Date   

Re: [hardknott][PATCH] libvirt: fix CVE-2022-0897

Bruce Ashfield
 

merged.

Bruce

In message: [meta-virtualization] [hardknott][PATCH] libvirt: fix CVE-2022-0897
on 13/04/2022 Changqing Li wrote:

From: Changqing Li <changqing.li@...>

Signed-off-by: Changqing Li <changqing.li@...>
---
.../libvirt/libvirt/CVE-2022-0897.patch | 57 +++++++++++++++++++
recipes-extended/libvirt/libvirt_6.3.0.bb | 1 +
2 files changed, 58 insertions(+)
create mode 100644 recipes-extended/libvirt/libvirt/CVE-2022-0897.patch

diff --git a/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch b/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch
new file mode 100644
index 0000000..e98f40b
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch
@@ -0,0 +1,57 @@
+From d470667167fa585d2bc3b996fb3bf2786d44be9a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@...>
+Date: Tue, 8 Mar 2022 17:28:38 +0000
+Subject: [PATCH] nwfilter: fix crash when counting number of network filters
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virNWFilterObjListNumOfNWFilters method iterates over the
+driver->nwfilters, accessing virNWFilterObj instances. As such
+it needs to be protected against concurrent modification of
+the driver->nwfilters object.
+
+This API allows unprivileged users to connect, so users with
+read-only access to libvirt can cause a denial of service
+crash if they are able to race with a call of virNWFilterUndefine.
+Since network filters are usually statically defined, this is
+considered a low severity problem.
+
+This is assigned CVE-2022-0897.
+
+Reviewed-by: Eric Blake <eblake@...>
+Signed-off-by: Daniel P. Berrangé <berrange@...>
+
+Upstream-Status: Backport [https://gitlab.com/libvirt/libvirt/-/commit/a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36]
+CVE: CVE-2022-0897
+
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ src/nwfilter/nwfilter_driver.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
+index 1c40772..27500d1 100644
+--- a/src/nwfilter/nwfilter_driver.c
++++ b/src/nwfilter/nwfilter_driver.c
+@@ -514,11 +514,15 @@ nwfilterLookupByName(virConnectPtr conn,
+ static int
+ nwfilterConnectNumOfNWFilters(virConnectPtr conn)
+ {
++ int ret;
+ if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
+ return -1;
+
+- return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
+- virConnectNumOfNWFiltersCheckACL);
++ nwfilterDriverLock();
++ ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
++ virConnectNumOfNWFiltersCheckACL);
++ nwfilterDriverUnlock();
++ return ret;
+ }
+
+
+--
+2.25.1
+
diff --git a/recipes-extended/libvirt/libvirt_6.3.0.bb b/recipes-extended/libvirt/libvirt_6.3.0.bb
index 8e95ad6..48e5b58 100644
--- a/recipes-extended/libvirt/libvirt_6.3.0.bb
+++ b/recipes-extended/libvirt/libvirt_6.3.0.bb
@@ -47,6 +47,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
file://CVE-2021-3631.patch \
file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \
file://CVE-2021-3975.patch \
+ file://CVE-2022-0897.patch \
"

SRC_URI[libvirt.md5sum] = "1bd4435f77924f5ec9928b538daf4a02"
--
2.25.1



Re: [PATCH] k3s: Add missing IP Virtual Server (ip_vs) feature to the kernel config

Bruce Ashfield
 

On Wed, Apr 13, 2022 at 5:16 AM Richard Neill <richard.neill@...> wrote:

K3s (and Kubernetes) supports load balancing via IPVS, and by default reports
errors when IPVS kernel modules cannot be loaded.

This patch adds the missing reported kernel modules to the k3s recipe, and
orders the kernel module list alphabetically:
I'd actually prefer that the list not be sorted, at the same time as
we are adding to it.

Can you re-submit with just the new kernel module recommendations added.

Bruce


* ip-vs
* ip-vs-rr
* ip-vs-wrr
* ip-vs-sh

The modules are configured by including the ip_vs kernel feature.

Signed-off-by: Richard Neill <richard.neill@...>
---
recipes-containers/k3s/k3s_git.bb | 22 +++++++++++--------
.../linux/linux-yocto/kubernetes.scc | 1 +
2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index e2a3ffc..0b56e3c 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -2690,20 +2690,24 @@ RDEPENDS:${PN}-server = "${PN}"
RDEPENDS:${PN}-agent = "${PN}"

RRECOMMENDS:${PN} = "\
+ kernel-module-ip-vs \
+ kernel-module-ip-vs-rr \
+ kernel-module-ip-vs-sh \
+ kernel-module-ip-vs-wrr \
+ kernel-module-nfnetlink-log \
+ kernel-module-vxlan \
kernel-module-xt-addrtype \
- kernel-module-xt-nat \
- kernel-module-xt-multiport \
- kernel-module-xt-conntrack \
kernel-module-xt-comment \
- kernel-module-xt-mark \
kernel-module-xt-connmark \
- kernel-module-vxlan \
+ kernel-module-xt-conntrack \
+ kernel-module-xt-limit \
+ kernel-module-xt-mark \
kernel-module-xt-masquerade \
- kernel-module-xt-statistic \
- kernel-module-xt-physdev \
+ kernel-module-xt-multiport \
+ kernel-module-xt-nat \
kernel-module-xt-nflog \
- kernel-module-xt-limit \
- kernel-module-nfnetlink-log \
+ kernel-module-xt-physdev \
+ kernel-module-xt-statistic \
"

RCONFLICTS:${PN} = "kubectl"
diff --git a/recipes-kernel/linux/linux-yocto/kubernetes.scc b/recipes-kernel/linux/linux-yocto/kubernetes.scc
index 1e93b70..a94ae84 100644
--- a/recipes-kernel/linux/linux-yocto/kubernetes.scc
+++ b/recipes-kernel/linux/linux-yocto/kubernetes.scc
@@ -1,2 +1,3 @@
include docker.scc
+include cgl/cfg/net/ip_vs.scc
kconf non-hardware kubernetes.cfg
--
2.25.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH 0/3] xen: Update recipes for xen and xen-tools

Bruce Ashfield
 

On Fri, Apr 8, 2022 at 4:44 AM Michal Orzel <michal.orzel@...> wrote:

Before the next Yocto release, Xen recipes need to be updated.
This patch series:
- updates 4.15 recipes
- introduces 4.16 recipes
- removes 4.14 recipes
FYI: I'm not ignoring these, and I will make sure they get into the
upcoming release branch and are in place for the LTS release. I'm just
waiting until Christopher gets a chance to review and see if these
match up with what he was thinking about for versions.

Bruce


Michal Orzel (3):
xen: Bump SRCREV of 4.15 recipes to 4.15.2
xen: Add recipes for stable Xen 4.16 release and update master
xen: Remove 4.14 recipes and related patches

.../include/meta-virt-default-versions.inc | 4 +-
...-stand-alone-set-of-headers-Xen-4.14.patch | 178 ------------------
...ython-pygrub-pass-DISTUTILS-xen-4.14.patch | 66 -------
...d-firmware-as-ffreestanding-Xen-4.14.patch | 83 --------
recipes-extended/xen/xen-tools_4.14.bb | 21 ---
recipes-extended/xen/xen-tools_4.15.bb | 4 +-
recipes-extended/xen/xen-tools_4.16.bb | 19 ++
recipes-extended/xen/xen-tools_git.bb | 6 +-
recipes-extended/xen/xen_4.15.bb | 4 +-
.../xen/{xen_4.14.bb => xen_4.16.bb} | 6 +-
recipes-extended/xen/xen_git.bb | 6 +-
11 files changed, 34 insertions(+), 363 deletions(-)
delete mode 100644 recipes-extended/xen/files/0001-firmware-provide-a-stand-alone-set-of-headers-Xen-4.14.patch
delete mode 100644 recipes-extended/xen/files/0001-python-pygrub-pass-DISTUTILS-xen-4.14.patch
delete mode 100644 recipes-extended/xen/files/0001-tools-firmware-Build-firmware-as-ffreestanding-Xen-4.14.patch
delete mode 100644 recipes-extended/xen/xen-tools_4.14.bb
create mode 100644 recipes-extended/xen/xen-tools_4.16.bb
rename recipes-extended/xen/{xen_4.14.bb => xen_4.16.bb} (79%)

--
2.25.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


[PATCH] libvmi: Fix out of box build failure with xen disabled

He Zhe
 

vbd was added for xen based VMs since
bdee00fac9b4 ("Disk reading interface for Xen based VMs and example")
and should be built only when xen is enabled, otherwise there would not be
necessary xen headers and cause the following failure.

Signed-off-by: He Zhe <zhe.he@...>
---
...1-Build-vbd-only-when-xen-is-enabled.patch | 76 +++++++++++++++++++
recipes-extended/libvmi/libvmi_git.bb | 1 +
2 files changed, 77 insertions(+)
create mode 100644 recipes-extended/libvmi/files/0001-Build-vbd-only-when-xen-is-enabled.patch

diff --git a/recipes-extended/libvmi/files/0001-Build-vbd-only-when-xen-is-enabled.patch b/recipes-extended/libvmi/files/0001-Build-vbd-only-when-xen-is-enabled.patch
new file mode 100644
index 00000000..bf6e9f0e
--- /dev/null
+++ b/recipes-extended/libvmi/files/0001-Build-vbd-only-when-xen-is-enabled.patch
@@ -0,0 +1,76 @@
+From fb7a1493c7d4a30ae930d8cb7dcb84c83c0cacce Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he@...>
+Date: Wed, 13 Apr 2022 09:26:01 +0000
+Subject: [PATCH] Build vbd only when xen is enabled
+
+vbd was added for xen based VMs since
+bdee00fac9b4 ("Disk reading interface for Xen based VMs and example")
+and should be built only when xen is enabled, otherwise there would not be
+necessary xen headers and cause the following failure.
+
+xen_private.h:38:10: fatal error: xenctrl.h: No such file or directory
+
+Upstream-Status: Pending
+
+Signed-off-by: He Zhe <zhe.he@...>
+---
+ Makefile.am | 8 ++++----
+ libvmi/CMakeLists.txt | 2 +-
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 097c23c..c560a1d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -17,8 +17,7 @@ h_private = \
+ libvmi/os/os_interface.h \
+ libvmi/driver/driver_interface.h \
+ libvmi/driver/driver_wrapper.h \
+- libvmi/driver/memory_cache.h \
+- libvmi/disk/vbd_private.h
++ libvmi/driver/memory_cache.h
+
+ c_sources = \
+ libvmi/accessors.c \
+@@ -39,8 +38,7 @@ c_sources = \
+ libvmi/arch/ept.c \
+ libvmi/driver/driver_interface.c \
+ libvmi/driver/memory_cache.c \
+- libvmi/os/os_interface.c \
+- libvmi/disk/vbd.c
++ libvmi/os/os_interface.c
+
+ if ENABLE_ADDRESS_CACHE
+ c_sources += libvmi/cache.c
+@@ -104,6 +102,8 @@ if WITH_XEN
+ libvmi/driver/xen/libxc_wrapper.h \
+ libvmi/driver/xen/libxs_wrapper.c \
+ libvmi/driver/xen/libxs_wrapper.h
++ h_private += libvmi/disk/vbd_private.h
++ c_sources += libvmi/disk/vbd.c
+ endif
+
+ if WITH_BAREFLANK
+diff --git a/libvmi/CMakeLists.txt b/libvmi/CMakeLists.txt
+index ac57d79..7e87751 100644
+--- a/libvmi/CMakeLists.txt
++++ b/libvmi/CMakeLists.txt
+@@ -18,7 +18,6 @@ set(libvmi_src
+ driver/driver_interface.c
+ driver/memory_cache.c
+ os/os_interface.c
+- disk/vbd.c
+ )
+
+ add_library(vmi OBJECT ${libvmi_src})
+@@ -169,6 +168,7 @@ add_subdirectory(os)
+
+
+ if (ENABLE_XEN)
++ list(APPEND libvmi_src disk/vbd.c)
+ find_package(Xen REQUIRED)
+ list(APPEND VMI_PUBLIC_HEADERS events.h)
+ # CMAKE_DL_LIBS -> dlopen* lib
+--
+2.32.0
+
diff --git a/recipes-extended/libvmi/libvmi_git.bb b/recipes-extended/libvmi/libvmi_git.bb
index d856256a..72069c68 100644
--- a/recipes-extended/libvmi/libvmi_git.bb
+++ b/recipes-extended/libvmi/libvmi_git.bb
@@ -9,6 +9,7 @@ PV = "0.14.0+git${SRCPV}"
DEPENDS = "libvirt libcheck bison fuse byacc-native"

SRC_URI = "git://github.com/libvmi/libvmi.git;branch=master;protocol=https \
+ file://0001-Build-vbd-only-when-xen-is-enabled.patch \
"

SRCREV = "41600b602815a9c42620cd5a96c5b88739fc6d9b"
--
2.32.0


Re: [PATCH] k3s: Add missing IP Virtual Server (ip_vs) feature to the kernel config

Richard Neill
 

Hi Bruce,

Could you please also backport this patch to the honister branch? Thanks!

Richard


From: meta-virtualization@... <meta-virtualization@...> on behalf of Richard Neill via lists.yoctoproject.org <richard.neill=arm.com@...>
Sent: Wednesday, April 13, 2022 10:16 AM
To: meta-virtualization@... <meta-virtualization@...>
Cc: nd <nd@...>
Subject: [meta-virtualization] [PATCH] k3s: Add missing IP Virtual Server (ip_vs) feature to the kernel config
 
K3s (and Kubernetes) supports load balancing via IPVS, and by default reports
errors when IPVS kernel modules cannot be loaded.

This patch adds the missing reported kernel modules to the k3s recipe, and
orders the kernel module list alphabetically:

    * ip-vs
    * ip-vs-rr
    * ip-vs-wrr
    * ip-vs-sh

The modules are configured by including the ip_vs kernel feature.

Signed-off-by: Richard Neill <richard.neill@...>
---
 recipes-containers/k3s/k3s_git.bb             | 22 +++++++++++--------
 .../linux/linux-yocto/kubernetes.scc          |  1 +
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index e2a3ffc..0b56e3c 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -2690,20 +2690,24 @@ RDEPENDS:${PN}-server = "${PN}"
 RDEPENDS:${PN}-agent = "${PN}"

 RRECOMMENDS:${PN} = "\
+                     kernel-module-ip-vs \
+                     kernel-module-ip-vs-rr \
+                     kernel-module-ip-vs-sh \
+                     kernel-module-ip-vs-wrr \
+                     kernel-module-nfnetlink-log \
+                     kernel-module-vxlan \
                      kernel-module-xt-addrtype \
-                     kernel-module-xt-nat \
-                     kernel-module-xt-multiport \
-                     kernel-module-xt-conntrack \
                      kernel-module-xt-comment \
-                     kernel-module-xt-mark \
                      kernel-module-xt-connmark \
-                     kernel-module-vxlan \
+                     kernel-module-xt-conntrack \
+                     kernel-module-xt-limit \
+                     kernel-module-xt-mark \
                      kernel-module-xt-masquerade \
-                     kernel-module-xt-statistic \
-                     kernel-module-xt-physdev \
+                     kernel-module-xt-multiport \
+                     kernel-module-xt-nat \
                      kernel-module-xt-nflog \
-                     kernel-module-xt-limit \
-                     kernel-module-nfnetlink-log \
+                     kernel-module-xt-physdev \
+                     kernel-module-xt-statistic \
                      "

 RCONFLICTS:${PN} = "kubectl"
diff --git a/recipes-kernel/linux/linux-yocto/kubernetes.scc b/recipes-kernel/linux/linux-yocto/kubernetes.scc
index 1e93b70..a94ae84 100644
--- a/recipes-kernel/linux/linux-yocto/kubernetes.scc
+++ b/recipes-kernel/linux/linux-yocto/kubernetes.scc
@@ -1,2 +1,3 @@
 include docker.scc
+include cgl/cfg/net/ip_vs.scc
 kconf non-hardware kubernetes.cfg
--
2.25.1


[PATCH] k3s: Add missing IP Virtual Server (ip_vs) feature to the kernel config

Richard Neill
 

K3s (and Kubernetes) supports load balancing via IPVS, and by default rep=
orts
errors when IPVS kernel modules cannot be loaded.

This patch adds the missing reported kernel modules to the k3s recipe, an=
d
orders the kernel module list alphabetically:

* ip-vs
* ip-vs-rr
* ip-vs-wrr
* ip-vs-sh

The modules are configured by including the ip_vs kernel feature.

Signed-off-by: Richard Neill <richard.neill@...>
---
recipes-containers/k3s/k3s_git.bb | 22 +++++++++++--------
.../linux/linux-yocto/kubernetes.scc | 1 +
2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k=
3s_git.bb
index e2a3ffc..0b56e3c 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -2690,20 +2690,24 @@ RDEPENDS:${PN}-server =3D "${PN}"
RDEPENDS:${PN}-agent =3D "${PN}"

RRECOMMENDS:${PN} =3D "\
+ kernel-module-ip-vs \
+ kernel-module-ip-vs-rr \
+ kernel-module-ip-vs-sh \
+ kernel-module-ip-vs-wrr \
+ kernel-module-nfnetlink-log \
+ kernel-module-vxlan \
kernel-module-xt-addrtype \
- kernel-module-xt-nat \
- kernel-module-xt-multiport \
- kernel-module-xt-conntrack \
kernel-module-xt-comment \
- kernel-module-xt-mark \
kernel-module-xt-connmark \
- kernel-module-vxlan \
+ kernel-module-xt-conntrack \
+ kernel-module-xt-limit \
+ kernel-module-xt-mark \
kernel-module-xt-masquerade \
- kernel-module-xt-statistic \
- kernel-module-xt-physdev \
+ kernel-module-xt-multiport \
+ kernel-module-xt-nat \
kernel-module-xt-nflog \
- kernel-module-xt-limit \
- kernel-module-nfnetlink-log \
+ kernel-module-xt-physdev \
+ kernel-module-xt-statistic \
"

RCONFLICTS:${PN} =3D "kubectl"
diff --git a/recipes-kernel/linux/linux-yocto/kubernetes.scc b/recipes-ke=
rnel/linux/linux-yocto/kubernetes.scc
index 1e93b70..a94ae84 100644
--- a/recipes-kernel/linux/linux-yocto/kubernetes.scc
+++ b/recipes-kernel/linux/linux-yocto/kubernetes.scc
@@ -1,2 +1,3 @@
include docker.scc
+include cgl/cfg/net/ip_vs.scc
kconf non-hardware kubernetes.cfg
--
2.25.1


[hardknott][PATCH] libvirt: fix CVE-2022-0897

Changqing Li
 

From: Changqing Li <changqing.li@...>

Signed-off-by: Changqing Li <changqing.li@...>
---
.../libvirt/libvirt/CVE-2022-0897.patch | 57 +++++++++++++++++++
recipes-extended/libvirt/libvirt_6.3.0.bb | 1 +
2 files changed, 58 insertions(+)
create mode 100644 recipes-extended/libvirt/libvirt/CVE-2022-0897.patch

diff --git a/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch b/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch
new file mode 100644
index 0000000..e98f40b
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/CVE-2022-0897.patch
@@ -0,0 +1,57 @@
+From d470667167fa585d2bc3b996fb3bf2786d44be9a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@...>
+Date: Tue, 8 Mar 2022 17:28:38 +0000
+Subject: [PATCH] nwfilter: fix crash when counting number of network filters
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virNWFilterObjListNumOfNWFilters method iterates over the
+driver->nwfilters, accessing virNWFilterObj instances. As such
+it needs to be protected against concurrent modification of
+the driver->nwfilters object.
+
+This API allows unprivileged users to connect, so users with
+read-only access to libvirt can cause a denial of service
+crash if they are able to race with a call of virNWFilterUndefine.
+Since network filters are usually statically defined, this is
+considered a low severity problem.
+
+This is assigned CVE-2022-0897.
+
+Reviewed-by: Eric Blake <eblake@...>
+Signed-off-by: Daniel P. Berrangé <berrange@...>
+
+Upstream-Status: Backport [https://gitlab.com/libvirt/libvirt/-/commit/a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36]
+CVE: CVE-2022-0897
+
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ src/nwfilter/nwfilter_driver.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
+index 1c40772..27500d1 100644
+--- a/src/nwfilter/nwfilter_driver.c
++++ b/src/nwfilter/nwfilter_driver.c
+@@ -514,11 +514,15 @@ nwfilterLookupByName(virConnectPtr conn,
+ static int
+ nwfilterConnectNumOfNWFilters(virConnectPtr conn)
+ {
++ int ret;
+ if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
+ return -1;
+
+- return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
+- virConnectNumOfNWFiltersCheckACL);
++ nwfilterDriverLock();
++ ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
++ virConnectNumOfNWFiltersCheckACL);
++ nwfilterDriverUnlock();
++ return ret;
+ }
+
+
+--
+2.25.1
+
diff --git a/recipes-extended/libvirt/libvirt_6.3.0.bb b/recipes-extended/libvirt/libvirt_6.3.0.bb
index 8e95ad6..48e5b58 100644
--- a/recipes-extended/libvirt/libvirt_6.3.0.bb
+++ b/recipes-extended/libvirt/libvirt_6.3.0.bb
@@ -47,6 +47,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
file://CVE-2021-3631.patch \
file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \
file://CVE-2021-3975.patch \
+ file://CVE-2022-0897.patch \
"

SRC_URI[libvirt.md5sum] = "1bd4435f77924f5ec9928b538daf4a02"
--
2.25.1


Re: [PATCH] libvirt: fix do_package issue

Peter Kjellerstedt
 

Just for the record, there is ${nonarch_libdir} that expands to “/usr/lib” regardless of whether multilib is used or not. It is typically intended for cases like this.

 

//Peter

 

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: den 11 april 2022 15:53
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

On Mon, Apr 11, 2022 at 9:45 AM Chen, Qi <Qi.Chen@...> wrote:

The only package I found which uses /usr/lib/sysctl.d is systemd.

It packages ${exec_prefix}/lib/sysctl.d.

And it has its reason. It treats /usr/lib as an arch-independent vendor dir, and $libdir is treated as the dir to hold libs.

file-hierarchy (www.freedesktop.org) 

Hmm.  Indeed. In that case, I'll go with a variant of the original patch, with a tweaked commit log. I'll take care of that now.

 

Bruce

 

 Regards,

Qi

From: Bruce Ashfield <bruce.ashfield@...>
Sent: Monday, April 11, 2022 9:35 PM
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 On Mon, Apr 11, 2022 at 9:32 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce,

Looking at the issue a little further, I found we need to use the hardcoded ‘/usr/lib’.

This is because sysctl is hardcoding that.

That's a larger issue, and it breaks other parts of the system. We shouldn't have anything with hard coded /usr/lib.

How are other packages dealing with this ?

In that case, I'll do individual scripts in the packaging, since I don't want a global /usr/lib/ as part of the packaging.

Bruce

Some codes in sysctl.c from procps:

static int PreloadSystem(void)
{
        unsigned di, i;
        const char *dirs[] = {
                "/etc/sysctl.d",
                "/run/sysctl.d",
                "/usr/local/lib/sysctl.d",
                "/usr/lib/sysctl.d",
                "/lib/sysctl.d",
        };

I’ve sent out a patch to fix the issue. Please help review it. 

Regards,

Qi 

From: Bruce Ashfield <bruce.ashfield@...>
Sent: Monday, April 11, 2022 9:05 PM
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 On Mon, Apr 11, 2022 at 9:01 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce & Preeti,

I was trying to fix the same issue when I found this thread.

This issue appears when multilib is enabled.

When multilib is disabled, ${libdir} is /usr/lib, thus packaging the file into libvirt-python.

When multilib is enabled, ${libdir} is /usr/lib64, and the file is not packaged.

Aha. Right you are.

So we should tweak libvirt to use ${libdir} and not the hardcoded /user/lib (which it never really should have been), and package anything that gets installed into sysctl.d/

It isn't clear that this particular .conf belongs in libvirtd, but it is just as good there, as in the libvirt-python.

I'll do some tests in the non-multiconfig configuration to ensure that everything still packages properly.

Bruce

Regards,

Qi

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: Monday, April 11, 2022 8:44 PM
To: preeti.sachan@...
Cc: meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

There's definitely something different in your configuration, so that needs to be understood first.

That file is packaged as part of libvirt-python here, and should be the same for others, as I haven't had any reports of failures.

You have a multiconfig in play. Anything else ? What is your init system ? Any bbappends in play ?

Bruce

On Sun, Apr 10, 2022 at 11:49 PM <preeti.sachan@...> wrote:

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: QA Issue: libvirt: Files/directories were installed but not shipped in any package:

  /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.

libvirt: 1 installed and not shipped files. [installed-vs-shipped]

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: Fatal QA errors were found, failing task.


Re: [PATCH] libvirt: fix do_package issue

preeti.sachan@...
 

Hi Qi

You are right. My build configuration is also using multilib and this issue appeared.


Re: [PATCH] libvirt: fix do_package issue

Bruce Ashfield
 



On Mon, Apr 11, 2022 at 9:45 AM Chen, Qi <Qi.Chen@...> wrote:

The only package I found which uses /usr/lib/sysctl.d is systemd.

It packages ${exec_prefix}/lib/sysctl.d.

And it has its reason. It treats /usr/lib as an arch-independent vendor dir, and $libdir is treated as the dir to hold libs.

file-hierarchy (www.freedesktop.org)

 


Hmm.  Indeed. In that case, I'll go with a variant of the original patch, with a tweaked commit log. I'll take care of that now.

Bruce

 

Regards,

Qi

 

From: Bruce Ashfield <bruce.ashfield@...>
Sent: Monday, April 11, 2022 9:35 PM
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

 

 

On Mon, Apr 11, 2022 at 9:32 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce,

 

Looking at the issue a little further, I found we need to use the hardcoded ‘/usr/lib’.

This is because sysctl is hardcoding that.

 

That's a larger issue, and it breaks other parts of the system. We shouldn't have anything with hard coded /usr/lib.

 

How are other packages dealing with this ?

 

In that case, I'll do individual scripts in the packaging, since I don't want a global /usr/lib/ as part of the packaging.

 

Bruce

 

 

 

Some codes in sysctl.c from procps:

static int PreloadSystem(void)

{

        unsigned di, i;

        const char *dirs[] = {

                "/etc/sysctl.d",

                "/run/sysctl.d",

                "/usr/local/lib/sysctl.d",

                "/usr/lib/sysctl.d",

                "/lib/sysctl.d",

        };

 

I’ve sent out a patch to fix the issue. Please help review it.

 

Regards,

Qi

 

From: Bruce Ashfield <bruce.ashfield@...>
Sent: Monday, April 11, 2022 9:05 PM
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

 

 

On Mon, Apr 11, 2022 at 9:01 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce & Preeti,

 

I was trying to fix the same issue when I found this thread.

This issue appears when multilib is enabled.

 

When multilib is disabled, ${libdir} is /usr/lib, thus packaging the file into libvirt-python.

When multilib is enabled, ${libdir} is /usr/lib64, and the file is not packaged.

 

Aha. Right you are.

 

So we should tweak libvirt to use ${libdir} and not the hardcoded /user/lib (which it never really should have been), and package anything that gets installed into sysctl.d/

 

It isn't clear that this particular .conf belongs in libvirtd, but it is just as good there, as in the libvirt-python.

 

I'll do some tests in the non-multiconfig configuration to ensure that everything still packages properly.

 

Bruce

 

 

 

Regards,

Qi

 

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: Monday, April 11, 2022 8:44 PM
To: preeti.sachan@...
Cc: meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

There's definitely something different in your configuration, so that needs to be understood first.

 

That file is packaged as part of libvirt-python here, and should be the same for others, as I haven't had any reports of failures.

 

You have a multiconfig in play. Anything else ? What is your init system ? Any bbappends in play ?

 

Bruce

 

On Sun, Apr 10, 2022 at 11:49 PM <preeti.sachan@...> wrote:

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: QA Issue: libvirt: Files/directories were installed but not shipped in any package:

  /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.

libvirt: 1 installed and not shipped files. [installed-vs-shipped]

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: Fatal QA errors were found, failing task.

 


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] libvirt: fix do_package issue

Chen Qi
 

The only package I found which uses /usr/lib/sysctl.d is systemd.

It packages ${exec_prefix}/lib/sysctl.d.

And it has its reason. It treats /usr/lib as an arch-independent vendor dir, and $libdir is treated as the dir to hold libs.

file-hierarchy (www.freedesktop.org)

 

Regards,

Qi

 

From: Bruce Ashfield <bruce.ashfield@...>
Sent: Monday, April 11, 2022 9:35 PM
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

 

 

On Mon, Apr 11, 2022 at 9:32 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce,

 

Looking at the issue a little further, I found we need to use the hardcoded ‘/usr/lib’.

This is because sysctl is hardcoding that.

 

That's a larger issue, and it breaks other parts of the system. We shouldn't have anything with hard coded /usr/lib.

 

How are other packages dealing with this ?

 

In that case, I'll do individual scripts in the packaging, since I don't want a global /usr/lib/ as part of the packaging.

 

Bruce

 

 

 

Some codes in sysctl.c from procps:

static int PreloadSystem(void)

{

        unsigned di, i;

        const char *dirs[] = {

                "/etc/sysctl.d",

                "/run/sysctl.d",

                "/usr/local/lib/sysctl.d",

                "/usr/lib/sysctl.d",

                "/lib/sysctl.d",

        };

 

I’ve sent out a patch to fix the issue. Please help review it.

 

Regards,

Qi

 

From: Bruce Ashfield <bruce.ashfield@...>
Sent: Monday, April 11, 2022 9:05 PM
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

 

 

On Mon, Apr 11, 2022 at 9:01 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce & Preeti,

 

I was trying to fix the same issue when I found this thread.

This issue appears when multilib is enabled.

 

When multilib is disabled, ${libdir} is /usr/lib, thus packaging the file into libvirt-python.

When multilib is enabled, ${libdir} is /usr/lib64, and the file is not packaged.

 

Aha. Right you are.

 

So we should tweak libvirt to use ${libdir} and not the hardcoded /user/lib (which it never really should have been), and package anything that gets installed into sysctl.d/

 

It isn't clear that this particular .conf belongs in libvirtd, but it is just as good there, as in the libvirt-python.

 

I'll do some tests in the non-multiconfig configuration to ensure that everything still packages properly.

 

Bruce

 

 

 

Regards,

Qi

 

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: Monday, April 11, 2022 8:44 PM
To: preeti.sachan@...
Cc: meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

There's definitely something different in your configuration, so that needs to be understood first.

 

That file is packaged as part of libvirt-python here, and should be the same for others, as I haven't had any reports of failures.

 

You have a multiconfig in play. Anything else ? What is your init system ? Any bbappends in play ?

 

Bruce

 

On Sun, Apr 10, 2022 at 11:49 PM <preeti.sachan@...> wrote:

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: QA Issue: libvirt: Files/directories were installed but not shipped in any package:

  /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.

libvirt: 1 installed and not shipped files. [installed-vs-shipped]

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: Fatal QA errors were found, failing task.

 


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] k3s: do not use a go file as patch

Bruce Ashfield
 



On Fri, Apr 8, 2022 at 1:42 PM Bruce Ashfield via lists.yoctoproject.org <bruce.ashfield=gmail.com@...> wrote:


On Fri, Apr 8, 2022 at 1:31 PM Adrian Freihofer <adrian.freihofer@...> wrote:
Hi Bruce

Build with empty download folder works:
  bitbake k3s -c cleanall
  (cd downloads; find -name \*andreyvit\* -delete )
  bitbake k3s

My download folder looks like that after building K3S
downloads]$ find -name \*andreyvit\*
./git2/github.com.andreyvit.diff
./git2/github.com.andreyvit.diff.done
./gitshallow_github.com.andreyvit.diff_c7f18ee-1.tar.gz
./gitshallow_github.com.andreyvit.diff_c7f18ee-1.tar.gz.done


This does not work:
  bitbake k3s -c cleanall

  downloads]$ find -name \*andreyvit\*
  ./gitshallow_github.com.andreyvit.diff_c7f18ee-1.tar.gz
  ./gitshallow_github.com.andreyvit.diff_c7f18ee-1.tar.gz.done

  bitbake k3s
  ERROR: k3s-v1.22.6+k3s1+git4262c6b91a43ef8411870f72ff8b8715949f90e2-
  r0 do_patch: Importing patch 'github.com.andreyvit.diff' with 
  striplevel '1' FileNotFoundError(2, 'No such file or directory')

Conclusion: After bitbake k3s -c cleanall the error occurs.


I'll see if I see the same behaviour, as i've done a LOT of cleanalls as I battled the uprev of k3s, and didn't see that. But it could have been hidden in a fail -> restart cycle as things moved past the issue.

I've done multiple executions of that exact set of steps, and I've never seen the error you are encountering. Clearly there's something different in the various build environments.

We are also getting reports of k3s working in other CI setups and runtime success, so it also isn't happening everywhere.

That being said, the patch is simple enough, and as long as it doesn't break my tests (re-running with it queued now), I'll merge it and just keep an eye out for other similar behaviour popping up.

Bruce

 


I also spent some time to analyze what the function "patch_path" in
patch.py does: It matches ".diff" against "github.com.andreyvit.diff".

Indeed, I suppose something could be done to allow that repo to have that name, and not be picked up as a patch, but it isn't a common problem, so the complexity wouldn't really be worth it.

Once i've reproduced the issue, i'll test with your patch, as it is the simplest way to avoid the problem.

Bruce

 

Regards,
Adrian


On Fri, 2022-04-08 at 10:29 -0400, Bruce Ashfield wrote:
>
>
> On Fri, Apr 8, 2022 at 8:53 AM Bruce Ashfield via
> lists.yoctoproject.org
> <bruce.ashfield=gmail.com@...> wrote:
> >
> >
> > On Fri, Apr 8, 2022 at 8:34 AM Adrian Freihofer
> > <adrian.freihofer@...> wrote:
> > > Compiling k3s failed with:
> > > do_patch: Importing patch 'github.com.andreyvit.diff' with
> > > striplevel '1'
> > >
> > > The problem is that github.com/andreyvit/diff ends up as
> > > github.com.andreyvit.diff
> > > in the download folder which than matches the test in patch.py.
> > >
> > >
> >
> >
> > I've built this K3S hundreds of times, and have never seen this, so
> > I won't apply this until I figure out what is the difference
> > between your environment and mine.
> >
> > Can you share more details about your build environment, etc.
> >
>
>
> I am seeing a different fetch issue on a new/fresh machine I brought
> up this morning, using the -tip of master for all layers. My
> cached downloads were keeping it working on my other machines.
>
> I'll get past that issue and see if I get the patch issue.
>
> Cheers,
>
> Bruce
>
>
>  
> >
> >  
> > > Not sure how you create this huge SRC_URI list. Probably it would
> > > be the
> > > best to add the apply=no to all urls.
> > >
> > >
> >
> >
> > Eh, no. I'm not going to append that to all the URIs just because
> > of one outlier that matched.
> >
> > Bruce
> >
> >  
> > > Signed-off-by: Adrian Freihofer <adrian.freihofer@...>
> > > ---
> > >  recipes-containers/k3s/k3s_git.bb | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-
> > > containers/k3s/k3s_git.bb
> > > index e2a3ffc..53a8677 100644
> > > --- a/recipes-containers/k3s/k3s_git.bb
> > > +++ b/recipes-containers/k3s/k3s_git.bb
> > > @@ -219,7 +219,7 @@ SRC_URI += "git://github.com/alexflint/go-
> > > filemutex;name=go-filemutex;protocol=h
> > >  # github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
> > >  # [1] git ls-remote https://github.com/andreyvit/diff
> > > c7f18ee00883bfd3b00e0a2bf7607827e0148ad4
> > >  SRCREV_diff="c7f18ee00883bfd3b00e0a2bf7607827e0148ad4"
> > > -SRC_URI +=
> > > "git://github.com/andreyvit/diff;name=diff;protocol=https;nobranc
> > > h=1;destsuffix=${WORKDIR}/${BP}/src/import/vendor.fetch/github.co
> > > m/andreyvit/diff"
> > > +SRC_URI +=
> > > "git://github.com/andreyvit/diff;name=diff;protocol=https;nobranc
> > > h=1;destsuffix=${WORKDIR}/${BP}/src/import/vendor.fetch/github.co
> > > m/andreyvit/diff;apply=no"
> > >
> > >  # github.com/andybalholm/cascadia v1.0.0
> > >  # [1] git ls-remote https://github.com/andybalholm/cascadia
> > > 901648c87902174f774fac311d7f176f8647bdaa
> > > --
> > > 2.35.1
> > >
> > >
> > >
> > >
> >
> >
> > --
> > - Thou shalt not follow the NULL pointer, for chaos and madness
> > await thee at its end
> > - "Use the force Harry" - Gandalf, Star Trek II
> >
> >
> >
> >
>
>



--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II






--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] libvirt: fix do_package issue

Bruce Ashfield
 



On Mon, Apr 11, 2022 at 9:32 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce,

 

Looking at the issue a little further, I found we need to use the hardcoded ‘/usr/lib’.

This is because sysctl is hardcoding that.


That's a larger issue, and it breaks other parts of the system. We shouldn't have anything with hard coded /usr/lib.

How are other packages dealing with this ?

In that case, I'll do individual scripts in the packaging, since I don't want a global /usr/lib/ as part of the packaging.

Bruce

 

 

Some codes in sysctl.c from procps:

static int PreloadSystem(void)

{

        unsigned di, i;

        const char *dirs[] = {

                "/etc/sysctl.d",

                "/run/sysctl.d",

                "/usr/local/lib/sysctl.d",

                "/usr/lib/sysctl.d",

                "/lib/sysctl.d",

        };

 

I’ve sent out a patch to fix the issue. Please help review it.

 

Regards,

Qi

 

From: Bruce Ashfield <bruce.ashfield@...>
Sent: Monday, April 11, 2022 9:05 PM
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

 

 

On Mon, Apr 11, 2022 at 9:01 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce & Preeti,

 

I was trying to fix the same issue when I found this thread.

This issue appears when multilib is enabled.

 

When multilib is disabled, ${libdir} is /usr/lib, thus packaging the file into libvirt-python.

When multilib is enabled, ${libdir} is /usr/lib64, and the file is not packaged.

 

Aha. Right you are.

 

So we should tweak libvirt to use ${libdir} and not the hardcoded /user/lib (which it never really should have been), and package anything that gets installed into sysctl.d/

 

It isn't clear that this particular .conf belongs in libvirtd, but it is just as good there, as in the libvirt-python.

 

I'll do some tests in the non-multiconfig configuration to ensure that everything still packages properly.

 

Bruce

 

 

 

Regards,

Qi

 

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: Monday, April 11, 2022 8:44 PM
To: preeti.sachan@...
Cc: meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

There's definitely something different in your configuration, so that needs to be understood first.

 

That file is packaged as part of libvirt-python here, and should be the same for others, as I haven't had any reports of failures.

 

You have a multiconfig in play. Anything else ? What is your init system ? Any bbappends in play ?

 

Bruce

 

On Sun, Apr 10, 2022 at 11:49 PM <preeti.sachan@...> wrote:

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: QA Issue: libvirt: Files/directories were installed but not shipped in any package:

  /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.

libvirt: 1 installed and not shipped files. [installed-vs-shipped]

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: Fatal QA errors were found, failing task.

 


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] libvirt: package all sysctl conf files for libvirtd

Bruce Ashfield
 



On Mon, Apr 11, 2022 at 9:29 AM Chen Qi <Qi.Chen@...> wrote:
The libvirtd package has already packaged ${sysconfdir}/sysctl.d,
and also the /usr/lib/sysctl.d/60-libvirtd.conf, it would be
reasonable for it to package other sysctl conf files, otherwise
we will meet the following error in case of multilib.

  QA Issue: libvirt: Files/directories were installed but not shipped in any package:
    /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

See the patch that I sent as well.

There's no reason to have /usr/lib anywhere in the packaging at all. We should just rely on ${libdir}, if libvirt is installing outside of the definition of ${libdir}, then we can patch ilbvirt, versus hardcoding /usr/lib in the FILES variables.

Bruce

 

Signed-off-by: Chen Qi <Qi.Chen@...>
---
 recipes-extended/libvirt/libvirt_8.1.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/libvirt/libvirt_8.1.0.bb b/recipes-extended/libvirt/libvirt_8.1.0.bb
index b90fb704..433601c6 100644
--- a/recipes-extended/libvirt/libvirt_8.1.0.bb
+++ b/recipes-extended/libvirt/libvirt_8.1.0.bb
@@ -62,7 +62,7 @@ FILES:${PN}-libvirtd = " \
        ${sysconfdir}/sysctl.d \
        ${sysconfdir}/logrotate.d \
        ${sysconfdir}/libvirt/libvirtd.conf \
-        /usr/lib/sysctl.d/60-libvirtd.conf \
+        /usr/lib/sysctl.d/ \
        ${sbindir}/libvirtd \
        ${systemd_system_unitdir} \
        ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', '${libexecdir}/libvirt-guests.sh', d)} \
--
2.33.0






--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] libvirt: fix do_package issue

Chen Qi
 

Hi Bruce,

 

Looking at the issue a little further, I found we need to use the hardcoded ‘/usr/lib’.

This is because sysctl is hardcoding that.

 

Some codes in sysctl.c from procps:

static int PreloadSystem(void)

{

        unsigned di, i;

        const char *dirs[] = {

                "/etc/sysctl.d",

                "/run/sysctl.d",

                "/usr/local/lib/sysctl.d",

                "/usr/lib/sysctl.d",

                "/lib/sysctl.d",

        };

 

I’ve sent out a patch to fix the issue. Please help review it.

 

Regards,

Qi

 

From: Bruce Ashfield <bruce.ashfield@...>
Sent: Monday, April 11, 2022 9:05 PM
To: Chen, Qi <Qi.Chen@...>
Cc: preeti.sachan@...; meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

 

 

On Mon, Apr 11, 2022 at 9:01 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce & Preeti,

 

I was trying to fix the same issue when I found this thread.

This issue appears when multilib is enabled.

 

When multilib is disabled, ${libdir} is /usr/lib, thus packaging the file into libvirt-python.

When multilib is enabled, ${libdir} is /usr/lib64, and the file is not packaged.

 

Aha. Right you are.

 

So we should tweak libvirt to use ${libdir} and not the hardcoded /user/lib (which it never really should have been), and package anything that gets installed into sysctl.d/

 

It isn't clear that this particular .conf belongs in libvirtd, but it is just as good there, as in the libvirt-python.

 

I'll do some tests in the non-multiconfig configuration to ensure that everything still packages properly.

 

Bruce

 

 

 

Regards,

Qi

 

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: Monday, April 11, 2022 8:44 PM
To: preeti.sachan@...
Cc: meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

There's definitely something different in your configuration, so that needs to be understood first.

 

That file is packaged as part of libvirt-python here, and should be the same for others, as I haven't had any reports of failures.

 

You have a multiconfig in play. Anything else ? What is your init system ? Any bbappends in play ?

 

Bruce

 

On Sun, Apr 10, 2022 at 11:49 PM <preeti.sachan@...> wrote:

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: QA Issue: libvirt: Files/directories were installed but not shipped in any package:

  /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.

libvirt: 1 installed and not shipped files. [installed-vs-shipped]

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: Fatal QA errors were found, failing task.

 


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


[PATCH] libvirt: package all sysctl conf files for libvirtd

Chen Qi
 

The libvirtd package has already packaged ${sysconfdir}/sysctl.d,
and also the /usr/lib/sysctl.d/60-libvirtd.conf, it would be
reasonable for it to package other sysctl conf files, otherwise
we will meet the following error in case of multilib.

QA Issue: libvirt: Files/directories were installed but not shipped in any package:
/usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Signed-off-by: Chen Qi <Qi.Chen@...>
---
recipes-extended/libvirt/libvirt_8.1.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/libvirt/libvirt_8.1.0.bb b/recipes-extended/libvirt/libvirt_8.1.0.bb
index b90fb704..433601c6 100644
--- a/recipes-extended/libvirt/libvirt_8.1.0.bb
+++ b/recipes-extended/libvirt/libvirt_8.1.0.bb
@@ -62,7 +62,7 @@ FILES:${PN}-libvirtd = " \
${sysconfdir}/sysctl.d \
${sysconfdir}/logrotate.d \
${sysconfdir}/libvirt/libvirtd.conf \
- /usr/lib/sysctl.d/60-libvirtd.conf \
+ /usr/lib/sysctl.d/ \
${sbindir}/libvirtd \
${systemd_system_unitdir} \
${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '', '${libexecdir}/libvirt-guests.sh', d)} \
--
2.33.0


Re: [PATCH] libvirt: fix do_package issue

Bruce Ashfield
 



On Mon, Apr 11, 2022 at 9:05 AM Bruce Ashfield via lists.yoctoproject.org <bruce.ashfield=gmail.com@...> wrote:


On Mon, Apr 11, 2022 at 9:01 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce & Preeti,

 

I was trying to fix the same issue when I found this thread.

This issue appears when multilib is enabled.

 

When multilib is disabled, ${libdir} is /usr/lib, thus packaging the file into libvirt-python.

When multilib is enabled, ${libdir} is /usr/lib64, and the file is not packaged.


Aha. Right you are.

So we should tweak libvirt to use ${libdir} and not the hardcoded /user/lib (which it never really should have been), and package anything that gets installed into sysctl.d/

It isn't clear that this particular .conf belongs in libvirtd, but it is just as good there, as in the libvirt-python.

I'll do some tests in the non-multiconfig configuration to ensure that everything still packages properly.

 

Bruce

 

 

Regards,

Qi

 

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: Monday, April 11, 2022 8:44 PM
To: preeti.sachan@...
Cc: meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

There's definitely something different in your configuration, so that needs to be understood first.

 

That file is packaged as part of libvirt-python here, and should be the same for others, as I haven't had any reports of failures.

 

You have a multiconfig in play. Anything else ? What is your init system ? Any bbappends in play ?

 

Bruce

 

On Sun, Apr 10, 2022 at 11:49 PM <preeti.sachan@...> wrote:

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: QA Issue: libvirt: Files/directories were installed but not shipped in any package:

  /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.

libvirt: 1 installed and not shipped files. [installed-vs-shipped]

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: Fatal QA errors were found, failing task.




 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II






--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] libvirt: fix do_package issue

Bruce Ashfield
 



On Mon, Apr 11, 2022 at 9:01 AM Chen, Qi <Qi.Chen@...> wrote:

Hi Bruce & Preeti,

 

I was trying to fix the same issue when I found this thread.

This issue appears when multilib is enabled.

 

When multilib is disabled, ${libdir} is /usr/lib, thus packaging the file into libvirt-python.

When multilib is enabled, ${libdir} is /usr/lib64, and the file is not packaged.


Aha. Right you are.

So we should tweak libvirt to use ${libdir} and not the hardcoded /user/lib (which it never really should have been), and package anything that gets installed into sysctl.d/

It isn't clear that this particular .conf belongs in libvirtd, but it is just as good there, as in the libvirt-python.

I'll do some tests in the non-multiconfig configuration to ensure that everything still packages properly.

Bruce

 

 

Regards,

Qi

 

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: Monday, April 11, 2022 8:44 PM
To: preeti.sachan@...
Cc: meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

There's definitely something different in your configuration, so that needs to be understood first.

 

That file is packaged as part of libvirt-python here, and should be the same for others, as I haven't had any reports of failures.

 

You have a multiconfig in play. Anything else ? What is your init system ? Any bbappends in play ?

 

Bruce

 

On Sun, Apr 10, 2022 at 11:49 PM <preeti.sachan@...> wrote:

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: QA Issue: libvirt: Files/directories were installed but not shipped in any package:

  /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.

libvirt: 1 installed and not shipped files. [installed-vs-shipped]

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: Fatal QA errors were found, failing task.




 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II



--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] libvirt: fix do_package issue

Chen Qi
 

Hi Bruce & Preeti,

 

I was trying to fix the same issue when I found this thread.

This issue appears when multilib is enabled.

 

When multilib is disabled, ${libdir} is /usr/lib, thus packaging the file into libvirt-python.

When multilib is enabled, ${libdir} is /usr/lib64, and the file is not packaged.

 

Regards,

Qi

 

From: meta-virtualization@... <meta-virtualization@...> On Behalf Of Bruce Ashfield
Sent: Monday, April 11, 2022 8:44 PM
To: preeti.sachan@...
Cc: meta-virtualization@...
Subject: Re: [meta-virtualization] [PATCH] libvirt: fix do_package issue

 

There's definitely something different in your configuration, so that needs to be understood first.

 

That file is packaged as part of libvirt-python here, and should be the same for others, as I haven't had any reports of failures.

 

You have a multiconfig in play. Anything else ? What is your init system ? Any bbappends in play ?

 

Bruce

 

On Sun, Apr 10, 2022 at 11:49 PM <preeti.sachan@...> wrote:

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: QA Issue: libvirt: Files/directories were installed but not shipped in any package:

  /usr/lib/sysctl.d/60-qemu-postcopy-migration.conf

Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.

libvirt: 1 installed and not shipped files. [installed-vs-shipped]

ERROR: mc:x86-2020:libvirt-8.1.0-r0 do_package: Fatal QA errors were found, failing task.




 

--

- Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] libvirt: fix do_package issue

preeti.sachan@...
 

No libvirt bbappend file in build and multiconfig is created to build with particular kernel version. 
In recipe https://git.yoctoproject.org/meta-virtualization/tree/recipes-extended/libvirt/libvirt_8.1.0.bb , FILES:${PN}-libvirtd is not including  "/usr/lib/sysctl.d/60-qemu-postcopy-migration.conf " neither something "usr/lib/sysctl.d/*". It's strange how it is packaging file "/usr/lib/sysctl.d/60-qemu-postcopy-migration.conf "

341 - 360 of 7504