Date   

Re: [PATCH] criu: fix build errors with glibc 2.36

Bruce Ashfield
 

On Tue, Sep 6, 2022 at 10:50 PM Kai <kai.kang@...> wrote:

On 9/7/22 10:41, Bruce Ashfield wrote:
criu is a _git recipe, so we don't have to do backports, but can
instead just bump the SRCREV
Hi Bruce,
We also have time to bump it to the latest before the upcoming release.

Is there a reason why a version or SRCREV bump won't work here ?
I notice that the SRCREV in the bb file is exact tag of v3.17. And v3.18
have not release yet.

If it is ok to update to latest git revision, I'll do it.
It is not only ok, it is preferred!

We don't stick only to the release tags for any of the recipes in meta-virt

Bruce


Regards,
Kai


Bruce

On Thu, Sep 1, 2022 at 11:31 PM kai <kai.kang@...> wrote:
From: Kai Kang <kai.kang@...>

Backport patches to fix build errors with glibc 2.36.

Signed-off-by: Kai Kang <kai.kang@...>
---
recipes-containers/criu/criu_git.bb | 4 +-
.../0004-criu-fix-conflicting-headers.patch | 288 ++++++++++++++++++
...nt-add-definition-for-FSOPEN_CLOEXEC.patch | 110 +++++++
3 files changed, 401 insertions(+), 1 deletion(-)
create mode 100644 recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
create mode 100644 recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch

diff --git a/recipes-containers/criu/criu_git.bb b/recipes-containers/criu/criu_git.bb
index 46401f9..a218310 100644
--- a/recipes-containers/criu/criu_git.bb
+++ b/recipes-containers/criu/criu_git.bb
@@ -20,7 +20,9 @@ SRC_URI = "git://github.com/checkpoint-restore/criu.git;branch=master;protocol=h
file://0001-criu-Skip-documentation-install.patch \
file://0002-criu-Change-libraries-install-directory.patch \
file://0003-lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch \
- "
+ file://0004-criu-fix-conflicting-headers.patch \
+ file://0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch \
+ "

COMPATIBLE_HOST = "(x86_64|arm|aarch64).*-linux"

diff --git a/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch b/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
new file mode 100644
index 0000000..fa4cecd
--- /dev/null
+++ b/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
@@ -0,0 +1,288 @@
+Backport patch to fix criu compile error with glibc 2.36. Update context
+for Makefile.config.
+
+Upstream-Status: Backport [https://github.com/checkpoint-restore/criu/commit/4c86d6a7]
+
+Signed-off-by: Kai Kang <kai.kang@...>
+
+From 4c86d6a7d54abb64fc5a15131f3351224e8c071b Mon Sep 17 00:00:00 2001
+From: Radostin Stoyanov <rstoyanov@...>
+Date: Sun, 31 Jul 2022 16:07:30 +0000
+Subject: [PATCH] criu: fix conflicting headers
+
+There are several changes in glibc 2.36 that make sys/mount.h header
+incompatible with kernel headers:
+
+https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+This patch removes conflicting includes for `<linux/mount.h>` and
+updates the content of `criu/include/linux/mount.h` to match
+`/usr/include/sys/mount.h`. In addition, inline definitions sys_*()
+functions have been moved from "linux/mount.h" to "syscall.h" to
+avoid conflicts with `uapi/compel/plugins/std/syscall.h` and
+`<unistd.h>`. The include for `<linux/aio_abi.h>` has been replaced
+with local include to avoid conflicts with `<sys/mount.h>`.
+
+Fixes: #1949
+
+Signed-off-by: Radostin Stoyanov <rstoyanov@...>
+---
+ Makefile.config | 2 +-
+ criu/cgroup.c | 1 +
+ criu/cr-check.c | 2 +-
+ criu/cr-restore.c | 3 ++-
+ criu/include/aio.h | 2 +-
+ criu/include/linux/aio_abi.h | 14 +++++++++++
+ criu/include/linux/mount.h | 48 +++++++++++++++++++-----------------
+ criu/include/syscall.h | 17 +++++++++++++
+ criu/pie/parasite.c | 2 +-
+ criu/util.c | 1 +
+ scripts/feature-tests.mak | 13 ----------
+ 11 files changed, 64 insertions(+), 41 deletions(-)
+ create mode 100644 criu/include/linux/aio_abi.h
+ create mode 100644 criu/include/syscall.h
+
+diff --git a/Makefile.config b/Makefile.config
+index d113e2246..270ec61c0 100644
+--- a/Makefile.config
++++ b/Makefile.config
+@@ -78,7 +78,7 @@ export DEFINES += $(FEATURE_DEFINES)
+ export CFLAGS += $(FEATURE_DEFINES)
+
+ FEATURES_LIST := TCP_REPAIR STRLCPY STRLCAT PTRACE_PEEKSIGINFO \
+- SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW FSCONFIG MEMFD_CREATE OPENAT2
++ SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW MEMFD_CREATE OPENAT2
+
+ # $1 - config name
+ define gen-feature-test
+diff --git a/criu/cgroup.c b/criu/cgroup.c
+index e05b0832e..325df6a1d 100644
+--- a/criu/cgroup.c
++++ b/criu/cgroup.c
+@@ -27,6 +27,7 @@
+ #include "images/cgroup.pb-c.h"
+ #include "kerndat.h"
+ #include "linux/mount.h"
++#include "syscall.h"
+
+ /*
+ * This structure describes set of controller groups
+diff --git a/criu/cr-check.c b/criu/cr-check.c
+index f589a91da..0ca80192c 100644
+--- a/criu/cr-check.c
++++ b/criu/cr-check.c
+@@ -21,7 +21,6 @@
+ #include <sys/prctl.h>
+ #include <sched.h>
+ #include <sys/mount.h>
+-#include <linux/aio_abi.h>
+
+ #include "../soccr/soccr.h"
+
+@@ -52,6 +51,7 @@
+ #include "net.h"
+ #include "restorer.h"
+ #include "uffd.h"
++#include "linux/aio_abi.h"
+
+ #include "images/inventory.pb-c.h"
+
+diff --git a/criu/cr-restore.c b/criu/cr-restore.c
+index 279246c19..d11d28173 100644
+--- a/criu/cr-restore.c
++++ b/criu/cr-restore.c
+@@ -22,7 +22,6 @@
+ #include <compel/ptrace.h>
+ #include "common/compiler.h"
+
+-#include "linux/mount.h"
+ #include "linux/rseq.h"
+
+ #include "clone-noasan.h"
+@@ -86,6 +85,8 @@
+ #include <compel/plugins/std/syscall-codes.h>
+ #include "compel/include/asm/syscall.h"
+
++#include "linux/mount.h"
++
+ #include "protobuf.h"
+ #include "images/sa.pb-c.h"
+ #include "images/timer.pb-c.h"
+diff --git a/criu/include/aio.h b/criu/include/aio.h
+index d1655739d..38e704020 100644
+--- a/criu/include/aio.h
++++ b/criu/include/aio.h
+@@ -1,7 +1,7 @@
+ #ifndef __CR_AIO_H__
+ #define __CR_AIO_H__
+
+-#include <linux/aio_abi.h>
++#include "linux/aio_abi.h"
+ #include "images/mm.pb-c.h"
+ unsigned int aio_estimate_nr_reqs(unsigned int size);
+ int dump_aio_ring(MmEntry *mme, struct vma_area *vma);
+diff --git a/criu/include/linux/aio_abi.h b/criu/include/linux/aio_abi.h
+new file mode 100644
+index 000000000..d9ce78720
+--- /dev/null
++++ b/criu/include/linux/aio_abi.h
+@@ -0,0 +1,14 @@
++#ifndef __LINUX__AIO_ABI_H
++#define __LINUX__AIO_ABI_H
++
++typedef __kernel_ulong_t aio_context_t;
++
++/* read() from /dev/aio returns these structures. */
++struct io_event {
++ __u64 data; /* the data field from the iocb */
++ __u64 obj; /* what iocb this event came from */
++ __s64 res; /* result code for this event */
++ __s64 res2; /* secondary result */
++};
++
++#endif /* __LINUX__AIO_ABI_H */
+diff --git a/criu/include/linux/mount.h b/criu/include/linux/mount.h
+index 9a3a28b10..0d55a588c 100644
+--- a/criu/include/linux/mount.h
++++ b/criu/include/linux/mount.h
+@@ -4,32 +4,34 @@
+ #include "common/config.h"
+ #include "compel/plugins/std/syscall-codes.h"
+
+-#ifdef CONFIG_HAS_FSCONFIG
+-#include <linux/mount.h>
+-#else
++/* Copied from /usr/include/sys/mount.h */
++
++#ifndef FSCONFIG_CMD_CREATE
++/* The type of fsconfig call made. */
+ enum fsconfig_command {
+- FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+- FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+- FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+- FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+- FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+- FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+- FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
++ FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
++#define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG
++ FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
++#define FSCONFIG_SET_STRING FSCONFIG_SET_STRING
++ FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
++#define FSCONFIG_SET_BINARY FSCONFIG_SET_BINARY
++ FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
++#define FSCONFIG_SET_PATH FSCONFIG_SET_PATH
++ FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
++#define FSCONFIG_SET_PATH_EMPTY FSCONFIG_SET_PATH_EMPTY
++ FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
++#define FSCONFIG_SET_FD FSCONFIG_SET_FD
++ FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
++#define FSCONFIG_CMD_CREATE FSCONFIG_CMD_CREATE
+ FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
++#define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE
+ };
+-#endif
++#endif // FSCONFIG_CMD_CREATE
+
+-static inline int sys_fsopen(const char *fsname, unsigned int flags)
+-{
+- return syscall(__NR_fsopen, fsname, flags);
+-}
+-static inline int sys_fsconfig(int fd, unsigned int cmd, const char *key, const char *value, int aux)
+-{
+- return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
+-}
+-static inline int sys_fsmount(int fd, unsigned int flags, unsigned int attr_flags)
+-{
+- return syscall(__NR_fsmount, fd, flags, attr_flags);
+-}
++#ifndef MS_MGC_VAL
++/* Magic mount flag number. Has to be or-ed to the flag values. */
++#define MS_MGC_VAL 0xc0ed0000 /* Magic flag number to indicate "new" flags */
++#define MS_MGC_MSK 0xffff0000 /* Magic flag number mask */
++#endif
+
+ #endif
+diff --git a/criu/include/syscall.h b/criu/include/syscall.h
+new file mode 100644
+index 000000000..c38d6d971
+--- /dev/null
++++ b/criu/include/syscall.h
+@@ -0,0 +1,17 @@
++#ifndef __CR_SYSCALL_H__
++#define __CR_SYSCALL_H__
++
++static inline int sys_fsopen(const char *fsname, unsigned int flags)
++{
++ return syscall(__NR_fsopen, fsname, flags);
++}
++static inline int sys_fsconfig(int fd, unsigned int cmd, const char *key, const char *value, int aux)
++{
++ return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
++}
++static inline int sys_fsmount(int fd, unsigned int flags, unsigned int attr_flags)
++{
++ return syscall(__NR_fsmount, fd, flags, attr_flags);
++}
++
++#endif /* __CR_SYSCALL_H__ */
+\ No newline at end of file
+diff --git a/criu/pie/parasite.c b/criu/pie/parasite.c
+index e7eb1fcb6..f75fe13bb 100644
+--- a/criu/pie/parasite.c
++++ b/criu/pie/parasite.c
+@@ -3,7 +3,6 @@
+ #include <signal.h>
+ #include <linux/limits.h>
+ #include <linux/capability.h>
+-#include <sys/mount.h>
+ #include <stdarg.h>
+ #include <sys/ioctl.h>
+ #include <sys/uio.h>
+@@ -14,6 +13,7 @@
+ #include "int.h"
+ #include "types.h"
+ #include <compel/plugins/std/syscall.h>
++#include "linux/mount.h"
+ #include "parasite.h"
+ #include "fcntl.h"
+ #include "prctl.h"
+diff --git a/criu/util.c b/criu/util.c
+index 5f69465b4..060ca3bd4 100644
+--- a/criu/util.c
++++ b/criu/util.c
+@@ -40,6 +40,7 @@
+ #include "mem.h"
+ #include "namespaces.h"
+ #include "criu-log.h"
++#include "syscall.h"
+
+ #include "clone-noasan.h"
+ #include "cr_options.h"
+diff --git a/scripts/feature-tests.mak b/scripts/feature-tests.mak
+index 014e893a8..fb5d2ef7a 100644
+--- a/scripts/feature-tests.mak
++++ b/scripts/feature-tests.mak
+@@ -137,19 +137,6 @@ ENTRY(main)
+ END(main)
+ endef
+
+-define FEATURE_TEST_FSCONFIG
+-
+-#include <linux/mount.h>
+-
+-int main(void)
+-{
+- if (FSCONFIG_CMD_CREATE > 0)
+- return 0;
+- return 0;
+-}
+-
+-endef
+-
+ define FEATURE_TEST_NFTABLES_LIB_API_0
+
+ #include <string.h>
+--
+2.34.1
+
diff --git a/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch b/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch
new file mode 100644
index 0000000..dc41d36
--- /dev/null
+++ b/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch
@@ -0,0 +1,110 @@
+Upstream-Status: Backport [https://github.com/checkpoint-restore/criu/commit/517c0947]
+
+Signed-off-by: Kai Kang <kai.kang@...>
+
+From 517c0947050e63aac72f63a3bf373d76264723b9 Mon Sep 17 00:00:00 2001
+From: Radostin Stoyanov <rstoyanov@...>
+Date: Wed, 24 Aug 2022 21:20:30 +0200
+Subject: [PATCH 2/2] mount: add definition for FSOPEN_CLOEXEC
+
+A recent change in glibc introduced `enum fsconfig_command` [1] and as a
+result the compilation of criu fails with the following errors
+
+In file included from criu/pie/util.c:3:
+/usr/include/sys/mount.h:240:6: error: redeclaration of 'enum fsconfig_command'
+ 240 | enum fsconfig_command
+ | ^~~~~~~~~~~~~~~~
+In file included from /usr/include/sys/mount.h:32:
+criu/include/linux/mount.h:11:6: note: originally defined here
+ 11 | enum fsconfig_command {
+ | ^~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:242:3: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
+ 242 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+ | ^~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:12:9: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
+ 12 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+ | ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:244:3: error: redeclaration of enumerator 'FSCONFIG_SET_STRING'
+ 244 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:14:9: note: previous definition of 'FSCONFIG_SET_STRING' with type 'enum fsconfig_command'
+ 14 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:246:3: error: redeclaration of enumerator 'FSCONFIG_SET_BINARY'
+ 246 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:16:9: note: previous definition of 'FSCONFIG_SET_BINARY' with type 'enum fsconfig_command'
+ 16 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:248:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH'
+ 248 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+ | ^~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:18:9: note: previous definition of 'FSCONFIG_SET_PATH' with type 'enum fsconfig_command'
+ 18 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+ | ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:250:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH_EMPTY'
+ 250 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+ | ^~~~~~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:20:9: note: previous definition of 'FSCONFIG_SET_PATH_EMPTY' with type 'enum fsconfig_command'
+ 20 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+ | ^~~~~~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:252:3: error: redeclaration of enumerator 'FSCONFIG_SET_FD'
+ 252 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+ | ^~~~~~~~~~~~~~~
+criu/include/linux/mount.h:22:9: note: previous definition of 'FSCONFIG_SET_FD' with type 'enum fsconfig_command'
+ 22 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+ | ^~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:254:3: error: redeclaration of enumerator 'FSCONFIG_CMD_CREATE'
+ 254 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:24:9: note: previous definition of 'FSCONFIG_CMD_CREATE' with type 'enum fsconfig_command'
+ 24 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:256:3: error: redeclaration of enumerator 'FSCONFIG_CMD_RECONFIGURE'
+ 256 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+ | ^~~~~~~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:26:9: note: previous definition of 'FSCONFIG_CMD_RECONFIGURE' with type 'enum fsconfig_command'
+ 26 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+
+This patch adds definition for FSOPEN_CLOEXEC to solve this problem. In particular,
+sys/mount.h includes ifndef check for FSOPEN_CLOEXEC surrounding `enum fsconfig_command`.
+
+[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7eae6a91e9b1670330c9f15730082c91c0b1d570
+
+Reported-by: Younes Manton (@ymanton)
+Signed-off-by: Radostin Stoyanov <rstoyanov@...>
+---
+ criu/include/linux/mount.h | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/criu/include/linux/mount.h b/criu/include/linux/mount.h
+index 0d55a588c..fefafa89e 100644
+--- a/criu/include/linux/mount.h
++++ b/criu/include/linux/mount.h
+@@ -6,7 +6,7 @@
+
+ /* Copied from /usr/include/sys/mount.h */
+
+-#ifndef FSCONFIG_CMD_CREATE
++#ifndef FSOPEN_CLOEXEC
+ /* The type of fsconfig call made. */
+ enum fsconfig_command {
+ FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+@@ -26,7 +26,13 @@ enum fsconfig_command {
+ FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+ #define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE
+ };
+-#endif // FSCONFIG_CMD_CREATE
++
++#endif // FSOPEN_CLOEXEC
++
++/* fsopen flags. With the redundant definition, we check if the kernel,
++ * glibc value and our value still match.
++ */
++#define FSOPEN_CLOEXEC 0x00000001
+
+ #ifndef MS_MGC_VAL
+ /* Magic mount flag number. Has to be or-ed to the flag values. */
+--
+2.34.1
+
--
2.17.1



--
Kai Kang
Wind River Linux

--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [kirkstone][PATCH 1/3] buildah: add recipe for buildah v1.26

Andrei Gherzan
 

On Wed, 7 Sep 2022, at 03:39, Bruce Ashfield wrote:
Technically we don't add new packages to old branches, without a very
good reason.

Sure, this can't break anything that already exists in kirkstone, but
it is a new feature when you consider supported hosts, etc.

The changes to master look fine, but I need to consider this a bit longer.
That is absolutely fine and understandable. I will import them in local layers if they don't reach kirkstone.

Regards,
Andrei


Re: [PATCH] criu: fix build errors with glibc 2.36

Kai Kang
 

On 9/7/22 10:41, Bruce Ashfield wrote:
criu is a _git recipe, so we don't have to do backports, but can
instead just bump the SRCREV
Hi Bruce,
We also have time to bump it to the latest before the upcoming release.

Is there a reason why a version or SRCREV bump won't work here ?
I notice that the SRCREV in the bb file is exact tag of v3.17. And v3.18 have not release yet.

If it is ok to update to latest git revision, I'll do it.

Regards,
Kai


Bruce

On Thu, Sep 1, 2022 at 11:31 PM kai <kai.kang@...> wrote:
From: Kai Kang <kai.kang@...>

Backport patches to fix build errors with glibc 2.36.

Signed-off-by: Kai Kang <kai.kang@...>
---
recipes-containers/criu/criu_git.bb | 4 +-
.../0004-criu-fix-conflicting-headers.patch | 288 ++++++++++++++++++
...nt-add-definition-for-FSOPEN_CLOEXEC.patch | 110 +++++++
3 files changed, 401 insertions(+), 1 deletion(-)
create mode 100644 recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
create mode 100644 recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch

diff --git a/recipes-containers/criu/criu_git.bb b/recipes-containers/criu/criu_git.bb
index 46401f9..a218310 100644
--- a/recipes-containers/criu/criu_git.bb
+++ b/recipes-containers/criu/criu_git.bb
@@ -20,7 +20,9 @@ SRC_URI = "git://github.com/checkpoint-restore/criu.git;branch=master;protocol=h
file://0001-criu-Skip-documentation-install.patch \
file://0002-criu-Change-libraries-install-directory.patch \
file://0003-lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch \
- "
+ file://0004-criu-fix-conflicting-headers.patch \
+ file://0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch \
+ "

COMPATIBLE_HOST = "(x86_64|arm|aarch64).*-linux"

diff --git a/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch b/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
new file mode 100644
index 0000000..fa4cecd
--- /dev/null
+++ b/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
@@ -0,0 +1,288 @@
+Backport patch to fix criu compile error with glibc 2.36. Update context
+for Makefile.config.
+
+Upstream-Status: Backport [https://github.com/checkpoint-restore/criu/commit/4c86d6a7]
+
+Signed-off-by: Kai Kang <kai.kang@...>
+
+From 4c86d6a7d54abb64fc5a15131f3351224e8c071b Mon Sep 17 00:00:00 2001
+From: Radostin Stoyanov <rstoyanov@...>
+Date: Sun, 31 Jul 2022 16:07:30 +0000
+Subject: [PATCH] criu: fix conflicting headers
+
+There are several changes in glibc 2.36 that make sys/mount.h header
+incompatible with kernel headers:
+
+https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+This patch removes conflicting includes for `<linux/mount.h>` and
+updates the content of `criu/include/linux/mount.h` to match
+`/usr/include/sys/mount.h`. In addition, inline definitions sys_*()
+functions have been moved from "linux/mount.h" to "syscall.h" to
+avoid conflicts with `uapi/compel/plugins/std/syscall.h` and
+`<unistd.h>`. The include for `<linux/aio_abi.h>` has been replaced
+with local include to avoid conflicts with `<sys/mount.h>`.
+
+Fixes: #1949
+
+Signed-off-by: Radostin Stoyanov <rstoyanov@...>
+---
+ Makefile.config | 2 +-
+ criu/cgroup.c | 1 +
+ criu/cr-check.c | 2 +-
+ criu/cr-restore.c | 3 ++-
+ criu/include/aio.h | 2 +-
+ criu/include/linux/aio_abi.h | 14 +++++++++++
+ criu/include/linux/mount.h | 48 +++++++++++++++++++-----------------
+ criu/include/syscall.h | 17 +++++++++++++
+ criu/pie/parasite.c | 2 +-
+ criu/util.c | 1 +
+ scripts/feature-tests.mak | 13 ----------
+ 11 files changed, 64 insertions(+), 41 deletions(-)
+ create mode 100644 criu/include/linux/aio_abi.h
+ create mode 100644 criu/include/syscall.h
+
+diff --git a/Makefile.config b/Makefile.config
+index d113e2246..270ec61c0 100644
+--- a/Makefile.config
++++ b/Makefile.config
+@@ -78,7 +78,7 @@ export DEFINES += $(FEATURE_DEFINES)
+ export CFLAGS += $(FEATURE_DEFINES)
+
+ FEATURES_LIST := TCP_REPAIR STRLCPY STRLCAT PTRACE_PEEKSIGINFO \
+- SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW FSCONFIG MEMFD_CREATE OPENAT2
++ SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW MEMFD_CREATE OPENAT2
+
+ # $1 - config name
+ define gen-feature-test
+diff --git a/criu/cgroup.c b/criu/cgroup.c
+index e05b0832e..325df6a1d 100644
+--- a/criu/cgroup.c
++++ b/criu/cgroup.c
+@@ -27,6 +27,7 @@
+ #include "images/cgroup.pb-c.h"
+ #include "kerndat.h"
+ #include "linux/mount.h"
++#include "syscall.h"
+
+ /*
+ * This structure describes set of controller groups
+diff --git a/criu/cr-check.c b/criu/cr-check.c
+index f589a91da..0ca80192c 100644
+--- a/criu/cr-check.c
++++ b/criu/cr-check.c
+@@ -21,7 +21,6 @@
+ #include <sys/prctl.h>
+ #include <sched.h>
+ #include <sys/mount.h>
+-#include <linux/aio_abi.h>
+
+ #include "../soccr/soccr.h"
+
+@@ -52,6 +51,7 @@
+ #include "net.h"
+ #include "restorer.h"
+ #include "uffd.h"
++#include "linux/aio_abi.h"
+
+ #include "images/inventory.pb-c.h"
+
+diff --git a/criu/cr-restore.c b/criu/cr-restore.c
+index 279246c19..d11d28173 100644
+--- a/criu/cr-restore.c
++++ b/criu/cr-restore.c
+@@ -22,7 +22,6 @@
+ #include <compel/ptrace.h>
+ #include "common/compiler.h"
+
+-#include "linux/mount.h"
+ #include "linux/rseq.h"
+
+ #include "clone-noasan.h"
+@@ -86,6 +85,8 @@
+ #include <compel/plugins/std/syscall-codes.h>
+ #include "compel/include/asm/syscall.h"
+
++#include "linux/mount.h"
++
+ #include "protobuf.h"
+ #include "images/sa.pb-c.h"
+ #include "images/timer.pb-c.h"
+diff --git a/criu/include/aio.h b/criu/include/aio.h
+index d1655739d..38e704020 100644
+--- a/criu/include/aio.h
++++ b/criu/include/aio.h
+@@ -1,7 +1,7 @@
+ #ifndef __CR_AIO_H__
+ #define __CR_AIO_H__
+
+-#include <linux/aio_abi.h>
++#include "linux/aio_abi.h"
+ #include "images/mm.pb-c.h"
+ unsigned int aio_estimate_nr_reqs(unsigned int size);
+ int dump_aio_ring(MmEntry *mme, struct vma_area *vma);
+diff --git a/criu/include/linux/aio_abi.h b/criu/include/linux/aio_abi.h
+new file mode 100644
+index 000000000..d9ce78720
+--- /dev/null
++++ b/criu/include/linux/aio_abi.h
+@@ -0,0 +1,14 @@
++#ifndef __LINUX__AIO_ABI_H
++#define __LINUX__AIO_ABI_H
++
++typedef __kernel_ulong_t aio_context_t;
++
++/* read() from /dev/aio returns these structures. */
++struct io_event {
++ __u64 data; /* the data field from the iocb */
++ __u64 obj; /* what iocb this event came from */
++ __s64 res; /* result code for this event */
++ __s64 res2; /* secondary result */
++};
++
++#endif /* __LINUX__AIO_ABI_H */
+diff --git a/criu/include/linux/mount.h b/criu/include/linux/mount.h
+index 9a3a28b10..0d55a588c 100644
+--- a/criu/include/linux/mount.h
++++ b/criu/include/linux/mount.h
+@@ -4,32 +4,34 @@
+ #include "common/config.h"
+ #include "compel/plugins/std/syscall-codes.h"
+
+-#ifdef CONFIG_HAS_FSCONFIG
+-#include <linux/mount.h>
+-#else
++/* Copied from /usr/include/sys/mount.h */
++
++#ifndef FSCONFIG_CMD_CREATE
++/* The type of fsconfig call made. */
+ enum fsconfig_command {
+- FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+- FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+- FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+- FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+- FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+- FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+- FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
++ FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
++#define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG
++ FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
++#define FSCONFIG_SET_STRING FSCONFIG_SET_STRING
++ FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
++#define FSCONFIG_SET_BINARY FSCONFIG_SET_BINARY
++ FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
++#define FSCONFIG_SET_PATH FSCONFIG_SET_PATH
++ FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
++#define FSCONFIG_SET_PATH_EMPTY FSCONFIG_SET_PATH_EMPTY
++ FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
++#define FSCONFIG_SET_FD FSCONFIG_SET_FD
++ FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
++#define FSCONFIG_CMD_CREATE FSCONFIG_CMD_CREATE
+ FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
++#define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE
+ };
+-#endif
++#endif // FSCONFIG_CMD_CREATE
+
+-static inline int sys_fsopen(const char *fsname, unsigned int flags)
+-{
+- return syscall(__NR_fsopen, fsname, flags);
+-}
+-static inline int sys_fsconfig(int fd, unsigned int cmd, const char *key, const char *value, int aux)
+-{
+- return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
+-}
+-static inline int sys_fsmount(int fd, unsigned int flags, unsigned int attr_flags)
+-{
+- return syscall(__NR_fsmount, fd, flags, attr_flags);
+-}
++#ifndef MS_MGC_VAL
++/* Magic mount flag number. Has to be or-ed to the flag values. */
++#define MS_MGC_VAL 0xc0ed0000 /* Magic flag number to indicate "new" flags */
++#define MS_MGC_MSK 0xffff0000 /* Magic flag number mask */
++#endif
+
+ #endif
+diff --git a/criu/include/syscall.h b/criu/include/syscall.h
+new file mode 100644
+index 000000000..c38d6d971
+--- /dev/null
++++ b/criu/include/syscall.h
+@@ -0,0 +1,17 @@
++#ifndef __CR_SYSCALL_H__
++#define __CR_SYSCALL_H__
++
++static inline int sys_fsopen(const char *fsname, unsigned int flags)
++{
++ return syscall(__NR_fsopen, fsname, flags);
++}
++static inline int sys_fsconfig(int fd, unsigned int cmd, const char *key, const char *value, int aux)
++{
++ return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
++}
++static inline int sys_fsmount(int fd, unsigned int flags, unsigned int attr_flags)
++{
++ return syscall(__NR_fsmount, fd, flags, attr_flags);
++}
++
++#endif /* __CR_SYSCALL_H__ */
+\ No newline at end of file
+diff --git a/criu/pie/parasite.c b/criu/pie/parasite.c
+index e7eb1fcb6..f75fe13bb 100644
+--- a/criu/pie/parasite.c
++++ b/criu/pie/parasite.c
+@@ -3,7 +3,6 @@
+ #include <signal.h>
+ #include <linux/limits.h>
+ #include <linux/capability.h>
+-#include <sys/mount.h>
+ #include <stdarg.h>
+ #include <sys/ioctl.h>
+ #include <sys/uio.h>
+@@ -14,6 +13,7 @@
+ #include "int.h"
+ #include "types.h"
+ #include <compel/plugins/std/syscall.h>
++#include "linux/mount.h"
+ #include "parasite.h"
+ #include "fcntl.h"
+ #include "prctl.h"
+diff --git a/criu/util.c b/criu/util.c
+index 5f69465b4..060ca3bd4 100644
+--- a/criu/util.c
++++ b/criu/util.c
+@@ -40,6 +40,7 @@
+ #include "mem.h"
+ #include "namespaces.h"
+ #include "criu-log.h"
++#include "syscall.h"
+
+ #include "clone-noasan.h"
+ #include "cr_options.h"
+diff --git a/scripts/feature-tests.mak b/scripts/feature-tests.mak
+index 014e893a8..fb5d2ef7a 100644
+--- a/scripts/feature-tests.mak
++++ b/scripts/feature-tests.mak
+@@ -137,19 +137,6 @@ ENTRY(main)
+ END(main)
+ endef
+
+-define FEATURE_TEST_FSCONFIG
+-
+-#include <linux/mount.h>
+-
+-int main(void)
+-{
+- if (FSCONFIG_CMD_CREATE > 0)
+- return 0;
+- return 0;
+-}
+-
+-endef
+-
+ define FEATURE_TEST_NFTABLES_LIB_API_0
+
+ #include <string.h>
+--
+2.34.1
+
diff --git a/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch b/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch
new file mode 100644
index 0000000..dc41d36
--- /dev/null
+++ b/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch
@@ -0,0 +1,110 @@
+Upstream-Status: Backport [https://github.com/checkpoint-restore/criu/commit/517c0947]
+
+Signed-off-by: Kai Kang <kai.kang@...>
+
+From 517c0947050e63aac72f63a3bf373d76264723b9 Mon Sep 17 00:00:00 2001
+From: Radostin Stoyanov <rstoyanov@...>
+Date: Wed, 24 Aug 2022 21:20:30 +0200
+Subject: [PATCH 2/2] mount: add definition for FSOPEN_CLOEXEC
+
+A recent change in glibc introduced `enum fsconfig_command` [1] and as a
+result the compilation of criu fails with the following errors
+
+In file included from criu/pie/util.c:3:
+/usr/include/sys/mount.h:240:6: error: redeclaration of 'enum fsconfig_command'
+ 240 | enum fsconfig_command
+ | ^~~~~~~~~~~~~~~~
+In file included from /usr/include/sys/mount.h:32:
+criu/include/linux/mount.h:11:6: note: originally defined here
+ 11 | enum fsconfig_command {
+ | ^~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:242:3: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
+ 242 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+ | ^~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:12:9: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
+ 12 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+ | ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:244:3: error: redeclaration of enumerator 'FSCONFIG_SET_STRING'
+ 244 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:14:9: note: previous definition of 'FSCONFIG_SET_STRING' with type 'enum fsconfig_command'
+ 14 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:246:3: error: redeclaration of enumerator 'FSCONFIG_SET_BINARY'
+ 246 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:16:9: note: previous definition of 'FSCONFIG_SET_BINARY' with type 'enum fsconfig_command'
+ 16 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:248:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH'
+ 248 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+ | ^~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:18:9: note: previous definition of 'FSCONFIG_SET_PATH' with type 'enum fsconfig_command'
+ 18 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+ | ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:250:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH_EMPTY'
+ 250 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+ | ^~~~~~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:20:9: note: previous definition of 'FSCONFIG_SET_PATH_EMPTY' with type 'enum fsconfig_command'
+ 20 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+ | ^~~~~~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:252:3: error: redeclaration of enumerator 'FSCONFIG_SET_FD'
+ 252 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+ | ^~~~~~~~~~~~~~~
+criu/include/linux/mount.h:22:9: note: previous definition of 'FSCONFIG_SET_FD' with type 'enum fsconfig_command'
+ 22 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+ | ^~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:254:3: error: redeclaration of enumerator 'FSCONFIG_CMD_CREATE'
+ 254 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:24:9: note: previous definition of 'FSCONFIG_CMD_CREATE' with type 'enum fsconfig_command'
+ 24 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:256:3: error: redeclaration of enumerator 'FSCONFIG_CMD_RECONFIGURE'
+ 256 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+ | ^~~~~~~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:26:9: note: previous definition of 'FSCONFIG_CMD_RECONFIGURE' with type 'enum fsconfig_command'
+ 26 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+
+This patch adds definition for FSOPEN_CLOEXEC to solve this problem. In particular,
+sys/mount.h includes ifndef check for FSOPEN_CLOEXEC surrounding `enum fsconfig_command`.
+
+[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7eae6a91e9b1670330c9f15730082c91c0b1d570
+
+Reported-by: Younes Manton (@ymanton)
+Signed-off-by: Radostin Stoyanov <rstoyanov@...>
+---
+ criu/include/linux/mount.h | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/criu/include/linux/mount.h b/criu/include/linux/mount.h
+index 0d55a588c..fefafa89e 100644
+--- a/criu/include/linux/mount.h
++++ b/criu/include/linux/mount.h
+@@ -6,7 +6,7 @@
+
+ /* Copied from /usr/include/sys/mount.h */
+
+-#ifndef FSCONFIG_CMD_CREATE
++#ifndef FSOPEN_CLOEXEC
+ /* The type of fsconfig call made. */
+ enum fsconfig_command {
+ FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+@@ -26,7 +26,13 @@ enum fsconfig_command {
+ FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+ #define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE
+ };
+-#endif // FSCONFIG_CMD_CREATE
++
++#endif // FSOPEN_CLOEXEC
++
++/* fsopen flags. With the redundant definition, we check if the kernel,
++ * glibc value and our value still match.
++ */
++#define FSOPEN_CLOEXEC 0x00000001
+
+ #ifndef MS_MGC_VAL
+ /* Magic mount flag number. Has to be or-ed to the flag values. */
+--
+2.34.1
+
--
2.17.1


--
Kai Kang
Wind River Linux


Re: [PATCH] criu: fix build errors with glibc 2.36

Bruce Ashfield
 

criu is a _git recipe, so we don't have to do backports, but can
instead just bump the SRCREV

We also have time to bump it to the latest before the upcoming release.

Is there a reason why a version or SRCREV bump won't work here ?

Bruce

On Thu, Sep 1, 2022 at 11:31 PM kai <kai.kang@...> wrote:

From: Kai Kang <kai.kang@...>

Backport patches to fix build errors with glibc 2.36.

Signed-off-by: Kai Kang <kai.kang@...>
---
recipes-containers/criu/criu_git.bb | 4 +-
.../0004-criu-fix-conflicting-headers.patch | 288 ++++++++++++++++++
...nt-add-definition-for-FSOPEN_CLOEXEC.patch | 110 +++++++
3 files changed, 401 insertions(+), 1 deletion(-)
create mode 100644 recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
create mode 100644 recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch

diff --git a/recipes-containers/criu/criu_git.bb b/recipes-containers/criu/criu_git.bb
index 46401f9..a218310 100644
--- a/recipes-containers/criu/criu_git.bb
+++ b/recipes-containers/criu/criu_git.bb
@@ -20,7 +20,9 @@ SRC_URI = "git://github.com/checkpoint-restore/criu.git;branch=master;protocol=h
file://0001-criu-Skip-documentation-install.patch \
file://0002-criu-Change-libraries-install-directory.patch \
file://0003-lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch \
- "
+ file://0004-criu-fix-conflicting-headers.patch \
+ file://0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch \
+ "

COMPATIBLE_HOST = "(x86_64|arm|aarch64).*-linux"

diff --git a/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch b/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
new file mode 100644
index 0000000..fa4cecd
--- /dev/null
+++ b/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
@@ -0,0 +1,288 @@
+Backport patch to fix criu compile error with glibc 2.36. Update context
+for Makefile.config.
+
+Upstream-Status: Backport [https://github.com/checkpoint-restore/criu/commit/4c86d6a7]
+
+Signed-off-by: Kai Kang <kai.kang@...>
+
+From 4c86d6a7d54abb64fc5a15131f3351224e8c071b Mon Sep 17 00:00:00 2001
+From: Radostin Stoyanov <rstoyanov@...>
+Date: Sun, 31 Jul 2022 16:07:30 +0000
+Subject: [PATCH] criu: fix conflicting headers
+
+There are several changes in glibc 2.36 that make sys/mount.h header
+incompatible with kernel headers:
+
+https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+This patch removes conflicting includes for `<linux/mount.h>` and
+updates the content of `criu/include/linux/mount.h` to match
+`/usr/include/sys/mount.h`. In addition, inline definitions sys_*()
+functions have been moved from "linux/mount.h" to "syscall.h" to
+avoid conflicts with `uapi/compel/plugins/std/syscall.h` and
+`<unistd.h>`. The include for `<linux/aio_abi.h>` has been replaced
+with local include to avoid conflicts with `<sys/mount.h>`.
+
+Fixes: #1949
+
+Signed-off-by: Radostin Stoyanov <rstoyanov@...>
+---
+ Makefile.config | 2 +-
+ criu/cgroup.c | 1 +
+ criu/cr-check.c | 2 +-
+ criu/cr-restore.c | 3 ++-
+ criu/include/aio.h | 2 +-
+ criu/include/linux/aio_abi.h | 14 +++++++++++
+ criu/include/linux/mount.h | 48 +++++++++++++++++++-----------------
+ criu/include/syscall.h | 17 +++++++++++++
+ criu/pie/parasite.c | 2 +-
+ criu/util.c | 1 +
+ scripts/feature-tests.mak | 13 ----------
+ 11 files changed, 64 insertions(+), 41 deletions(-)
+ create mode 100644 criu/include/linux/aio_abi.h
+ create mode 100644 criu/include/syscall.h
+
+diff --git a/Makefile.config b/Makefile.config
+index d113e2246..270ec61c0 100644
+--- a/Makefile.config
++++ b/Makefile.config
+@@ -78,7 +78,7 @@ export DEFINES += $(FEATURE_DEFINES)
+ export CFLAGS += $(FEATURE_DEFINES)
+
+ FEATURES_LIST := TCP_REPAIR STRLCPY STRLCAT PTRACE_PEEKSIGINFO \
+- SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW FSCONFIG MEMFD_CREATE OPENAT2
++ SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW MEMFD_CREATE OPENAT2
+
+ # $1 - config name
+ define gen-feature-test
+diff --git a/criu/cgroup.c b/criu/cgroup.c
+index e05b0832e..325df6a1d 100644
+--- a/criu/cgroup.c
++++ b/criu/cgroup.c
+@@ -27,6 +27,7 @@
+ #include "images/cgroup.pb-c.h"
+ #include "kerndat.h"
+ #include "linux/mount.h"
++#include "syscall.h"
+
+ /*
+ * This structure describes set of controller groups
+diff --git a/criu/cr-check.c b/criu/cr-check.c
+index f589a91da..0ca80192c 100644
+--- a/criu/cr-check.c
++++ b/criu/cr-check.c
+@@ -21,7 +21,6 @@
+ #include <sys/prctl.h>
+ #include <sched.h>
+ #include <sys/mount.h>
+-#include <linux/aio_abi.h>
+
+ #include "../soccr/soccr.h"
+
+@@ -52,6 +51,7 @@
+ #include "net.h"
+ #include "restorer.h"
+ #include "uffd.h"
++#include "linux/aio_abi.h"
+
+ #include "images/inventory.pb-c.h"
+
+diff --git a/criu/cr-restore.c b/criu/cr-restore.c
+index 279246c19..d11d28173 100644
+--- a/criu/cr-restore.c
++++ b/criu/cr-restore.c
+@@ -22,7 +22,6 @@
+ #include <compel/ptrace.h>
+ #include "common/compiler.h"
+
+-#include "linux/mount.h"
+ #include "linux/rseq.h"
+
+ #include "clone-noasan.h"
+@@ -86,6 +85,8 @@
+ #include <compel/plugins/std/syscall-codes.h>
+ #include "compel/include/asm/syscall.h"
+
++#include "linux/mount.h"
++
+ #include "protobuf.h"
+ #include "images/sa.pb-c.h"
+ #include "images/timer.pb-c.h"
+diff --git a/criu/include/aio.h b/criu/include/aio.h
+index d1655739d..38e704020 100644
+--- a/criu/include/aio.h
++++ b/criu/include/aio.h
+@@ -1,7 +1,7 @@
+ #ifndef __CR_AIO_H__
+ #define __CR_AIO_H__
+
+-#include <linux/aio_abi.h>
++#include "linux/aio_abi.h"
+ #include "images/mm.pb-c.h"
+ unsigned int aio_estimate_nr_reqs(unsigned int size);
+ int dump_aio_ring(MmEntry *mme, struct vma_area *vma);
+diff --git a/criu/include/linux/aio_abi.h b/criu/include/linux/aio_abi.h
+new file mode 100644
+index 000000000..d9ce78720
+--- /dev/null
++++ b/criu/include/linux/aio_abi.h
+@@ -0,0 +1,14 @@
++#ifndef __LINUX__AIO_ABI_H
++#define __LINUX__AIO_ABI_H
++
++typedef __kernel_ulong_t aio_context_t;
++
++/* read() from /dev/aio returns these structures. */
++struct io_event {
++ __u64 data; /* the data field from the iocb */
++ __u64 obj; /* what iocb this event came from */
++ __s64 res; /* result code for this event */
++ __s64 res2; /* secondary result */
++};
++
++#endif /* __LINUX__AIO_ABI_H */
+diff --git a/criu/include/linux/mount.h b/criu/include/linux/mount.h
+index 9a3a28b10..0d55a588c 100644
+--- a/criu/include/linux/mount.h
++++ b/criu/include/linux/mount.h
+@@ -4,32 +4,34 @@
+ #include "common/config.h"
+ #include "compel/plugins/std/syscall-codes.h"
+
+-#ifdef CONFIG_HAS_FSCONFIG
+-#include <linux/mount.h>
+-#else
++/* Copied from /usr/include/sys/mount.h */
++
++#ifndef FSCONFIG_CMD_CREATE
++/* The type of fsconfig call made. */
+ enum fsconfig_command {
+- FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+- FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+- FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+- FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+- FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+- FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+- FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
++ FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
++#define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG
++ FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
++#define FSCONFIG_SET_STRING FSCONFIG_SET_STRING
++ FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
++#define FSCONFIG_SET_BINARY FSCONFIG_SET_BINARY
++ FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
++#define FSCONFIG_SET_PATH FSCONFIG_SET_PATH
++ FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
++#define FSCONFIG_SET_PATH_EMPTY FSCONFIG_SET_PATH_EMPTY
++ FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
++#define FSCONFIG_SET_FD FSCONFIG_SET_FD
++ FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
++#define FSCONFIG_CMD_CREATE FSCONFIG_CMD_CREATE
+ FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
++#define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE
+ };
+-#endif
++#endif // FSCONFIG_CMD_CREATE
+
+-static inline int sys_fsopen(const char *fsname, unsigned int flags)
+-{
+- return syscall(__NR_fsopen, fsname, flags);
+-}
+-static inline int sys_fsconfig(int fd, unsigned int cmd, const char *key, const char *value, int aux)
+-{
+- return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
+-}
+-static inline int sys_fsmount(int fd, unsigned int flags, unsigned int attr_flags)
+-{
+- return syscall(__NR_fsmount, fd, flags, attr_flags);
+-}
++#ifndef MS_MGC_VAL
++/* Magic mount flag number. Has to be or-ed to the flag values. */
++#define MS_MGC_VAL 0xc0ed0000 /* Magic flag number to indicate "new" flags */
++#define MS_MGC_MSK 0xffff0000 /* Magic flag number mask */
++#endif
+
+ #endif
+diff --git a/criu/include/syscall.h b/criu/include/syscall.h
+new file mode 100644
+index 000000000..c38d6d971
+--- /dev/null
++++ b/criu/include/syscall.h
+@@ -0,0 +1,17 @@
++#ifndef __CR_SYSCALL_H__
++#define __CR_SYSCALL_H__
++
++static inline int sys_fsopen(const char *fsname, unsigned int flags)
++{
++ return syscall(__NR_fsopen, fsname, flags);
++}
++static inline int sys_fsconfig(int fd, unsigned int cmd, const char *key, const char *value, int aux)
++{
++ return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
++}
++static inline int sys_fsmount(int fd, unsigned int flags, unsigned int attr_flags)
++{
++ return syscall(__NR_fsmount, fd, flags, attr_flags);
++}
++
++#endif /* __CR_SYSCALL_H__ */
+\ No newline at end of file
+diff --git a/criu/pie/parasite.c b/criu/pie/parasite.c
+index e7eb1fcb6..f75fe13bb 100644
+--- a/criu/pie/parasite.c
++++ b/criu/pie/parasite.c
+@@ -3,7 +3,6 @@
+ #include <signal.h>
+ #include <linux/limits.h>
+ #include <linux/capability.h>
+-#include <sys/mount.h>
+ #include <stdarg.h>
+ #include <sys/ioctl.h>
+ #include <sys/uio.h>
+@@ -14,6 +13,7 @@
+ #include "int.h"
+ #include "types.h"
+ #include <compel/plugins/std/syscall.h>
++#include "linux/mount.h"
+ #include "parasite.h"
+ #include "fcntl.h"
+ #include "prctl.h"
+diff --git a/criu/util.c b/criu/util.c
+index 5f69465b4..060ca3bd4 100644
+--- a/criu/util.c
++++ b/criu/util.c
+@@ -40,6 +40,7 @@
+ #include "mem.h"
+ #include "namespaces.h"
+ #include "criu-log.h"
++#include "syscall.h"
+
+ #include "clone-noasan.h"
+ #include "cr_options.h"
+diff --git a/scripts/feature-tests.mak b/scripts/feature-tests.mak
+index 014e893a8..fb5d2ef7a 100644
+--- a/scripts/feature-tests.mak
++++ b/scripts/feature-tests.mak
+@@ -137,19 +137,6 @@ ENTRY(main)
+ END(main)
+ endef
+
+-define FEATURE_TEST_FSCONFIG
+-
+-#include <linux/mount.h>
+-
+-int main(void)
+-{
+- if (FSCONFIG_CMD_CREATE > 0)
+- return 0;
+- return 0;
+-}
+-
+-endef
+-
+ define FEATURE_TEST_NFTABLES_LIB_API_0
+
+ #include <string.h>
+--
+2.34.1
+
diff --git a/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch b/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch
new file mode 100644
index 0000000..dc41d36
--- /dev/null
+++ b/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch
@@ -0,0 +1,110 @@
+Upstream-Status: Backport [https://github.com/checkpoint-restore/criu/commit/517c0947]
+
+Signed-off-by: Kai Kang <kai.kang@...>
+
+From 517c0947050e63aac72f63a3bf373d76264723b9 Mon Sep 17 00:00:00 2001
+From: Radostin Stoyanov <rstoyanov@...>
+Date: Wed, 24 Aug 2022 21:20:30 +0200
+Subject: [PATCH 2/2] mount: add definition for FSOPEN_CLOEXEC
+
+A recent change in glibc introduced `enum fsconfig_command` [1] and as a
+result the compilation of criu fails with the following errors
+
+In file included from criu/pie/util.c:3:
+/usr/include/sys/mount.h:240:6: error: redeclaration of 'enum fsconfig_command'
+ 240 | enum fsconfig_command
+ | ^~~~~~~~~~~~~~~~
+In file included from /usr/include/sys/mount.h:32:
+criu/include/linux/mount.h:11:6: note: originally defined here
+ 11 | enum fsconfig_command {
+ | ^~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:242:3: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
+ 242 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+ | ^~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:12:9: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
+ 12 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+ | ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:244:3: error: redeclaration of enumerator 'FSCONFIG_SET_STRING'
+ 244 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:14:9: note: previous definition of 'FSCONFIG_SET_STRING' with type 'enum fsconfig_command'
+ 14 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:246:3: error: redeclaration of enumerator 'FSCONFIG_SET_BINARY'
+ 246 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:16:9: note: previous definition of 'FSCONFIG_SET_BINARY' with type 'enum fsconfig_command'
+ 16 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:248:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH'
+ 248 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+ | ^~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:18:9: note: previous definition of 'FSCONFIG_SET_PATH' with type 'enum fsconfig_command'
+ 18 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+ | ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:250:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH_EMPTY'
+ 250 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+ | ^~~~~~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:20:9: note: previous definition of 'FSCONFIG_SET_PATH_EMPTY' with type 'enum fsconfig_command'
+ 20 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+ | ^~~~~~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:252:3: error: redeclaration of enumerator 'FSCONFIG_SET_FD'
+ 252 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+ | ^~~~~~~~~~~~~~~
+criu/include/linux/mount.h:22:9: note: previous definition of 'FSCONFIG_SET_FD' with type 'enum fsconfig_command'
+ 22 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+ | ^~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:254:3: error: redeclaration of enumerator 'FSCONFIG_CMD_CREATE'
+ 254 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:24:9: note: previous definition of 'FSCONFIG_CMD_CREATE' with type 'enum fsconfig_command'
+ 24 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:256:3: error: redeclaration of enumerator 'FSCONFIG_CMD_RECONFIGURE'
+ 256 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+ | ^~~~~~~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:26:9: note: previous definition of 'FSCONFIG_CMD_RECONFIGURE' with type 'enum fsconfig_command'
+ 26 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+
+This patch adds definition for FSOPEN_CLOEXEC to solve this problem. In particular,
+sys/mount.h includes ifndef check for FSOPEN_CLOEXEC surrounding `enum fsconfig_command`.
+
+[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7eae6a91e9b1670330c9f15730082c91c0b1d570
+
+Reported-by: Younes Manton (@ymanton)
+Signed-off-by: Radostin Stoyanov <rstoyanov@...>
+---
+ criu/include/linux/mount.h | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/criu/include/linux/mount.h b/criu/include/linux/mount.h
+index 0d55a588c..fefafa89e 100644
+--- a/criu/include/linux/mount.h
++++ b/criu/include/linux/mount.h
+@@ -6,7 +6,7 @@
+
+ /* Copied from /usr/include/sys/mount.h */
+
+-#ifndef FSCONFIG_CMD_CREATE
++#ifndef FSOPEN_CLOEXEC
+ /* The type of fsconfig call made. */
+ enum fsconfig_command {
+ FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+@@ -26,7 +26,13 @@ enum fsconfig_command {
+ FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+ #define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE
+ };
+-#endif // FSCONFIG_CMD_CREATE
++
++#endif // FSOPEN_CLOEXEC
++
++/* fsopen flags. With the redundant definition, we check if the kernel,
++ * glibc value and our value still match.
++ */
++#define FSOPEN_CLOEXEC 0x00000001
+
+ #ifndef MS_MGC_VAL
+ /* Magic mount flag number. Has to be or-ed to the flag values. */
+--
+2.34.1
+
--
2.17.1



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [kirkstone][PATCH 1/3] buildah: add recipe for buildah v1.26

Bruce Ashfield
 

Technically we don't add new packages to old branches, without a very
good reason.

Sure, this can't break anything that already exists in kirkstone, but
it is a new feature when you consider supported hosts, etc.

The changes to master look fine, but I need to consider this a bit longer.

Bruce

On Mon, Sep 5, 2022 at 7:31 AM Andrei Gherzan <andrei@...> wrote:

From: "sakib.sajal@..." <sakib.sajal@...>

buildah is a command line tool, to be installed and run on target,
that can be used to:
- create a working container, either from scratch or using an image
as a starting point
- create an image, either from a working container or via the
instructions in a Dockerfile
- images can be built in either the OCI image format or the
traditional upstream docker image format
- mount a working container's root filesystem for manipulation
- unmount a working container's root filesystem
- use the updated contents of a container's root filesystem as a
filesystem layer to create a new image
- delete a working container or an image
- rename a local container

Testing:
Setup the build directory:
$ . oe-init-build-env <build_dir>

Add to local.conf:
IMAGE_INSTALL:append = " buildah kernel-modules"
KERNEL_FEATURES += "features/overlayfs/overlayfs.cfgi \
features/netfilter/netfilter.scc \
features/lxc/lxc-enable.scc"
IMAGE_ROOTFS_EXTRA_SPACE = "5242880"

Build image:
$ bitbake core-image-minimal

Run the image:
$ runqemu nographic kvm qemuparams="-m 4096"

On target:
Pull an image:
> cnt=$(buildah from fedora)

Or build from Dockerfile
> buildah bud -t <image_name>:<tag> .

Mount the image:
> mnt=$(buildah mount ${cnt})

Install packages on the container rootfs:
> dnf install --installroot $mnt <packages_to_install> -y

Copy local files to the container:
> buildah copy $cnt <local_file> <dest_on_container>

Save the changes to an image
> buildah commit --format docker $cnt <name>:<tag>

Run the image using buildah:
> buildah run $cnt /bin/sh

Or using docker:
> docker run -it <name>:<tag>

Signed-off-by: Sakib Sajal <sakib.sajal@...>
Signed-off-by: Bruce Ashfield <bruce.ashfield@...>
---
recipes-containers/buildah/buildah_git.bb | 57 +++++++++++++++++++++++
1 file changed, 57 insertions(+)
create mode 100644 recipes-containers/buildah/buildah_git.bb

diff --git a/recipes-containers/buildah/buildah_git.bb b/recipes-containers/buildah/buildah_git.bb
new file mode 100644
index 0000000..024e82c
--- /dev/null
+++ b/recipes-containers/buildah/buildah_git.bb
@@ -0,0 +1,57 @@
+HOMEPAGE = "https://buildah.io"
+SUMMARY = "A tool that facilitates building OCI container images."
+DESCRIPTION = "A tool that facilitates building OCI container images."
+
+# Apache-2.0 for containerd
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/github.com/containers/buildah/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e"
+
+S = "${WORKDIR}/git"
+
+BUILDAH_VERSION = "1.26"
+SRCREV_buildah = "0a9d6e6eaef2e2e7936313d449a4e226022eb865"
+
+PV = "${BUILDAH_VERSION}"
+
+inherit go
+inherit goarch
+inherit pkgconfig
+
+GO_IMPORT = "github.com/containers/buildah"
+GO_INSTALL = "${GO_IMPORT}"
+GO_WORKDIR = "${GO_INSTALL}"
+GOBUILDFLAGS += "-mod vendor"
+
+SRC_URI = " \
+ git://github.com/containers/buildah;branch=release-${BUILDAH_VERSION};name=buildah;protocol=https \
+ "
+
+DEPENDS = "libdevmapper btrfs-tools gpgme"
+RDEPENDS:${PN} = "cgroup-lite fuse-overlayfs libdevmapper podman"
+RDEPENDS:${PN}-dev = "bash perl"
+
+do_compile:prepend() {
+ cd ${S}/src/github.com/containers/buildah
+}
+
+go_do_compile() {
+ export TMPDIR="${GOTMPDIR}"
+ if [ -n "${GO_INSTALL}" ]; then
+ if [ -n "${GO_LINKSHARED}" ]; then
+ ${GO} install ${GOBUILDFLAGS} ./cmd/buildah
+ ${GO} install ${GOBUILDFLAGS} ./tests/imgtype/imgtype.go
+ ${GO} install ${GOBUILDFLAGS} ./tests/copy/copy.go
+ rm -rf ${B}/bin
+ fi
+ ${GO} install ${GO_LINKSHARED} ${GOBUILDFLAGS} ./cmd/buildah
+ ${GO} install ${GO_LINKSHARED} ${GOBUILDFLAGS} ./tests/imgtype/imgtype.go
+ ${GO} install ${GO_LINKSHARED} ${GOBUILDFLAGS} ./tests/copy/copy.go
+ fi
+}
+
+do_install:append() {
+ dest_dir=${D}/${sysconfdir}/containers
+ mkdir -p ${dest_dir}
+ install -m 666 ${S}/src/github.com/containers/buildah/docs/samples/registries.conf ${dest_dir}/buildah.registries.conf.sample
+ install -m 666 ${S}/src/github.com/containers/buildah/tests/policy.json ${dest_dir}/buildah.policy.json.sample
+}
--
2.25.1
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


Re: [PATCH] ceph: fix CVE-2022-0670

Bruce Ashfield
 

Since you just sent an update to master for ceph, I'll assume this
isn't for master ? Is it for kirkstone ?

Bruce

On Tue, Sep 6, 2022 at 6:07 PM <sakib.sajal@...> wrote:

Backport required patches to fix CVE-2022-0670.

Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
.../ceph/ceph/CVE-2022-0670_1.patch | 114 ++++++++++++++++++
.../ceph/ceph/CVE-2022-0670_2.patch | 67 ++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 2 +
3 files changed, 183 insertions(+)
create mode 100644 recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
create mode 100644 recipes-extended/ceph/ceph/CVE-2022-0670_2.patch

diff --git a/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch b/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
new file mode 100644
index 0000000..ea790d3
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
@@ -0,0 +1,114 @@
+From 0cd1d8aa5ac935f738365ba38b397cae0fc9179c Mon Sep 17 00:00:00 2001
+From: Kotresh HR <khiremat@...>
+Date: Fri, 4 Feb 2022 14:55:03 +0530
+Subject: [PATCH] mgr/volumes: Fix subvolume discover during upgrade
+
+Fixes the subvolume discover to use the correct
+metadata file after an upgrade from legacy subvolume
+to v1. The fix makes sure, it doesn't use the
+handcrafted metadata file placed in the subvolume
+root of legacy subvolume.
+
+Co-authored-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@...>
+Co-authored-by: Dan van der Ster <daniel.vanderster@...>
+Co-authored-by: Ramana Raja <rraja@...>
+Signed-off-by: Kotresh HR <khiremat@...>
+(cherry picked from commit 7eba9cab6cfb9a13a84062177d7a0fa228311e13)
+
+Upstream-Status: Backport [0cd1d8aa5ac935f738365ba38b397cae0fc9179c]
+CVE: CVE-2022-0670
+
+Signed-off-by: Sakib Sajal <sakib.sajal@...>
+---
+ .../fs/operations/versions/metadata_manager.py | 17 ++++++++++++++---
+ .../fs/operations/versions/subvolume_base.py | 17 ++++++++++++++++-
+ 2 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py b/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
+index 1b6c4327837..cb3059e5653 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
+@@ -40,16 +40,17 @@ class MetadataManager(object):
+ def refresh(self):
+ fd = None
+ conf_data = StringIO()
++ log.debug("opening config {0}".format(self.config_path))
+ try:
+- log.debug("opening config {0}".format(self.config_path))
+ fd = self.fs.open(self.config_path, os.O_RDONLY)
+ while True:
+ data = self.fs.read(fd, -1, MetadataManager.MAX_IO_BYTES)
+ if not len(data):
+ break
+ conf_data.write(data.decode('utf-8'))
+- conf_data.seek(0)
+- self.config.readfp(conf_data)
++ except UnicodeDecodeError:
++ raise MetadataMgrException(-errno.EINVAL,
++ "failed to decode, erroneous metadata config '{0}'".format(self.config_path))
+ except cephfs.ObjectNotFound:
+ raise MetadataMgrException(-errno.ENOENT, "metadata config '{0}' not found".format(self.config_path))
+ except cephfs.Error as e:
+@@ -58,6 +59,16 @@ class MetadataManager(object):
+ if fd is not None:
+ self.fs.close(fd)
+
++ conf_data.seek(0)
++ try:
++ if sys.version_info >= (3, 2):
++ self.config.read_file(conf_data)
++ else:
++ self.config.readfp(conf_data)
++ except configparser.Error:
++ raise MetadataMgrException(-errno.EINVAL, "failed to parse, erroneous metadata config "
++ "'{0}'".format(self.config_path))
++
+ def flush(self):
+ # cull empty sections
+ for section in list(self.config.sections()):
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+index 2840a9f2ea3..b499d242e3b 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+@@ -5,6 +5,7 @@ import errno
+ import logging
+ from hashlib import md5
+ from typing import Dict, Union
++from pathlib import Path
+
+ import cephfs
+
+@@ -123,6 +124,15 @@ class SubvolumeBase(object):
+ raise NotImplementedError
+
+ def load_config(self):
++ try:
++ self.fs.stat(self.legacy_config_path)
++ self.legacy_mode = True
++ except cephfs.Error as e:
++ pass
++
++ log.debug("loading config "
++ "'{0}' [mode: {1}]".format(self.subvolname, "legacy"
++ if self.legacy_mode else "new"))
+ if self.legacy_mode:
+ self.metadata_mgr = MetadataManager(self.fs, self.legacy_config_path, 0o640)
+ else:
+@@ -271,8 +281,13 @@ class SubvolumeBase(object):
+ self.fs.stat(self.base_path)
+ self.metadata_mgr.refresh()
+ log.debug("loaded subvolume '{0}'".format(self.subvolname))
++ subvolpath = self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_PATH)
++ if not self.legacy_mode and self.base_path.decode('utf-8') != str(Path(subvolpath).parent):
++ raise MetadataMgrException(-errno.ENOENT, 'fabricated .meta')
+ except MetadataMgrException as me:
+- if me.errno == -errno.ENOENT and not self.legacy_mode:
++ if me.errno in (-errno.ENOENT, -errno.EINVAL) and not self.legacy_mode:
++ log.warn("subvolume '{0}', {1}, "
++ "assuming legacy_mode".format(self.subvolname, me.error_str))
+ self.legacy_mode = True
+ self.load_config()
+ self.discover()
+--
+2.25.1
+
diff --git a/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch b/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
new file mode 100644
index 0000000..dad466b
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
@@ -0,0 +1,67 @@
+From c774e03c29955f0fb668af6190a9750d03bb09b8 Mon Sep 17 00:00:00 2001
+From: Kotresh HR <khiremat@...>
+Date: Thu, 9 Jun 2022 13:30:59 +0530
+Subject: [PATCH] mgr/volumes: V2 Fix for
+ test_subvolume_retain_snapshot_invalid_recreate
+
+Signed-off-by: Kotresh HR <khiremat@...>
+
+Upstream-Status: Backport [c774e03c29955f0fb668af6190a9750d03bb09b8]
+CVE: CVE-2022-0670
+
+Signed-off-by: Sakib Sajal <sakib.sajal@...>
+
+---
+ .../mgr/volumes/fs/operations/versions/subvolume_base.py | 8 ++++++--
+ .../mgr/volumes/fs/operations/versions/subvolume_v1.py | 2 +-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+index b499d242e3b..aba8c90cf67 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+@@ -17,6 +17,7 @@ from ...fs_util import get_ancestor_xattr
+ from ...exception import MetadataMgrException, VolumeException
+ from .op_sm import SubvolumeOpSm
+ from .auth_metadata import AuthMetadataManager
++from .subvolume_attrs import SubvolumeStates
+
+ log = logging.getLogger(__name__)
+
+@@ -112,7 +113,7 @@ class SubvolumeBase(object):
+ @property
+ def state(self):
+ """ Subvolume state, one of SubvolumeStates """
+- raise NotImplementedError
++ return SubvolumeStates.from_value(self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_STATE))
+
+ @property
+ def subvol_type(self):
+@@ -282,7 +283,10 @@ class SubvolumeBase(object):
+ self.metadata_mgr.refresh()
+ log.debug("loaded subvolume '{0}'".format(self.subvolname))
+ subvolpath = self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_PATH)
+- if not self.legacy_mode and self.base_path.decode('utf-8') != str(Path(subvolpath).parent):
++ # subvolume with retained snapshots has empty path, don't mistake it for
++ # fabricated metadata.
++ if (not self.legacy_mode and self.state != SubvolumeStates.STATE_RETAINED and
++ self.base_path.decode('utf-8') != str(Path(subvolpath).parent)):
+ raise MetadataMgrException(-errno.ENOENT, 'fabricated .meta')
+ except MetadataMgrException as me:
+ if me.errno in (-errno.ENOENT, -errno.EINVAL) and not self.legacy_mode:
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
+index f7b13f17c77..9e772653ba5 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
+@@ -673,7 +673,7 @@ class SubvolumeV1(SubvolumeBase, SubvolumeTemplate):
+
+ @property
+ def state(self):
+- return SubvolumeStates.from_value(self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_STATE))
++ return super(SubvolumeV1, self).state
+
+ @state.setter
+ def state(self, val):
+--
+2.25.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.15.bb
index f2ece8c..d63051c 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -17,6 +17,8 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
file://0001-buffer.h-add-missing-header-file-due-to-gcc-upgrade.patch \
file://0002-common-fix-FTBFS-due-to-dout-need_dynamic-on-GCC-12.patch \
file://CVE-2021-3979.patch \
+ file://CVE-2022-0670_1.patch \
+ file://CVE-2022-0670_2.patch \
"

SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.33.0



--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II


[PATCH] ceph: fix CVE-2022-0670

sakib.sajal@...
 

Backport required patches to fix CVE-2022-0670.

Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
.../ceph/ceph/CVE-2022-0670_1.patch | 114 ++++++++++++++++++
.../ceph/ceph/CVE-2022-0670_2.patch | 67 ++++++++++
recipes-extended/ceph/ceph_15.2.15.bb | 2 +
3 files changed, 183 insertions(+)
create mode 100644 recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
create mode 100644 recipes-extended/ceph/ceph/CVE-2022-0670_2.patch

diff --git a/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch b/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
new file mode 100644
index 0000000..ea790d3
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2022-0670_1.patch
@@ -0,0 +1,114 @@
+From 0cd1d8aa5ac935f738365ba38b397cae0fc9179c Mon Sep 17 00:00:00 2001
+From: Kotresh HR <khiremat@...>
+Date: Fri, 4 Feb 2022 14:55:03 +0530
+Subject: [PATCH] mgr/volumes: Fix subvolume discover during upgrade
+
+Fixes the subvolume discover to use the correct
+metadata file after an upgrade from legacy subvolume
+to v1. The fix makes sure, it doesn't use the
+handcrafted metadata file placed in the subvolume
+root of legacy subvolume.
+
+Co-authored-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@...>
+Co-authored-by: Dan van der Ster <daniel.vanderster@...>
+Co-authored-by: Ramana Raja <rraja@...>
+Signed-off-by: Kotresh HR <khiremat@...>
+(cherry picked from commit 7eba9cab6cfb9a13a84062177d7a0fa228311e13)
+
+Upstream-Status: Backport [0cd1d8aa5ac935f738365ba38b397cae0fc9179c]
+CVE: CVE-2022-0670
+
+Signed-off-by: Sakib Sajal <sakib.sajal@...>
+---
+ .../fs/operations/versions/metadata_manager.py | 17 ++++++++++++++---
+ .../fs/operations/versions/subvolume_base.py | 17 ++++++++++++++++-
+ 2 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py b/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
+index 1b6c4327837..cb3059e5653 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/metadata_manager.py
+@@ -40,16 +40,17 @@ class MetadataManager(object):
+ def refresh(self):
+ fd = None
+ conf_data = StringIO()
++ log.debug("opening config {0}".format(self.config_path))
+ try:
+- log.debug("opening config {0}".format(self.config_path))
+ fd = self.fs.open(self.config_path, os.O_RDONLY)
+ while True:
+ data = self.fs.read(fd, -1, MetadataManager.MAX_IO_BYTES)
+ if not len(data):
+ break
+ conf_data.write(data.decode('utf-8'))
+- conf_data.seek(0)
+- self.config.readfp(conf_data)
++ except UnicodeDecodeError:
++ raise MetadataMgrException(-errno.EINVAL,
++ "failed to decode, erroneous metadata config '{0}'".format(self.config_path))
+ except cephfs.ObjectNotFound:
+ raise MetadataMgrException(-errno.ENOENT, "metadata config '{0}' not found".format(self.config_path))
+ except cephfs.Error as e:
+@@ -58,6 +59,16 @@ class MetadataManager(object):
+ if fd is not None:
+ self.fs.close(fd)
+
++ conf_data.seek(0)
++ try:
++ if sys.version_info >= (3, 2):
++ self.config.read_file(conf_data)
++ else:
++ self.config.readfp(conf_data)
++ except configparser.Error:
++ raise MetadataMgrException(-errno.EINVAL, "failed to parse, erroneous metadata config "
++ "'{0}'".format(self.config_path))
++
+ def flush(self):
+ # cull empty sections
+ for section in list(self.config.sections()):
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+index 2840a9f2ea3..b499d242e3b 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+@@ -5,6 +5,7 @@ import errno
+ import logging
+ from hashlib import md5
+ from typing import Dict, Union
++from pathlib import Path
+
+ import cephfs
+
+@@ -123,6 +124,15 @@ class SubvolumeBase(object):
+ raise NotImplementedError
+
+ def load_config(self):
++ try:
++ self.fs.stat(self.legacy_config_path)
++ self.legacy_mode = True
++ except cephfs.Error as e:
++ pass
++
++ log.debug("loading config "
++ "'{0}' [mode: {1}]".format(self.subvolname, "legacy"
++ if self.legacy_mode else "new"))
+ if self.legacy_mode:
+ self.metadata_mgr = MetadataManager(self.fs, self.legacy_config_path, 0o640)
+ else:
+@@ -271,8 +281,13 @@ class SubvolumeBase(object):
+ self.fs.stat(self.base_path)
+ self.metadata_mgr.refresh()
+ log.debug("loaded subvolume '{0}'".format(self.subvolname))
++ subvolpath = self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_PATH)
++ if not self.legacy_mode and self.base_path.decode('utf-8') != str(Path(subvolpath).parent):
++ raise MetadataMgrException(-errno.ENOENT, 'fabricated .meta')
+ except MetadataMgrException as me:
+- if me.errno == -errno.ENOENT and not self.legacy_mode:
++ if me.errno in (-errno.ENOENT, -errno.EINVAL) and not self.legacy_mode:
++ log.warn("subvolume '{0}', {1}, "
++ "assuming legacy_mode".format(self.subvolname, me.error_str))
+ self.legacy_mode = True
+ self.load_config()
+ self.discover()
+--
+2.25.1
+
diff --git a/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch b/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
new file mode 100644
index 0000000..dad466b
--- /dev/null
+++ b/recipes-extended/ceph/ceph/CVE-2022-0670_2.patch
@@ -0,0 +1,67 @@
+From c774e03c29955f0fb668af6190a9750d03bb09b8 Mon Sep 17 00:00:00 2001
+From: Kotresh HR <khiremat@...>
+Date: Thu, 9 Jun 2022 13:30:59 +0530
+Subject: [PATCH] mgr/volumes: V2 Fix for
+ test_subvolume_retain_snapshot_invalid_recreate
+
+Signed-off-by: Kotresh HR <khiremat@...>
+
+Upstream-Status: Backport [c774e03c29955f0fb668af6190a9750d03bb09b8]
+CVE: CVE-2022-0670
+
+Signed-off-by: Sakib Sajal <sakib.sajal@...>
+
+---
+ .../mgr/volumes/fs/operations/versions/subvolume_base.py | 8 ++++++--
+ .../mgr/volumes/fs/operations/versions/subvolume_v1.py | 2 +-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+index b499d242e3b..aba8c90cf67 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_base.py
+@@ -17,6 +17,7 @@ from ...fs_util import get_ancestor_xattr
+ from ...exception import MetadataMgrException, VolumeException
+ from .op_sm import SubvolumeOpSm
+ from .auth_metadata import AuthMetadataManager
++from .subvolume_attrs import SubvolumeStates
+
+ log = logging.getLogger(__name__)
+
+@@ -112,7 +113,7 @@ class SubvolumeBase(object):
+ @property
+ def state(self):
+ """ Subvolume state, one of SubvolumeStates """
+- raise NotImplementedError
++ return SubvolumeStates.from_value(self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_STATE))
+
+ @property
+ def subvol_type(self):
+@@ -282,7 +283,10 @@ class SubvolumeBase(object):
+ self.metadata_mgr.refresh()
+ log.debug("loaded subvolume '{0}'".format(self.subvolname))
+ subvolpath = self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_PATH)
+- if not self.legacy_mode and self.base_path.decode('utf-8') != str(Path(subvolpath).parent):
++ # subvolume with retained snapshots has empty path, don't mistake it for
++ # fabricated metadata.
++ if (not self.legacy_mode and self.state != SubvolumeStates.STATE_RETAINED and
++ self.base_path.decode('utf-8') != str(Path(subvolpath).parent)):
+ raise MetadataMgrException(-errno.ENOENT, 'fabricated .meta')
+ except MetadataMgrException as me:
+ if me.errno in (-errno.ENOENT, -errno.EINVAL) and not self.legacy_mode:
+diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
+index f7b13f17c77..9e772653ba5 100644
+--- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
++++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py
+@@ -673,7 +673,7 @@ class SubvolumeV1(SubvolumeBase, SubvolumeTemplate):
+
+ @property
+ def state(self):
+- return SubvolumeStates.from_value(self.metadata_mgr.get_global_option(MetadataManager.GLOBAL_META_KEY_STATE))
++ return super(SubvolumeV1, self).state
+
+ @state.setter
+ def state(self, val):
+--
+2.25.1
+
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.15.bb
index f2ece8c..d63051c 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.15.bb
@@ -17,6 +17,8 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
file://0001-buffer.h-add-missing-header-file-due-to-gcc-upgrade.patch \
file://0002-common-fix-FTBFS-due-to-dout-need_dynamic-on-GCC-12.patch \
file://CVE-2021-3979.patch \
+ file://CVE-2022-0670_1.patch \
+ file://CVE-2022-0670_2.patch \
"

SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
--
2.33.0


[PATCH 1/1] ceph: upgrade v15.2.15 -> v17.2.3

sakib.sajal@...
 

Upgrade to latest v17 release.

New runtime dependencies on lua, cryptsetup and thrift.
Refreshed patch context.

Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
...mpressor.h-fix-snappy-compiler-error.patch | 30 ----
...h-fix-build-errors-for-cross-compile.patch | 134 ++++++++-------
...001-cmake-add-support-for-python3.10.patch | 34 ----
...001-fix-host-library-paths-were-used.patch | 30 ++--
.../ceph/ceph/CVE-2021-3979.patch | 158 ------------------
.../ceph/{ceph_15.2.15.bb => ceph_17.2.3.bb} | 14 +-
6 files changed, 98 insertions(+), 302 deletions(-)
delete mode 100644 recipes-extended/ceph/ceph/0001-SnappyCompressor.h-fix-snappy-compiler-error.patch
delete mode 100644 recipes-extended/ceph/ceph/0001-cmake-add-support-for-python3.10.patch
delete mode 100644 recipes-extended/ceph/ceph/CVE-2021-3979.patch
rename recipes-extended/ceph/{ceph_15.2.15.bb => ceph_17.2.3.bb} (91%)

diff --git a/recipes-extended/ceph/ceph/0001-SnappyCompressor.h-fix-snappy-compiler-error.patch b/recipes-extended/ceph/ceph/0001-SnappyCompressor.h-fix-snappy-compiler-error.patch
deleted file mode 100644
index 2ebd32d..0000000
--- a/recipes-extended/ceph/ceph/0001-SnappyCompressor.h-fix-snappy-compiler-error.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 85bde55627cfbb35d8b4735dec32bf33fa30079f Mon Sep 17 00:00:00 2001
-From: Saul Wold <saul.wold@...>
-Date: Fri, 28 May 2021 10:16:07 -0700
-Subject: [PATCH] SnappyCompressor.h: fix snappy compiler error
-
-snappy quietly changed public type
-
-Known issue in ceph: https://tracker.ceph.com/issues/50934
-
-Upstream-Status: Pending
-
-Signed-off-by: Saul Wold <saul.wold@...>
-
----
- src/compressor/snappy/SnappyCompressor.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/compressor/snappy/SnappyCompressor.h b/src/compressor/snappy/SnappyCompressor.h
-index 0cfb819c..2fbe35b7 100644
---- a/src/compressor/snappy/SnappyCompressor.h
-+++ b/src/compressor/snappy/SnappyCompressor.h
-@@ -96,7 +96,7 @@ class SnappyCompressor : public Compressor {
- if (qat_enabled)
- return qat_accel.decompress(p, compressed_len, dst);
- #endif
-- snappy::uint32 res_len = 0;
-+ uint32_t res_len = 0;
- BufferlistSource source_1(p, compressed_len);
- if (!snappy::GetUncompressedLength(&source_1, &res_len)) {
- return -1;
diff --git a/recipes-extended/ceph/ceph/0001-ceph-fix-build-errors-for-cross-compile.patch b/recipes-extended/ceph/ceph/0001-ceph-fix-build-errors-for-cross-compile.patch
index 4d54549..0c8883d 100644
--- a/recipes-extended/ceph/ceph/0001-ceph-fix-build-errors-for-cross-compile.patch
+++ b/recipes-extended/ceph/ceph/0001-ceph-fix-build-errors-for-cross-compile.patch
@@ -1,4 +1,4 @@
-From 4712fe18405ffea31405308357a8e7fca358bcce Mon Sep 17 00:00:00 2001
+From 12b98e9c7e6cb82636a07c3e3e0c1cd5e9db6b37 Mon Sep 17 00:00:00 2001
From: Dengke Du <dengke.du@...>
Date: Mon, 11 Mar 2019 09:14:09 +0800
Subject: [PATCH] ceph: fix build errors for cross compile
@@ -15,20 +15,33 @@ Adjust context for v14.2.3
Signed-off-by: He Zhe <zhe.he@...>
Signed-off-by: Sakib Sajal <sakib.sajal@...>
---
- cmake/modules/Distutils.cmake | 25 +++++--------------------
- cmake/modules/FindRocksDB.cmake | 4 ++--
- src/compressor/zstd/CMakeLists.txt | 2 +-
- src/pybind/cephfs/setup.py | 8 --------
- src/pybind/rados/setup.py | 8 --------
- src/pybind/rbd/setup.py | 8 --------
- src/pybind/rgw/setup.py | 8 --------
- 7 files changed, 8 insertions(+), 55 deletions(-)
+ cmake/modules/BuildZstd.cmake | 2 +-
+ cmake/modules/Distutils.cmake | 25 +++++--------------------
+ cmake/modules/FindRocksDB.cmake | 4 ++--
+ src/pybind/cephfs/setup.py | 14 --------------
+ src/pybind/rados/setup.py | 10 ----------
+ src/pybind/rbd/setup.py | 14 --------------
+ src/pybind/rgw/setup.py | 14 --------------
+ 7 files changed, 8 insertions(+), 75 deletions(-)

+diff --git a/cmake/modules/BuildZstd.cmake b/cmake/modules/BuildZstd.cmake
+index 799b14b281d..79a113160fb 100644
+--- a/cmake/modules/BuildZstd.cmake
++++ b/cmake/modules/BuildZstd.cmake
+@@ -8,7 +8,7 @@ function(build_Zstd)
+ CMAKE_ARGS -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
+ -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
+ -DCMAKE_C_FLAGS=${ZSTD_C_FLAGS}
+- -DCMAKE_AR=${CMAKE_AR}
++ -DCMAKE_SYSROOT=${CMAKE_SYSROOT}
+ -DCMAKE_POSITION_INDEPENDENT_CODE=${ENABLE_SHARED}
+ BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR}/libzstd
+ BUILD_COMMAND ${CMAKE_COMMAND} --build <BINARY_DIR> --target libzstd_static
diff --git a/cmake/modules/Distutils.cmake b/cmake/modules/Distutils.cmake
-index 5fe929499d..802eb37e32 100644
+index 1916363382f..b48985d6d4b 100644
--- a/cmake/modules/Distutils.cmake
+++ b/cmake/modules/Distutils.cmake
-@@ -18,17 +18,8 @@ function(distutils_install_module name)
+@@ -29,17 +29,8 @@ function(distutils_install_module name)
cmake_parse_arguments(DU "" "INSTALL_SCRIPT" "" ${ARGN})
install(CODE "
set(options --prefix=${CMAKE_INSTALL_PREFIX})
@@ -39,25 +52,25 @@ index 5fe929499d..802eb37e32 100644
- list(APPEND options
- --root=\$ENV{DESTDIR}
- --single-version-externally-managed)
-- if(NOT \"${DU_INSTALL_SCRIPT}\" STREQUAL \"\")
-- list(APPEND options --install-script=${DU_INSTALL_SCRIPT})
-- endif()
+- endif()
+- if(NOT \"${DU_INSTALL_SCRIPT}\" STREQUAL \"\")
+- list(APPEND options --install-script=${DU_INSTALL_SCRIPT})
- endif()
+ list(APPEND options --root=${CMAKE_DESTDIR})
+ list(APPEND options --install-lib=${PYTHON_SITEPACKAGES_DIR})
execute_process(
COMMAND ${Python3_EXECUTABLE}
setup.py install \${options}
-@@ -50,7 +41,7 @@ function(distutils_add_cython_module target name src)
- # Note: no quotes, otherwise distutils will execute "/usr/bin/ccache gcc"
- # CMake's implicit conversion between strings and lists is wonderful, isn't it?
- string(REPLACE " " ";" cflags ${CMAKE_C_FLAGS})
-- list(APPEND cflags -iquote${CMAKE_SOURCE_DIR}/src/include -w)
-+ list(APPEND cflags -iquote${CMAKE_SOURCE_DIR}/src/include -w --sysroot=${CMAKE_SYSROOT})
+@@ -65,7 +56,7 @@ function(distutils_add_cython_module target name src)
+ if(DU_DISABLE_VTA AND HAS_VTA)
+ list(APPEND PY_CFLAGS -fno-var-tracking-assignments)
+ endif()
+- list(APPEND PY_CPPFLAGS -iquote${CMAKE_SOURCE_DIR}/src/include -w)
++ list(APPEND PY_CPPFLAGS -iquote${CMAKE_SOURCE_DIR}/src/include -w --sysroot=${CMAKE_SYSROOT})
# This little bit of magic wipes out __Pyx_check_single_interpreter()
# Note: this is reproduced in distutils_install_cython_module
- list(APPEND cflags -D'void0=dead_function\(void\)')
-@@ -108,14 +99,8 @@ function(distutils_install_cython_module name)
+ list(APPEND PY_CPPFLAGS -D'void0=dead_function\(void\)')
+@@ -136,14 +127,8 @@ function(distutils_install_cython_module name)
set(ENV{CEPH_LIBDIR} \"${CMAKE_LIBRARY_OUTPUT_DIRECTORY}\")

set(options --prefix=${CMAKE_INSTALL_PREFIX})
@@ -75,7 +88,7 @@ index 5fe929499d..802eb37e32 100644
COMMAND
${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/setup.py
diff --git a/cmake/modules/FindRocksDB.cmake b/cmake/modules/FindRocksDB.cmake
-index c5dd3dfaf6..be38597af2 100644
+index c5dd3dfaf67..be38597af27 100644
--- a/cmake/modules/FindRocksDB.cmake
+++ b/cmake/modules/FindRocksDB.cmake
@@ -9,9 +9,9 @@
@@ -90,32 +103,25 @@ index c5dd3dfaf6..be38597af2 100644

if(ROCKSDB_INCLUDE_DIR AND EXISTS "${ROCKSDB_INCLUDE_DIR}/rocksdb/version.h")
foreach(ver "MAJOR" "MINOR" "PATCH")
-diff --git a/src/compressor/zstd/CMakeLists.txt b/src/compressor/zstd/CMakeLists.txt
-index a5ebdaf538..a234068150 100644
---- a/src/compressor/zstd/CMakeLists.txt
-+++ b/src/compressor/zstd/CMakeLists.txt
-@@ -9,7 +9,7 @@ ExternalProject_Add(zstd_ext
- CMAKE_ARGS -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER}
- -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
- -DCMAKE_C_FLAGS=${ZSTD_C_FLAGS}
-- -DCMAKE_AR=${CMAKE_AR}
-+ -DCMAKE_SYSROOT=${CMAKE_SYSROOT}
- -DCMAKE_POSITION_INDEPENDENT_CODE=${ENABLE_SHARED}
- -G${CMAKE_GENERATOR}
- BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR}/libzstd
diff --git a/src/pybind/cephfs/setup.py b/src/pybind/cephfs/setup.py
-index 19ae6c329a..c9a25ccfff 100755
+index f6c2025f75d..923a7e324b6 100755
--- a/src/pybind/cephfs/setup.py
+++ b/src/pybind/cephfs/setup.py
-@@ -135,14 +135,6 @@ def check_sanity():
+@@ -135,20 +135,6 @@ def check_sanity():
finally:
shutil.rmtree(tmp_dir)

-
--if 'BUILD_DOC' in os.environ.keys():
-- pass
+-if 'BUILD_DOC' in os.environ or 'READTHEDOCS' in os.environ:
+- ext_args = {}
+- cython_constants = dict(BUILD_DOC=True)
+- cythonize_args = dict(compile_time_env=cython_constants)
-elif check_sanity():
-- pass
+- ext_args = get_python_flags(['cephfs'])
+- cython_constants = dict(BUILD_DOC=False)
+- include_path = [os.path.join(os.path.dirname(__file__), "..", "rados")]
+- cythonize_args = dict(compile_time_env=cython_constants,
+- include_path=include_path)
-else:
- sys.exit(1)
-
@@ -123,18 +129,20 @@ index 19ae6c329a..c9a25ccfff 100755
try:
from Cython.Build import cythonize
diff --git a/src/pybind/rados/setup.py b/src/pybind/rados/setup.py
-index e2c5696404..4e99d26721 100755
+index 62b54d26b6c..5eb0dce6f94 100755
--- a/src/pybind/rados/setup.py
+++ b/src/pybind/rados/setup.py
-@@ -134,14 +134,6 @@ def check_sanity():
+@@ -130,16 +130,6 @@ def check_sanity():
finally:
shutil.rmtree(tmp_dir)

-
--if 'BUILD_DOC' in os.environ.keys():
-- pass
+-if 'BUILD_DOC' in os.environ or 'READTHEDOCS' in os.environ:
+- ext_args = {}
+- cython_constants = dict(BUILD_DOC=True)
-elif check_sanity():
-- pass
+- ext_args = get_python_flags(['rados'])
+- cython_constants = dict(BUILD_DOC=False)
-else:
- sys.exit(1)
-
@@ -142,18 +150,24 @@ index e2c5696404..4e99d26721 100755
try:
from Cython.Build import cythonize
diff --git a/src/pybind/rbd/setup.py b/src/pybind/rbd/setup.py
-index 634484f140..f5bbbdab4f 100755
+index 1f20c3ed42f..6437a62815c 100755
--- a/src/pybind/rbd/setup.py
+++ b/src/pybind/rbd/setup.py
-@@ -133,14 +133,6 @@ def check_sanity():
+@@ -133,20 +133,6 @@ def check_sanity():
finally:
shutil.rmtree(tmp_dir)

-
--if 'BUILD_DOC' in os.environ.keys():
-- pass
+-if 'BUILD_DOC' in os.environ or 'READTHEDOCS' in os.environ:
+- ext_args = {}
+- cython_constants = dict(BUILD_DOC=True)
+- cythonize_args = dict(compile_time_env=cython_constants)
-elif check_sanity():
-- pass
+- ext_args = get_python_flags(['rados', 'rbd'])
+- cython_constants = dict(BUILD_DOC=False)
+- include_path = [os.path.join(os.path.dirname(__file__), "..", "rados")]
+- cythonize_args = dict(compile_time_env=cython_constants,
+- include_path=include_path)
-else:
- sys.exit(1)
-
@@ -161,18 +175,24 @@ index 634484f140..f5bbbdab4f 100755
try:
from Cython.Build import cythonize
diff --git a/src/pybind/rgw/setup.py b/src/pybind/rgw/setup.py
-index eb1591a460..b9f2428cf9 100755
+index ed45399d394..c8094e000fb 100755
--- a/src/pybind/rgw/setup.py
+++ b/src/pybind/rgw/setup.py
-@@ -134,14 +134,6 @@ def check_sanity():
+@@ -134,20 +134,6 @@ def check_sanity():
finally:
shutil.rmtree(tmp_dir)

-
--if 'BUILD_DOC' in os.environ.keys():
-- pass
+-if 'BUILD_DOC' in os.environ or 'READTHEDOCS' in os.environ:
+- ext_args = {}
+- cython_constants = dict(BUILD_DOC=True)
+- cythonize_args = dict(compile_time_env=cython_constants)
-elif check_sanity():
-- pass
+- ext_args = get_python_flags(['rados', 'rgw'])
+- cython_constants = dict(BUILD_DOC=False)
+- include_path = [os.path.join(os.path.dirname(__file__), "..", "rados")]
+- cythonize_args = dict(compile_time_env=cython_constants,
+- include_path=include_path)
-else:
- sys.exit(1)
-
@@ -180,5 +200,5 @@ index eb1591a460..b9f2428cf9 100755
try:
from Cython.Build import cythonize
--
-2.20.1
+2.25.1

diff --git a/recipes-extended/ceph/ceph/0001-cmake-add-support-for-python3.10.patch b/recipes-extended/ceph/ceph/0001-cmake-add-support-for-python3.10.patch
deleted file mode 100644
index 94c4b8a..0000000
--- a/recipes-extended/ceph/ceph/0001-cmake-add-support-for-python3.10.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 1060f2e4362ebd6db23870d442dcd158d219ee92 Mon Sep 17 00:00:00 2001
-From: Yanfei Xu <yanfei.xu@...>
-Date: Tue, 10 Nov 2020 17:17:30 +0800
-Subject: [PATCH] cmake: add support for python 3.9 and 3.10
-
-add support for python3.9.
-
-Signed-off-by: Yanfei Xu <yanfei.xu@...>
-
-Add support for python 3.10.
-
-Upstream-Status: Submitted [https://github.com/ceph/ceph/pull/43630]
-
-Signed-off-by: Kai Kang <kai.kang@...>
----
- cmake/modules/FindPython/Support.cmake | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/cmake/modules/FindPython/Support.cmake b/cmake/modules/FindPython/Support.cmake
-index 6584699b79..c05bbe3306 100644
---- a/cmake/modules/FindPython/Support.cmake
-+++ b/cmake/modules/FindPython/Support.cmake
-@@ -17,7 +17,7 @@ if (NOT DEFINED _${_PYTHON_PREFIX}_REQUIRED_VERSION_MAJOR)
- message (FATAL_ERROR "FindPython: INTERNAL ERROR")
- endif()
- if (_${_PYTHON_PREFIX}_REQUIRED_VERSION_MAJOR EQUAL 3)
-- set(_${_PYTHON_PREFIX}_VERSIONS 3.8 3.7 3.6 3.5 3.4 3.3 3.2 3.1 3.0)
-+ set(_${_PYTHON_PREFIX}_VERSIONS 3.10 3.9 3.8 3.7 3.6 3.5 3.4 3.3 3.2 3.1 3.0)
- elseif (_${_PYTHON_PREFIX}_REQUIRED_VERSION_MAJOR EQUAL 2)
- set(_${_PYTHON_PREFIX}_VERSIONS 2.7 2.6 2.5 2.4 2.3 2.2 2.1 2.0)
- else()
---
-2.18.2
-
diff --git a/recipes-extended/ceph/ceph/0001-fix-host-library-paths-were-used.patch b/recipes-extended/ceph/ceph/0001-fix-host-library-paths-were-used.patch
index 310bfa4..47498a2 100644
--- a/recipes-extended/ceph/ceph/0001-fix-host-library-paths-were-used.patch
+++ b/recipes-extended/ceph/ceph/0001-fix-host-library-paths-were-used.patch
@@ -1,4 +1,4 @@
-From bbf1cba8feb0e43492a1f6a6b31d024117cad262 Mon Sep 17 00:00:00 2001
+From 35cf12fea8274e85f29723e56f424a17af569907 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@...>
Date: Mon, 13 Apr 2020 23:35:41 -0700
Subject: [PATCH] fix host library paths were used
@@ -16,11 +16,11 @@ Signed-off-by: Hongxu Jia <hongxu.jia@...>
4 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/pybind/cephfs/setup.py b/src/pybind/cephfs/setup.py
-index c9a25ccf..972f936c 100755
+index 923a7e324b6..a894fb20766 100755
--- a/src/pybind/cephfs/setup.py
+++ b/src/pybind/cephfs/setup.py
@@ -63,9 +63,13 @@ def get_python_flags(libs):
- distutils.sysconfig.get_config_vars('LIBS', 'SYSLIBS')), [])
+ filter(lambda lib: lib.startswith('-l'), py_libs)]
compiler = new_compiler()
distutils.sysconfig.customize_compiler(compiler)
+ libpl = distutils.sysconfig.get_config_var('LIBPL')
@@ -31,15 +31,15 @@ index c9a25ccf..972f936c 100755
include_dirs=[distutils.sysconfig.get_python_inc()],
- library_dirs=distutils.sysconfig.get_config_vars('LIBDIR', 'LIBPL'),
+ library_dirs=[distutils.sysconfig.get_config_var('LIBDIR'), libpl],
- libraries=libs + [lib.replace('-l', '') for lib in py_libs],
+ libraries=libs + py_libs,
extra_compile_args=filter_unsupported_flags(
compiler.compiler[0],
diff --git a/src/pybind/rados/setup.py b/src/pybind/rados/setup.py
-index 4e99d267..de24f766 100755
+index 5eb0dce6f94..877200b1629 100755
--- a/src/pybind/rados/setup.py
+++ b/src/pybind/rados/setup.py
-@@ -66,9 +66,13 @@ def get_python_flags(libs):
- distutils.sysconfig.get_config_vars('LIBS', 'SYSLIBS')), [])
+@@ -62,9 +62,13 @@ def get_python_flags(libs):
+ filter(lambda lib: lib.startswith('-l'), py_libs)]
compiler = new_compiler()
distutils.sysconfig.customize_compiler(compiler)
+ libpl = distutils.sysconfig.get_config_var('LIBPL')
@@ -50,15 +50,15 @@ index 4e99d267..de24f766 100755
include_dirs=[distutils.sysconfig.get_python_inc()],
- library_dirs=distutils.sysconfig.get_config_vars('LIBDIR', 'LIBPL'),
+ library_dirs=[distutils.sysconfig.get_config_var('LIBDIR'), libpl],
- libraries=libs + [lib.replace('-l', '') for lib in py_libs],
+ libraries=libs + py_libs,
extra_compile_args=filter_unsupported_flags(
compiler.compiler[0],
diff --git a/src/pybind/rbd/setup.py b/src/pybind/rbd/setup.py
-index f5bbbdab..a1f70e1d 100755
+index 6437a62815c..d17d85e2b51 100755
--- a/src/pybind/rbd/setup.py
+++ b/src/pybind/rbd/setup.py
@@ -63,9 +63,13 @@ def get_python_flags(libs):
- distutils.sysconfig.get_config_vars('LIBS', 'SYSLIBS')), [])
+ filter(lambda lib: lib.startswith('-l'), py_libs)]
compiler = new_compiler()
distutils.sysconfig.customize_compiler(compiler)
+ libpl = distutils.sysconfig.get_config_var('LIBPL')
@@ -69,15 +69,15 @@ index f5bbbdab..a1f70e1d 100755
include_dirs=[distutils.sysconfig.get_python_inc()],
- library_dirs=distutils.sysconfig.get_config_vars('LIBDIR', 'LIBPL'),
+ library_dirs=[distutils.sysconfig.get_config_var('LIBDIR'), libpl],
- libraries=libs + [lib.replace('-l', '') for lib in py_libs],
+ libraries=libs + py_libs,
extra_compile_args=filter_unsupported_flags(
compiler.compiler[0],
diff --git a/src/pybind/rgw/setup.py b/src/pybind/rgw/setup.py
-index b9f2428c..f5119f73 100755
+index c8094e000fb..22eb6f2b1bc 100755
--- a/src/pybind/rgw/setup.py
+++ b/src/pybind/rgw/setup.py
@@ -64,9 +64,13 @@ def get_python_flags(libs):
- distutils.sysconfig.get_config_vars('LIBS', 'SYSLIBS')), [])
+ filter(lambda lib: lib.startswith('-l'), py_libs)]
compiler = new_compiler()
distutils.sysconfig.customize_compiler(compiler)
+ libpl = distutils.sysconfig.get_config_var('LIBPL')
@@ -88,9 +88,9 @@ index b9f2428c..f5119f73 100755
include_dirs=[distutils.sysconfig.get_python_inc()],
- library_dirs=distutils.sysconfig.get_config_vars('LIBDIR', 'LIBPL'),
+ library_dirs=[distutils.sysconfig.get_config_var('LIBDIR'), libpl],
- libraries=libs + [lib.replace('-l', '') for lib in py_libs],
+ libraries=libs + py_libs,
extra_compile_args=filter_unsupported_flags(
compiler.compiler[0],
--
-2.21.0
+2.25.1

diff --git a/recipes-extended/ceph/ceph/CVE-2021-3979.patch b/recipes-extended/ceph/ceph/CVE-2021-3979.patch
deleted file mode 100644
index 081b32b..0000000
--- a/recipes-extended/ceph/ceph/CVE-2021-3979.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-From 47c33179f9a15ae95cc1579a421be89378602656 Mon Sep 17 00:00:00 2001
-From: Guillaume Abrioux <gabrioux@...>
-Date: Tue, 25 Jan 2022 10:25:53 +0100
-Subject: [PATCH] ceph-volume: honour osd_dmcrypt_key_size option
-
-ceph-volume doesn't honour osd_dmcrypt_key_size.
-It means the default size is always applied.
-
-It also changes the default value in `get_key_size_from_conf()`
-
-From cryptsetup manpage:
-
-> For XTS mode you can optionally set a key size of 512 bits with the -s option.
-
-Using more than 512bits will end up with the following error message:
-
-```
-Key size in XTS mode must be 256 or 512 bits.
-```
-
-Fixes: https://tracker.ceph.com/issues/54006
-
-Signed-off-by: Guillaume Abrioux <gabrioux@...>
-
-Upstream-Status: Backport
- github.com/ceph/ceph.git
- equivalent to cherry-pick of commit 47c33179f9a15ae95cc1579a421be89378602656
-
-CVE: CVE-2021-3979
-
-Signed-off-by: Joe Slater <joe.slater@...>
----
- .../ceph_volume/tests/util/test_encryption.py | 41 +++++++++++++------
- .../ceph_volume/util/encryption.py | 34 ++++++++++-----
- 2 files changed, 51 insertions(+), 24 deletions(-)
-
-diff --git a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
-index e1420b440d3..c86dc50b7c7 100644
---- a/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
-+++ b/src/ceph-volume/ceph_volume/tests/util/test_encryption.py
-@@ -1,5 +1,31 @@
- from ceph_volume.util import encryption
-+import base64
-
-+class TestGetKeySize(object):
-+ def test_get_size_from_conf_default(self, conf_ceph_stub):
-+ conf_ceph_stub('''
-+ [global]
-+ fsid=asdf
-+ ''')
-+ assert encryption.get_key_size_from_conf() == '512'
-+
-+ def test_get_size_from_conf_custom(self, conf_ceph_stub):
-+ conf_ceph_stub('''
-+ [global]
-+ fsid=asdf
-+ [osd]
-+ osd_dmcrypt_key_size=256
-+ ''')
-+ assert encryption.get_key_size_from_conf() == '256'
-+
-+ def test_get_size_from_conf_custom_invalid(self, conf_ceph_stub):
-+ conf_ceph_stub('''
-+ [global]
-+ fsid=asdf
-+ [osd]
-+ osd_dmcrypt_key_size=1024
-+ ''')
-+ assert encryption.get_key_size_from_conf() == '512'
-
- class TestStatus(object):
-
-@@ -37,17 +63,6 @@ class TestDmcryptClose(object):
-
- class TestDmcryptKey(object):
-
-- def test_dmcrypt_with_default_size(self, conf_ceph_stub):
-- conf_ceph_stub('[global]\nfsid=asdf-lkjh')
-- result = encryption.create_dmcrypt_key()
-- assert len(result) == 172
--
-- def test_dmcrypt_with_custom_size(self, conf_ceph_stub):
-- conf_ceph_stub('''
-- [global]
-- fsid=asdf
-- [osd]
-- osd_dmcrypt_size=8
-- ''')
-+ def test_dmcrypt(self):
- result = encryption.create_dmcrypt_key()
-- assert len(result) == 172
-+ assert len(base64.b64decode(result)) == 128
-diff --git a/src/ceph-volume/ceph_volume/util/encryption.py b/src/ceph-volume/ceph_volume/util/encryption.py
-index 72a0ccf121e..2a2c03337b6 100644
---- a/src/ceph-volume/ceph_volume/util/encryption.py
-+++ b/src/ceph-volume/ceph_volume/util/encryption.py
-@@ -9,21 +9,29 @@ from .disk import lsblk, device_family, get_part_entry_type
-
- logger = logging.getLogger(__name__)
-
--
--def create_dmcrypt_key():
-+def get_key_size_from_conf():
- """
-- Create the secret dm-crypt key used to decrypt a device.
-+ Return the osd dmcrypt key size from config file.
-+ Default is 512.
- """
-- # get the customizable dmcrypt key size (in bits) from ceph.conf fallback
-- # to the default of 1024
-- dmcrypt_key_size = conf.ceph.get_safe(
-+ default_key_size = '512'
-+ key_size = conf.ceph.get_safe(
- 'osd',
- 'osd_dmcrypt_key_size',
-- default=1024,
-- )
-- # The size of the key is defined in bits, so we must transform that
-- # value to bytes (dividing by 8) because we read in bytes, not bits
-- random_string = os.urandom(int(dmcrypt_key_size / 8))
-+ default='512')
-+
-+ if key_size not in ['256', '512']:
-+ logger.warning(("Invalid value set for osd_dmcrypt_key_size ({}). "
-+ "Falling back to {}bits".format(key_size, default_key_size)))
-+ return default_key_size
-+
-+ return key_size
-+
-+def create_dmcrypt_key():
-+ """
-+ Create the secret dm-crypt key (KEK) used to encrypt/decrypt the Volume Key.
-+ """
-+ random_string = os.urandom(128)
- key = base64.b64encode(random_string).decode('utf-8')
- return key
-
-@@ -38,6 +46,8 @@ def luks_format(key, device):
- command = [
- 'cryptsetup',
- '--batch-mode', # do not prompt
-+ '--key-size',
-+ get_key_size_from_conf(),
- '--key-file', # misnomer, should be key
- '-', # because we indicate stdin for the key here
- 'luksFormat',
-@@ -83,6 +93,8 @@ def luks_open(key, device, mapping):
- """
- command = [
- 'cryptsetup',
-+ '--key-size',
-+ get_key_size_from_conf(),
- '--key-file',
- '-',
- '--allow-discards', # allow discards (aka TRIM) requests for device
---
-2.35.1
-
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_17.2.3.bb
similarity index 91%
rename from recipes-extended/ceph/ceph_15.2.15.bb
rename to recipes-extended/ceph/ceph_17.2.3.bb
index f2ece8c..6b27a00 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_17.2.3.bb
@@ -2,7 +2,7 @@ SUMMARY = "User space components of the Ceph file system"
LICENSE = "LGPL-2.1-only & GPL-2.0-only & Apache-2.0 & MIT"
LIC_FILES_CHKSUM = "file://COPYING-LGPL2.1;md5=fbc093901857fcd118f065f900982c24 \
file://COPYING-GPL2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://COPYING;md5=4eb012c221c5fd4b760029a2981a6754 \
+ file://COPYING;md5=5351120989d78252e65dc1a2a92e3617 \
"
inherit cmake pkgconfig python3native python3-dir systemd
# Disable python pybind support for ceph temporary, when corss compiling pybind,
@@ -12,20 +12,17 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
file://0001-ceph-fix-build-errors-for-cross-compile.patch \
file://0001-fix-host-library-paths-were-used.patch \
file://ceph.conf \
- file://0001-cmake-add-support-for-python3.10.patch \
- file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
file://0001-buffer.h-add-missing-header-file-due-to-gcc-upgrade.patch \
file://0002-common-fix-FTBFS-due-to-dout-need_dynamic-on-GCC-12.patch \
- file://CVE-2021-3979.patch \
"

-SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
+SRC_URI[sha256sum] = "3dd0c7b3cb740abd38eeb0a44078ca5ae6ad96050a7290ac82883e106592a3fa"

-DEPENDS = "boost bzip2 curl expat gperf-native \
- keyutils libaio libibverbs lz4 \
+DEPENDS = "boost bzip2 cryptsetup curl expat gperf-native \
+ keyutils libaio libibverbs lua lz4 \
nspr nss \
oath openldap openssl \
- python3 python3-cython-native rabbitmq-c rocksdb snappy udev \
+ python3 python3-cython-native rabbitmq-c rocksdb snappy thrift udev \
valgrind xfsprogs zlib \
"
SYSTEMD_SERVICE:${PN} = " \
@@ -67,6 +64,7 @@ EXTRA_OECMAKE = "-DWITH_MANPAGE=OFF \
-DPython3_EXECUTABLE=${PYTHON} \
-DWITH_RADOSGW_KAFKA_ENDPOINT=OFF \
-DWITH_REENTRANT_STRSIGNAL=ON \
+ -DWITH_RADOSGW_LUA_PACKAGES=OFF \
"

CXXFLAGS += "${HOST_CC_ARCH} ${TOOLCHAIN_OPTIONS}"
--
2.33.0


[PATCH 0/1] Error while compiling ceph v17.2.3 as part of uprev from v15.2.15.

sakib.sajal@...
 

I am running into a compilation issue [1] while building ceph v17.2.3 as
part of uprev from v15.2.15.

There is an upstream issue (https://tracker.ceph.com/issues/55256) and
fixes [2] (which are contained in v17.2.3) that addresses the issue.
However I still end up with the compilation issue.

I have tried a solution provided on a similar compilation issue
(https://tracker.ceph.com/issues/55256) as shown in [3] but end up with
the following error:

make: *** No rule to make target
'cmake_object_order_depends_target_common-options-objs'. Stop.

I also tried turning of legacy option, ie "with_legacy: false", with no
success.

Does anyone have any suggestions? Am I missing something?

I have attached the patch for the uprev:
New build time deps on lua, cryptsetup and thrift
There was some patch refreshing as well.

[1] :
| 1 | #include "global_legacy_options.h"
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| compilation terminated.
| make[2]: ***
[src/crypto/openssl/CMakeFiles/ceph_crypto_openssl.dir/build.make:90:
src/crypto/openssl/CMakeFiles/ceph_crypto_openssl.dir/openssl_crypto_plugin.cc.o]
Error 1
| make[2]: *** Waiting for unfinished jobs....
| make[2]: ***
[src/crypto/openssl/CMakeFiles/ceph_crypto_openssl.dir/build.make:76:
src/crypto/openssl/CMakeFiles/ceph_crypto_openssl.dir/openssl_crypto_accel.cc.o]
Error 1
| make[2]: Leaving directory '/yow-lpggp31/ssajal/repos/build/master/cph_uprev/tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/build'
| make[1]: *** [CMakeFiles/Makefile2:6587: src/crypto/openssl/CMakeFiles/ceph_crypto_openssl.dir/all] Error 2
| In file included from ..../tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/ceph-17.2.3/src/common/config_values.h:59,
| from ..../tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/ceph-17.2.3/src/common/config.h:27,
| from ..../tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/ceph-17.2.3/src/common/config_proxy.h:6,
| from ..../tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/ceph-17.2.3/src/common/ceph_context.h:41,
| from ..../tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/ceph-17.2.3/src/common/dout.h:29,
| from ..../tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/ceph-17.2.3/src/include/Context.h:19,
| from ..../tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/ceph-17.2.3/src/msg/Message.h:24,
| from ..../tmp-glibc/work/core2-64-oe-linux/ceph/17.2.3-r0/ceph-17.2.3/src/msg/DispatchQueue.cc:15:
ceph/17.2.3-r0/ceph-17.2.3/src/common/options/legacy_config_opts.h:1:10:
fatal error: global_legacy_options.h: No such file or directory

[2]:

https://github.com/ceph/ceph/commit/6007448501b3bf3bd8ee4b619a74b9b4146df745
https://github.com/ceph/ceph/commit/d93880880dad2cdbdc9abed1a51edf5264068ff1

[3]

do_compile() {
cmake_do_compile
}

cmake_do_compile() {
cmake_runcmake_build --target
cmake_object_order_depends_target_common-options-objs all
}

Sakib Sajal (1):
ceph: upgrade v15.2.15 -> v17.2.3

...mpressor.h-fix-snappy-compiler-error.patch | 30 ----
...h-fix-build-errors-for-cross-compile.patch | 134 ++++++++-------
...001-cmake-add-support-for-python3.10.patch | 34 ----
...001-fix-host-library-paths-were-used.patch | 30 ++--
.../ceph/ceph/CVE-2021-3979.patch | 158 ------------------
.../ceph/{ceph_15.2.15.bb => ceph_17.2.3.bb} | 14 +-
6 files changed, 98 insertions(+), 302 deletions(-)
delete mode 100644 recipes-extended/ceph/ceph/0001-SnappyCompressor.h-fix-snappy-compiler-error.patch
delete mode 100644 recipes-extended/ceph/ceph/0001-cmake-add-support-for-python3.10.patch
delete mode 100644 recipes-extended/ceph/ceph/CVE-2021-3979.patch
rename recipes-extended/ceph/{ceph_15.2.15.bb => ceph_17.2.3.bb} (91%)

--
2.33.0


[kirkstone][PATCH 3/3] podman: Add ptest support for system tests

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@...>

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
recipes-containers/podman/podman/run-ptest | 13 +++++++++++
recipes-containers/podman/podman_git.bb | 27 +++++++++++++++++++++-
2 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 recipes-containers/podman/podman/run-ptest

diff --git a/recipes-containers/podman/podman/run-ptest b/recipes-containers/podman/podman/run-ptest
new file mode 100644
index 0000000..108ff45
--- /dev/null
+++ b/recipes-containers/podman/podman/run-ptest
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: MIT
+
+#
+# Podman system tests
+#
+
+# The system tests don't need any go related variables. Dummy-define them to
+# avoid useless warnings/errors.
+GOOS=undefined GO=true BUILDTAGS= make localsystem
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index 09bf827..9dd40d4 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -24,6 +24,7 @@ SRC_URI = " \
file://0002-Define-ActKillThread-equal-to-ActKill.patch;patchdir=src/import/vendor/github.com/seccomp/libseccomp-golang \
file://CVE-2022-27649.patch;patchdir=src/import \
${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://50-podman-rootless.conf', '', d)} \
+ file://run-ptest \
"

LICENSE = "Apache-2.0"
@@ -49,7 +50,7 @@ export LDFLAGS=""
TOOLCHAIN = "gcc"

inherit go goarch
-inherit systemd pkgconfig
+inherit systemd pkgconfig ptest

do_configure[noexec] = "1"

@@ -110,6 +111,17 @@ do_install() {
fi
}

+do_install_ptest () {
+ cp ${S}/src/import/Makefile ${D}${PTEST_PATH}
+ install -d ${D}${PTEST_PATH}/test
+ cp -r ${S}/src/import/test/system ${D}${PTEST_PATH}/test
+
+ # Some compatibility links for the Makefile assumptions.
+ install -d ${D}${PTEST_PATH}/bin
+ ln -s ${bindir}/podman ${D}${PTEST_PATH}/bin/podman
+ ln -s ${bindir}/podman-remote ${D}${PTEST_PATH}/bin/podman-remote
+}
+
FILES:${PN} += " \
${systemd_unitdir}/system/* \
${systemd_unitdir}/user/* \
@@ -129,3 +141,16 @@ RDEPENDS:${PN} += "\
"
RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"
RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}"
+
+RDEPENDS:${PN}-ptest += " \
+ bash \
+ bats \
+ buildah \
+ catatonit \
+ coreutils \
+ file \
+ gnupg \
+ jq \
+ make \
+ tar \
+"
--
2.25.1


[kirkstone][PATCH 2/3] catatonit: Integrate version 0.1.7

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@...>

This is useful for podman system tests.

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
recipes-containers/catatonit/catatonit_0.1.7.bb | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
create mode 100644 recipes-containers/catatonit/catatonit_0.1.7.bb

diff --git a/recipes-containers/catatonit/catatonit_0.1.7.bb b/recipes-containers/catatonit/catatonit_0.1.7.bb
new file mode 100644
index 0000000..da3973d
--- /dev/null
+++ b/recipes-containers/catatonit/catatonit_0.1.7.bb
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: MIT
+
+SUMMARY = "A container init that is so simple it's effectively brain-dead."
+HOMEPAGE = "https://github.com/openSUSE/catatonit"
+DESCRIPTION = "${SUMMARY}"
+SECTION = "base"
+LICENSE = "GPL-3.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464"
+
+SRC_URI = "git://github.com/openSUSE/${BPN};protocol=https;branch=main"
+SRCREV = "d8d72fea155c144ed3bf298a35a1aba5625a5656"
+S = "${WORKDIR}/git"
+
+inherit autotools
--
2.25.1


[kirkstone][PATCH 1/3] buildah: add recipe for buildah v1.26

Andrei Gherzan
 

From: "sakib.sajal@..." <sakib.sajal@...>

buildah is a command line tool, to be installed and run on target,
that can be used to:
- create a working container, either from scratch or using an image
as a starting point
- create an image, either from a working container or via the
instructions in a Dockerfile
- images can be built in either the OCI image format or the
traditional upstream docker image format
- mount a working container's root filesystem for manipulation
- unmount a working container's root filesystem
- use the updated contents of a container's root filesystem as a
filesystem layer to create a new image
- delete a working container or an image
- rename a local container

Testing:
Setup the build directory:
$ . oe-init-build-env <build_dir>

Add to local.conf:
IMAGE_INSTALL:append = " buildah kernel-modules"
KERNEL_FEATURES += "features/overlayfs/overlayfs.cfgi \
features/netfilter/netfilter.scc \
features/lxc/lxc-enable.scc"
IMAGE_ROOTFS_EXTRA_SPACE = "5242880"

Build image:
$ bitbake core-image-minimal

Run the image:
$ runqemu nographic kvm qemuparams="-m 4096"

On target:
Pull an image:
> cnt=$(buildah from fedora)

Or build from Dockerfile
> buildah bud -t <image_name>:<tag> .

Mount the image:
> mnt=$(buildah mount ${cnt})

Install packages on the container rootfs:
> dnf install --installroot $mnt <packages_to_install> -y

Copy local files to the container:
> buildah copy $cnt <local_file> <dest_on_container>

Save the changes to an image
> buildah commit --format docker $cnt <name>:<tag>

Run the image using buildah:
> buildah run $cnt /bin/sh

Or using docker:
> docker run -it <name>:<tag>

Signed-off-by: Sakib Sajal <sakib.sajal@...>
Signed-off-by: Bruce Ashfield <bruce.ashfield@...>
---
recipes-containers/buildah/buildah_git.bb | 57 +++++++++++++++++++++++
1 file changed, 57 insertions(+)
create mode 100644 recipes-containers/buildah/buildah_git.bb

diff --git a/recipes-containers/buildah/buildah_git.bb b/recipes-containers/buildah/buildah_git.bb
new file mode 100644
index 0000000..024e82c
--- /dev/null
+++ b/recipes-containers/buildah/buildah_git.bb
@@ -0,0 +1,57 @@
+HOMEPAGE = "https://buildah.io"
+SUMMARY = "A tool that facilitates building OCI container images."
+DESCRIPTION = "A tool that facilitates building OCI container images."
+
+# Apache-2.0 for containerd
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/github.com/containers/buildah/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e"
+
+S = "${WORKDIR}/git"
+
+BUILDAH_VERSION = "1.26"
+SRCREV_buildah = "0a9d6e6eaef2e2e7936313d449a4e226022eb865"
+
+PV = "${BUILDAH_VERSION}"
+
+inherit go
+inherit goarch
+inherit pkgconfig
+
+GO_IMPORT = "github.com/containers/buildah"
+GO_INSTALL = "${GO_IMPORT}"
+GO_WORKDIR = "${GO_INSTALL}"
+GOBUILDFLAGS += "-mod vendor"
+
+SRC_URI = " \
+ git://github.com/containers/buildah;branch=release-${BUILDAH_VERSION};name=buildah;protocol=https \
+ "
+
+DEPENDS = "libdevmapper btrfs-tools gpgme"
+RDEPENDS:${PN} = "cgroup-lite fuse-overlayfs libdevmapper podman"
+RDEPENDS:${PN}-dev = "bash perl"
+
+do_compile:prepend() {
+ cd ${S}/src/github.com/containers/buildah
+}
+
+go_do_compile() {
+ export TMPDIR="${GOTMPDIR}"
+ if [ -n "${GO_INSTALL}" ]; then
+ if [ -n "${GO_LINKSHARED}" ]; then
+ ${GO} install ${GOBUILDFLAGS} ./cmd/buildah
+ ${GO} install ${GOBUILDFLAGS} ./tests/imgtype/imgtype.go
+ ${GO} install ${GOBUILDFLAGS} ./tests/copy/copy.go
+ rm -rf ${B}/bin
+ fi
+ ${GO} install ${GO_LINKSHARED} ${GOBUILDFLAGS} ./cmd/buildah
+ ${GO} install ${GO_LINKSHARED} ${GOBUILDFLAGS} ./tests/imgtype/imgtype.go
+ ${GO} install ${GO_LINKSHARED} ${GOBUILDFLAGS} ./tests/copy/copy.go
+ fi
+}
+
+do_install:append() {
+ dest_dir=${D}/${sysconfdir}/containers
+ mkdir -p ${dest_dir}
+ install -m 666 ${S}/src/github.com/containers/buildah/docs/samples/registries.conf ${dest_dir}/buildah.registries.conf.sample
+ install -m 666 ${S}/src/github.com/containers/buildah/tests/policy.json ${dest_dir}/buildah.policy.json.sample
+}
--
2.25.1


[master][PATCH 2/2] podman: Add ptest support for system tests

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@...>

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
recipes-containers/podman/podman/run-ptest | 13 +++++++++++
recipes-containers/podman/podman_git.bb | 27 +++++++++++++++++++++-
2 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 recipes-containers/podman/podman/run-ptest

diff --git a/recipes-containers/podman/podman/run-ptest b/recipes-containers/podman/podman/run-ptest
new file mode 100644
index 0000000..108ff45
--- /dev/null
+++ b/recipes-containers/podman/podman/run-ptest
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: MIT
+
+#
+# Podman system tests
+#
+
+# The system tests don't need any go related variables. Dummy-define them to
+# avoid useless warnings/errors.
+GOOS=undefined GO=true BUILDTAGS= make localsystem
diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index e999192..e0d7164 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -23,6 +23,7 @@ SRC_URI = " \
file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \
file://0002-Define-ActKillThread-equal-to-ActKill.patch;patchdir=src/import/vendor/github.com/seccomp/libseccomp-golang \
${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://50-podman-rootless.conf', '', d)} \
+ file://run-ptest \
"

LICENSE = "Apache-2.0"
@@ -48,7 +49,7 @@ export LDFLAGS=""
TOOLCHAIN = "gcc"

inherit go goarch
-inherit systemd pkgconfig
+inherit systemd pkgconfig ptest

do_configure[noexec] = "1"

@@ -109,6 +110,17 @@ do_install() {
fi
}

+do_install_ptest () {
+ cp ${S}/src/import/Makefile ${D}${PTEST_PATH}
+ install -d ${D}${PTEST_PATH}/test
+ cp -r ${S}/src/import/test/system ${D}${PTEST_PATH}/test
+
+ # Some compatibility links for the Makefile assumptions.
+ install -d ${D}${PTEST_PATH}/bin
+ ln -s ${bindir}/podman ${D}${PTEST_PATH}/bin/podman
+ ln -s ${bindir}/podman-remote ${D}${PTEST_PATH}/bin/podman-remote
+}
+
FILES:${PN} += " \
${systemd_unitdir}/system/* \
${systemd_unitdir}/user/* \
@@ -128,3 +140,16 @@ RDEPENDS:${PN} += "\
"
RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"
RCONFLICTS:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}"
+
+RDEPENDS:${PN}-ptest += " \
+ bash \
+ bats \
+ buildah \
+ catatonit \
+ coreutils \
+ file \
+ gnupg \
+ jq \
+ make \
+ tar \
+"
--
2.25.1


[master][PATCH 1/2] catatonit: Integrate version 0.1.7

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@...>

This is useful for podman system tests.

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
recipes-containers/catatonit/catatonit_0.1.7.bb | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
create mode 100644 recipes-containers/catatonit/catatonit_0.1.7.bb

diff --git a/recipes-containers/catatonit/catatonit_0.1.7.bb b/recipes-containers/catatonit/catatonit_0.1.7.bb
new file mode 100644
index 0000000..da3973d
--- /dev/null
+++ b/recipes-containers/catatonit/catatonit_0.1.7.bb
@@ -0,0 +1,16 @@
+# SPDX-FileCopyrightText: Huawei Inc.
+#
+# SPDX-License-Identifier: MIT
+
+SUMMARY = "A container init that is so simple it's effectively brain-dead."
+HOMEPAGE = "https://github.com/openSUSE/catatonit"
+DESCRIPTION = "${SUMMARY}"
+SECTION = "base"
+LICENSE = "GPL-3.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464"
+
+SRC_URI = "git://github.com/openSUSE/${BPN};protocol=https;branch=main"
+SRCREV = "d8d72fea155c144ed3bf298a35a1aba5625a5656"
+S = "${WORKDIR}/git"
+
+inherit autotools
--
2.25.1


[PATCH] criu: fix build errors with glibc 2.36

Kai Kang
 

From: Kai Kang <kai.kang@...>

Backport patches to fix build errors with glibc 2.36.

Signed-off-by: Kai Kang <kai.kang@...>
---
recipes-containers/criu/criu_git.bb | 4 +-
.../0004-criu-fix-conflicting-headers.patch | 288 ++++++++++++++++++
...nt-add-definition-for-FSOPEN_CLOEXEC.patch | 110 +++++++
3 files changed, 401 insertions(+), 1 deletion(-)
create mode 100644 recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
create mode 100644 recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch

diff --git a/recipes-containers/criu/criu_git.bb b/recipes-containers/criu/criu_git.bb
index 46401f9..a218310 100644
--- a/recipes-containers/criu/criu_git.bb
+++ b/recipes-containers/criu/criu_git.bb
@@ -20,7 +20,9 @@ SRC_URI = "git://github.com/checkpoint-restore/criu.git;branch=master;protocol=h
file://0001-criu-Skip-documentation-install.patch \
file://0002-criu-Change-libraries-install-directory.patch \
file://0003-lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch \
- "
+ file://0004-criu-fix-conflicting-headers.patch \
+ file://0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch \
+ "

COMPATIBLE_HOST = "(x86_64|arm|aarch64).*-linux"

diff --git a/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch b/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
new file mode 100644
index 0000000..fa4cecd
--- /dev/null
+++ b/recipes-containers/criu/files/0004-criu-fix-conflicting-headers.patch
@@ -0,0 +1,288 @@
+Backport patch to fix criu compile error with glibc 2.36. Update context
+for Makefile.config.
+
+Upstream-Status: Backport [https://github.com/checkpoint-restore/criu/commit/4c86d6a7]
+
+Signed-off-by: Kai Kang <kai.kang@...>
+
+From 4c86d6a7d54abb64fc5a15131f3351224e8c071b Mon Sep 17 00:00:00 2001
+From: Radostin Stoyanov <rstoyanov@...>
+Date: Sun, 31 Jul 2022 16:07:30 +0000
+Subject: [PATCH] criu: fix conflicting headers
+
+There are several changes in glibc 2.36 that make sys/mount.h header
+incompatible with kernel headers:
+
+https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+This patch removes conflicting includes for `<linux/mount.h>` and
+updates the content of `criu/include/linux/mount.h` to match
+`/usr/include/sys/mount.h`. In addition, inline definitions sys_*()
+functions have been moved from "linux/mount.h" to "syscall.h" to
+avoid conflicts with `uapi/compel/plugins/std/syscall.h` and
+`<unistd.h>`. The include for `<linux/aio_abi.h>` has been replaced
+with local include to avoid conflicts with `<sys/mount.h>`.
+
+Fixes: #1949
+
+Signed-off-by: Radostin Stoyanov <rstoyanov@...>
+---
+ Makefile.config | 2 +-
+ criu/cgroup.c | 1 +
+ criu/cr-check.c | 2 +-
+ criu/cr-restore.c | 3 ++-
+ criu/include/aio.h | 2 +-
+ criu/include/linux/aio_abi.h | 14 +++++++++++
+ criu/include/linux/mount.h | 48 +++++++++++++++++++-----------------
+ criu/include/syscall.h | 17 +++++++++++++
+ criu/pie/parasite.c | 2 +-
+ criu/util.c | 1 +
+ scripts/feature-tests.mak | 13 ----------
+ 11 files changed, 64 insertions(+), 41 deletions(-)
+ create mode 100644 criu/include/linux/aio_abi.h
+ create mode 100644 criu/include/syscall.h
+
+diff --git a/Makefile.config b/Makefile.config
+index d113e2246..270ec61c0 100644
+--- a/Makefile.config
++++ b/Makefile.config
+@@ -78,7 +78,7 @@ export DEFINES += $(FEATURE_DEFINES)
+ export CFLAGS += $(FEATURE_DEFINES)
+
+ FEATURES_LIST := TCP_REPAIR STRLCPY STRLCAT PTRACE_PEEKSIGINFO \
+- SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW FSCONFIG MEMFD_CREATE OPENAT2
++ SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW MEMFD_CREATE OPENAT2
+
+ # $1 - config name
+ define gen-feature-test
+diff --git a/criu/cgroup.c b/criu/cgroup.c
+index e05b0832e..325df6a1d 100644
+--- a/criu/cgroup.c
++++ b/criu/cgroup.c
+@@ -27,6 +27,7 @@
+ #include "images/cgroup.pb-c.h"
+ #include "kerndat.h"
+ #include "linux/mount.h"
++#include "syscall.h"
+
+ /*
+ * This structure describes set of controller groups
+diff --git a/criu/cr-check.c b/criu/cr-check.c
+index f589a91da..0ca80192c 100644
+--- a/criu/cr-check.c
++++ b/criu/cr-check.c
+@@ -21,7 +21,6 @@
+ #include <sys/prctl.h>
+ #include <sched.h>
+ #include <sys/mount.h>
+-#include <linux/aio_abi.h>
+
+ #include "../soccr/soccr.h"
+
+@@ -52,6 +51,7 @@
+ #include "net.h"
+ #include "restorer.h"
+ #include "uffd.h"
++#include "linux/aio_abi.h"
+
+ #include "images/inventory.pb-c.h"
+
+diff --git a/criu/cr-restore.c b/criu/cr-restore.c
+index 279246c19..d11d28173 100644
+--- a/criu/cr-restore.c
++++ b/criu/cr-restore.c
+@@ -22,7 +22,6 @@
+ #include <compel/ptrace.h>
+ #include "common/compiler.h"
+
+-#include "linux/mount.h"
+ #include "linux/rseq.h"
+
+ #include "clone-noasan.h"
+@@ -86,6 +85,8 @@
+ #include <compel/plugins/std/syscall-codes.h>
+ #include "compel/include/asm/syscall.h"
+
++#include "linux/mount.h"
++
+ #include "protobuf.h"
+ #include "images/sa.pb-c.h"
+ #include "images/timer.pb-c.h"
+diff --git a/criu/include/aio.h b/criu/include/aio.h
+index d1655739d..38e704020 100644
+--- a/criu/include/aio.h
++++ b/criu/include/aio.h
+@@ -1,7 +1,7 @@
+ #ifndef __CR_AIO_H__
+ #define __CR_AIO_H__
+
+-#include <linux/aio_abi.h>
++#include "linux/aio_abi.h"
+ #include "images/mm.pb-c.h"
+ unsigned int aio_estimate_nr_reqs(unsigned int size);
+ int dump_aio_ring(MmEntry *mme, struct vma_area *vma);
+diff --git a/criu/include/linux/aio_abi.h b/criu/include/linux/aio_abi.h
+new file mode 100644
+index 000000000..d9ce78720
+--- /dev/null
++++ b/criu/include/linux/aio_abi.h
+@@ -0,0 +1,14 @@
++#ifndef __LINUX__AIO_ABI_H
++#define __LINUX__AIO_ABI_H
++
++typedef __kernel_ulong_t aio_context_t;
++
++/* read() from /dev/aio returns these structures. */
++struct io_event {
++ __u64 data; /* the data field from the iocb */
++ __u64 obj; /* what iocb this event came from */
++ __s64 res; /* result code for this event */
++ __s64 res2; /* secondary result */
++};
++
++#endif /* __LINUX__AIO_ABI_H */
+diff --git a/criu/include/linux/mount.h b/criu/include/linux/mount.h
+index 9a3a28b10..0d55a588c 100644
+--- a/criu/include/linux/mount.h
++++ b/criu/include/linux/mount.h
+@@ -4,32 +4,34 @@
+ #include "common/config.h"
+ #include "compel/plugins/std/syscall-codes.h"
+
+-#ifdef CONFIG_HAS_FSCONFIG
+-#include <linux/mount.h>
+-#else
++/* Copied from /usr/include/sys/mount.h */
++
++#ifndef FSCONFIG_CMD_CREATE
++/* The type of fsconfig call made. */
+ enum fsconfig_command {
+- FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+- FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+- FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+- FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+- FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+- FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+- FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
++ FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
++#define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG
++ FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
++#define FSCONFIG_SET_STRING FSCONFIG_SET_STRING
++ FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
++#define FSCONFIG_SET_BINARY FSCONFIG_SET_BINARY
++ FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
++#define FSCONFIG_SET_PATH FSCONFIG_SET_PATH
++ FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
++#define FSCONFIG_SET_PATH_EMPTY FSCONFIG_SET_PATH_EMPTY
++ FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
++#define FSCONFIG_SET_FD FSCONFIG_SET_FD
++ FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
++#define FSCONFIG_CMD_CREATE FSCONFIG_CMD_CREATE
+ FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
++#define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE
+ };
+-#endif
++#endif // FSCONFIG_CMD_CREATE
+
+-static inline int sys_fsopen(const char *fsname, unsigned int flags)
+-{
+- return syscall(__NR_fsopen, fsname, flags);
+-}
+-static inline int sys_fsconfig(int fd, unsigned int cmd, const char *key, const char *value, int aux)
+-{
+- return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
+-}
+-static inline int sys_fsmount(int fd, unsigned int flags, unsigned int attr_flags)
+-{
+- return syscall(__NR_fsmount, fd, flags, attr_flags);
+-}
++#ifndef MS_MGC_VAL
++/* Magic mount flag number. Has to be or-ed to the flag values. */
++#define MS_MGC_VAL 0xc0ed0000 /* Magic flag number to indicate "new" flags */
++#define MS_MGC_MSK 0xffff0000 /* Magic flag number mask */
++#endif
+
+ #endif
+diff --git a/criu/include/syscall.h b/criu/include/syscall.h
+new file mode 100644
+index 000000000..c38d6d971
+--- /dev/null
++++ b/criu/include/syscall.h
+@@ -0,0 +1,17 @@
++#ifndef __CR_SYSCALL_H__
++#define __CR_SYSCALL_H__
++
++static inline int sys_fsopen(const char *fsname, unsigned int flags)
++{
++ return syscall(__NR_fsopen, fsname, flags);
++}
++static inline int sys_fsconfig(int fd, unsigned int cmd, const char *key, const char *value, int aux)
++{
++ return syscall(__NR_fsconfig, fd, cmd, key, value, aux);
++}
++static inline int sys_fsmount(int fd, unsigned int flags, unsigned int attr_flags)
++{
++ return syscall(__NR_fsmount, fd, flags, attr_flags);
++}
++
++#endif /* __CR_SYSCALL_H__ */
+\ No newline at end of file
+diff --git a/criu/pie/parasite.c b/criu/pie/parasite.c
+index e7eb1fcb6..f75fe13bb 100644
+--- a/criu/pie/parasite.c
++++ b/criu/pie/parasite.c
+@@ -3,7 +3,6 @@
+ #include <signal.h>
+ #include <linux/limits.h>
+ #include <linux/capability.h>
+-#include <sys/mount.h>
+ #include <stdarg.h>
+ #include <sys/ioctl.h>
+ #include <sys/uio.h>
+@@ -14,6 +13,7 @@
+ #include "int.h"
+ #include "types.h"
+ #include <compel/plugins/std/syscall.h>
++#include "linux/mount.h"
+ #include "parasite.h"
+ #include "fcntl.h"
+ #include "prctl.h"
+diff --git a/criu/util.c b/criu/util.c
+index 5f69465b4..060ca3bd4 100644
+--- a/criu/util.c
++++ b/criu/util.c
+@@ -40,6 +40,7 @@
+ #include "mem.h"
+ #include "namespaces.h"
+ #include "criu-log.h"
++#include "syscall.h"
+
+ #include "clone-noasan.h"
+ #include "cr_options.h"
+diff --git a/scripts/feature-tests.mak b/scripts/feature-tests.mak
+index 014e893a8..fb5d2ef7a 100644
+--- a/scripts/feature-tests.mak
++++ b/scripts/feature-tests.mak
+@@ -137,19 +137,6 @@ ENTRY(main)
+ END(main)
+ endef
+
+-define FEATURE_TEST_FSCONFIG
+-
+-#include <linux/mount.h>
+-
+-int main(void)
+-{
+- if (FSCONFIG_CMD_CREATE > 0)
+- return 0;
+- return 0;
+-}
+-
+-endef
+-
+ define FEATURE_TEST_NFTABLES_LIB_API_0
+
+ #include <string.h>
+--
+2.34.1
+
diff --git a/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch b/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch
new file mode 100644
index 0000000..dc41d36
--- /dev/null
+++ b/recipes-containers/criu/files/0005-mount-add-definition-for-FSOPEN_CLOEXEC.patch
@@ -0,0 +1,110 @@
+Upstream-Status: Backport [https://github.com/checkpoint-restore/criu/commit/517c0947]
+
+Signed-off-by: Kai Kang <kai.kang@...>
+
+From 517c0947050e63aac72f63a3bf373d76264723b9 Mon Sep 17 00:00:00 2001
+From: Radostin Stoyanov <rstoyanov@...>
+Date: Wed, 24 Aug 2022 21:20:30 +0200
+Subject: [PATCH 2/2] mount: add definition for FSOPEN_CLOEXEC
+
+A recent change in glibc introduced `enum fsconfig_command` [1] and as a
+result the compilation of criu fails with the following errors
+
+In file included from criu/pie/util.c:3:
+/usr/include/sys/mount.h:240:6: error: redeclaration of 'enum fsconfig_command'
+ 240 | enum fsconfig_command
+ | ^~~~~~~~~~~~~~~~
+In file included from /usr/include/sys/mount.h:32:
+criu/include/linux/mount.h:11:6: note: originally defined here
+ 11 | enum fsconfig_command {
+ | ^~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:242:3: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
+ 242 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+ | ^~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:12:9: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
+ 12 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+ | ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:244:3: error: redeclaration of enumerator 'FSCONFIG_SET_STRING'
+ 244 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:14:9: note: previous definition of 'FSCONFIG_SET_STRING' with type 'enum fsconfig_command'
+ 14 | FSCONFIG_SET_STRING = 1, /* Set parameter, supplying a string value */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:246:3: error: redeclaration of enumerator 'FSCONFIG_SET_BINARY'
+ 246 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:16:9: note: previous definition of 'FSCONFIG_SET_BINARY' with type 'enum fsconfig_command'
+ 16 | FSCONFIG_SET_BINARY = 2, /* Set parameter, supplying a binary blob value */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:248:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH'
+ 248 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+ | ^~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:18:9: note: previous definition of 'FSCONFIG_SET_PATH' with type 'enum fsconfig_command'
+ 18 | FSCONFIG_SET_PATH = 3, /* Set parameter, supplying an object by path */
+ | ^~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:250:3: error: redeclaration of enumerator 'FSCONFIG_SET_PATH_EMPTY'
+ 250 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+ | ^~~~~~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:20:9: note: previous definition of 'FSCONFIG_SET_PATH_EMPTY' with type 'enum fsconfig_command'
+ 20 | FSCONFIG_SET_PATH_EMPTY = 4, /* Set parameter, supplying an object by (empty) path */
+ | ^~~~~~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:252:3: error: redeclaration of enumerator 'FSCONFIG_SET_FD'
+ 252 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+ | ^~~~~~~~~~~~~~~
+criu/include/linux/mount.h:22:9: note: previous definition of 'FSCONFIG_SET_FD' with type 'enum fsconfig_command'
+ 22 | FSCONFIG_SET_FD = 5, /* Set parameter, supplying an object by fd */
+ | ^~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:254:3: error: redeclaration of enumerator 'FSCONFIG_CMD_CREATE'
+ 254 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
+ | ^~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:24:9: note: previous definition of 'FSCONFIG_CMD_CREATE' with type 'enum fsconfig_command'
+ 24 | FSCONFIG_CMD_CREATE = 6, /* Invoke superblock creation */
+ | ^~~~~~~~~~~~~~~~~~~
+/usr/include/sys/mount.h:256:3: error: redeclaration of enumerator 'FSCONFIG_CMD_RECONFIGURE'
+ 256 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+ | ^~~~~~~~~~~~~~~~~~~~~~~~
+criu/include/linux/mount.h:26:9: note: previous definition of 'FSCONFIG_CMD_RECONFIGURE' with type 'enum fsconfig_command'
+ 26 | FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+
+This patch adds definition for FSOPEN_CLOEXEC to solve this problem. In particular,
+sys/mount.h includes ifndef check for FSOPEN_CLOEXEC surrounding `enum fsconfig_command`.
+
+[1] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7eae6a91e9b1670330c9f15730082c91c0b1d570
+
+Reported-by: Younes Manton (@ymanton)
+Signed-off-by: Radostin Stoyanov <rstoyanov@...>
+---
+ criu/include/linux/mount.h | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/criu/include/linux/mount.h b/criu/include/linux/mount.h
+index 0d55a588c..fefafa89e 100644
+--- a/criu/include/linux/mount.h
++++ b/criu/include/linux/mount.h
+@@ -6,7 +6,7 @@
+
+ /* Copied from /usr/include/sys/mount.h */
+
+-#ifndef FSCONFIG_CMD_CREATE
++#ifndef FSOPEN_CLOEXEC
+ /* The type of fsconfig call made. */
+ enum fsconfig_command {
+ FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
+@@ -26,7 +26,13 @@ enum fsconfig_command {
+ FSCONFIG_CMD_RECONFIGURE = 7, /* Invoke superblock reconfiguration */
+ #define FSCONFIG_CMD_RECONFIGURE FSCONFIG_CMD_RECONFIGURE
+ };
+-#endif // FSCONFIG_CMD_CREATE
++
++#endif // FSOPEN_CLOEXEC
++
++/* fsopen flags. With the redundant definition, we check if the kernel,
++ * glibc value and our value still match.
++ */
++#define FSOPEN_CLOEXEC 0x00000001
+
+ #ifndef MS_MGC_VAL
+ /* Magic mount flag number. Has to be or-ed to the flag values. */
+--
+2.34.1
+
--
2.17.1


Re: [kirkstone][master][PATCH] meta-xilinx xen bbappend: Rename

Mark Hatle
 

I'm not sure why it was implemented as two different files. But moving to a single generic % should be fine as well.

On 9/1/22 10:31 AM, Bertrand Marquis wrote:
Hi Mark,

On 1 Sep 2022, at 15:47, Mark Hatle via lists.yoctoproject.org <mark.hatle=kernel.crashing.org@...> wrote:

Xen is no longer on 4.14, rename to 4.% to avoid having to regularly update it.
There is also a bbappend for git version, might be a good solution to just have a xen_%.bbappend and remove both 4.14 and git bbappend.
Cheers
Bertrand


Signed-off-by: Mark Hatle <mark.hatle@...>
---
.../recipes-extended/xen/{xen_4.14.bbappend => xen_4.%.bbappend} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename dynamic-layers/xilinx/recipes-extended/xen/{xen_4.14.bbappend => xen_4.%.bbappend} (100%)

diff --git a/dynamic-layers/xilinx/recipes-extended/xen/xen_4.14.bbappend b/dynamic-layers/xilinx/recipes-extended/xen/xen_4.%.bbappend
similarity index 100%
rename from dynamic-layers/xilinx/recipes-extended/xen/xen_4.14.bbappend
rename to dynamic-layers/xilinx/recipes-extended/xen/xen_4.%.bbappend
--
2.25.1



Re: [kirkstone][master][PATCH] meta-xilinx xen bbappend: Rename

Bertrand Marquis
 

Hi Mark,

On 1 Sep 2022, at 15:47, Mark Hatle via lists.yoctoproject.org <mark.hatle=kernel.crashing.org@...> wrote:

Xen is no longer on 4.14, rename to 4.% to avoid having to regularly update it.
There is also a bbappend for git version, might be a good solution to just have a xen_%.bbappend and remove both 4.14 and git bbappend.

Cheers
Bertrand



Signed-off-by: Mark Hatle <mark.hatle@...>
---
.../recipes-extended/xen/{xen_4.14.bbappend => xen_4.%.bbappend} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename dynamic-layers/xilinx/recipes-extended/xen/{xen_4.14.bbappend => xen_4.%.bbappend} (100%)

diff --git a/dynamic-layers/xilinx/recipes-extended/xen/xen_4.14.bbappend b/dynamic-layers/xilinx/recipes-extended/xen/xen_4.%.bbappend
similarity index 100%
rename from dynamic-layers/xilinx/recipes-extended/xen/xen_4.14.bbappend
rename to dynamic-layers/xilinx/recipes-extended/xen/xen_4.%.bbappend
--
2.25.1




Docker network bridge not working on Yocto Hardknott

MorganBaugh
 

Hi All,

I have built a Yocto Hardknott image for the i.MX8 according to the following Variscite tutorial: Yocto Build Release | Variscite Wiki

Then, I added Docker by setting the following in local.conf:
IMAGE_INSTALL_append = " docker"
DISTRO_FEATURES_append = " virtualization"

The image builds fine, boots, and runs Docker (which takes a few minutes to start), however, the containers fail to connect to the docker0 bridge. For example, an Nginx container will not emit the expected boilerplate HTML via curl:

root@imx8qm-var-som:~# docker run -p 80:80 -d nginx
root@imx8qm-var-som:~# curl localhost
root@imx8qm-var-som:~# curl: (56) Recv failure: Connection reset by peer

This problem can be temporarily overcome by brctl:

root@imx8qm-var-som:~# brctl addif docker0 $(ifconfig | grep veth | cut -c 1-11)
root@imx8qm-var-som:~# curl localhost
html stuff that won’t render properly on the forum…

Specifically, Docker is not adding the veth interface to the docker0 bridge upon container creation/restart. I have tried modifying the Yocto build to replace NetworkManager with connman or nothing at all, but this doesn’t make a difference. In fact, when NetworkManager is running, “nmcli device status” shows docker0 as “connected (externally)”, which, to my knowledge, means that something other than NetworkManager is responsible for it.

I have repeated the test on a Dunfell version of the Variscite Yocto build, as well as a non-Variscite build of Yocto Hardknott for the Raspberry Pi 4, and Docker’s network bridge functions properly in both cases. However, swapping the meta-virtualization layer (which contains Docker itself among other things), meta-openembedded, or the Linux kernel from these into the Variscite Hardknott build doesn’t solve the problem. I had once considered the possibility that containerd was at fault, however, that is part of meta-virtualization, and would have been fixed by swapping that layer if it was the problem.

To recap, the problem appears to be specific to Variscite + Yocto Hardknott + Docker, and consists of a failure to automatically add the veth to docker0. Running the container with host networking does work, but is not suitable for my application. Any help would be greatly appreciated!


[kirkstone][master][PATCH] meta-xilinx xen bbappend: Rename

Mark Hatle
 

Xen is no longer on 4.14, rename to 4.% to avoid having to regularly update it.

Signed-off-by: Mark Hatle <mark.hatle@...>
---
.../recipes-extended/xen/{xen_4.14.bbappend => xen_4.%.bbappend} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename dynamic-layers/xilinx/recipes-extended/xen/{xen_4.14.bbappend => xen_4.%.bbappend} (100%)

diff --git a/dynamic-layers/xilinx/recipes-extended/xen/xen_4.14.bbappend b/dynamic-layers/xilinx/recipes-extended/xen/xen_4.%.bbappend
similarity index 100%
rename from dynamic-layers/xilinx/recipes-extended/xen/xen_4.14.bbappend
rename to dynamic-layers/xilinx/recipes-extended/xen/xen_4.%.bbappend
--
2.25.1


Re: [kirkstone][PATCH] podman: Fix merge typo

Bruce Ashfield
 

merged.

Bruce

In message: [meta-virtualization][kirkstone][PATCH] podman: Fix merge typo
on 31/08/2022 Andrei Gherzan wrote:

From: Andrei Gherzan <andrei.gherzan@...>

2b28d64667e4c22434b9db0a87a1265a0caedb66 brought a typo when resolving
merge/rebase conflict. This fixes it.

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
recipes-containers/podman/podman_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index 65e0205..09bf827 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -23,7 +23,7 @@ SRC_URI = " \
file://0001-Rename-BUILDFLAGS-to-GOBUILDFLAGS.patch;patchdir=src/import \
file://0002-Define-ActKillThread-equal-to-ActKill.patch;patchdir=src/import/vendor/github.com/seccomp/libseccomp-golang \
file://CVE-2022-27649.patch;patchdir=src/import \
- ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://00-podman-rootless.conf', '', d)} \
+ ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://50-podman-rootless.conf', '', d)} \
"

LICENSE = "Apache-2.0"
--
2.25.1