1579a421be89378602656
+
+CVE: CVE-2021-3979
+
+Signed-off-by: Joe Slater <joe.slater@...>
+---
+ .../ceph_volume/tests/util/test_encryption.py | 41 +++++++++++++------
+ .../ceph_volume/util/encryption.py | 34 ++++++++++-----
+ 2 files changed, 51 insertions(+), 24 deletions(-)
+
+diff --git a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+index e1420b440d3..c86dc50b7c7 100644
+--- a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
++++ b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
+@@ -1,5 +1,31 @@
+ from ceph_volume.util import encryption
++import base64
+
++class TestGetKeySize(object):
++ def test_get_size_from_conf_default(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
++
++ def test_get_size_from_conf_custom(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=256
++ ''')
++ assert encryption.get_key_size_from_conf() == '256'
++
++ def test_get_size_from_conf_custom_invalid(self, conf_ceph_stub):
++ conf_ceph_stub('''
++ [global]
++ fsid=asdf
++ [osd]
++ osd_dmcrypt_key_size=1024
++ ''')
++ assert encryption.get_key_size_from_conf() == '512'
+
+ class TestStatus(object):
+
+@@ -37,17 +63,6 @@ class TestDmcryptClose(object):
+
+ class TestDmcryptKey(object):
+
+- def test_dmcrypt_with_default_size(self, conf_ceph_stub):
+- conf_ceph_stub('[global]\nfsid=asdf-lkjh')
+- result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
+-
+- def test_dmcrypt_with_custom_size(self, conf_ceph_stub):
+- conf_ceph_stub('''
+- [global]
+- fsid=asdf
+- [osd]
+- osd_dmcrypt_size=8
+- ''')
++ def test_dmcrypt(self):
+ result = encryption.create_dmcrypt_key()
+- assert len(result) == 172
++ assert len(base64.b64decode(result)) == 128
+diff --git a/src/ceph-volume/ceph_volume/util/encryption.py b/src/ceph-volume/ceph_volume/util/encryption.py
+index 72a0ccf121e..2a2c03337b6 100644
+--- a/src/ceph-volume/ceph_volume/util/encryption.py
++++ b/src/ceph-volume/ceph_volume/util/encryption.py
+@@ -9,21 +9,29 @@ from .disk import lsblk, device_family, get_part_entry_type
+
+ logger = logging.getLogger(__name__)
+
+-
+-def create_dmcrypt_key():
++def get_key_size_from_conf():
+ """
+- Create the secret dm-crypt key used to decrypt a device.
++ Return the osd dmcrypt key size from config file.
++ Default is 512.
+ """
+- # get the customizable dmcrypt key size (in bits) from ceph.conf fallback
+- # to the default of 1024
+- dmcrypt_key_size = conf.ceph.get_safe(
++ default_key_size = '512'
++ key_size = conf.ceph.get_safe(
+ 'osd',
+ 'osd_dmcrypt_key_size',
+- default=1024,
+- )
+- # The size of the key is defined in bits, so we must transform that
+- # value to bytes (dividing by 8) because we read in bytes, not bits
+- random_string = os.urandom(int(dmcrypt_key_size / 8))
++ default='512')
++
++ if key_size not in ['256', '512']:
++ logger.warning(("Invalid value set for osd_dmcrypt_key_size ({}). "
++ "Falling back to {}bits".format(key_size, default_key_size)))
++ return default_key_size
++
++ return key_size
++
++def create_dmcrypt_key():
++ """
++ Create the secret dm-crypt key (KEK) used to encrypt/decrypt the Volume Key.
++ """
++ random_string = os.urandom(128)
+ key = base64.b64encode(random_string).decode('utf-8')
+ return key
+
+@@ -38,6 +46,8 @@ def luks_format(key, device):
+ command = [
+ 'cryptsetup',
+ '--batch-mode', # do not prompt
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file', # misnomer, should be key
+ '-', # because we indicate stdin for the key here
+ 'luksFormat',
+@@ -83,6 +93,8 @@ def luks_open(key, device, mapping):
+ """
+ command = [
+ 'cryptsetup',
++ '--key-size',
++ get_key_size_from_conf(),
+ '--key-file',
+ '-',
+ '--allow-discards', # allow discards (aka TRIM) requests for device
+--
+2.35.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.15.bb
index 17dbcf35..b13ebb70 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
file://ceph.conf \
file://0001-cmake-add-support-for-python3.10.patch \
file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
+ file://CVE-2021-3979.patch \
"

SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.35.1


Re: [kirkstone][master][PATCH 2/4] kubernetes: install the binaries in OE standard places

Bruce Ashfield
 

On Tue, Aug 9, 2022 at 1:36 PM Jose Quaresma <quaresma.jose@...> wrote:



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 18:07:

On Tue, Aug 9, 2022 at 12:36 PM Jose Quaresma <quaresma.jose@...> wrote:



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 16:05:

On Tue, Aug 9, 2022 at 10:21 AM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@...> wrote:

On Tue, Aug 9, 2022 at 10:02 AM Jose Quaresma <quaresma.jose@...> wrote:



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:43:

On Tue, Aug 9, 2022 at 9:34 AM Jose Quaresma <quaresma.jose@...> wrote:

Hi Bruce,

Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:19:

You must have something different in your environment, I'm not seeing
any of these same issues.

Maybe because you have the BIN_PREFIX defined somewhere in your distro or local.conf
BIN_PREFIX is defined only in k3s recipe BIN_PREFIX ?= "${exec_prefix}/local"
I'm building a plain OE + meta-virt. BIN_PREFIX isn't in the
environment anywhere (which is admittedly strange .. but that's
consistent with how it has been).

Also, there's no other reports of this ever on the mailing list,
including demos for conferences, etc. ... that fails the "how can this
be working for everyone else ?" test.

So there's definitely something different that I'm not seeing. I use
OE nodistro or poky, others are using some other distros .. so I need
to figure out what is the difference.

That being said, even if we tweaked the binaries install, we don't
want them changing where they've been installed previously, there
could be any number of scripts expecting those locations in layers
that I don't maintain.

i.e. there's no way we should be patching the .service file, since
that indicates the binaries have moved from where they were before.

Bruce
By default with BIN_PREFIX="" the binaries seem to be installed on /bin/k8s-init so they will work as this is in the PATH.
For OE nodistro maybe this QA is disabled (need to confirm that) but for distros that have this QA enabled it will fire up.
The installed but not shipped, isn't inhibited anywhere that I know
of. Certainly not on poky, which is where most of the nightly builds
happen for this.

About moving the binaries for another place is mainly because /bin is not the right place for them IMO.
https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/bin.html
But that's not where they are going for all the rest of the builds :)
I'm aware of the various filesystem standards.


But I forgot to update all the services involved in this patch set so please drop it all and I will update all services as well in V2.
I wouldn't bother with that for v2, since again, they are using
/usr/bin and /usr/local/bin from all the .service files I recall, and
that's where we want the binaries to continue to be.
aha. I see that k3s does set BIN_PREFIX, but it has been lost for
kubernetes and nerdctl.

right, maybe you don't see the QA because it will only shon for files installed in /bin when usrmerge is enabled.
That could very well be it.


for nerdctl, the BIN_PREFIX is there from the beginning so the recipe allway install it in /bin.
for kubernetes, BIN_PREFIX is added in [1] and this only install k8s-init in /bin and all the other binaries
continue where they were installed (in /usr/bin in this case).

[1] - https://git.yoctoproject.org/meta-virtualization/commit/?id=4d0f0a5ca2338e5f6ed3fe3a18c602447cf60eb4


The easiest / lowest footprint route is to just add the variable back
in for kubernetes and nerdctl, to the current default location. That
allows folks to override it and/or keep their scripts/service files
unmodified.

This is what I did but using ${bindir} instead of ${BIN_PREFIX}.
Adding the BIN_PREFIX ?= "${exec_prefix}/local" will change install location so
since we have to change, we can use the ${bindir} and put the files in the right place.
I'm really only interested in the BIN_PREFIX being set in those
recipes. The smallest
footprint change.

kubernetes is installing all binaries files to ${D}/${bindir}:
install -m 755 -D ${S}/src/import/_output/local/bin/${TARGET_GOOS}/${TARGET_GOARCH}/* ${D}/${bindir}
I realize that.


and you are suggesting to install only k8s-init with BIN_PREFIX:
install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
No, I'm suggesting the smallest footprint change, but that is more for
the other recipes, versus the single use of it in this kubernetes
recipe.


this will end up with BIN_PREFIX = "/usr" to be consistent with the other binaries in the recipe
or BIN_PREFIX = "${exec_prefix}/local" to use something not defined in bitbake.conf.
I don't really know what you prefer BIN_PREFIX = "/usr" or BIN_PREFIX = "${exec_prefix}/local"
as the two will change the installation path and you said that:
"even if we tweaked the binaries install, we don't want them changing where they've been installed previously"
That comment was more for the k3s recipe, this helper is being
installed to the wrong place, and likely I'm the only one that uses
it.

For this specific recipe, I'd make it consistent with the other
binaries and set it to ${prefix} which is "/usr", which of course is
the same as ${exec_prefix}


sorry but changing this patch and using BIN_PREFIX doesn't make much sense in my opinion.
That's the style of the recipes as they stand, keeping them consistent
to that has value .. in particular, since I end up spending the
majority of time debugging system level runtime issues. There were
many issues found during the creation of the recipes and stack with
binaries being assumed in one location and then someone changing their
bitbake configuration and them not being present. So the control was
pulled into the recipes under BIN_PREFIX to make it explicit and to
save many hours debugging. That's the same reason why many of the go
build settings are in the recipes when for the most part they could be
used from the bbclasses.

That being said, we could change k8s and nerdctl to just use
${bindir}, but k3s should be left as-is.

Bruce

Jose



So as the series currently stands, it isn't something I'll merge.

Cheers,

Bruce



The last patch for k3s is more invasive as it touches many places and the systemd services as well.
I will send it separate because this one don't fix anything and only change the installation of binaries
from /usr/local/bin to /usr/bin

Jose


Bruce

Bruce

Jose



Jose



Cheers,

Bruce

On Tue, Aug 9, 2022 at 8:16 AM Jose Quaresma <quaresma.jose@...> wrote:

- The env BIN_PREFIX is there from the beginning but there are no references to it,
also fix a fatal QA errors installed-vs-shipped.

ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
/bin
/bin/k8s-init
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---
recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index e9460d4..82b75b1 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -103,8 +103,8 @@ do_install() {
install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf ${D}${systemd_unitdir}/system/kubelet.service.d/

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d "${D}${BIN_PREFIX}/bin"
- install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
+ install -d ${D}${bindir}
+ install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}

install -d ${D}${sysconfdir}/sysctl.d
install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
@@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"

ALLOW_EMPTY:${PN}-host = "1"
-FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
+FILE:${PN}-host = "${bindir}/k8s-init"
RDEPENDS:${PN}-host = "${PN}"

RRECOMMENDS:${PN} = "\
--
2.37.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [kirkstone][master][PATCH 2/4] kubernetes: install the binaries in OE standard places

Jose Quaresma
 



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 18:07:
On Tue, Aug 9, 2022 at 12:36 PM Jose Quaresma <quaresma.jose@...> wrote:
>
>
>
> Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 16:05:
>>
>> On Tue, Aug 9, 2022 at 10:21 AM Bruce Ashfield via
>> lists.yoctoproject.org
>> <bruce.ashfield=gmail.com@...> wrote:
>> >
>> > On Tue, Aug 9, 2022 at 10:02 AM Jose Quaresma <quaresma.jose@...> wrote:
>> > >
>> > >
>> > >
>> > > Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:43:
>> > >>
>> > >> On Tue, Aug 9, 2022 at 9:34 AM Jose Quaresma <quaresma.jose@...> wrote:
>> > >> >
>> > >> > Hi Bruce,
>> > >> >
>> > >> > Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:19:
>> > >> >>
>> > >> >> You must have something different in your environment, I'm not seeing
>> > >> >> any of these same issues.
>> > >> >
>> > >> >
>> > >> > Maybe because you have the BIN_PREFIX defined somewhere in your distro or local.conf
>> > >> > BIN_PREFIX is defined only in k3s recipe BIN_PREFIX ?= "${exec_prefix}/local"
>> > >> >
>> > >>
>> > >> I'm building a plain OE + meta-virt. BIN_PREFIX isn't in the
>> > >> environment anywhere (which is admittedly strange .. but that's
>> > >> consistent with how it has been).
>> > >>
>> > >> Also, there's no other reports of this ever on the mailing list,
>> > >> including demos for conferences, etc. ... that fails the "how can this
>> > >> be working for everyone else ?" test.
>> > >>
>> > >> So there's definitely something different that I'm not seeing. I use
>> > >> OE nodistro or poky, others are using some other distros .. so I need
>> > >> to figure out what is the difference.
>> > >>
>> > >> That being said, even if we tweaked the binaries install, we don't
>> > >> want them changing where they've been installed previously, there
>> > >> could be any number of scripts expecting those locations in layers
>> > >> that I don't maintain.
>> > >>
>> > >> i.e. there's no way we should be patching the .service file, since
>> > >> that indicates the binaries have moved from where they were before.
>> > >>
>> > >> Bruce
>> > >>
>> > >
>> > > By default with BIN_PREFIX="" the binaries seem to be installed on /bin/k8s-init so they will work as this is in the PATH.
>> > > For OE nodistro maybe this QA is disabled (need to confirm that) but for distros that have this QA enabled it will fire up.
>> > >
>> >
>> > The installed but not shipped, isn't inhibited anywhere that I know
>> > of. Certainly not on poky, which is where most of the nightly builds
>> > happen for this.
>> >
>> > > About moving the binaries for another place is mainly because /bin is not the right place for them IMO.
>> > > https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/bin.html
>> >
>> > But that's not where they are going for all the rest of the builds :)
>> > I'm aware of the various filesystem standards.
>> >
>> > >
>> > > But I forgot to update all the services involved in this patch set so please drop it all and I will update all services as well in V2.
>> > >
>> >
>> > I wouldn't bother with that for v2, since again, they are using
>> > /usr/bin and /usr/local/bin from all the .service files I recall, and
>> > that's where we want the binaries to continue to be.
>> >
>>
>> aha. I see that k3s does set BIN_PREFIX, but it has been lost for
>> kubernetes and nerdctl.
>
>
> right, maybe you don't see the QA because it will only shon for files installed in /bin when usrmerge is enabled.

That could very well be it.

>
> for nerdctl, the BIN_PREFIX is there from the beginning so the recipe allway install it in /bin.
> for kubernetes, BIN_PREFIX is added in [1] and this only install k8s-init in /bin and all the other binaries
> continue where they were installed (in /usr/bin in this case).
>
> [1] - https://git.yoctoproject.org/meta-virtualization/commit/?id=4d0f0a5ca2338e5f6ed3fe3a18c602447cf60eb4
>
>>
>> The easiest / lowest footprint route is to just add the variable back
>> in for kubernetes and nerdctl, to the current default location. That
>> allows folks to override it and/or keep their scripts/service files
>> unmodified.
>
>
> This is what I did but using ${bindir} instead of ${BIN_PREFIX}.
> Adding the BIN_PREFIX ?= "${exec_prefix}/local" will change install location so
> since we have to change, we can use the ${bindir} and put the files in the right place.

I'm really only interested in the BIN_PREFIX being set in those
recipes. The smallest
footprint change.

kubernetes is installing all binaries files to ${D}/${bindir}:
install -m 755 -D ${S}/src/import/_output/local/bin/${TARGET_GOOS}/${TARGET_GOARCH}/* ${D}/${bindir}

and you are suggesting to install only k8s-init with BIN_PREFIX:
install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"

this will end up with BIN_PREFIX = "/usr" to be consistent with the other binaries in the recipe
or BIN_PREFIX = "${exec_prefix}/local" to use something not defined in bitbake.conf.
I don't really know what you prefer BIN_PREFIX = "/usr" or BIN_PREFIX = "${exec_prefix}/local"
as the two will change the installation path and you said that:
"even if we tweaked the binaries install, we don't want them changing where they've been installed previously"

sorry but changing this patch and using BIN_PREFIX doesn't make much sense in my opinion.

Jose
 

So as the series currently stands, it isn't something I'll merge.

Cheers,

Bruce


>
> The last patch for k3s is more invasive as it touches many places and the systemd services as well.
> I will send it separate because this one don't fix anything and only change the installation of binaries
> from /usr/local/bin to /usr/bin
>
> Jose
>
>>
>> Bruce
>>
>> > Bruce
>> >
>> > > Jose
>> > >
>> > >>
>> > >>
>> > >> > Jose
>> > >> >
>> > >> >>
>> > >> >>
>> > >> >> Cheers,
>> > >> >>
>> > >> >> Bruce
>> > >> >>
>> > >> >> On Tue, Aug 9, 2022 at 8:16 AM Jose Quaresma <quaresma.jose@...> wrote:
>> > >> >> >
>> > >> >> > - The env BIN_PREFIX is there from the beginning but there are no references to it,
>> > >> >> > also fix a fatal QA errors installed-vs-shipped.
>> > >> >> >
>> > >> >> > ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
>> > >> >> >   /bin
>> > >> >> >   /bin/k8s-init
>> > >> >> > Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
>> > >> >> > kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
>> > >> >> > ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.
>> > >> >> >
>> > >> >> > Signed-off-by: Jose Quaresma <jose.quaresma@...>
>> > >> >> > ---
>> > >> >> >  recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
>> > >> >> >  1 file changed, 3 insertions(+), 3 deletions(-)
>> > >> >> >
>> > >> >> > diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
>> > >> >> > index e9460d4..82b75b1 100644
>> > >> >> > --- a/recipes-containers/kubernetes/kubernetes_git.bb
>> > >> >> > +++ b/recipes-containers/kubernetes/kubernetes_git.bb
>> > >> >> > @@ -103,8 +103,8 @@ do_install() {
>> > >> >> >      install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf  ${D}${systemd_unitdir}/system/kubelet.service.d/
>> > >> >> >
>> > >> >> >      if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
>> > >> >> > -       install -d "${D}${BIN_PREFIX}/bin"
>> > >> >> > -       install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
>> > >> >> > +       install -d ${D}${bindir}
>> > >> >> > +       install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}
>> > >> >> >
>> > >> >> >         install -d ${D}${sysconfdir}/sysctl.d
>> > >> >> >         install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
>> > >> >> > @@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
>> > >> >> >  FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"
>> > >> >> >
>> > >> >> >  ALLOW_EMPTY:${PN}-host = "1"
>> > >> >> > -FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
>> > >> >> > +FILE:${PN}-host = "${bindir}/k8s-init"
>> > >> >> >  RDEPENDS:${PN}-host = "${PN}"
>> > >> >> >
>> > >> >> >  RRECOMMENDS:${PN} = "\
>> > >> >> > --
>> > >> >> > 2.37.1
>> > >> >> >
>> > >> >> >
>> > >> >> >
>> > >> >> >
>> > >> >>
>> > >> >>
>> > >> >> --
>> > >> >> - Thou shalt not follow the NULL pointer, for chaos and madness await
>> > >> >> thee at its end
>> > >> >> - "Use the force Harry" - Gandalf, Star Trek II
>> > >> >
>> > >> >
>> > >> >
>> > >> > --
>> > >> > Best regards,
>> > >> >
>> > >> > José Quaresma
>> > >>
>> > >>
>> > >>
>> > >> --
>> > >> - Thou shalt not follow the NULL pointer, for chaos and madness await
>> > >> thee at its end
>> > >> - "Use the force Harry" - Gandalf, Star Trek II
>> > >
>> > >
>> > >
>> > > --
>> > > Best regards,
>> > >
>> > > José Quaresma
>> >
>> >
>> >
>> > --
>> > - Thou shalt not follow the NULL pointer, for chaos and madness await
>> > thee at its end
>> > - "Use the force Harry" - Gandalf, Star Trek II
>> >
>> >
>> >
>>
>>
>> --
>> - Thou shalt not follow the NULL pointer, for chaos and madness await
>> thee at its end
>> - "Use the force Harry" - Gandalf, Star Trek II
>
>
>
> --
> Best regards,
>
> José Quaresma



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
Best regards,

José Quaresma


Re: [kirkstone][master][PATCH 2/4] kubernetes: install the binaries in OE standard places

Bruce Ashfield
 

On Tue, Aug 9, 2022 at 12:36 PM Jose Quaresma <quaresma.jose@...> wrote:



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 16:05:

On Tue, Aug 9, 2022 at 10:21 AM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@...> wrote:

On Tue, Aug 9, 2022 at 10:02 AM Jose Quaresma <quaresma.jose@...> wrote:



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:43:

On Tue, Aug 9, 2022 at 9:34 AM Jose Quaresma <quaresma.jose@...> wrote:

Hi Bruce,

Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:19:

You must have something different in your environment, I'm not seeing
any of these same issues.

Maybe because you have the BIN_PREFIX defined somewhere in your distro or local.conf
BIN_PREFIX is defined only in k3s recipe BIN_PREFIX ?= "${exec_prefix}/local"
I'm building a plain OE + meta-virt. BIN_PREFIX isn't in the
environment anywhere (which is admittedly strange .. but that's
consistent with how it has been).

Also, there's no other reports of this ever on the mailing list,
including demos for conferences, etc. ... that fails the "how can this
be working for everyone else ?" test.

So there's definitely something different that I'm not seeing. I use
OE nodistro or poky, others are using some other distros .. so I need
to figure out what is the difference.

That being said, even if we tweaked the binaries install, we don't
want them changing where they've been installed previously, there
could be any number of scripts expecting those locations in layers
that I don't maintain.

i.e. there's no way we should be patching the .service file, since
that indicates the binaries have moved from where they were before.

Bruce
By default with BIN_PREFIX="" the binaries seem to be installed on /bin/k8s-init so they will work as this is in the PATH.
For OE nodistro maybe this QA is disabled (need to confirm that) but for distros that have this QA enabled it will fire up.
The installed but not shipped, isn't inhibited anywhere that I know
of. Certainly not on poky, which is where most of the nightly builds
happen for this.

About moving the binaries for another place is mainly because /bin is not the right place for them IMO.
https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/bin.html
But that's not where they are going for all the rest of the builds :)
I'm aware of the various filesystem standards.


But I forgot to update all the services involved in this patch set so please drop it all and I will update all services as well in V2.
I wouldn't bother with that for v2, since again, they are using
/usr/bin and /usr/local/bin from all the .service files I recall, and
that's where we want the binaries to continue to be.
aha. I see that k3s does set BIN_PREFIX, but it has been lost for
kubernetes and nerdctl.

right, maybe you don't see the QA because it will only shon for files installed in /bin when usrmerge is enabled.
That could very well be it.


for nerdctl, the BIN_PREFIX is there from the beginning so the recipe allway install it in /bin.
for kubernetes, BIN_PREFIX is added in [1] and this only install k8s-init in /bin and all the other binaries
continue where they were installed (in /usr/bin in this case).

[1] - https://git.yoctoproject.org/meta-virtualization/commit/?id=4d0f0a5ca2338e5f6ed3fe3a18c602447cf60eb4


The easiest / lowest footprint route is to just add the variable back
in for kubernetes and nerdctl, to the current default location. That
allows folks to override it and/or keep their scripts/service files
unmodified.

This is what I did but using ${bindir} instead of ${BIN_PREFIX}.
Adding the BIN_PREFIX ?= "${exec_prefix}/local" will change install location so
since we have to change, we can use the ${bindir} and put the files in the right place.
I'm really only interested in the BIN_PREFIX being set in those
recipes. The smallest
footprint change.

So as the series currently stands, it isn't something I'll merge.

Cheers,

Bruce



The last patch for k3s is more invasive as it touches many places and the systemd services as well.
I will send it separate because this one don't fix anything and only change the installation of binaries
from /usr/local/bin to /usr/bin

Jose


Bruce

Bruce

Jose



Jose



Cheers,

Bruce

On Tue, Aug 9, 2022 at 8:16 AM Jose Quaresma <quaresma.jose@...> wrote:

- The env BIN_PREFIX is there from the beginning but there are no references to it,
also fix a fatal QA errors installed-vs-shipped.

ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
/bin
/bin/k8s-init
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---
recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index e9460d4..82b75b1 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -103,8 +103,8 @@ do_install() {
install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf ${D}${systemd_unitdir}/system/kubelet.service.d/

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d "${D}${BIN_PREFIX}/bin"
- install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
+ install -d ${D}${bindir}
+ install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}

install -d ${D}${sysconfdir}/sysctl.d
install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
@@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"

ALLOW_EMPTY:${PN}-host = "1"
-FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
+FILE:${PN}-host = "${bindir}/k8s-init"
RDEPENDS:${PN}-host = "${PN}"

RRECOMMENDS:${PN} = "\
--
2.37.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [kirkstone][master][PATCH 2/4] kubernetes: install the binaries in OE standard places

Jose Quaresma
 



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 16:05:
On Tue, Aug 9, 2022 at 10:21 AM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@...> wrote:
>
> On Tue, Aug 9, 2022 at 10:02 AM Jose Quaresma <quaresma.jose@...> wrote:
> >
> >
> >
> > Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:43:
> >>
> >> On Tue, Aug 9, 2022 at 9:34 AM Jose Quaresma <quaresma.jose@...> wrote:
> >> >
> >> > Hi Bruce,
> >> >
> >> > Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:19:
> >> >>
> >> >> You must have something different in your environment, I'm not seeing
> >> >> any of these same issues.
> >> >
> >> >
> >> > Maybe because you have the BIN_PREFIX defined somewhere in your distro or local.conf
> >> > BIN_PREFIX is defined only in k3s recipe BIN_PREFIX ?= "${exec_prefix}/local"
> >> >
> >>
> >> I'm building a plain OE + meta-virt. BIN_PREFIX isn't in the
> >> environment anywhere (which is admittedly strange .. but that's
> >> consistent with how it has been).
> >>
> >> Also, there's no other reports of this ever on the mailing list,
> >> including demos for conferences, etc. ... that fails the "how can this
> >> be working for everyone else ?" test.
> >>
> >> So there's definitely something different that I'm not seeing. I use
> >> OE nodistro or poky, others are using some other distros .. so I need
> >> to figure out what is the difference.
> >>
> >> That being said, even if we tweaked the binaries install, we don't
> >> want them changing where they've been installed previously, there
> >> could be any number of scripts expecting those locations in layers
> >> that I don't maintain.
> >>
> >> i.e. there's no way we should be patching the .service file, since
> >> that indicates the binaries have moved from where they were before.
> >>
> >> Bruce
> >>
> >
> > By default with BIN_PREFIX="" the binaries seem to be installed on /bin/k8s-init so they will work as this is in the PATH.
> > For OE nodistro maybe this QA is disabled (need to confirm that) but for distros that have this QA enabled it will fire up.
> >
>
> The installed but not shipped, isn't inhibited anywhere that I know
> of. Certainly not on poky, which is where most of the nightly builds
> happen for this.
>
> > About moving the binaries for another place is mainly because /bin is not the right place for them IMO.
> > https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/bin.html
>
> But that's not where they are going for all the rest of the builds :)
> I'm aware of the various filesystem standards.
>
> >
> > But I forgot to update all the services involved in this patch set so please drop it all and I will update all services as well in V2.
> >
>
> I wouldn't bother with that for v2, since again, they are using
> /usr/bin and /usr/local/bin from all the .service files I recall, and
> that's where we want the binaries to continue to be.
>

aha. I see that k3s does set BIN_PREFIX, but it has been lost for
kubernetes and nerdctl.

right, maybe you don't see the QA because it will only shon for files installed in /bin when usrmerge is enabled.

for nerdctl, the BIN_PREFIX is there from the beginning so the recipe allway install it in /bin.
for kubernetes, BIN_PREFIX is added in [1] and this only install k8s-init in /bin and all the other binaries
continue where they were installed (in /usr/bin in this case).


The easiest / lowest footprint route is to just add the variable back
in for kubernetes and nerdctl, to the current default location. That
allows folks to override it and/or keep their scripts/service files
unmodified.

This is what I did but using ${bindir} instead of ${BIN_PREFIX}.
Adding the BIN_PREFIX ?= "${exec_prefix}/local" will change install location so
since we have to change, we can use the ${bindir} and put the files in the right place.

The last patch for k3s is more invasive as it touches many places and the systemd services as well.
I will send it separate because this one don't fix anything and only change the installation of binaries
from /usr/local/bin to /usr/bin

Jose


Bruce

> Bruce
>
> > Jose
> >
> >>
> >>
> >> > Jose
> >> >
> >> >>
> >> >>
> >> >> Cheers,
> >> >>
> >> >> Bruce
> >> >>
> >> >> On Tue, Aug 9, 2022 at 8:16 AM Jose Quaresma <quaresma.jose@...> wrote:
> >> >> >
> >> >> > - The env BIN_PREFIX is there from the beginning but there are no references to it,
> >> >> > also fix a fatal QA errors installed-vs-shipped.
> >> >> >
> >> >> > ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
> >> >> >   /bin
> >> >> >   /bin/k8s-init
> >> >> > Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
> >> >> > kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
> >> >> > ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.
> >> >> >
> >> >> > Signed-off-by: Jose Quaresma <jose.quaresma@...>
> >> >> > ---
> >> >> >  recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
> >> >> >  1 file changed, 3 insertions(+), 3 deletions(-)
> >> >> >
> >> >> > diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
> >> >> > index e9460d4..82b75b1 100644
> >> >> > --- a/recipes-containers/kubernetes/kubernetes_git.bb
> >> >> > +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> >> >> > @@ -103,8 +103,8 @@ do_install() {
> >> >> >      install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf  ${D}${systemd_unitdir}/system/kubelet.service.d/
> >> >> >
> >> >> >      if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
> >> >> > -       install -d "${D}${BIN_PREFIX}/bin"
> >> >> > -       install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
> >> >> > +       install -d ${D}${bindir}
> >> >> > +       install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}
> >> >> >
> >> >> >         install -d ${D}${sysconfdir}/sysctl.d
> >> >> >         install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
> >> >> > @@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
> >> >> >  FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"
> >> >> >
> >> >> >  ALLOW_EMPTY:${PN}-host = "1"
> >> >> > -FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
> >> >> > +FILE:${PN}-host = "${bindir}/k8s-init"
> >> >> >  RDEPENDS:${PN}-host = "${PN}"
> >> >> >
> >> >> >  RRECOMMENDS:${PN} = "\
> >> >> > --
> >> >> > 2.37.1
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >> --
> >> >> - Thou shalt not follow the NULL pointer, for chaos and madness await
> >> >> thee at its end
> >> >> - "Use the force Harry" - Gandalf, Star Trek II
> >> >
> >> >
> >> >
> >> > --
> >> > Best regards,
> >> >
> >> > José Quaresma
> >>
> >>
> >>
> >> --
> >> - Thou shalt not follow the NULL pointer, for chaos and madness await
> >> thee at its end
> >> - "Use the force Harry" - Gandalf, Star Trek II
> >
> >
> >
> > --
> > Best regards,
> >
> > José Quaresma
>
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end
> - "Use the force Harry" - Gandalf, Star Trek II
>
>
>


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


[kirkstone][master][PATCH] k3s: install the binaries in OE standard places

Jose Quaresma
 

This will change the instalation path from "${exec_prefix}/local/bin"
to "${bindir}", that in OE-core moves the binaries from the
"/usr/local/bin" to the default "/usr/bin" path.
Update the systemd services as well with the new "${bindir}" path.

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---
recipes-containers/k3s/k3s/k3s-agent.service | 4 ++--
recipes-containers/k3s/k3s/k3s.service | 4 ++--
recipes-containers/k3s/k3s_git.bb | 21 +++++++++-----------
3 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/recipes-containers/k3s/k3s/k3s-agent.service b/recipes-containers/k3s/k3s/k3s-agent.service
index 9f9016d..0792970 100644
--- a/recipes-containers/k3s/k3s/k3s-agent.service
+++ b/recipes-containers/k3s/k3s/k3s-agent.service
@@ -21,6 +21,6 @@ Restart=always
RestartSec=5s
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s agent
-ExecStopPost=/usr/local/bin/k3s-clean
+ExecStart=/usr/bin/k3s agent
+ExecStopPost=/usr/bin/k3s-clean

diff --git a/recipes-containers/k3s/k3s/k3s.service b/recipes-containers/k3s/k3s/k3s.service
index 33d3ee7..647fc66 100644
--- a/recipes-containers/k3s/k3s/k3s.service
+++ b/recipes-containers/k3s/k3s/k3s.service
@@ -29,9 +29,9 @@ RestartSec=5s
ExecStartPre=/bin/sh -xc '! systemctl is-enabled --quiet nm-cloud-setup.service'
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server
+ExecStart=/usr/bin/k3s server
# Avoid any delay due to this service when the system is rebooting or shutting
# down by using the k3s-killall.sh script to kill all of the running k3s
# services and containers
ExecStopPost=/bin/sh -c "if systemctl is-system-running | grep -i \
- 'stopping'; then /usr/local/bin/k3s-killall.sh; fi"
+ 'stopping'; then /usr/bin/k3s-killall.sh; fi"
diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index 7f9f549..a4973fe 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -37,7 +37,6 @@ GO_BUILD_LDFLAGS = "-X github.com/rancher/k3s/pkg/version.Version=${PV} \
-X github.com/rancher/k3s/pkg/version.GitCommit=${@d.getVar('SRCREV_k3s', d, 1)[:8]} \
-w -s \
"
-BIN_PREFIX ?= "${exec_prefix}/local"

inherit features_check
REQUIRED_DISTRO_FEATURES ?= "seccomp"
@@ -634,20 +633,19 @@ do_compile() {
}

do_install() {
- install -d "${D}${BIN_PREFIX}/bin"
- install -m 755 "${S}/src/import/dist/artifacts/k3s" "${D}${BIN_PREFIX}/bin"
- ln -sr "${D}/${BIN_PREFIX}/bin/k3s" "${D}${BIN_PREFIX}/bin/crictl"
+ install -d "${D}${bindir}"
+ install -m 755 "${S}/src/import/dist/artifacts/k3s" "${D}${bindir}"
+ ln -sr "${D}${bindir}/k3s" "${D}${bindir}/crictl"
# We want to use the containerd provided ctr
- # ln -sr "${D}/${BIN_PREFIX}/bin/k3s" "${D}${BIN_PREFIX}/bin/ctr"
- ln -sr "${D}/${BIN_PREFIX}/bin/k3s" "${D}${BIN_PREFIX}/bin/kubectl"
- install -m 755 "${WORKDIR}/k3s-clean" "${D}${BIN_PREFIX}/bin"
- install -m 755 "${WORKDIR}/k3s-killall.sh" "${D}${BIN_PREFIX}/bin"
+ # ln -sr "${D}${bindir}/k3s" "${D}${bindir}/ctr"
+ ln -sr "${D}${bindir}/k3s" "${D}${bindir}/kubectl"
+ install -m 755 "${WORKDIR}/k3s-clean" "${D}${bindir}"
+ install -m 755 "${WORKDIR}/k3s-killall.sh" "${D}${bindir}"

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
install -D -m 0644 "${WORKDIR}/k3s.service" "${D}${systemd_system_unitdir}/k3s.service"
install -D -m 0644 "${WORKDIR}/k3s-agent.service" "${D}${systemd_system_unitdir}/k3s-agent.service"
- sed -i "s#\(Exec\)\(.*\)=\(.*\)\(k3s\)#\1\2=${BIN_PREFIX}/bin/\4#g" "${D}${systemd_system_unitdir}/k3s.service" "${D}${systemd_system_unitdir}/k3s-agent.service"
- install -m 755 "${WORKDIR}/k3s-agent" "${D}${BIN_PREFIX}/bin"
+ install -m 755 "${WORKDIR}/k3s-agent" "${D}${bindir}"
fi
}

@@ -658,8 +656,7 @@ SYSTEMD_SERVICE:${PN}-server = "${@bb.utils.contains('DISTRO_FEATURES','systemd'
SYSTEMD_SERVICE:${PN}-agent = "${@bb.utils.contains('DISTRO_FEATURES','systemd','k3s-agent.service','',d)}"
SYSTEMD_AUTO_ENABLE:${PN}-agent = "disable"

-FILES:${PN}-agent = "${BIN_PREFIX}/bin/k3s-agent"
-FILES:${PN} += "${BIN_PREFIX}/bin/*"
+FILES:${PN}-agent = "${bindir}/k3s-agent"

RDEPENDS:${PN} = "k3s-cni conntrack-tools coreutils findutils iptables iproute2 ipset virtual-containerd"
RDEPENDS:${PN}-server = "${PN}"
--
2.37.1


[kirkstone][master][PATCH v2 3/3] kubernetes: replace tabs with spaces for identation

Jose Quaresma
 

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---
recipes-containers/kubernetes/kubernetes_git.bb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index 82b75b1..4d65b27 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -103,11 +103,11 @@ do_install() {
install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf ${D}${systemd_unitdir}/system/kubelet.service.d/

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d ${D}${bindir}
- install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}
+ install -d ${D}${bindir}
+ install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}

- install -d ${D}${sysconfdir}/sysctl.d
- install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
+ install -d ${D}${sysconfdir}/sysctl.d
+ install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
fi
}

--
2.37.1


[kirkstone][master][PATCH v2 2/3] kubernetes: install the binaries in OE standard places

Jose Quaresma
 

- Install the binaries in the default "/usr/bin" and not in "/bin"

- The env BIN_PREFIX is there from the beginning but it is not defined,
also fix a fatal QA errors installed-vs-shipped (only enabled with usrmerge):

ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
/bin
/bin/k8s-init
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---

v2: update commit description, drop k3s patch

recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index e9460d4..82b75b1 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -103,8 +103,8 @@ do_install() {
install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf ${D}${systemd_unitdir}/system/kubelet.service.d/

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d "${D}${BIN_PREFIX}/bin"
- install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
+ install -d ${D}${bindir}
+ install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}

install -d ${D}${sysconfdir}/sysctl.d
install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
@@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"

ALLOW_EMPTY:${PN}-host = "1"
-FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
+FILE:${PN}-host = "${bindir}/k8s-init"
RDEPENDS:${PN}-host = "${PN}"

RRECOMMENDS:${PN} = "\
--
2.37.1


[kirkstone][master][PATCH v2 1/3] nerdctl: install the binaries in OE standard places

Jose Quaresma
 

- Install the binaries in the default "/usr/bin" and not in "/bin"

- The env BIN_PREFIX is there from the beginning but it is not defined,
also fix a fatal QA errors installed-vs-shipped (only enabled with usrmerge):

ERROR: nerdctl-v0.18.0-r0 do_package: QA Issue: nerdctl: Files/directories were installed but not shipped in any package:
/bin
/bin/nerdctl
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
nerdctl: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: nerdctl-v0.18.0-r0 do_package: Fatal QA errors were found, failing task.

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---

v2: update commit description, drop k3s patch

recipes-containers/nerdctl/nerdctl_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-containers/nerdctl/nerdctl_git.bb b/recipes-containers/nerdctl/nerdctl_git.bb
index 5d4d827..ad18f67 100644
--- a/recipes-containers/nerdctl/nerdctl_git.bb
+++ b/recipes-containers/nerdctl/nerdctl_git.bb
@@ -239,8 +239,8 @@ do_compile() {
}

do_install() {
- install -d "${D}${BIN_PREFIX}/bin"
- install -m 755 "${S}/src/import/_output/nerdctl" "${D}${BIN_PREFIX}/bin"
+ install -d ${D}${bindir}
+ install -m 755 ${S}/src/import/_output/nerdctl ${D}${bindir}
}

INHIBIT_PACKAGE_STRIP = "1"
--
2.37.1


Re: [kirkstone][master][PATCH 2/4] kubernetes: install the binaries in OE standard places

Bruce Ashfield
 

On Tue, Aug 9, 2022 at 10:21 AM Bruce Ashfield via
lists.yoctoproject.org
<bruce.ashfield=gmail.com@...> wrote:

On Tue, Aug 9, 2022 at 10:02 AM Jose Quaresma <quaresma.jose@...> wrote:



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:43:

On Tue, Aug 9, 2022 at 9:34 AM Jose Quaresma <quaresma.jose@...> wrote:

Hi Bruce,

Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:19:

You must have something different in your environment, I'm not seeing
any of these same issues.

Maybe because you have the BIN_PREFIX defined somewhere in your distro or local.conf
BIN_PREFIX is defined only in k3s recipe BIN_PREFIX ?= "${exec_prefix}/local"
I'm building a plain OE + meta-virt. BIN_PREFIX isn't in the
environment anywhere (which is admittedly strange .. but that's
consistent with how it has been).

Also, there's no other reports of this ever on the mailing list,
including demos for conferences, etc. ... that fails the "how can this
be working for everyone else ?" test.

So there's definitely something different that I'm not seeing. I use
OE nodistro or poky, others are using some other distros .. so I need
to figure out what is the difference.

That being said, even if we tweaked the binaries install, we don't
want them changing where they've been installed previously, there
could be any number of scripts expecting those locations in layers
that I don't maintain.

i.e. there's no way we should be patching the .service file, since
that indicates the binaries have moved from where they were before.

Bruce
By default with BIN_PREFIX="" the binaries seem to be installed on /bin/k8s-init so they will work as this is in the PATH.
For OE nodistro maybe this QA is disabled (need to confirm that) but for distros that have this QA enabled it will fire up.
The installed but not shipped, isn't inhibited anywhere that I know
of. Certainly not on poky, which is where most of the nightly builds
happen for this.

About moving the binaries for another place is mainly because /bin is not the right place for them IMO.
https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/bin.html
But that's not where they are going for all the rest of the builds :)
I'm aware of the various filesystem standards.


But I forgot to update all the services involved in this patch set so please drop it all and I will update all services as well in V2.
I wouldn't bother with that for v2, since again, they are using
/usr/bin and /usr/local/bin from all the .service files I recall, and
that's where we want the binaries to continue to be.
aha. I see that k3s does set BIN_PREFIX, but it has been lost for
kubernetes and nerdctl.

The easiest / lowest footprint route is to just add the variable back
in for kubernetes and nerdctl, to the current default location. That
allows folks to override it and/or keep their scripts/service files
unmodified.

Bruce

Bruce

Jose



Jose



Cheers,

Bruce

On Tue, Aug 9, 2022 at 8:16 AM Jose Quaresma <quaresma.jose@...> wrote:

- The env BIN_PREFIX is there from the beginning but there are no references to it,
also fix a fatal QA errors installed-vs-shipped.

ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
/bin
/bin/k8s-init
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---
recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index e9460d4..82b75b1 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -103,8 +103,8 @@ do_install() {
install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf ${D}${systemd_unitdir}/system/kubelet.service.d/

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d "${D}${BIN_PREFIX}/bin"
- install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
+ install -d ${D}${bindir}
+ install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}

install -d ${D}${sysconfdir}/sysctl.d
install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
@@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"

ALLOW_EMPTY:${PN}-host = "1"
-FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
+FILE:${PN}-host = "${bindir}/k8s-init"
RDEPENDS:${PN}-host = "${PN}"

RRECOMMENDS:${PN} = "\
--
2.37.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [kirkstone][master][PATCH 2/4] kubernetes: install the binaries in OE standard places

Bruce Ashfield
 

On Tue, Aug 9, 2022 at 10:02 AM Jose Quaresma <quaresma.jose@...> wrote:



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:43:

On Tue, Aug 9, 2022 at 9:34 AM Jose Quaresma <quaresma.jose@...> wrote:

Hi Bruce,

Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:19:

You must have something different in your environment, I'm not seeing
any of these same issues.

Maybe because you have the BIN_PREFIX defined somewhere in your distro or local.conf
BIN_PREFIX is defined only in k3s recipe BIN_PREFIX ?= "${exec_prefix}/local"
I'm building a plain OE + meta-virt. BIN_PREFIX isn't in the
environment anywhere (which is admittedly strange .. but that's
consistent with how it has been).

Also, there's no other reports of this ever on the mailing list,
including demos for conferences, etc. ... that fails the "how can this
be working for everyone else ?" test.

So there's definitely something different that I'm not seeing. I use
OE nodistro or poky, others are using some other distros .. so I need
to figure out what is the difference.

That being said, even if we tweaked the binaries install, we don't
want them changing where they've been installed previously, there
could be any number of scripts expecting those locations in layers
that I don't maintain.

i.e. there's no way we should be patching the .service file, since
that indicates the binaries have moved from where they were before.

Bruce
By default with BIN_PREFIX="" the binaries seem to be installed on /bin/k8s-init so they will work as this is in the PATH.
For OE nodistro maybe this QA is disabled (need to confirm that) but for distros that have this QA enabled it will fire up.
The installed but not shipped, isn't inhibited anywhere that I know
of. Certainly not on poky, which is where most of the nightly builds
happen for this.

About moving the binaries for another place is mainly because /bin is not the right place for them IMO.
https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/bin.html
But that's not where they are going for all the rest of the builds :)
I'm aware of the various filesystem standards.


But I forgot to update all the services involved in this patch set so please drop it all and I will update all services as well in V2.
I wouldn't bother with that for v2, since again, they are using
/usr/bin and /usr/local/bin from all the .service files I recall, and
that's where we want the binaries to continue to be.

Bruce

Jose



Jose



Cheers,

Bruce

On Tue, Aug 9, 2022 at 8:16 AM Jose Quaresma <quaresma.jose@...> wrote:

- The env BIN_PREFIX is there from the beginning but there are no references to it,
also fix a fatal QA errors installed-vs-shipped.

ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
/bin
/bin/k8s-init
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---
recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index e9460d4..82b75b1 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -103,8 +103,8 @@ do_install() {
install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf ${D}${systemd_unitdir}/system/kubelet.service.d/

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d "${D}${BIN_PREFIX}/bin"
- install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
+ install -d ${D}${bindir}
+ install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}

install -d ${D}${sysconfdir}/sysctl.d
install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
@@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"

ALLOW_EMPTY:${PN}-host = "1"
-FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
+FILE:${PN}-host = "${bindir}/k8s-init"
RDEPENDS:${PN}-host = "${PN}"

RRECOMMENDS:${PN} = "\
--
2.37.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [kirkstone][master][PATCH 2/4] kubernetes: install the binaries in OE standard places

Jose Quaresma
 



Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:43:
On Tue, Aug 9, 2022 at 9:34 AM Jose Quaresma <quaresma.jose@...> wrote:
>
> Hi Bruce,
>
> Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:19:
>>
>> You must have something different in your environment, I'm not seeing
>> any of these same issues.
>
>
> Maybe because you have the BIN_PREFIX defined somewhere in your distro or local.conf
> BIN_PREFIX is defined only in k3s recipe BIN_PREFIX ?= "${exec_prefix}/local"
>

I'm building a plain OE + meta-virt. BIN_PREFIX isn't in the
environment anywhere (which is admittedly strange .. but that's
consistent with how it has been).

Also, there's no other reports of this ever on the mailing list,
including demos for conferences, etc. ... that fails the "how can this
be working for everyone else ?" test.

So there's definitely something different that I'm not seeing. I use
OE nodistro or poky, others are using some other distros .. so I need
to figure out what is the difference.

That being said, even if we tweaked the binaries install, we don't
want them changing where they've been installed previously, there
could be any number of scripts expecting those locations in layers
that I don't maintain.

i.e. there's no way we should be patching the .service file, since
that indicates the binaries have moved from where they were before.

Bruce


By default with BIN_PREFIX="" the binaries seem to be installed on /bin/k8s-init so they will work as this is in the PATH.
For OE nodistro maybe this QA is disabled (need to confirm that) but for distros that have this QA enabled it will fire up.

About moving the binaries for another place is mainly because /bin is not the right place for them IMO.
 
But I forgot to update all the services involved in this patch set so please drop it all and I will update all services as well in V2.

Jose



> Jose
>
>>
>>
>> Cheers,
>>
>> Bruce
>>
>> On Tue, Aug 9, 2022 at 8:16 AM Jose Quaresma <quaresma.jose@...> wrote:
>> >
>> > - The env BIN_PREFIX is there from the beginning but there are no references to it,
>> > also fix a fatal QA errors installed-vs-shipped.
>> >
>> > ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
>> >   /bin
>> >   /bin/k8s-init
>> > Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
>> > kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
>> > ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.
>> >
>> > Signed-off-by: Jose Quaresma <jose.quaresma@...>
>> > ---
>> >  recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
>> >  1 file changed, 3 insertions(+), 3 deletions(-)
>> >
>> > diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
>> > index e9460d4..82b75b1 100644
>> > --- a/recipes-containers/kubernetes/kubernetes_git.bb
>> > +++ b/recipes-containers/kubernetes/kubernetes_git.bb
>> > @@ -103,8 +103,8 @@ do_install() {
>> >      install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf  ${D}${systemd_unitdir}/system/kubelet.service.d/
>> >
>> >      if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
>> > -       install -d "${D}${BIN_PREFIX}/bin"
>> > -       install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
>> > +       install -d ${D}${bindir}
>> > +       install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}
>> >
>> >         install -d ${D}${sysconfdir}/sysctl.d
>> >         install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
>> > @@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
>> >  FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"
>> >
>> >  ALLOW_EMPTY:${PN}-host = "1"
>> > -FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
>> > +FILE:${PN}-host = "${bindir}/k8s-init"
>> >  RDEPENDS:${PN}-host = "${PN}"
>> >
>> >  RRECOMMENDS:${PN} = "\
>> > --
>> > 2.37.1
>> >
>> >
>> >
>> >
>>
>>
>> --
>> - Thou shalt not follow the NULL pointer, for chaos and madness await
>> thee at its end
>> - "Use the force Harry" - Gandalf, Star Trek II
>
>
>
> --
> Best regards,
>
> José Quaresma



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


Re: [kirkstone][master][PATCH 2/4] kubernetes: install the binaries in OE standard places

Bruce Ashfield
 

On Tue, Aug 9, 2022 at 9:34 AM Jose Quaresma <quaresma.jose@...> wrote:

Hi Bruce,

Bruce Ashfield <bruce.ashfield@...> escreveu no dia terça, 9/08/2022 à(s) 14:19:

You must have something different in your environment, I'm not seeing
any of these same issues.

Maybe because you have the BIN_PREFIX defined somewhere in your distro or local.conf
BIN_PREFIX is defined only in k3s recipe BIN_PREFIX ?= "${exec_prefix}/local"
I'm building a plain OE + meta-virt. BIN_PREFIX isn't in the
environment anywhere (which is admittedly strange .. but that's
consistent with how it has been).

Also, there's no other reports of this ever on the mailing list,
including demos for conferences, etc. ... that fails the "how can this
be working for everyone else ?" test.

So there's definitely something different that I'm not seeing. I use
OE nodistro or poky, others are using some other distros .. so I need
to figure out what is the difference.

That being said, even if we tweaked the binaries install, we don't
want them changing where they've been installed previously, there
could be any number of scripts expecting those locations in layers
that I don't maintain.

i.e. there's no way we should be patching the .service file, since
that indicates the binaries have moved from where they were before.

Bruce



Jose



Cheers,

Bruce

On Tue, Aug 9, 2022 at 8:16 AM Jose Quaresma <quaresma.jose@...> wrote:

- The env BIN_PREFIX is there from the beginning but there are no references to it,
also fix a fatal QA errors installed-vs-shipped.

ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: QA Issue: kubernetes: Files/directories were installed but not shipped in any package:
/bin
/bin/k8s-init
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
kubernetes: 2 installed and not shipped files. [installed-vs-shipped]
ERROR: kubernetes-1_v1.23.6+gitfbcfa33018159c033aee77b0d5456df6771aa9b5-r0 do_package: Fatal QA errors were found, failing task.

Signed-off-by: Jose Quaresma <jose.quaresma@...>
---
recipes-containers/kubernetes/kubernetes_git.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index e9460d4..82b75b1 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -103,8 +103,8 @@ do_install() {
install -m 0644 ${WORKDIR}/git/release/cmd/kubepkg/templates/latest/deb/kubeadm/10-kubeadm.conf ${D}${systemd_unitdir}/system/kubelet.service.d/

if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
- install -d "${D}${BIN_PREFIX}/bin"
- install -m 755 "${WORKDIR}/k8s-init" "${D}${BIN_PREFIX}/bin"
+ install -d ${D}${bindir}
+ install -m 755 ${WORKDIR}/k8s-init ${D}${bindir}

install -d ${D}${sysconfdir}/sysctl.d
install -m 0644 "${WORKDIR}/99-kubernetes.conf" "${D}${sysconfdir}/sysctl.d"
@@ -141,7 +141,7 @@ FILES:kube-proxy = "${bindir}/kube-proxy"
FILES:${PN}-misc = "${bindir} ${sysconfdir}/sysctl.d"

ALLOW_EMPTY:${PN}-host = "1"
-FILE:${PN}-host = "${BIN_PREFIX}/bin/k8s-init"
+FILE:${PN}-host = "${bindir}/k8s-init"
RDEPENDS:${PN}-host = "${PN}"

RRECOMMENDS:${PN} = "\
--
2.37.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


--
Best regards,

José Quaresma


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

1 - 20 of 7515