From 0581d65e179c4cb946e42447e2079c195da5058f Mon Sep 17 00:00:00 2001 From: Cameron Nemo Date: Tue, 31 Mar 2020 10:44:59 -0700 Subject: [PATCH] lxc: update to 4.0.0. --- ...829433f63b2ec1323a1f237efa7d67ea6e2b.patch | 91 ------------- ...ba565ed7e3be9b3c9fa74ac07cf8e06b9afc.patch | 42 ------ ...3976fa4036fe5c260ca3a68376360e98e260.patch | 74 ----------- ...9205669cce54944e2c4f115e69ef18475bbe.patch | 30 ----- srcpkgs/lxc/patches/cpuset.patch | 33 ----- ...3cf63f3e24667680544303e7c7230b3d508c.patch | 122 ------------------ srcpkgs/lxc/template | 6 +- 7 files changed, 3 insertions(+), 395 deletions(-) delete mode 100644 srcpkgs/lxc/patches/3dd7829433f63b2ec1323a1f237efa7d67ea6e2b.patch delete mode 100644 srcpkgs/lxc/patches/6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc.patch delete mode 100644 srcpkgs/lxc/patches/7c3d3976fa4036fe5c260ca3a68376360e98e260.patch delete mode 100644 srcpkgs/lxc/patches/9c579205669cce54944e2c4f115e69ef18475bbe.patch delete mode 100644 srcpkgs/lxc/patches/cpuset.patch delete mode 100644 srcpkgs/lxc/patches/e4103cf63f3e24667680544303e7c7230b3d508c.patch diff --git a/srcpkgs/lxc/patches/3dd7829433f63b2ec1323a1f237efa7d67ea6e2b.patch b/srcpkgs/lxc/patches/3dd7829433f63b2ec1323a1f237efa7d67ea6e2b.patch deleted file mode 100644 index 189bb656e04..00000000000 --- a/srcpkgs/lxc/patches/3dd7829433f63b2ec1323a1f237efa7d67ea6e2b.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 3dd7829433f63b2ec1323a1f237efa7d67ea6e2b Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Fri, 26 Jul 2019 08:20:02 +0200 -Subject: [PATCH] network: restore ability to move nl80211 devices - -Closes #3105. -Signed-off-by: Christian Brauner ---- - src/lxc/network.c | 31 +++++++++++++++++-------------- - 1 file changed, 17 insertions(+), 14 deletions(-) - -diff --git src/lxc/network.c src/lxc/network.c -index 9755116ba1..7684f95918 100644 ---- src/lxc/network.c -+++ src/lxc/network.c -@@ -1248,22 +1248,21 @@ static int lxc_netdev_rename_by_name_in_netns(pid_t pid, const char *old, - static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, - const char *newname) - { -- char *cmd; -+ __do_free char *cmd = NULL; - pid_t fpid; -- int err = -1; - - /* Move phyN into the container. TODO - do this using netlink. - * However, IIUC this involves a bit more complicated work to talk to - * the 80211 module, so for now just call out to iw. - */ - cmd = on_path("iw", NULL); -- if (!cmd) -- goto out1; -- free(cmd); -+ if (!cmd) { -+ return -1; -+ } - - fpid = fork(); - if (fpid < 0) -- goto out1; -+ return -1; - - if (fpid == 0) { - char pidstr[30]; -@@ -1274,21 +1273,18 @@ static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, - } - - if (wait_for_pid(fpid)) -- goto out1; -+ return -1; - -- err = 0; - if (newname) -- err = lxc_netdev_rename_by_name_in_netns(pid, ifname, newname); -+ return lxc_netdev_rename_by_name_in_netns(pid, ifname, newname); - --out1: -- free(physname); -- return err; -+ return 0; - } - - int lxc_netdev_move_by_name(const char *ifname, pid_t pid, const char* newname) - { -+ __do_free char *physname = NULL; - int index; -- char *physname; - - if (!ifname) - return -EINVAL; -@@ -3279,13 +3275,20 @@ int lxc_network_move_created_netdev_priv(struct lxc_handler *handler) - return 0; - - lxc_list_for_each(iterator, network) { -+ __do_free char *physname = NULL; - int ret; - struct lxc_netdev *netdev = iterator->elem; - - if (!netdev->ifindex) - continue; - -- ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL); -+ if (netdev->type == LXC_NET_PHYS) -+ physname = is_wlan(netdev->link); -+ -+ if (physname) -+ ret = lxc_netdev_move_wlan(physname, netdev->link, pid, NULL); -+ else -+ ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL); - if (ret) { - errno = -ret; - SYSERROR("Failed to move network device \"%s\" with ifindex %d to network namespace %d", diff --git a/srcpkgs/lxc/patches/6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc.patch b/srcpkgs/lxc/patches/6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc.patch deleted file mode 100644 index 5098f20af90..00000000000 --- a/srcpkgs/lxc/patches/6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 6453ba565ed7e3be9b3c9fa74ac07cf8e06b9afc Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Tue, 23 Jul 2019 16:41:46 +0200 -Subject: [PATCH] tree-wide: initialize all auto-cleanup variables - -Closes: #3101. -Signed-off-by: Christian Brauner ---- - src/lxc/cgroups/cgfsng.c | 2 +- - src/lxc/confile.c | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git src/lxc/cgroups/cgfsng.c src/lxc/cgroups/cgfsng.c -index 87e12d2ddd..7b8fe6736f 100644 ---- src/lxc/cgroups/cgfsng.c -+++ src/lxc/cgroups/cgfsng.c -@@ -1260,7 +1260,7 @@ static int mkdir_eexist_on_last(const char *dir, mode_t mode) - - orig_len = strlen(dir); - do { -- __do_free char *makeme; -+ __do_free char *makeme = NULL; - int ret; - size_t cur_len; - -diff --git src/lxc/confile.c src/lxc/confile.c -index 36d62cbcac..c0cba7c547 100644 ---- src/lxc/confile.c -+++ src/lxc/confile.c -@@ -909,9 +909,9 @@ static int set_config_net_ipv6_gateway(const char *key, const char *value, - static int set_config_net_veth_ipv6_route(const char *key, const char *value, - struct lxc_conf *lxc_conf, void *data) - { -- __do_free char *valdup; -- __do_free struct lxc_inet6dev *inet6dev; -- __do_free struct lxc_list *list; -+ __do_free char *valdup = NULL; -+ __do_free struct lxc_inet6dev *inet6dev = NULL; -+ __do_free struct lxc_list *list = NULL; - int ret; - char *netmask, *slash; - struct lxc_netdev *netdev = data; diff --git a/srcpkgs/lxc/patches/7c3d3976fa4036fe5c260ca3a68376360e98e260.patch b/srcpkgs/lxc/patches/7c3d3976fa4036fe5c260ca3a68376360e98e260.patch deleted file mode 100644 index 26029b42116..00000000000 --- a/srcpkgs/lxc/patches/7c3d3976fa4036fe5c260ca3a68376360e98e260.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 7c3d3976fa4036fe5c260ca3a68376360e98e260 Mon Sep 17 00:00:00 2001 -From: Julio Faracco -Date: Sat, 3 Aug 2019 02:16:13 -0300 -Subject: [PATCH] utils: Fix wrong integer of a function parameter. - -If SSL is enabled, utils will include function `do_sha1_hash()` to -generate a sha1 encrypted buffer. Last function argument of -`EVP_DigestFinal_ex()` requires a `unsigned int` but the current -parameter is an `integer` type. - -See error: -utils.c:350:38: error: passing 'int *' to parameter of type 'unsigned int *' converts between pointers to integer types with different sign - [-Werror,-Wpointer-sign] - EVP_DigestFinal_ex(mdctx, md_value, md_len); - ^~~~~~ -/usr/include/openssl/evp.h:549:49: note: passing argument to parameter 's' here - unsigned int *s); - -Signed-off-by: Julio Faracco ---- - src/lxc/lxccontainer.c | 3 ++- - src/lxc/utils.c | 4 ++-- - src/lxc/utils.h | 2 +- - 3 files changed, 5 insertions(+), 4 deletions(-) - -diff --git src/lxc/lxccontainer.c src/lxc/lxccontainer.c -index 52c38fd330..09d427a491 100644 ---- src/lxc/lxccontainer.c -+++ src/lxc/lxccontainer.c -@@ -1660,7 +1660,8 @@ static bool prepend_lxc_header(char *path, const char *t, char *const argv[]) - FILE *f; - int ret = -1; - #if HAVE_OPENSSL -- int i, md_len = 0; -+ int i; -+ unsigned int md_len = 0; - unsigned char md_value[EVP_MAX_MD_SIZE]; - char *tpath; - #endif -diff --git src/lxc/utils.c src/lxc/utils.c -index bf4a9c2cbd..9ddbabfc85 100644 ---- src/lxc/utils.c -+++ src/lxc/utils.c -@@ -333,7 +333,7 @@ int lxc_wait_for_pid_status(pid_t pid) - #ifdef HAVE_OPENSSL - #include - --static int do_sha1_hash(const char *buf, int buflen, unsigned char *md_value, int *md_len) -+static int do_sha1_hash(const char *buf, int buflen, unsigned char *md_value, unsigned int *md_len) - { - EVP_MD_CTX *mdctx; - const EVP_MD *md; -@@ -353,7 +353,7 @@ static int do_sha1_hash(const char *buf, int buflen, unsigned char *md_value, in - return 0; - } - --int sha1sum_file(char *fnam, unsigned char *digest, int *md_len) -+int sha1sum_file(char *fnam, unsigned char *digest, unsigned int *md_len) - { - char *buf; - int ret; -diff --git src/lxc/utils.h src/lxc/utils.h -index dd6404f0b3..c1667e8c4c 100644 ---- src/lxc/utils.h -+++ src/lxc/utils.h -@@ -99,7 +99,7 @@ extern int wait_for_pid(pid_t pid); - extern int lxc_wait_for_pid_status(pid_t pid); - - #if HAVE_OPENSSL --extern int sha1sum_file(char *fnam, unsigned char *md_value, int *md_len); -+extern int sha1sum_file(char *fnam, unsigned char *md_value, unsigned int *md_len); - #endif - - /* initialize rand with urandom */ diff --git a/srcpkgs/lxc/patches/9c579205669cce54944e2c4f115e69ef18475bbe.patch b/srcpkgs/lxc/patches/9c579205669cce54944e2c4f115e69ef18475bbe.patch deleted file mode 100644 index df89fbf3747..00000000000 --- a/srcpkgs/lxc/patches/9c579205669cce54944e2c4f115e69ef18475bbe.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 9c579205669cce54944e2c4f115e69ef18475bbe Mon Sep 17 00:00:00 2001 -From: Tycho Andersen -Date: Tue, 23 Jul 2019 09:40:14 -0600 -Subject: [PATCH] pidfds: don't print a scary warning on ENOSYS - -Most kernels don't have this functionality yet, and so the warning is -printed a lot. Our people are scared of warnings, so let's make it INFO -instead in this case. - -Signed-off-by: Tycho Andersen ---- - src/lxc/start.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git src/lxc/start.c src/lxc/start.c -index e3f32f4cb8..e6544ea19c 100644 ---- src/lxc/start.c -+++ src/lxc/start.c -@@ -1641,7 +1641,10 @@ static int proc_pidfd_open(pid_t pid) - - /* Test whether we can send signals. */ - if (lxc_raw_pidfd_send_signal(proc_pidfd, 0, NULL, 0)) { -- SYSERROR("Failed to send signal through pidfd"); -+ if (errno != ENOSYS) -+ SYSERROR("Failed to send signal through pidfd"); -+ else -+ INFO("Sending signals through pidfds not supported on this kernel"); - return -1; - } - diff --git a/srcpkgs/lxc/patches/cpuset.patch b/srcpkgs/lxc/patches/cpuset.patch deleted file mode 100644 index eaf923d220e..00000000000 --- a/srcpkgs/lxc/patches/cpuset.patch +++ /dev/null @@ -1,33 +0,0 @@ -From b31d62b847a3ee013613795094cce4acc12345ef Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Sun, 28 Jul 2019 23:13:26 +0200 -Subject: [PATCH] cgroups: initialize cpuset properly - -Closes #3108. -Signed-off-by: Christian Brauner ---- - src/lxc/cgroups/cgfsng.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c -index 7b8fe6736f..c29c0958e9 100644 ---- src/lxc/cgroups/cgfsng.c -+++ src/lxc/cgroups/cgfsng.c -@@ -496,12 +496,12 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized) - } - - if (!flipped_bit) { -- DEBUG("No isolated or offline cpus present in cpuset"); -- return true; -+ cpulist = lxc_cpumask_to_cpulist(possmask, maxposs); -+ TRACE("No isolated or offline cpus present in cpuset"); -+ } else { -+ cpulist = move_ptr(posscpus); -+ TRACE("Removed isolated or offline cpus from cpuset"); - } -- DEBUG("Removed isolated or offline cpus from cpuset"); -- -- cpulist = lxc_cpumask_to_cpulist(possmask, maxposs); - if (!cpulist) { - ERROR("Failed to create cpu list"); - return false; diff --git a/srcpkgs/lxc/patches/e4103cf63f3e24667680544303e7c7230b3d508c.patch b/srcpkgs/lxc/patches/e4103cf63f3e24667680544303e7c7230b3d508c.patch deleted file mode 100644 index 56d4adb0013..00000000000 --- a/srcpkgs/lxc/patches/e4103cf63f3e24667680544303e7c7230b3d508c.patch +++ /dev/null @@ -1,122 +0,0 @@ -From e4103cf63f3e24667680544303e7c7230b3d508c Mon Sep 17 00:00:00 2001 -From: Thomas Parrott -Date: Fri, 26 Jul 2019 16:14:18 +0100 -Subject: [PATCH] lxccontainer: do_lxcapi_detach_interface to support detaching - wlan devices - -Signed-off-by: Thomas Parrott ---- - src/lxc/attach.c | 2 +- - src/lxc/attach.h | 2 ++ - src/lxc/lxccontainer.c | 23 ++++++++++++++++++++++- - src/lxc/network.c | 4 ++-- - src/lxc/network.h | 4 ++++ - 5 files changed, 31 insertions(+), 4 deletions(-) - -diff --git src/lxc/attach.c src/lxc/attach.c -index 867aa91c0d..f63331edec 100644 ---- src/lxc/attach.c -+++ src/lxc/attach.c -@@ -213,7 +213,7 @@ static int lxc_attach_to_ns(pid_t pid, struct lxc_proc_context_info *ctx) - return 0; - } - --static int lxc_attach_remount_sys_proc(void) -+int lxc_attach_remount_sys_proc(void) - { - int ret; - -diff --git src/lxc/attach.h src/lxc/attach.h -index c576aa9fca..ce7c461b33 100644 ---- src/lxc/attach.h -+++ src/lxc/attach.h -@@ -45,4 +45,6 @@ extern int lxc_attach(struct lxc_container *container, - lxc_attach_exec_t exec_function, void *exec_payload, - lxc_attach_options_t *options, pid_t *attached_process); - -+extern int lxc_attach_remount_sys_proc(void); -+ - #endif /* __LXC_ATTACH_H */ -diff --git src/lxc/lxccontainer.c src/lxc/lxccontainer.c -index d8efdc41c6..52c38fd330 100644 ---- src/lxc/lxccontainer.c -+++ src/lxc/lxccontainer.c -@@ -4793,6 +4793,7 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, - { - int ret; - pid_t pid, pid_outside; -+ __do_free char *physname = NULL; - - /* - * TODO - if this is a physical device, then we need am_host_unpriv. -@@ -4828,6 +4829,19 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, - _exit(EXIT_FAILURE); - } - -+ /* create new mount namespace for use with remounting /sys and is_wlan() below. */ -+ ret = unshare(CLONE_NEWNS); -+ if (ret < 0) { -+ ERROR("Failed to unshare mount namespace"); -+ _exit(EXIT_FAILURE); -+ } -+ -+ /* set / recursively as private so that mount propagation doesn't affect us. */ -+ if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0) < 0) { -+ ERROR("Failed to recursively set / as private in mount namespace"); -+ _exit(EXIT_FAILURE); -+ } -+ - ret = lxc_netdev_isup(ifname); - if (ret < 0) { - ERROR("Failed to determine whether network device \"%s\" is up", ifname); -@@ -4843,7 +4857,14 @@ static bool do_lxcapi_detach_interface(struct lxc_container *c, - } - } - -- ret = lxc_netdev_move_by_name(ifname, pid_outside, dst_ifname); -+ /* remount /sys so is_wlan() can check if this device is a wlan device. */ -+ lxc_attach_remount_sys_proc(); -+ physname = is_wlan(ifname); -+ if (physname) -+ ret = lxc_netdev_move_wlan(physname, ifname, pid_outside, dst_ifname); -+ else -+ ret = lxc_netdev_move_by_name(ifname, pid_outside, dst_ifname); -+ - /* -EINVAL means there is no netdev named as ifname. */ - if (ret < 0) { - if (ret == -EINVAL) -diff --git src/lxc/network.c src/lxc/network.c -index 7684f95918..65727f6b5a 100644 ---- src/lxc/network.c -+++ src/lxc/network.c -@@ -1172,7 +1172,7 @@ int lxc_netdev_move_by_index(int ifindex, pid_t pid, const char *ifname) - * will be passed to lxc_netdev_move_wlan() which will free it when done. - */ - #define PHYSNAME "/sys/class/net/%s/phy80211/name" --static char *is_wlan(const char *ifname) -+char *is_wlan(const char *ifname) - { - __do_free char *path = NULL; - int i, ret; -@@ -1245,7 +1245,7 @@ static int lxc_netdev_rename_by_name_in_netns(pid_t pid, const char *old, - _exit(lxc_netdev_rename_by_name(old, new)); - } - --static int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, -+int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, - const char *newname) - { - __do_free char *cmd = NULL; -diff --git src/lxc/network.h src/lxc/network.h -index acfd8a0532..8a86768d9e 100644 ---- src/lxc/network.h -+++ src/lxc/network.h -@@ -293,4 +293,8 @@ extern int lxc_netns_set_nsid(int netns_fd); - extern int lxc_netns_get_nsid(__s32 fd); - extern int lxc_create_network(struct lxc_handler *handler); - -+extern char *is_wlan(const char *ifname); -+extern int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, -+ const char *newname); -+ - #endif /* __LXC_NETWORK_H */ diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template index a4ecee30531..0939f2d90f8 100644 --- a/srcpkgs/lxc/template +++ b/srcpkgs/lxc/template @@ -2,8 +2,8 @@ _desc="Linux Containers" pkgname=lxc -version=3.2.1 -revision=3 +version=4.0.0 +revision=1 build_style=gnu-configure configure_args="--enable-doc --enable-seccomp --enable-capabilities --enable-apparmor --with-distro=none @@ -16,7 +16,7 @@ maintainer="Orphaned " homepage="https://linuxcontainers.org" license="LGPL-2.1-or-later" distfiles="https://linuxcontainers.org/downloads/lxc-${version}.tar.gz" -checksum=5f903986a4b17d607eea28c0aa56bf1e76e8707747b1aa07d31680338b1cc3d4 +checksum=b3f3ae2c257ce7538db42a16622f7b9854871e98433d61f0641db3a8ddb2c3f4 conf_files="/etc/lxc/default.conf" make_dirs="