Date   

[PATCH] xen-*image-minimal: Install *xen-acpi-processor package only for x86* machines

Kamil Dziezyk
 

Kernel module xen_acpi_processor is built only for x86* architectures,
therefore 'kernel-module-xen-acpi-processor' package is compatible only with
x86* machines.

Issue-Id: SCM-3892
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@...>
Change-Id: I8dde00e3c78a1f9eea50b19fbc1981f5e26df133
---
recipes-extended/images/xen-guest-image-minimal.bb | 6 +++++-
recipes-extended/images/xen-image-minimal.bb | 5 ++++-
2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/recipes-extended/images/xen-guest-image-minimal.bb b/recipes-extended/images/xen-guest-image-minimal.bb
index ca111b4..fced763 100644
--- a/recipes-extended/images/xen-guest-image-minimal.bb
+++ b/recipes-extended/images/xen-guest-image-minimal.bb
@@ -4,9 +4,13 @@ inherit core-image features_check

IMAGE_INSTALL += " \
packagegroup-core-boot \
- ${@bb.utils.contains('MACHINE_FEATURES', 'acpi', 'kernel-module-xen-acpi-processor', '', d)} \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'acpi', '${XEN_ACPI_PROCESSOR_MODULE}', '', d)} \
"

+XEN_ACPI_PROCESSOR_MODULE = ""
+XEN_ACPI_PROCESSOR_MODULE:x86 = "kernel-module-xen-acpi-processor"
+XEN_ACPI_PROCESSOR_MODULE:x86-64 = "kernel-module-xen-acpi-processor"
+
IMAGE_INSTALL += "${@bb.utils.contains('IMAGE_FEATURES', 'x11', ' xf86-video-fbdev', '', d)}"

# Install xf86-video-vesa on x86 platforms.
diff --git a/recipes-extended/images/xen-image-minimal.bb b/recipes-extended/images/xen-image-minimal.bb
index ea596ce..f6fa5ed 100644
--- a/recipes-extended/images/xen-image-minimal.bb
+++ b/recipes-extended/images/xen-image-minimal.bb
@@ -5,7 +5,7 @@ INITRD_IMAGE = "core-image-minimal-initramfs"
XEN_KERNEL_MODULES ?= "kernel-module-xen-blkback kernel-module-xen-gntalloc \
kernel-module-xen-gntdev kernel-module-xen-netback kernel-module-xen-wdt \
${@bb.utils.contains('MACHINE_FEATURES', 'pci', "${XEN_PCIBACK_MODULE}", '', d)} \
- ${@bb.utils.contains('MACHINE_FEATURES', 'acpi', 'kernel-module-xen-acpi-processor', '', d)} \
+ ${@bb.utils.contains('MACHINE_FEATURES', 'acpi', '${XEN_ACPI_PROCESSOR_MODULE}', '', d)} \
"

IMAGE_INSTALL += " \
@@ -28,6 +28,9 @@ IMAGE_INSTALL:append:x86-64 = "kernel-module-tun"
XEN_PCIBACK_MODULE = ""
XEN_PCIBACK_MODULE:x86 = "kernel-module-xen-pciback"
XEN_PCIBACK_MODULE:x86-64 = "kernel-module-xen-pciback"
+XEN_ACPI_PROCESSOR_MODULE = ""
+XEN_ACPI_PROCESSOR_MODULE:x86 = "kernel-module-xen-acpi-processor"
+XEN_ACPI_PROCESSOR_MODULE:x86-64 = "kernel-module-xen-acpi-processor"

LICENSE = "MIT"

--
2.17.1

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


[PATCH] python3-dtc: fix missing files in sysroot

Ross Burton <ross@...>
 

There is a bug in SWIG/setuptools where 'pip install' doesn't build
libfdt.py unless the build tree is already dirty, which makes using
the library impossible.

Bump the SRCREV to incorporate the upstream workaround for this issue.

Signed-off-by: Ross Burton <ross.burton@...>
---
recipes-kernel/dtc/python3-dtc_1.6.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-kernel/dtc/python3-dtc_1.6.1.bb b/recipes-kernel/dtc=
/python3-dtc_1.6.1.bb
index 671d280..a868bd0 100644
--- a/recipes-kernel/dtc/python3-dtc_1.6.1.bb
+++ b/recipes-kernel/dtc/python3-dtc_1.6.1.bb
@@ -14,7 +14,7 @@ UPSTREAM_CHECK_GITTAGREGEX =3D "v(?P<pver>\d+(\.\d+)+)"
=20
LIC_FILES_CHKSUM =3D "file://pylibfdt/libfdt.i;beginline=3D1;endline=3D6=
;md5=3Dafda088c974174a29108c8d80b5dce90"
=20
-SRCREV =3D "4048aed12b81c5a0154b9af438edc99ec7d2b6a1"
+SRCREV =3D "c001fc01a43e7a06447c06ea3d50bd60641322b8"
=20
PV =3D "1.6.1+git${SRCPV}"
S =3D "${WORKDIR}/git"
--=20
2.25.1


[m-c-s][PATCH] glusterfs: switch from distutils3 to setuptools3

Jeremy Puhlman
 

---
recipes-extended/glusterfs/glusterfs.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index 646b521f..5c960bca 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -27,7 +27,7 @@ LIC_FILES_CHKSUM = "file://COPYING-GPLV2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://COPYING-LGPLV3;md5=e6a600fd5e1d9cbde2d983680233ad02 \
file://contrib/fuse-util/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"

-inherit autotools pkgconfig distutils3-base update-rc.d systemd
+inherit autotools pkgconfig setuptools3-base update-rc.d systemd
inherit python3-dir

DEPENDS += "bison-native flex-native python3-native fuse libaio libtirpc libxml2 ncurses \
--
2.24.1


[PATCH 2/2] lopper: fix wheel build

Tim Orling
 

The wheel that is built is:
lopper-1.0-py3-none-any.whl

Set BASEVERSION to 1.0 and use this to set PV and the value for PYPA_WHEEL
(the path to the wheel filename).

Signed-off-by: Tim Orling <tim.orling@...>
---
recipes-kernel/lopper/lopper_git.bb | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/recipes-kernel/lopper/lopper_git.bb b/recipes-kernel/lopper/lopper_git.bb
index 606dab6..e96bac7 100644
--- a/recipes-kernel/lopper/lopper_git.bb
+++ b/recipes-kernel/lopper/lopper_git.bb
@@ -7,7 +7,10 @@ SRC_URI = "git://github.com/devicetree-org/lopper.git;branch=master;protocol=htt
SRCREV = "3c81fcce08eeb64cbbde1535abd83572985a8689"
S = "${WORKDIR}/git"

-PV="v1.0+git${SRCPV}"
+BASEVERSION = "1.0"
+PV="v${BASEVERSION}+git${SRCPV}"
+
+PYPA_WHEEL = "${PIP_INSTALL_DIST_PATH}/${BPN}-${BASEVERSION}-*.whl"

LIC_FILES_CHKSUM = "file://LICENSE.md;md5=8e5f5f691f01c9fdfa7a7f2d535be619"

--
2.30.2


[PATCH 1/2] python3-dtc: fix wheel build

Tim Orling
 

The wheel that is built is ${S}/dist/libfdt-1.6.2.dev39+g4048aed.d20220103-cp310-cp310-linux_x86_64.whl
Set PYPA_WHEEL to match this.

Signed-off-by: Tim Orling <tim.orling@...>
---
recipes-kernel/dtc/python3-dtc_1.6.1.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-kernel/dtc/python3-dtc_1.6.1.bb b/recipes-kernel/dtc/python3-dtc_1.6.1.bb
index 449d071..671d280 100644
--- a/recipes-kernel/dtc/python3-dtc_1.6.1.bb
+++ b/recipes-kernel/dtc/python3-dtc_1.6.1.bb
@@ -19,6 +19,8 @@ SRCREV = "4048aed12b81c5a0154b9af438edc99ec7d2b6a1"
PV = "1.6.1+git${SRCPV}"
S = "${WORKDIR}/git"

+PYPA_WHEEL = "${S}/dist/libfdt-1.6.2*.whl"
+
inherit setuptools3 pkgconfig

BBCLASSEXTEND = "native nativesdk"
--
2.30.2


Re: [PATCH] xvisor: Remove bb.error when builing for non-supported arch

Bruce Ashfield
 

merged!

Bruce

In message: [meta-virtualization] [PATCH] xvisor: Remove bb.error when builing for non-supported arch
on 15/02/2022 Kasper wrote:

From: Kasper Revsbech <kasper.revsbech.ext@...>

Change bb.error to bb.note when getting config and arch of target/host
as it is not an error if arch is not supported that should flag when
parsing the recipe.
It is an error if trying to include in image and that is already handled
in COMPATIBLE_HOST

Signed-off-by: Kasper Revsbech <kasper.revsbech.ext@...>
---
recipes-extended/xvisor/xvisor-configs.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-extended/xvisor/xvisor-configs.inc b/recipes-extended/xvisor/xvisor-configs.inc
index f53bba2..cd873cb 100644
--- a/recipes-extended/xvisor/xvisor-configs.inc
+++ b/recipes-extended/xvisor/xvisor-configs.inc
@@ -9,7 +9,7 @@ def get_oemake_config(a, d):
elif re.match('riscv32(eb|)$', a): return 'generic-32b-defconfig'
elif re.match('riscv64(eb|)$', a): return 'generic-64b-defconfig'
else:
- bb.error("cannot map '%s' to a Xvisor defconfig" % a)
+ bb.note("cannot map '%s' to a Xvisor defconfig" % a)

def map_xvisor_arch(a, d):
import re
@@ -22,4 +22,4 @@ def map_xvisor_arch(a, d):
elif re.match('aarch64_be_ilp32$', a): return 'arm'
elif re.match('riscv(32|64|)(eb|)$', a): return 'riscv'
else:
- bb.error("cannot map '%s' to a Xvisor architecture" % a)
+ bb.note("cannot map '%s' to a Xvisor architecture" % a)
--
2.32.0



Re: [m-c-s][PATCH 1/2] librdmacm: update LICENSE variant

Bruce Ashfield
 

merged.

Bruce

In message: [meta-virtualization][m-c-s][PATCH 1/2] librdmacm: update LICENSE variant
on 18/02/2022 Changqing Li wrote:

From: Changqing Li <changqing.li@...>

Fix warning:
WARNING: QA Issue: librdmacm: No generic license file exists for: BSD in any provider [license-exists]

Signed-off-by: Changqing Li <changqing.li@...>
---
recipes-extended/librdmacm/librdmacm_1.1.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/librdmacm/librdmacm_1.1.0.bb b/recipes-extended/librdmacm/librdmacm_1.1.0.bb
index 2e18b0a9..a3271dfd 100644
--- a/recipes-extended/librdmacm/librdmacm_1.1.0.bb
+++ b/recipes-extended/librdmacm/librdmacm_1.1.0.bb
@@ -9,7 +9,7 @@ Also includes ACM (communication management assistant) service."
HOMEPAGE = "http://www.openfabrics.org/downloads/rdmacm/"
SECTION = "libs/devel"

-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause | GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=39cc3044d68741f9005da73e9b92db95"

DEPENDS = "virtual/libibverbs"
--
2.25.1



[m-c-s][PATCH 1/2] librdmacm: update LICENSE variant

Changqing Li
 

From: Changqing Li <changqing.li@...>

Fix warning:
WARNING: QA Issue: librdmacm: No generic license file exists for: BSD in any provider [license-exists]

Signed-off-by: Changqing Li <changqing.li@...>
---
recipes-extended/librdmacm/librdmacm_1.1.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-extended/librdmacm/librdmacm_1.1.0.bb b/recipes-extended/librdmacm/librdmacm_1.1.0.bb
index 2e18b0a9..a3271dfd 100644
--- a/recipes-extended/librdmacm/librdmacm_1.1.0.bb
+++ b/recipes-extended/librdmacm/librdmacm_1.1.0.bb
@@ -9,7 +9,7 @@ Also includes ACM (communication management assistant) service."
HOMEPAGE = "http://www.openfabrics.org/downloads/rdmacm/"
SECTION = "libs/devel"

-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause | GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=39cc3044d68741f9005da73e9b92db95"

DEPENDS = "virtual/libibverbs"
--
2.25.1


[m-c-s][PATCH 2/2] celt051: update LICENSE variant

Changqing Li
 

From: Changqing Li <changqing.li@...>

fix warning:
WARNING: QA Issue: celt051: No generic license file exists for: BSD in any provider [license-exists]

Signed-off-by: Changqing Li <changqing.li@...>
---
recipes-support/celt051/celt051_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-support/celt051/celt051_git.bb b/recipes-support/celt051/celt051_git.bb
index 6eab5669..52c7cf38 100644
--- a/recipes-support/celt051/celt051_git.bb
+++ b/recipes-support/celt051/celt051_git.bb
@@ -9,7 +9,7 @@ with high quality. Unlike these formats CELT imposes very little delay \
on the signal, even less than is typical for speech centric formats \
like Speex, GSM, or G.729."

-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=375f60ab360d17f0172737036ff155b2"

PV = "0.5.1.3"
--
2.25.1


Re: [PATCH] xvisor: Remove bb.error when builing for non-supported arch

Alistair Francis
 

On Wed, Feb 16, 2022 at 12:31 AM Kasper <kasper@...> wrote:

From: Kasper Revsbech <kasper.revsbech.ext@...>

Change bb.error to bb.note when getting config and arch of target/host
as it is not an error if arch is not supported that should flag when
parsing the recipe.
It is an error if trying to include in image and that is already handled
in COMPATIBLE_HOST

Signed-off-by: Kasper Revsbech <kasper.revsbech.ext@...>
Reviewed-by: Alistair Francis <alistair.francis@...>

Alistair

---
recipes-extended/xvisor/xvisor-configs.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-extended/xvisor/xvisor-configs.inc b/recipes-extended/xvisor/xvisor-configs.inc
index f53bba2..cd873cb 100644
--- a/recipes-extended/xvisor/xvisor-configs.inc
+++ b/recipes-extended/xvisor/xvisor-configs.inc
@@ -9,7 +9,7 @@ def get_oemake_config(a, d):
elif re.match('riscv32(eb|)$', a): return 'generic-32b-defconfig'
elif re.match('riscv64(eb|)$', a): return 'generic-64b-defconfig'
else:
- bb.error("cannot map '%s' to a Xvisor defconfig" % a)
+ bb.note("cannot map '%s' to a Xvisor defconfig" % a)

def map_xvisor_arch(a, d):
import re
@@ -22,4 +22,4 @@ def map_xvisor_arch(a, d):
elif re.match('aarch64_be_ilp32$', a): return 'arm'
elif re.match('riscv(32|64|)(eb|)$', a): return 'riscv'
else:
- bb.error("cannot map '%s' to a Xvisor architecture" % a)
+ bb.note("cannot map '%s' to a Xvisor architecture" % a)
--
2.32.0




[PATCH] xvisor: Remove bb.error when builing for non-supported arch

Kasper
 

From: Kasper Revsbech <kasper.revsbech.ext@...>

Change bb.error to bb.note when getting config and arch of target/host
as it is not an error if arch is not supported that should flag when
parsing the recipe.
It is an error if trying to include in image and that is already handled
in COMPATIBLE_HOST

Signed-off-by: Kasper Revsbech <kasper.revsbech.ext@...>
---
recipes-extended/xvisor/xvisor-configs.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/recipes-extended/xvisor/xvisor-configs.inc b/recipes-extended/xvisor/xvisor-configs.inc
index f53bba2..cd873cb 100644
--- a/recipes-extended/xvisor/xvisor-configs.inc
+++ b/recipes-extended/xvisor/xvisor-configs.inc
@@ -9,7 +9,7 @@ def get_oemake_config(a, d):
elif re.match('riscv32(eb|)$', a): return 'generic-32b-defconfig'
elif re.match('riscv64(eb|)$', a): return 'generic-64b-defconfig'
else:
- bb.error("cannot map '%s' to a Xvisor defconfig" % a)
+ bb.note("cannot map '%s' to a Xvisor defconfig" % a)

def map_xvisor_arch(a, d):
import re
@@ -22,4 +22,4 @@ def map_xvisor_arch(a, d):
elif re.match('aarch64_be_ilp32$', a): return 'arm'
elif re.match('riscv(32|64|)(eb|)$', a): return 'riscv'
else:
- bb.error("cannot map '%s' to a Xvisor architecture" % a)
+ bb.note("cannot map '%s' to a Xvisor architecture" % a)
--
2.32.0


Re: [PATCH honister] k3s: uprev from v1.21.5+k3s1 to v1.21.9+k3s1

Bruce Ashfield
 

On Thu, Feb 10, 2022 at 3:05 AM Diego Sueiro <Diego.Sueiro@...> wrote:

Hi Bruce,

---
recipes-containers/k3s/k3s_git.bb | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/recipes-containers/k3s/k3s_git.bb
b/recipes-containers/k3s/k3s_git.bb
index bcfa959..77ad6d4 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -13,10 +13,9 @@ SRC_URI =
"git://github.com/rancher/k3s.git;branch=release-1.21;name=k3s;protoco
file://0001-Finding-host-local-in-usr-
libexec.patch;patchdir=src/import \
file://k3s-killall.sh \
"
-SRC_URI[k3s.md5sum] = "363d3a08dc0b72ba6e6577964f6e94a5"
-SRCREV_k3s = "aa5a0a8c783a8a4475b727a04d6594c0fea09253"
+SRCREV_k3s = "101917b0c493dd1effac1074feb1d5462b9a189b"

-PV = "v1.21.5+k3s1"
+PV = "v1.21.9+k3s1"

CNI_NETWORKING_FILES ?= "${WORKDIR}/cni-containerd-net.conf"

@@ -30,7 +29,7 @@ PACKAGECONFIG[upx] = ",,upx-native"
GO_IMPORT = "import"
GO_BUILD_LDFLAGS = "-X
github.com/rancher/k3s/pkg/version.Version=${PV} \
-X
github.com/rancher/k3s/pkg/version.GitCommit=${@d.getVar('SRCREV_k3s',
d, 1)[:8]} \
- -w -s \
+ -w -s -v \
"
BIN_PREFIX ?= "${exec_prefix}/local"

@@ -40,11 +39,12 @@ REQUIRED_DISTRO_FEATURES ?= "seccomp"
do_compile() {
export
GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_T
ARGET}/${prefix}/local/go"
export CGO_ENABLED="1"
- export GOFLAGS="-mod=vendor"
+ export GOFLAGS="-mod=vendor -modcacherw"

TAGS="static_build ctrd no_btrfs netcgo osusergo providerless"

cd ${S}/src/import
+ ${GO} mod vendor -v && ${GO} mod tidy -v
Unfortunately .. no, we can't take this change.

I'm working on a full update to k3s in master, and it is running into similar
challenges due to the removal of vendor upstream.
Can you please elaborate a bit better what the problem is and why this solution
is not appropriate for the honister branch?
It isn't appropriate for any branch, not just honister.

It is covered in detail on both the OE core and OE architecture mailing list
over the past year, to year and a half (with the latest being just recently).

The summary is that we can't allow go to do the fetching in the compile
phase, everything must be done in the fetch phase. And on top of that,
there is a list of requirements around the fetching for it to be correct, and
support all the OE features (offline building, licensing, reproducibility, etc).

It is probably best summarized by this recent thread:

https://lists.openembedded.org/g/openembedded-architecture/topic/88417908#1409

I'm working on a solution, and when something workable is ready, it can
be used on honister, as well as master.

Bruce

I have no knowledge in Go both in aspects of the programming language as well
as building.

--
Diego Sueiro

The solution isn't simple, since it is something that has to be generic, as it
applies to many different recipes in meta-virtualization.

Bruce

${GO} build -tags "$TAGS" -ldflags "${GO_BUILD_LDFLAGS} -w
-s" -o ./dist/artifacts/k3s ./cmd/server/main.go

# Use UPX if it is enabled (and thus exists) to compress
binary
--
2.35.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at
its end
- "Use the force Harry" - Gandalf, Star Trek II


--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH honister] k3s: uprev from v1.21.5+k3s1 to v1.21.9+k3s1

Diego Sueiro
 

Hi Bruce,

---
recipes-containers/k3s/k3s_git.bb | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/recipes-containers/k3s/k3s_git.bb
b/recipes-containers/k3s/k3s_git.bb
index bcfa959..77ad6d4 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -13,10 +13,9 @@ SRC_URI =
"git://github.com/rancher/k3s.git;branch=release-1.21;name=k3s;protoco
file://0001-Finding-host-local-in-usr-
libexec.patch;patchdir=src/import \
file://k3s-killall.sh \
"
-SRC_URI[k3s.md5sum] = "363d3a08dc0b72ba6e6577964f6e94a5"
-SRCREV_k3s = "aa5a0a8c783a8a4475b727a04d6594c0fea09253"
+SRCREV_k3s = "101917b0c493dd1effac1074feb1d5462b9a189b"

-PV = "v1.21.5+k3s1"
+PV = "v1.21.9+k3s1"

CNI_NETWORKING_FILES ?= "${WORKDIR}/cni-containerd-net.conf"

@@ -30,7 +29,7 @@ PACKAGECONFIG[upx] = ",,upx-native"
GO_IMPORT = "import"
GO_BUILD_LDFLAGS = "-X
github.com/rancher/k3s/pkg/version.Version=${PV} \
-X
github.com/rancher/k3s/pkg/version.GitCommit=${@d.getVar('SRCREV_k3s',
d, 1)[:8]} \
- -w -s \
+ -w -s -v \
"
BIN_PREFIX ?= "${exec_prefix}/local"

@@ -40,11 +39,12 @@ REQUIRED_DISTRO_FEATURES ?= "seccomp"
do_compile() {
export
GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_T
ARGET}/${prefix}/local/go"
export CGO_ENABLED="1"
- export GOFLAGS="-mod=vendor"
+ export GOFLAGS="-mod=vendor -modcacherw"

TAGS="static_build ctrd no_btrfs netcgo osusergo providerless"

cd ${S}/src/import
+ ${GO} mod vendor -v && ${GO} mod tidy -v
Unfortunately .. no, we can't take this change.

I'm working on a full update to k3s in master, and it is running into similar
challenges due to the removal of vendor upstream.
Can you please elaborate a bit better what the problem is and why this solution
is not appropriate for the honister branch?
I have no knowledge in Go both in aspects of the programming language as well
as building.

--
Diego Sueiro

The solution isn't simple, since it is something that has to be generic, as it
applies to many different recipes in meta-virtualization.

Bruce

${GO} build -tags "$TAGS" -ldflags "${GO_BUILD_LDFLAGS} -w
-s" -o ./dist/artifacts/k3s ./cmd/server/main.go

# Use UPX if it is enabled (and thus exists) to compress
binary
--
2.35.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee at
its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: OCI images in yocto image

Bruce Ashfield
 

On Wed, Feb 9, 2022 at 1:29 PM Peter Bergin <peter@...> wrote:

Hi,

I'm exploring the world of containers combined with Yocto. I can build a
container image and bundle that one with my rootfs image. The container
image is stored in the rootfs as a tar-file of a OCI image spec with the
content blobs, index.json and oci-layout. As per the description in
classes/image-oci.bbclass the way to run the container is to unpack the
file and the create the OCI runtime bundle and start it with runc.

I have played around with docker and tried to import OCI image directly
in to docker store but have not succeeded. Anyone that knows if it is
possible? 'docker image import <oci-image>.tar does not give any errors
and the image shows up in 'docker images' but does not import the
correct rootfs.
There's no viable way to do this on the build side, and then have it appear
in the image. I've experimented several times with this, and haven't found
a decent solution. Running docker on the build host is a non-starter, which
rules out many options.

There's more options if you use podman versus docker for the container
runtime, but I also haven't had time to finish anything there yet.

To get the OCI images into docker, I bounce them through a registry and
use docker pull. You can see the logs of that process in several of my
yocto summit presentations.


When creating the OCI image in image-oci.bbclass the process starts with
a bundle that is packaged as an image and compressed to a tar-file.
Given the above the whole process needs to be reverted on target to
start a container from that image. It should then be possible to just
install the bundle directly on target rootfs that directly can be
started with runc. Are there any drawbacks with this? I can see that a
tar-file is easier to distribute and install afterwards but my question
related to directly integrating an OCI-image to a Yocto rootfs-image.
Nope, there's no drawbacks. The tar is just a convenience for moving
the bundles around. It isn't an official OCI image format, just the unbundled
directory format (it is just a bit odd compared to other image formats, which
tend to be single files, so I created the tar step to be similar to them).

You can definitely copy the OCI image directory onto the image, and have
it be immediately runnable via runc. There's no common/defacto service
to start the images on boot, but that's a fairly trivial thing to do with your
init system of choice. (having a service to start those images on boot
is on my TODO list, but I'm still tangled up with package uprev and golang,
so I haven't gotten to it yet).

Bruce


Best regards,

/Peter




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


OCI images in yocto image

Peter Bergin
 

Hi,

I'm exploring the world of containers combined with Yocto. I can build a container image and bundle that one with my rootfs image. The container image is stored in the rootfs as a tar-file of a OCI image spec with the content blobs, index.json and oci-layout. As per the description in classes/image-oci.bbclass the way to run the container is to unpack the file and the create the OCI runtime bundle and start it with runc.

I have played around with docker and tried to import OCI image directly in to docker store but have not succeeded. Anyone that knows if it is possible? 'docker image import <oci-image>.tar does not give any errors and the image shows up in 'docker images' but does not import the correct rootfs.

When creating the OCI image in image-oci.bbclass the process starts with a bundle that is packaged as an image and compressed to a tar-file. Given the above the whole process needs to be reverted on target to start a container from that image. It should then be possible to just install the bundle directly on target rootfs that directly can be started with runc. Are there any drawbacks with this? I can see that a tar-file is easier to distribute and install afterwards but my question related to directly integrating an OCI-image to a Yocto rootfs-image.

Best regards,

/Peter


Re: [PATCH honister] k3s: uprev from v1.21.5+k3s1 to v1.21.9+k3s1

Bruce Ashfield
 

On Wed, Feb 9, 2022 at 10:32 AM Diego Sueiro <diego.sueiro@...> wrote:

Also fix build issues related to:
Log data follows:
| DEBUG: Executing shell function do_compile
| go: inconsistent vendoring in /[...]/build/tmp/work/aarch64-poky-linux/k3s/v1.21.9+k3s1-r0/k3s-v1.21.9+k3s1/src/import:
| github.com/containerd/cgroups@....1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
| github.com/containerd/containerd@....7: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
| github.com/containerd/cri@...: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
|...
| mvdan.cc/unparam: is replaced in go.mod, but not marked as replaced in vendor/modules.txt

Short log since v1.21.5+k3s1:
101917b0c4 (tag: v1.21.9-rc1+k3s1, tag: v1.21.9+k3s1) Update to v1.21.9 (#4994)
8069a88177 Merge pull request #4978 from manuelbuil/ip6tables-release121
dc970d27ca Merge pull request #4982 from rbrtbnfgl/ipv6-nat_release-1.21
447279299b go generate
00068c92ea Fix CRD version lookup
683efbb737 Update packaged components
f856aa94d6 Upgrade: metrics server version bump from v0.5.0 to v0.5.2
900e5ff519 [Release-1.21] Adds the ability to compress etcd snapshots (#4866) (#4959)
42d160da5b Move flannel logs to logrus
de12630ec0 Added debug log for IPv6 Masquerading rule
bb3fe9b185 Added flannel-ipv6-masq flag to enable IPv6 nat
bfafe909d1 Remove ip6table rules when cleaning up k3s
758331404e Added iptables masquerade rules for ipv6 on flannel
f540db4570 Update etcd to v3.4.18-k3s1
6644357d0e Skip CGroup v2 evac when agent is disabled
f11f0748e9 Enable logging on all subcommands (#4921) (#4932)
be3c430985 (tag: v1.21.8-rc2+k3s2, tag: v1.21.8+k3s2) Move ClusterResetRestore handling ControlConfig setup
c25ffa9ea3 (tag: v1.21.8-rc1+k3s2) Add basic etcd join test
a0521c29eb Fix handling of agent-token fallback to token
4b3f5be45d Fix use of agent creds for secrets-encrypt and config validate
512268458e Merge pull request #4842 from luthermonson/rm-vendor-121
03aa6d568f drop vendor dir
1942d18447 code to remove vendor dir
d47e38e05e Add etcd sonobuoy tests
9df916e86d Add variable to enforce max test concurrency
58501554f3 Fix previous channel detection
8b4553c921 More codespell ignores
625dd61a60 Close etcd clients to avoid leaking GRPC connections
14364119f6 Build script cleanups
b39c805d52 Bump k3s-root to v0.10.1
5641f9b328 Fix panic checking name of uninitialized etcd member
046961c4c6 Update bootstrap logic to output all changed files on disk (#4800) (#4808)
7e9ac115f4 [Release-1.21] Close agentReady channel only in k3s (#4794)
cbff7350ec (tag: v1.21.8-rc2+k3s1, tag: v1.21.8+k3s1) Merge pull request #4778 from manuelbuil/fix-rke2-ha-121
8d2170f5c4 Remove Disables, Skips and DisableKubeProxy from the comparing configs
78102dcc01 (tag: v1.21.8-rc1+k3s1) Update to v1.21.8 (#4760)
6bac01fc58 [Release-1.21] Fix cold boot and reconcilation on secondary servers (#4753)
5260e4a649 (tag: v1.21.7-rc2+k3s2) Merge pull request #4734 from briandowns/backport_issue-4644-release-1.21
0d065c8491 Fix snapshot restoration on fresh nodes (#4737)
98d6d38d61 Resolve Bootstrap Migration Edge Case (#4730)
53ef842a98 (tag: v1.21.7-rc1+k3s2) Resolve restore bootstrap (#4704) (#4716)
d2f0bbb381 Bump runc to v1.0.3
3024462196 Add validation to certificate rotation (#4697)
8e1b2340c9 Bump wharfie to v0.5.1 and use shared decompression code
f468e10fcf bump kine to v0.6.5
b526e98d1b Include node-external-ip in serving-kubelet.crt SANs (#4620)
1e67a2b004 Merge pull request #4679 from manuelbuil/ha-verify-1.21
8ea26cdad1 Check HA network parameters
1055837e4f Backport secrets-encrypte command (#4658)
7b62900836 [Release-1.21] Add cert rotation command (#4632)
378201a459 Merge pull request #4616 from manuelbuil/loggingFlannel1.21
1390792919 Improve flannel logging
a622dd57f3 [release-1.21] etcd snapshot functionality enhancements (#4606)
ac70570999 (tag: v1.21.7-rc2+k3s1, tag: v1.21.7+k3s1) go generate
3f40742363 Add package version to traefik helm chart
d09821c2ed (tag: v1.21.7-rc1+k3s1) [release-1.21] Bump golang and containerd versions (#4539)
7f737097bc [release-1.21] Bump Kubernetes to v1.21.7-k3s1 (#4531)
1847a711e7 Fix regression with cluster reset (#4524)
5b456972c3 Merge pull request #4519 from manuelbuil/backport_ipv6_rh_121
fd71ed9f4a Allow svclb pod to enable ipv6 forwarding
c096668cde Merge pull request #4515 from manuelbuil/fix_dualStack
43e15c4028 Backport updating cniplugins version and klipper-lb images
256f5d504a Merge pull request #4513 from manuelbuil/backport_dual-stack
88e77fdbfd Improved regex for double equals arguments (#4508)
e777b2c767 Dual-stack support LB controller
6854470a14 Merge pull request #4503 from manuelbuil/fix_dualStack_bug
7de34a0059 Fix bug in dual-stack
93cf545ab2 [Release-1.21] Removed warning about skipping flags (#4493)
119b1aeb25 [Release-1.21] etcd-snapshot loading config fails with "flag provided but not defined" (#4482)
334eae119a [release-1.21] Add etcd extra args support for K3s (#4471)
10c854c00e Increase agent's apiserver ready timeout (#4457)
c9d4543c99 go generate
7d5d1dbb80 Add dashboard annotations to Traefik helm chart
864e800896 [Release-1.21] All bootstrap backport (#4452)
df033fa248 (tag: v1.21.6-rc3+k3s1, tag: v1.21.6+k3s1) Fix log/reap reexec
254d2f696e (tag: v1.21.6-rc2+k3s1) Fix other uses of NewForConfigOrDie in contexts where we could return err
388963440d Watch the local Node object instead of get/sleep looping
afa1981f1d Block scheduler startup on untainted node when using embedded CCM
3fba7c1021 (tag: v1.21.6-rc1+k3s1) Update to v1.21.6 (#4350)
bb50c45a6f Revert "Backport bootstrap release 1.21 (#4313)"
d413f97146 Update peer address when running cluster-reset
f0ea0a0946 Backport bootstrap release 1.21 (#4313)
63bcc307fb Bump klipper-helm version
50fb1ce065 Added configuration input to etcd-snapshot (#4280) (#4282)
944ea312be Merge pull request #4267 from manuelbuil/1.21-flannel-update
11dce34b4e Update to the newest flannel
41b0997e31 Add dual-stack support
a18c2efb4c Refactor log and reaper exec to omit MAINPID
504e249a5e Add containerd ready channel to delay etcd node join
e814850eef Fix premature etcd shutdown when joining an existing cluster
7cbdea6bd2 go mod tidy
557d425010 Minor cleanup on cribbed function
4f28561e34 Wait for apiserver readyz instead of healthz
17f1aa36e2 Merge pull request #4251 from manuelbuil/1.21-race-fix
89f5721a3a Fix race condition in cloud provider
4aa9553978 [Release-1.21] - Add etcd s3 timeout (#4207) (#4228)
22f7f1c41a Make sure there are no duplicates in etcd member list (#4025) (#4213)
e7bf7b141f Display cluster tls error only in debug mode (#4201)
aa5a0a8c78 set transport to skip verify if se skip flag passed (#4102) (#4104)
3ee5098225 Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) (#4171)
724ef700ba (tag: v1.21.5-rc1+k3s2, tag: v1.21.5+k3s2) Bump containerd to v1.4.11+k3s1
69a9f46bce Don't evacuate the root cgroup when rootless
0af55a830a Skip tests that violate version skew policy
9e66f975d5 Fix PREVIOUS_CHANNEL lookup when current minor release is not stable
38ddda587a Properly handle operation as init process
c948305076 Merge pull request #4099 from manuelbuil/sysctl_ipv6_inheritance_1.21
15f3a2ebfb Enable the inheritance of settings for ipv6
273827d4ba Update build images to python3 for compat with recent gsutil change
8c2f7ac41c Remove experimental from cluster commands
acad8ef840 (tag: v1.21.5-rc1+k3s1, tag: v1.21.5+k3s1) [release-1.21] Update Kubernetes to v1.21.5 (#4032)

Signed-off-by: Diego Sueiro <diego.sueiro@...>
---
recipes-containers/k3s/k3s_git.bb | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index bcfa959..77ad6d4 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -13,10 +13,9 @@ SRC_URI = "git://github.com/rancher/k3s.git;branch=release-1.21;name=k3s;protoco
file://0001-Finding-host-local-in-usr-libexec.patch;patchdir=src/import \
file://k3s-killall.sh \
"
-SRC_URI[k3s.md5sum] = "363d3a08dc0b72ba6e6577964f6e94a5"
-SRCREV_k3s = "aa5a0a8c783a8a4475b727a04d6594c0fea09253"
+SRCREV_k3s = "101917b0c493dd1effac1074feb1d5462b9a189b"

-PV = "v1.21.5+k3s1"
+PV = "v1.21.9+k3s1"

CNI_NETWORKING_FILES ?= "${WORKDIR}/cni-containerd-net.conf"

@@ -30,7 +29,7 @@ PACKAGECONFIG[upx] = ",,upx-native"
GO_IMPORT = "import"
GO_BUILD_LDFLAGS = "-X github.com/rancher/k3s/pkg/version.Version=${PV} \
-X github.com/rancher/k3s/pkg/version.GitCommit=${@d.getVar('SRCREV_k3s', d, 1)[:8]} \
- -w -s \
+ -w -s -v \
"
BIN_PREFIX ?= "${exec_prefix}/local"

@@ -40,11 +39,12 @@ REQUIRED_DISTRO_FEATURES ?= "seccomp"
do_compile() {
export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
export CGO_ENABLED="1"
- export GOFLAGS="-mod=vendor"
+ export GOFLAGS="-mod=vendor -modcacherw"

TAGS="static_build ctrd no_btrfs netcgo osusergo providerless"

cd ${S}/src/import
+ ${GO} mod vendor -v && ${GO} mod tidy -v
Unfortunately .. no, we can't take this change.

I'm working on a full update to k3s in master, and it is running into
similar challenges due to the removal of vendor upstream.

The solution isn't simple, since it is something that has to be
generic, as it applies to many different recipes in
meta-virtualization.

Bruce

${GO} build -tags "$TAGS" -ldflags "${GO_BUILD_LDFLAGS} -w -s" -o ./dist/artifacts/k3s ./cmd/server/main.go

# Use UPX if it is enabled (and thus exists) to compress binary
--
2.35.1




--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


[PATCH honister] k3s: uprev from v1.21.5+k3s1 to v1.21.9+k3s1

Diego Sueiro
 

Also fix build issues related to:
Log data follows:
| DEBUG: Executing shell function do_compile
| go: inconsistent vendoring in /[...]/build/tmp/work/aarch64-poky-linux/k3s/v1.21.9+k3s1-r0/k3s-v1.21.9+k3s1/src/import:
| github.com/containerd/cgroups@....1: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
| github.com/containerd/containerd@....7: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
| github.com/containerd/cri@...: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
|...
| mvdan.cc/unparam: is replaced in go.mod, but not marked as replaced in vendor/modules.txt

Short log since v1.21.5+k3s1:
101917b0c4 (tag: v1.21.9-rc1+k3s1, tag: v1.21.9+k3s1) Update to v1.21.9 (#4994)
8069a88177 Merge pull request #4978 from manuelbuil/ip6tables-release121
dc970d27ca Merge pull request #4982 from rbrtbnfgl/ipv6-nat_release-1.21
447279299b go generate
00068c92ea Fix CRD version lookup
683efbb737 Update packaged components
f856aa94d6 Upgrade: metrics server version bump from v0.5.0 to v0.5.2
900e5ff519 [Release-1.21] Adds the ability to compress etcd snapshots (#4866) (#4959)
42d160da5b Move flannel logs to logrus
de12630ec0 Added debug log for IPv6 Masquerading rule
bb3fe9b185 Added flannel-ipv6-masq flag to enable IPv6 nat
bfafe909d1 Remove ip6table rules when cleaning up k3s
758331404e Added iptables masquerade rules for ipv6 on flannel
f540db4570 Update etcd to v3.4.18-k3s1
6644357d0e Skip CGroup v2 evac when agent is disabled
f11f0748e9 Enable logging on all subcommands (#4921) (#4932)
be3c430985 (tag: v1.21.8-rc2+k3s2, tag: v1.21.8+k3s2) Move ClusterResetRestore handling ControlConfig setup
c25ffa9ea3 (tag: v1.21.8-rc1+k3s2) Add basic etcd join test
a0521c29eb Fix handling of agent-token fallback to token
4b3f5be45d Fix use of agent creds for secrets-encrypt and config validate
512268458e Merge pull request #4842 from luthermonson/rm-vendor-121
03aa6d568f drop vendor dir
1942d18447 code to remove vendor dir
d47e38e05e Add etcd sonobuoy tests
9df916e86d Add variable to enforce max test concurrency
58501554f3 Fix previous channel detection
8b4553c921 More codespell ignores
625dd61a60 Close etcd clients to avoid leaking GRPC connections
14364119f6 Build script cleanups
b39c805d52 Bump k3s-root to v0.10.1
5641f9b328 Fix panic checking name of uninitialized etcd member
046961c4c6 Update bootstrap logic to output all changed files on disk (#4800) (#4808)
7e9ac115f4 [Release-1.21] Close agentReady channel only in k3s (#4794)
cbff7350ec (tag: v1.21.8-rc2+k3s1, tag: v1.21.8+k3s1) Merge pull request #4778 from manuelbuil/fix-rke2-ha-121
8d2170f5c4 Remove Disables, Skips and DisableKubeProxy from the comparing configs
78102dcc01 (tag: v1.21.8-rc1+k3s1) Update to v1.21.8 (#4760)
6bac01fc58 [Release-1.21] Fix cold boot and reconcilation on secondary servers (#4753)
5260e4a649 (tag: v1.21.7-rc2+k3s2) Merge pull request #4734 from briandowns/backport_issue-4644-release-1.21
0d065c8491 Fix snapshot restoration on fresh nodes (#4737)
98d6d38d61 Resolve Bootstrap Migration Edge Case (#4730)
53ef842a98 (tag: v1.21.7-rc1+k3s2) Resolve restore bootstrap (#4704) (#4716)
d2f0bbb381 Bump runc to v1.0.3
3024462196 Add validation to certificate rotation (#4697)
8e1b2340c9 Bump wharfie to v0.5.1 and use shared decompression code
f468e10fcf bump kine to v0.6.5
b526e98d1b Include node-external-ip in serving-kubelet.crt SANs (#4620)
1e67a2b004 Merge pull request #4679 from manuelbuil/ha-verify-1.21
8ea26cdad1 Check HA network parameters
1055837e4f Backport secrets-encrypte command (#4658)
7b62900836 [Release-1.21] Add cert rotation command (#4632)
378201a459 Merge pull request #4616 from manuelbuil/loggingFlannel1.21
1390792919 Improve flannel logging
a622dd57f3 [release-1.21] etcd snapshot functionality enhancements (#4606)
ac70570999 (tag: v1.21.7-rc2+k3s1, tag: v1.21.7+k3s1) go generate
3f40742363 Add package version to traefik helm chart
d09821c2ed (tag: v1.21.7-rc1+k3s1) [release-1.21] Bump golang and containerd versions (#4539)
7f737097bc [release-1.21] Bump Kubernetes to v1.21.7-k3s1 (#4531)
1847a711e7 Fix regression with cluster reset (#4524)
5b456972c3 Merge pull request #4519 from manuelbuil/backport_ipv6_rh_121
fd71ed9f4a Allow svclb pod to enable ipv6 forwarding
c096668cde Merge pull request #4515 from manuelbuil/fix_dualStack
43e15c4028 Backport updating cniplugins version and klipper-lb images
256f5d504a Merge pull request #4513 from manuelbuil/backport_dual-stack
88e77fdbfd Improved regex for double equals arguments (#4508)
e777b2c767 Dual-stack support LB controller
6854470a14 Merge pull request #4503 from manuelbuil/fix_dualStack_bug
7de34a0059 Fix bug in dual-stack
93cf545ab2 [Release-1.21] Removed warning about skipping flags (#4493)
119b1aeb25 [Release-1.21] etcd-snapshot loading config fails with "flag provided but not defined" (#4482)
334eae119a [release-1.21] Add etcd extra args support for K3s (#4471)
10c854c00e Increase agent's apiserver ready timeout (#4457)
c9d4543c99 go generate
7d5d1dbb80 Add dashboard annotations to Traefik helm chart
864e800896 [Release-1.21] All bootstrap backport (#4452)
df033fa248 (tag: v1.21.6-rc3+k3s1, tag: v1.21.6+k3s1) Fix log/reap reexec
254d2f696e (tag: v1.21.6-rc2+k3s1) Fix other uses of NewForConfigOrDie in contexts where we could return err
388963440d Watch the local Node object instead of get/sleep looping
afa1981f1d Block scheduler startup on untainted node when using embedded CCM
3fba7c1021 (tag: v1.21.6-rc1+k3s1) Update to v1.21.6 (#4350)
bb50c45a6f Revert "Backport bootstrap release 1.21 (#4313)"
d413f97146 Update peer address when running cluster-reset
f0ea0a0946 Backport bootstrap release 1.21 (#4313)
63bcc307fb Bump klipper-helm version
50fb1ce065 Added configuration input to etcd-snapshot (#4280) (#4282)
944ea312be Merge pull request #4267 from manuelbuil/1.21-flannel-update
11dce34b4e Update to the newest flannel
41b0997e31 Add dual-stack support
a18c2efb4c Refactor log and reaper exec to omit MAINPID
504e249a5e Add containerd ready channel to delay etcd node join
e814850eef Fix premature etcd shutdown when joining an existing cluster
7cbdea6bd2 go mod tidy
557d425010 Minor cleanup on cribbed function
4f28561e34 Wait for apiserver readyz instead of healthz
17f1aa36e2 Merge pull request #4251 from manuelbuil/1.21-race-fix
89f5721a3a Fix race condition in cloud provider
4aa9553978 [Release-1.21] - Add etcd s3 timeout (#4207) (#4228)
22f7f1c41a Make sure there are no duplicates in etcd member list (#4025) (#4213)
e7bf7b141f Display cluster tls error only in debug mode (#4201)
aa5a0a8c78 set transport to skip verify if se skip flag passed (#4102) (#4104)
3ee5098225 Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161) (#4171)
724ef700ba (tag: v1.21.5-rc1+k3s2, tag: v1.21.5+k3s2) Bump containerd to v1.4.11+k3s1
69a9f46bce Don't evacuate the root cgroup when rootless
0af55a830a Skip tests that violate version skew policy
9e66f975d5 Fix PREVIOUS_CHANNEL lookup when current minor release is not stable
38ddda587a Properly handle operation as init process
c948305076 Merge pull request #4099 from manuelbuil/sysctl_ipv6_inheritance_1.21
15f3a2ebfb Enable the inheritance of settings for ipv6
273827d4ba Update build images to python3 for compat with recent gsutil change
8c2f7ac41c Remove experimental from cluster commands
acad8ef840 (tag: v1.21.5-rc1+k3s1, tag: v1.21.5+k3s1) [release-1.21] Update Kubernetes to v1.21.5 (#4032)

Signed-off-by: Diego Sueiro <diego.sueiro@...>
---
recipes-containers/k3s/k3s_git.bb | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/recipes-containers/k3s/k3s_git.bb b/recipes-containers/k3s/k3s_git.bb
index bcfa959..77ad6d4 100644
--- a/recipes-containers/k3s/k3s_git.bb
+++ b/recipes-containers/k3s/k3s_git.bb
@@ -13,10 +13,9 @@ SRC_URI = "git://github.com/rancher/k3s.git;branch=release-1.21;name=k3s;protoco
file://0001-Finding-host-local-in-usr-libexec.patch;patchdir=src/import \
file://k3s-killall.sh \
"
-SRC_URI[k3s.md5sum] = "363d3a08dc0b72ba6e6577964f6e94a5"
-SRCREV_k3s = "aa5a0a8c783a8a4475b727a04d6594c0fea09253"
+SRCREV_k3s = "101917b0c493dd1effac1074feb1d5462b9a189b"

-PV = "v1.21.5+k3s1"
+PV = "v1.21.9+k3s1"

CNI_NETWORKING_FILES ?= "${WORKDIR}/cni-containerd-net.conf"

@@ -30,7 +29,7 @@ PACKAGECONFIG[upx] = ",,upx-native"
GO_IMPORT = "import"
GO_BUILD_LDFLAGS = "-X github.com/rancher/k3s/pkg/version.Version=${PV} \
-X github.com/rancher/k3s/pkg/version.GitCommit=${@d.getVar('SRCREV_k3s', d, 1)[:8]} \
- -w -s \
+ -w -s -v \
"
BIN_PREFIX ?= "${exec_prefix}/local"

@@ -40,11 +39,12 @@ REQUIRED_DISTRO_FEATURES ?= "seccomp"
do_compile() {
export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go"
export CGO_ENABLED="1"
- export GOFLAGS="-mod=vendor"
+ export GOFLAGS="-mod=vendor -modcacherw"

TAGS="static_build ctrd no_btrfs netcgo osusergo providerless"

cd ${S}/src/import
+ ${GO} mod vendor -v && ${GO} mod tidy -v
${GO} build -tags "$TAGS" -ldflags "${GO_BUILD_LDFLAGS} -w -s" -o ./dist/artifacts/k3s ./cmd/server/main.go

# Use UPX if it is enabled (and thus exists) to compress binary
--
2.35.1


Re: Docker and GPLv3

Mans Zigher
 

Thank you all for your answers

BR

Den fre 4 feb. 2022 kl 16:29 skrev Mikko Rapeli <mikko.rapeli@...>:


Hi,

On Fri, Feb 04, 2022 at 04:03:52PM +0100, Joakim Roubert wrote:
On 2022-02-04 15:30, Mans Zigher wrote:

with our current understanding our customer cannot comply with GPLv3
so we have to avoid it at all cost.
I think this is a situation where

https://layers.openembedded.org/layerindex/branch/master/layer/meta-gplv2/

might come in handy, together with something like

PREFERRED_VERSION_bash ?= "3.2.%"

in the local.conf (or similar suitable configuration place).
While this would work, I can't recommend using meta-gplv2 as it contains unmaintained
SW versions.

Just configure the build to avoid GPLv3 via distro config, e.g.

INCOMPATIBLE_LICENSE_append += " GPLv3 GPLv3+ LGPLv3 LGPLv3+"

and configure SW components to build without GPLv3 dependencies.
lxc for examples compiles just fine without rsync and bash.

Additionally a lot of GPLv3 recipes can be enabled to build but be forbidden
images images, e.g. in distro config:

WHITELIST_GPL-3.0 += "bash"
PACKAGE_EXCLUDE += "bash-ptest bash-dbg bash-staticdev bash-dev bash-doc bash-locale bashbug bash"

Some refactoring of SW architecture may be needed to remove any dependencies to GPLv3
licensed SW. For development and testing GPLv3 components can often be used.

Cheers,

-Mikko


Re: [hardknott][PATCH] libvirt: fix CVE-2021-3975

Bruce Ashfield
 

merged to hardknott.

Bruce

In message: [meta-virtualization] [hardknott][PATCH] libvirt: fix CVE-2021-3975
on 29/01/2022 Changqing Li wrote:

From: Changqing Li <changqing.li@...>

Signed-off-by: Changqing Li <changqing.li@...>
---
.../libvirt/libvirt/CVE-2021-3975.patch | 43 +++++++++++++++++++
recipes-extended/libvirt/libvirt_6.3.0.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644 recipes-extended/libvirt/libvirt/CVE-2021-3975.patch

diff --git a/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch b/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch
new file mode 100644
index 0000000..72cee94
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/CVE-2021-3975.patch
@@ -0,0 +1,43 @@
+From 30de45c73106cacfc0aacc8f11c88e1aa5372d77 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@...>
+Date: Sat, 29 Jan 2022 13:25:54 +0800
+Subject: [PATCH] qemu: Add missing lock in qemuProcessHandleMonitorEOF
+
+qemuMonitorUnregister will be called in multiple threads (e.g. threads
+in rpc worker pool and the vm event thread). In some cases, it isn't
+protected by the monitor lock, which may lead to call g_source_unref
+more than one time and a use-after-free problem eventually.
+
+Add the missing lock in qemuProcessHandleMonitorEOF (which is the only
+position missing lock of monitor I found).
+
+Suggested-by: Michal Privoznik <mprivozn@...>
+Signed-off-by: Peng Liang <liangpeng10@...>
+Signed-off-by: Michal Privoznik <mprivozn@...>
+Reviewed-by: Michal Privoznik <mprivozn@...>
+
+Upstream-Status: Backport [https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7]
+CVE: CVE-2021-3975
+
+Signed-off-by: Changqing Li <changqing.li@...>
+---
+ src/qemu/qemu_process.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 8ea470f..64b8472 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -315,7 +315,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon,
+ /* We don't want this EOF handler to be called over and over while the
+ * thread is waiting for a job.
+ */
++ virObjectLock(mon);
+ qemuMonitorUnregister(mon);
++ virObjectUnlock(mon);
+
+ /* We don't want any cleanup from EOF handler (or any other
+ * thread) to enter qemu namespace. */
+--
+2.17.1
+
diff --git a/recipes-extended/libvirt/libvirt_6.3.0.bb b/recipes-extended/libvirt/libvirt_6.3.0.bb
index 091296e..8e95ad6 100644
--- a/recipes-extended/libvirt/libvirt_6.3.0.bb
+++ b/recipes-extended/libvirt/libvirt_6.3.0.bb
@@ -46,6 +46,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \
file://CVE-2020-25637_4.patch \
file://CVE-2021-3631.patch \
file://0001-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch \
+ file://CVE-2021-3975.patch \
"

SRC_URI[libvirt.md5sum] = "1bd4435f77924f5ec9928b538daf4a02"
--
2.17.1



Re: [PATCH v2] openvswitch: uprev from v2.15.1 to v2.15.3

Bruce Ashfield
 

merged to master.

Bruce

In message: [meta-virtualization][PATCH v2] openvswitch: uprev from v2.15.1 to v2.15.3
on 28/01/2022 He Zhe wrote:

commits short logs:
e4d2df62e (tag: v2.15.3) Set release date for 2.15.3.
b8baa1141 python: Add cooperative_yield() API method to Idl.
7834abc66 ofproto-dpif-xlate: Snoop ingress packets and update neigh cache if needed.
833c02daa tnl-neigh-cache: Do not refresh the entry while revalidating.
e2182eca8 tnl-neigh-cache: Include expected array sizes in prototypes.
566fe4372 tnl-neigh-cache: Read/write expires atomically.
d477f6000 compat: handle NF_REPEAT error on nf_conntrack_in.
0590e8838 flow: Consider dataofs when parsing TCP packets.
7266042d8 tests/flowgen: Fix packet data endianness.
d2e0632db ofproto: Fix resource usage explosion due to removal of large number of flows.
0a7e66e37 ofproto: Fix resource usage explosion while processing bundled FLOW_MOD.
68466efed tests/flowgen: Fix length field of 802.2 data link header.
2a2185f9e ovs-lib: Backup and remove existing DB when joining cluster.
fcbc29c6f docs/dpdk: Fix install doc.
a5d97d420 ovs-save: Save igmp flows in ofp_parse syntax.
1cbd1f0f5 faq: Update OVS/DPDK version table for OVS 2.13/2.14.
01bc910e5 ofproto-dpif-xlate: Fix check_pkt_larger incomplete translation.
08a270dda datapath-windows: Reset flow key after Ipv4 fragments are reassembled
eca2d50d4 datapath-windows:Reset PseudoChecksum value only for TX direction offload case
031cf67e0 netdev-offload-tc: Verify the flower rule installed.
952e85150 ci: Make linux-prepare trust system installs.
2cf63851a Prepare for 2.15.3.
63f9a7c5d (tag: v2.15.2) Set release date for 2.15.2.
b7d9c491e datapath-windows: add layers when adding the deferred actions
3f718857e ofproto-dpif-xlate: Fix zone set from non-frozen-metadata fields.
ea2ca0af1 dpif-netdev: Fix use-after-free on PACKET_OUT of IP fragments.
9f964354e tunnel-push-pop.at: Mask source port in tunnel header.
58397f222 dpdk-stub: Change the ERR log to DBG.
2a963fc31 python: idl: Avoid sending transactions when the DB is not synced up.
9efa2ea61 ipf: release unhandled packets from the batch
f8274b78c datapath-windows:adjust Offset when processing packet in POP_VLAN action
a2f860aa2 cirrus: Reduce memory requirements for FreeBSD VMs.
7788f1579 netdev-linux: Fix a null pointer dereference in netdev_linux_notify_sock().
dd32deba6 pcap-file: Fix memory leak in ovs_pcap_open().
9f2f66c8e odp-util: Fix a null pointer dereference in odp_flow_format().
02b0c265c odp-util: Fix a null pointer dereference in odp_nsh_key_from_attr__().
031eff456 netdev-dpdk: Fix RSS configuration for virtio.
09cd9570d ipf: Fix only nat the first fragment in the reass process.
ef8ca3e19 dpif-netdev: Fix crash when PACKET_OUT is metered.
d3ff41d60 tc: Set action flags for tunnel_key release.
079a4de72 netlink-socket: Replace error with txn->error when logging nacked transactions.
f8cc5aa35 dynamic-string: Fix a crash in ds_clone().
64d1bba91 dpif-netdev: fix memory leak in dpcls subtable set command
90b219275 dpif-netdev: Do not flush PMD offloads on reload.
b29b04f85 dpif-netdev: Fix offloads of modified flows.
1d0b89ea7 dpif-netdev: Fix flow modification after failure.
8d84a4b16 netdev-offload-dpdk: Fix IPv6 rewrite cast-align warning.
f3f7849cb daemon-unix: Fix leak of a fork error message.
8aa0f0374 ovsdb-cs: Perform forced reconnects without a backoff.
ee4e034dc datapath-windows:Correct checksum for DNAT action
72132a940 bond: Fix broken rebalancing after link state changes.
aa84cfe25 dpif-netlink: Fix report_loss() message.
aec05f7cd ovsdb-server: Fix memleak when failing to read storage.
05bdf11fc conntrack: Init hash basis first at creation.
94e3b9d9c netdev-linux: Ignore TSO packets when TSO is not enabled for userspace.
842bfb899 conntrack: Handle already natted packets.
ab873c1af conntrack: Document all-zero IP SNAT behavior and add a test case.
86d6a9ee1 python: Fix Idl.run change_seqno update.
1ba0c8365 bridge: Use correct (legacy) role names in database.
7e5293ea5 Prepare for 2.15.2.

The ptest results BEFORE uprev:
ERROR: 2231 tests were run,
27 failed unexpectedly.
62 tests were skipped.

Failed tests:
checkpatch - sign-offs
checkpatch - parenthesized constructs
checkpatch - parenthesized constructs - for
checkpatch - comments
checkpatch - whitespace around operator
checkpatch - whitespace around cast
ovs-ofctl snoop
tunnel - table version
tunnel_push_pop - erspan
tunnel_push_pop - action
tunnel_push_pop - packet_out
tunnel_push_pop_ipv6 - ip6gre
tunnel_push_pop_ipv6 - ip6erspan
tunnel_push_pop_ipv6 - action
PMD - non pmd device
ofproto-dpif - recirculation after resubmit
ofproto-dpif - sFlow packet sampling - IPv4 collector
ofproto-dpif - sFlow packet sampling - IPv6 collector
ofproto-dpif - sFlow packet sampling - LACP structures
ofproto-dpif - sFlow packet sampling - tunnel set
ofproto-dpif - sFlow packet sampling - tunnel push
ofproto-dpif - sFlow packet sampling - MPLS
bridge - multiple bridges share a controller
bridge - add port after stopping controller
mcast - check multicasts to trunk ports are not duplicated
ptap - triangle bridge setup with L2 and L3 GRE tunnels
ptap - L3 over patch port

The ptest results AFTER uprev:
ERROR: 2266 tests were run,
27 failed unexpectedly.
65 tests were skipped.

Failed tests:
checkpatch - sign-offs
checkpatch - parenthesized constructs
checkpatch - parenthesized constructs - for
checkpatch - comments
checkpatch - whitespace around operator
checkpatch - whitespace around cast
ovs-ofctl snoop
tunnel - table version
tunnel_push_pop - erspan
tunnel_push_pop - action
tunnel_push_pop - packet_out
tunnel_push_pop - packet_out debug_slow
tunnel_push_pop_ipv6 - ip6gre
tunnel_push_pop_ipv6 - ip6erspan
tunnel_push_pop_ipv6 - action
PMD - non pmd device
ofproto-dpif - sFlow packet sampling - IPv4 collector
ofproto-dpif - sFlow packet sampling - IPv6 collector
ofproto-dpif - sFlow packet sampling - LACP structures
ofproto-dpif - sFlow packet sampling - tunnel set
ofproto-dpif - sFlow packet sampling - tunnel push
ofproto-dpif - sFlow packet sampling - MPLS
bridge - multiple bridges share a controller
bridge - add port after stopping controller
mcast - check multicasts to trunk ports are not duplicated
ptap - triangle bridge setup with L2 and L3 GRE tunnels
ptap - L3 over patch port

Signed-off-by: He Zhe <zhe.he@...>
---
recipes-networking/openvswitch/openvswitch_git.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb
index 0fb7c132..4d413170 100644
--- a/recipes-networking/openvswitch/openvswitch_git.bb
+++ b/recipes-networking/openvswitch/openvswitch_git.bb
@@ -14,12 +14,12 @@ RDEPENDS:${PN}-ptest += "\
"

S = "${WORKDIR}/git"
-PV = "2.15.1+${SRCPV}"
-CVE_VERSION = "2.13.0"
+PV = "2.15.3+${SRCPV}"
+CVE_VERSION = "2.15.3"

FILESEXTRAPATHS:append := "${THISDIR}/${PN}-git:"

-SRCREV = "f8274b78c3403591e84f3c2bbacf8c86920d68ba"
+SRCREV = "e4d2df62e65a615e19f62e2fd294709be8d75cdc"
SRC_URI += "git://github.com/openvswitch/ovs.git;protocol=https;branch=branch-2.15 \
file://openvswitch-add-ptest-71d553b995d0bd527d3ab1e9fbaf5a2ae34de2f3.patch \
file://run-ptest \
--
2.17.1

441 - 460 of 7504