From 1ee4144ea9acb1d1c00f2cf58e1351d17b1ba423 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Fri, 22 Apr 2022 19:43:07 -0700 Subject: [PATCH 1/4] raft: update to 0.13.0 --- common/shlibs | 2 +- srcpkgs/raft/template | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/common/shlibs b/common/shlibs index 8f5670e21484..9160e0ad1ba8 100644 --- a/common/shlibs +++ b/common/shlibs @@ -3892,7 +3892,7 @@ libigraph.so.0 igraph-0.9.4_1 libgtk-layer-shell.so.0 gtk-layer-shell-0.1.0_1 librdkafka.so.1 librdkafka-1.4.4_3 librdkafka++.so.1 librdkafka-1.4.4_3 -libraft.so.0 raft-0.9.16_1 +libraft.so.2 raft-0.13.0_1 libmdnsd.so.1 libmdnsd-0.9_1 libosdGPU.so.3.4.3 OpenSubdiv-3.4.3_1 libosdCPU.so.3.4.3 OpenSubdiv-3.4.3_1 diff --git a/srcpkgs/raft/template b/srcpkgs/raft/template index 85f12e9dd445..b111bcc73758 100644 --- a/srcpkgs/raft/template +++ b/srcpkgs/raft/template @@ -1,6 +1,6 @@ # Template file for 'raft' pkgname=raft -version=0.11.2 +version=0.13.0 revision=1 build_style=gnu-configure configure_args="--enable-example=no" @@ -11,7 +11,8 @@ maintainer="Julio Galvan " license="custom:LGPL-3.0-only-linking-exception" homepage="https://github.com/canonical/raft" distfiles="https://github.com/canonical/raft/archive/v${version}.tar.gz" -checksum=c89fd6a6fa3c9e6d670b74e389b2d028dfd39d1eec2b18661fae73a9bfd6b89d +checksum=91b2b0437f443a60498cdf8c53da8a5934a51eee983d2f6eb6f0c8e40af07a8c +# test/unit/uv and test/integration/uv fail on CI make_check=ci-skip pre_configure() { From f07ac1168581301ac70d8b763e314667ec3ce1b4 Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Fri, 22 Apr 2022 19:43:20 -0700 Subject: [PATCH 2/4] dqlite: update to 1.10.0 --- srcpkgs/dqlite/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/dqlite/template b/srcpkgs/dqlite/template index 41af8cde377d..e7bccbc107aa 100644 --- a/srcpkgs/dqlite/template +++ b/srcpkgs/dqlite/template @@ -1,6 +1,6 @@ # Template file for 'dqlite' pkgname=dqlite -version=1.9.0 +version=1.10.0 revision=1 build_style=gnu-configure hostmakedepends="pkg-config automake libtool" @@ -10,7 +10,7 @@ maintainer="Cameron Nemo " license="custom:LGPL-3.0-only-linking-exception" homepage="https://github.com/canonical/dqlite" distfiles="${homepage}/archive/v${version}.tar.gz" -checksum=b3f23019bcdc030b8f1d97ef585a34b24128414d6c2e79fcf729e053578d80a7 +checksum=46f57036bd5ac4c67b76c07ef3ce58b674458eb1564131c80f11a2d5ec7db962 pre_configure() { autoreconf -i From 1ada1e62358567bc5c8b2b63ba1be920dcb4218e Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Fri, 22 Apr 2022 19:43:31 -0700 Subject: [PATCH 3/4] lxd: update to 5.1 --- srcpkgs/lxd/files/lxd/run | 4 - srcpkgs/lxd/patches/fix-seccomp-32bit.patch | 170 ++++++++++++++++++++ srcpkgs/lxd/template | 18 ++- 3 files changed, 184 insertions(+), 8 deletions(-) create mode 100644 srcpkgs/lxd/patches/fix-seccomp-32bit.patch diff --git a/srcpkgs/lxd/files/lxd/run b/srcpkgs/lxd/files/lxd/run index 8b02dadb07b9..a32a24389378 100644 --- a/srcpkgs/lxd/files/lxd/run +++ b/srcpkgs/lxd/files/lxd/run @@ -6,10 +6,6 @@ fi if ! mountpoint -q "${_systemd_cgrp}"; then mount -t cgroup -o none,name=systemd cgroup ${_systemd_cgrp} fi -# workaround lxc bug -- next release of lxc should obsolete this -if [ -e /sys/fs/cgroup/cpuset/cgroup.clone_children ]; then - echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children 2>/dev/null || : -fi [ -r conf ] && . ./conf exec lxd --group lxd ${OPTS:- --verbose} diff --git a/srcpkgs/lxd/patches/fix-seccomp-32bit.patch b/srcpkgs/lxd/patches/fix-seccomp-32bit.patch new file mode 100644 index 000000000000..31f5b3de4486 --- /dev/null +++ b/srcpkgs/lxd/patches/fix-seccomp-32bit.patch @@ -0,0 +1,170 @@ +From fd6845ddda3f80cdd24a8f94c42acce6bff0c41f Mon Sep 17 00:00:00 2001 +From: Thomas Parrott +Date: Fri, 29 Apr 2022 11:12:48 +0100 +Subject: [PATCH] lxd/secommp: Fix sysinfo syscall interception on 32 bit + platforms + +Fixes #10347 + +Signed-off-by: Thomas Parrott +--- + lxd/seccomp/seccomp.go | 22 ++++++++++++++-------- + lxd/seccomp/sysinfo.go | 13 +++++++++++++ + lxd/seccomp/sysinfo_32.go | 19 +++++++++++++++++++ + lxd/seccomp/sysinfo_64.go | 19 +++++++++++++++++++ + 4 files changed, 65 insertions(+), 8 deletions(-) + create mode 100644 lxd/seccomp/sysinfo.go + create mode 100644 lxd/seccomp/sysinfo_32.go + create mode 100644 lxd/seccomp/sysinfo_64.go + +diff --git a/lxd/seccomp/seccomp.go b/lxd/seccomp/seccomp.go +index 03fee3c71a0..203d408a828 100644 +--- a/lxd/seccomp/seccomp.go ++++ b/lxd/seccomp/seccomp.go +@@ -1709,6 +1709,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { + + defer l.Debug("Handling sysinfo syscall") + ++ // Pre-fill sysinfo struct with metrics from host system. + info := unix.Sysinfo_t{} + err := unix.Sysinfo(&info) + if err != nil { +@@ -1718,6 +1719,8 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { + return 0 + } + ++ instMetrics := Sysinfo{} // Architecture independent place to hold instance metrics. ++ + cg, err := cgroup.NewFileReadWriter(int(siov.msg.init_pid), liblxc.HasApiExtension("cgroup2")) + if err != nil { + l.Warn("Failed loading cgroup", logger.Ctx{"err": err, "pid": siov.msg.init_pid}) +@@ -1735,7 +1738,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { + return 0 + } + +- info.Uptime = int64(time.Now().Sub(f.ModTime()).Seconds()) ++ instMetrics.Uptime = int64(time.Now().Sub(f.ModTime()).Seconds()) + + // Get instance process count. + pids, err := cg.GetTotalProcesses() +@@ -1746,7 +1749,7 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { + return 0 + } + +- info.Procs = uint16(pids) ++ instMetrics.Procs = uint16(pids) + + // Get instance memory stats. + memStats, err := cg.GetMemoryStats() +@@ -1760,9 +1763,9 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { + for k, v := range memStats { + switch k { + case "shmem": +- info.Sharedram = v ++ instMetrics.Sharedram = v + case "cache": +- info.Bufferram = v ++ instMetrics.Bufferram = v + } + } + +@@ -1784,8 +1787,8 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { + return 0 + } + +- info.Totalram = uint64(memoryLimit) +- info.Freeram = info.Totalram - uint64(memoryUsage) - info.Bufferram ++ instMetrics.Totalram = uint64(memoryLimit) ++ instMetrics.Freeram = instMetrics.Totalram - uint64(memoryUsage) - instMetrics.Bufferram + + // Get instance swap info. + if s.s.OS.CGInfo.Supports(cgroup.MemorySwapUsage, cg) { +@@ -1805,14 +1808,17 @@ func (s *Server) HandleSysinfoSyscall(c Instance, siov *Iovec) int { + return 0 + } + +- info.Totalswap = uint64(swapLimit) +- info.Freeswap = info.Totalswap - uint64(swapUsage) ++ instMetrics.Totalswap = uint64(swapLimit) ++ instMetrics.Freeswap = instMetrics.Totalswap - uint64(swapUsage) + } + + // Get writable pointer to buffer of sysinfo syscall result. + const sz = int(unsafe.Sizeof(info)) + var b []byte = (*(*[sz]byte)(unsafe.Pointer(&info)))[:] + ++ // Write instance metrics to native sysinfo struct. ++ instMetrics.ToNative(&info) ++ + // Write sysinfo response into buffer. + _, err = unix.Pwrite(siov.memFd, b, int64(siov.req.data.args[0])) + if err != nil { +diff --git a/lxd/seccomp/sysinfo.go b/lxd/seccomp/sysinfo.go +new file mode 100644 +index 00000000000..b255894af26 +--- /dev/null ++++ b/lxd/seccomp/sysinfo.go +@@ -0,0 +1,13 @@ ++package seccomp ++ ++// Sysinfo architecture independent sysinfo struct. ++type Sysinfo struct { ++ Uptime int64 ++ Totalram uint64 ++ Freeram uint64 ++ Sharedram uint64 ++ Bufferram uint64 ++ Totalswap uint64 ++ Freeswap uint64 ++ Procs uint16 ++} +diff --git a/lxd/seccomp/sysinfo_32.go b/lxd/seccomp/sysinfo_32.go +new file mode 100644 +index 00000000000..e52808300dd +--- /dev/null ++++ b/lxd/seccomp/sysinfo_32.go +@@ -0,0 +1,19 @@ ++//go:build 386 || arm || ppc || s390 || mips || mipsle ++ ++package seccomp ++ ++import ( ++ "golang.org/x/sys/unix" ++) ++ ++// ToNative fills fields from s into native fields. ++func (s *Sysinfo) ToNative(n *unix.Sysinfo_t) { ++ n.Bufferram = uint32(s.Bufferram) ++ n.Freeram = uint32(s.Freeram) ++ n.Freeswap = uint32(s.Freeswap) ++ n.Procs = s.Procs ++ n.Sharedram = uint32(s.Sharedram) ++ n.Totalram = uint32(s.Totalram) ++ n.Totalswap = uint32(s.Totalswap) ++ n.Uptime = int32(s.Uptime) ++} +diff --git a/lxd/seccomp/sysinfo_64.go b/lxd/seccomp/sysinfo_64.go +new file mode 100644 +index 00000000000..84383b1c5a8 +--- /dev/null ++++ b/lxd/seccomp/sysinfo_64.go +@@ -0,0 +1,19 @@ ++//go:build amd64 || ppc64 || ppc64le || arm64 || s390x || mips64 || mips64le || riscv64 ++ ++package seccomp ++ ++import ( ++ "golang.org/x/sys/unix" ++) ++ ++// ToNative fills fields from s into native fields. ++func (s *Sysinfo) ToNative(n *unix.Sysinfo_t) { ++ n.Bufferram = s.Bufferram ++ n.Freeram = s.Freeram ++ n.Freeswap = s.Freeswap ++ n.Procs = s.Procs ++ n.Sharedram = s.Sharedram ++ n.Totalram = s.Totalram ++ n.Totalswap = s.Totalswap ++ n.Uptime = s.Uptime ++} diff --git a/srcpkgs/lxd/template b/srcpkgs/lxd/template index d216d7bb7f7c..7f0518321d20 100644 --- a/srcpkgs/lxd/template +++ b/srcpkgs/lxd/template @@ -1,12 +1,16 @@ # Template file for 'lxd' pkgname=lxd -version=4.19 +version=5.1 revision=1 build_style=go go_import_path=github.com/lxc/lxd go_build_tags=libsqlite3 -go_package="${go_import_path}/lxd ${go_import_path}/lxc - ${go_import_path}/lxd-p2c ${go_import_path}/fuidshift" +go_package="${go_import_path}/lxd + ${go_import_path}/lxc + ${go_import_path}/lxc-to-lxd + ${go_import_path}/fuidshift + ${go_import_path}/lxd-benchmark + ${go_import_path}/lxd-user" hostmakedepends="pkg-config git" makedepends="lxc-devel acl-devel dqlite-devel eudev-libudev-devel" depends="lxc acl acl-progs rsync squashfs-tools xz dnsmasq iptables attr-progs" @@ -16,12 +20,18 @@ license="Apache-2.0" homepage="https://linuxcontainers.org/lxd" changelog="https://github.com/lxc/lxd/releases" distfiles="https://linuxcontainers.org/downloads/lxd/lxd-${version}.tar.gz" -checksum=6e4cf6cb1549e1b56802d64ad24d812914e0c0102bfcf146bb18a8dcd1fbab57 +checksum=319f4e93506e2144edaa280b0185fb37c4374cf7d7468a5e5c8c1b678189250a system_groups="lxd" # whitelist dqlite LDFLAGS export CGO_LDFLAGS_ALLOW='-Wl,-z,now' +post_build() { + # these need special tags and/or LDFLAGS + CGO_LDFLAGS="$CGO_LDFLAGS -static" go install -p "$XBPS_MAKEJOBS" -mod=vendor -x -tags "agent" -ldflags "${go_ldflags}" "${go_import_path}/lxd-agent" + go install -p "$XBPS_MAKEJOBS" -mod=vendor -x -tags "netgo" -ldflags "${go_ldflags}" "${go_import_path}/lxd-migrate" +} + post_install() { vinstall scripts/bash/lxd-client 644 /usr/share/bash-completion/completions lxd vsv lxd From 995be9cb536ab4f1cac089e57acdca3a4051cfad Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Mon, 9 May 2022 11:34:59 -0700 Subject: [PATCH 4/4] lxd-lts: upgrade to 5.0.0 --- srcpkgs/lxd-lts/INSTALL.msg | 2 +- srcpkgs/lxd-lts/files/lxd/run | 4 +++- srcpkgs/lxd-lts/template | 38 ++++++++++++++++++----------------- 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/srcpkgs/lxd-lts/INSTALL.msg b/srcpkgs/lxd-lts/INSTALL.msg index 966174f8132d..5958c9008817 100755 --- a/srcpkgs/lxd-lts/INSTALL.msg +++ b/srcpkgs/lxd-lts/INSTALL.msg @@ -1,6 +1,6 @@ Start lxd service: - $ sudo ln -s /etc/sv/lxd /var/service + $ sudo ln -s /etc/sv/lxd /var/service/ Run LXD initialization: diff --git a/srcpkgs/lxd-lts/files/lxd/run b/srcpkgs/lxd-lts/files/lxd/run index 147eb64e74dc..a32a24389378 100755 --- a/srcpkgs/lxd-lts/files/lxd/run +++ b/srcpkgs/lxd-lts/files/lxd/run @@ -6,4 +6,6 @@ fi if ! mountpoint -q "${_systemd_cgrp}"; then mount -t cgroup -o none,name=systemd cgroup ${_systemd_cgrp} fi -exec lxd --group lxd 2>&1 + +[ -r conf ] && . ./conf +exec lxd --group lxd ${OPTS:- --verbose} diff --git a/srcpkgs/lxd-lts/template b/srcpkgs/lxd-lts/template index 42e8a958093f..5f0f450e5c3a 100644 --- a/srcpkgs/lxd-lts/template +++ b/srcpkgs/lxd-lts/template @@ -1,36 +1,38 @@ # Template file for 'lxd-lts' pkgname=lxd-lts -version=4.0.4 +version=5.0.0 revision=1 wrksrc="lxd-$version" build_style=go -go_import_path="github.com/lxc/lxd" -go_build_tags="libsqlite3" -go_package="${go_import_path}/lxd ${go_import_path}/lxc - ${go_import_path}/lxd-p2c ${go_import_path}/fuidshift" -hostmakedepends="pkg-config" +go_import_path=github.com/lxc/lxd +go_build_tags=libsqlite3 +go_package="${go_import_path}/lxd + ${go_import_path}/lxc + ${go_import_path}/lxc-to-lxd + ${go_import_path}/fuidshift + ${go_import_path}/lxd-benchmark + ${go_import_path}/lxd-user" +hostmakedepends="pkg-config git" makedepends="lxc-devel acl-devel dqlite-devel eudev-libudev-devel" -depends="lxc acl acl-progs rsync squashfs-tools xz dnsmasq iptables" +depends="lxc acl acl-progs rsync squashfs-tools xz dnsmasq iptables attr-progs" short_desc="Next generation system container manager (long term support channel)" maintainer="Cameron Nemo " license="Apache-2.0" homepage="https://linuxcontainers.org/lxd" -distfiles="https://linuxcontainers.org/downloads/lxd/${wrksrc}.tar.gz" -checksum=372a666b84c7cbcb7ccbffbf4aa04a05b2fe22e5e0aafa022b700bbf211557f6 +changelog="https://github.com/lxc/lxd/releases" +distfiles="https://linuxcontainers.org/downloads/lxd/lxd-${version}.tar.gz" +checksum=a99b7edfb52c8195b2de4988844d32d73be6426f6cff28408250517b238fdef9 conflicts="lxd" provides="lxd-${version}_${revision}" system_groups="lxd" -do_configure() { - # the LXD tarball packages up the required dependencies - ln -s "$wrksrc/_dist" "$GOPATH" -} +# whitelist dqlite LDFLAGS +export CGO_LDFLAGS_ALLOW='-Wl,-z,now' -do_build() { - # don't go-get the dependencies, just install with what's there - cd "$GOSRCPATH" - go_package=${go_package:-$go_import_path} - go install -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package} +post_build() { + # these need special tags and/or LDFLAGS + CGO_LDFLAGS="$CGO_LDFLAGS -static" go install -p "$XBPS_MAKEJOBS" -mod=vendor -x -tags "agent" -ldflags "${go_ldflags}" "${go_import_path}/lxd-agent" + go install -p "$XBPS_MAKEJOBS" -mod=vendor -x -tags "netgo" -ldflags "${go_ldflags}" "${go_import_path}/lxd-migrate" } post_install() {