The upstream project has removed the master branch in favour of
'main'.
We were relying on the fetcher default of master previously, and
now that master no longer exists, we get a fetch failure.
Adding an explicit branch=main gets things working again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OE core has updated busybox, so we bump to match.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We need to use different build architecture and flags for the
native variant, so add a specific do_compile for it. The settings
are taken from the kubernetes recipes native go build.
We also switch to the umoci.static for -native, since patchelf is
breaking our executable if we leave it dynamic.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When compiling xen-tools (4.14 and 4.15) with gcc-11 the following kind of
errors are produced:
linux.c:164:50: error: argument 7 of type 'const xen_pfn_t[]' {aka 'const long unsigned int[]'} declared as an ordinary array [-Werror=vla-parameter]
164 | const xen_pfn_t arr[/*num*/], int err[/*num*/])
| ~~~~~~~~~~~~~~~~^~~~~~~~~~~~
Workaround it by passing -Wno-vla-parameter to the compiler.
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* just a work around for internal error in binutils-2.36 gold:
http://errors.yoctoproject.org/Errors/Details/580099/
CGO_ENABLED=1 x86_64-oe-linux-go build -trimpath -tags "seccomp seccomp netgo osusergo" -ldflags "-w -extldflags -static -X main.gitCommit="fce58ab2d5c488bc573d02712db476a6daa9a60c-dirty" -X main.version=1.0.0-rc93+dev " -o runc .
TOPDIR/tmp-glibc/work/core2-64-oe-linux/runc-opencontainers/1.0.0-rc93+gitAUTOINC+fce58ab2d5-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/../../libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/11.0.1/ld: internal error in format_file_lineno, at ../../gold/dwarf_reader.cc:2278
collect2: error: ld returned 1 exit status
* it fails like this only together with gcc-11, with gcc-10.3 it
builds fine even with gold
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
In preparation for using umoci along side of sloci as to
construct multi later oci images, we need a -native variant.
For now, we don't need skopeo on the host side, so we clear
it from the class-native RDEPENDS. Skopeo has significant
dependencies, so we'd rather avoid ever needing it as a
-native tool.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating to the latest 0.4.7 release and updating the build
and fetch directories to the opencontainers github.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
BBFILES_DYNAMIC has existed for several years, we don't need the
precursor BBFILES for dynamic layers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As of the gatesgarth you are no longer allowed to remove setscene tasks
as the eSDK generation expects for tasks to actually be executed.
Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add a new xen-rpi-u-boot-scr recipe to PROVIDE u-boot-default-script
instead of using a bbappend to rpi-u-boot-scr.
This allows the new recipe to be selected by indicating it as
PREFERRED_PROVIDER of u-boot-default-script, and then do that in the
Xen on Raspberry Pi 4 config file, xen-raspberrypi4-64.inc.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Improve meta-virt-xen.inc by moving all the Raspberry Pi 4 config
settings to a new xen-raspberrypi4-64.inc file in the raspberrypi
dynamic layer.
The new .inc file is included only for the raspberrypi4-64 MACHINE,
so the config settings no longer need to be applied using overrides.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Apply update to the device tree to allow Xen 4.14 to boot.
Suggested-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
fatload needs to read from mmc 1:1 to find the Xen hypervisor and Linux
kernel binaries with the current Yocto Linux 5.10 kernel.
Add boot messages to to the u-boot script to indicate the size of files
loaded for easier confirmation of load success.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The 5.10 version of the Linux Yocto kernel supports running Xen on the
Raspberry Pi 4, so the previous preference for linux-yocto-dev can be
replaced.
Use the ?= operator to set the kernel preference now since
meta-raspberrypi commit e0b4b8c5d introduced use of the weak default
for kernel preference in that layer to allow this here.
KERNEL_DEVICETREE needs to be set to match the build outputs of the
selected kernel, in this case: "broadcom/bcm2711-rpi-4-b.dtb"
Tested with kernel version:
SRCREV_machine = "cf5b0320cf4544d3db9ce3ddd6ddb7553a610651"
SRCREV_meta="031f6c76e488a3563f35258c72ff1de3e25a512e"
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Added to the raspberrypi dynamic layer for use with Xen as
preparation for switching to it as the default preference.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since upstream Xen 4.14 and 4.15 have working default configs for Xen on
the Raspberry Pi 4, the defconfig and bbappend in the raspberrypi
dynamic layer can now be removed.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This string has been preferred since 2014 -- ref: Xen commit a860dfeec
and also current documentation: docs/misc/arm/device-tree/booting.txt
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adding the following commits into our containerd build:
3187b6dc8 tests: Adds consumed memory stats test
969ec8949 Specify seccomp target arch for CC
c19b7b64d RELEASES.md: recommend alternatives for deprecated features
8a62aa1c3 Deprecate built-in aufs snapshotter
4e7915f80 CI: allow Go 1.13 for Docker/Moby compatibility
8e589e873 Vagrantfile: update to Fedora 34
5847340a7 tests: Refactors container image usage
9f43eade6 Prepare v1.5.0-rc.3 release notes
4c7b960cb prow needs some additional setup for docker buildx
2e4c1d4b7 Use the multi-arch version of the test images
4e00c4b65 integration tests needs lsof
177273680 Add script to build test images
1b5d59dfe Add multi-arch support for test images
78e529727 add integration tests
2b0e6cdd4 Separate jobs for build and test for openlab/arm64
cdd075853 Release artifacts for Linux ARM64
efcb18742 Add unit tests for PID NamespaceMode_TARGET validation
b48f27df6 Support PID NamespaceMode_TARGET
909660ea9 process: use the unbuffered channel as the done signal
0f332dadd Update cgroups for regenerated protos
391b123a5 adds quiet option for ref
ab1654d0e Fix PushHandler cannot push image that contains duplicated blobs
00f8d32ef add not found debug out for check cmd; update usage
55734b1c5 Prepare 1.5.0-rc.2 release notes
3ef337ae3 Update containerd vendors to tags
fbe1e140f Update Go to 1.16.3
c1d1edbad gha: use sudo -E in some places to prevent dropping env-vars
7966a6652 Cleanup code
5d79d3adb go.mod: update kubernetes to v1.20.6
1c03c377e go.mod: github.com/containerd/fifo v1.0.0
12a2a2108 go.mod: github.com/google/uuid v1.2.0
3292ea586 pkg/seccomp: use sync.Once to speed up IsEnabled
00b5c99b1 pkg/seccomp: simplify IsEnabled, update doc
6dd29c25f go.mod: github.com/containerd/aufs
330a2a809 go.mod: github.com/containerd/zfs
34780d67a runtime/shim: check the namespace flag first
c3dde8c4b freebsd: add zfs to the default plugins
b431fe4fc freebsd: don't run shim delete in deleted dir
1f4192daf freebsd: exclude v1 runtimes
cb1580937 metadata: improve deleting a non-empty namespace's error message
5bf84034d Remove junit test result processor
b83d04f91 Add variable names to runtime's interface definitions
993b86399 Add shim start opts
8a4cbabc6 Reimport windows layers when comitting snapshots
af1e2af72 ci: upload junit formatted test results
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
By the docker-packaging repository and https://docs.docker.com/engine/install/centos/#installation-methods
docker is packaged by most distros with a split between the engine and the CLI.
We do the same here, by introducing the -cli package
But to keep existing use cases working, we also create a RDEPENDS between the main
docker package (the engine) and the cli, so existing "docker" package installs will
continue to work the same way. To have separate and non-redepending packages created
set the DOCKER_UNIFIED_PACKAGE variable to False
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Now that docker-ce is being built from the same repos as docker-moby,
the only unique things in the recipes are the SRCREVs.
We move the common packaging, compile/install routines and configuration
to the .inc files.
We also move the patches to the generic 'files' directory, so they
can be shared.
If we there are SRCREV bumps in the future that diverge moby and
docker, we'll hold patches in their named directorys and tweak
the compile/install routines as necessary.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
For whatever reason, the -ce recipe has _git and the moby variant
doesn't. When in reality, the _git is more significant for moby
than for -ce.
Renaming the recipe to normalize the recipe naming.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating docker-ce to 20.10.6, we also restructure the recipe to build
as mentioned in: https://github.com/docker/docker-ce
This now makes the docker-ce recipe virtually identical to the moby
variant, with only SRCREV differences being signficant. The docker-ce
recipe will build the tags as identified by the docker-packaging
repository.
We keep this as a separate recipe for this update, so we can backport
the 20.10.6 change to older branches (for CVEs, etc), but the moby
and docker-ce recipes will (re)unify in following updates.
root@qemux86-64:~# docker --version
Docker version 20.10.6-ce, build 370c28948e
root@qemux86-64:~# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
540db60ca938: Pull complete
Digest:
sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest
root@qemux86-64:~# docker run -it alpine /bin/sh
[ 4099.428945] docker0: port 1(veth33cc29a) entered blocking state
[ 4099.430548] docker0: port 1(veth33cc29a) entered disabled state
[ 4099.434641] device veth33cc29a entered promiscuous mode
[ 4100.219415] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[ 4100.739037] eth0: renamed from vethe948f63
[ 4100.746450] IPv6: ADDRCONF(NETDEV_CHANGE): veth33cc29a: link becomes ready
[ 4100.748508] docker0: port 1(veth33cc29a) entered blocking state
[ 4100.750150] docker0: port 1(veth33cc29a) entered forwarding state
[ 4100.754370] IPv6: ADDRCONF(NETDEV_CHANGE): docker0: link becomes ready
/ # cat /etc/issue
Welcome to Alpine Linux 3.13
Kernel \r on an \m (\l)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Grabbing the following (minor) commits:
8a7f77cb2f dockerd-rootless.sh: use `command -v` instead of `which`
08b27e45d8 Dockerfile: update yamllint to v1.26.1 to fix build
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping the SRCREV to pick up the following commits:
3b8193b399 Upgrade Docker Scan plugin to v0.8.0
9303aa4b6b Add John Howard to our alumni
ba87f9abb5 dockerd-rootless.sh: use `command -v` instead of `which`
efe9ca44fe Prepare tests for Windows containerd support
ed269a15ff vendor: github.com/docker/swarmkit 5a5494a9a7b408b790533a5e4e1cb43ca1c32aad
62761e5710 vendor: github.com/coreos/etcd v3.3.25
07de8d8bea vendor: github.com/containerd/containerd 19ee068f93c91f7b9b2a858457f1af2cabc7bc06
2ee09a228a vendor: github.com/gogo/protobuf v1.3.2
ce1125b768 Remove needless check
5c7fa82d85 Remove lowenna (aka jhowardmsft) from maintainters
0d83bab69a bump up rootlesskit to v0.14.2
fc17485819 Dockerfile: update yamllint to v1.26.1 to fix build
03ac69b517 Error string match: do not match command path
d1b9bc135d Update contrib/nuke-graph-directory.sh
b39a1ca16b Fixes subvol delete on a non-btrfs volume
618c440ae3 Bump hcsshim to get some fixes.
a0fa96c25b Update stop.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
libseccomp has moved to oe-core, so we can drop our checks and
blacklisting of packages if meta-security is not in the layer
configuration.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
python2 is no longer supported, and we are breaking yocto layer
compatibilty by keeping this recipe around (since there is no
provider of 'python').
This hasn't been updated in over a year, so it is time to retire
it.
If it is required, we can bring it back in some other manner.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
crun has a hard dependency on systemd, we need to add it to the
recipe to avoid failing package QA checks.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
meta-python has the exact same version of this recipe, with only
minor differences.
Our copy is no longer needed, and in fact, is taking precedence
over a base build, changing signatures and breaking yocto compatibility.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To ensure yocto compatibility, we should not be changing the behaviour
of recipes simply when meta-virt is included.
As such, we change our sysvinit-inittab changes to only trigger when
virtualization is in the distro features.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This upgrade spans 9 small release. The detailed realese logs could
refer to: https://gitlab.com/libvirt/libvirt/-/blob/master/NEWS.rst
Libvirt's buildsystem has changed to meson, So this upgrade drop some
obsolete patches applied to makefile.
I ran libvirt testcase and ovs testcase for this upgrade, the summary
as follow:
libvirt_test (keyword: ) test results:
*1 Run libvirt_test testing(do_test1) PASS
*2 Check result (virsh_local_capabilities) PASS
*3 Check result (virsh_local_domcapabilities) PASS
*4 Check result (virsh_local_freecell) PASS
*5 Check result (virsh_local_help) PASS
*6 Check result (virsh_local_hostname) PASS
*7 Check result (virsh_local_iface-begin) PASS
*8 Check result (virsh_local_iface-commit) PASS
*9 Check result (virsh_local_iface-list) PASS
*10 Check result (virsh_local_list) PASS
*11 Check result (virsh_local_maxvcpus) PASS
*12 Check result (virsh_local_net-list) PASS
*13 Check result (virsh_local_nodecpumap) PASS
*14 Check result (virsh_local_nodecpustats) PASS
*15 Check result (virsh_local_nodedev-list) PASS
*16 Check result (virsh_local_nodeinfo) PASS
*17 Check result (virsh_local_node-memory-tune) PASS
*18 Check result (virsh_local_nodememstats) PASS
*19 Check result (virsh_local_nwfilter-binding-list) PASS
*20 Check result (virsh_local_nwfilter-list) PASS
*21 Check result (virsh_local_pool-capabilities) PASS
*22 Check result (virsh_local_pool-list) PASS
*23 Check result (virsh_local_pwd) PASS
*24 Check result (virsh_local_secret-list) PASS
*25 Check result (virsh_local_sysinfo) PASS
*26 Check result (virsh_local_uri) PASS
*27 Check result (virsh_local_version) PASS
openvswitch_vm2vm (keyword: qemux86) test results:
*1 openvswitch_vm2vm testing(do_test1) PASS
*2 Check result (ovs_vm2vm_boot_guest1) PASS
*3 Check result (ovs_vm2vm_boot_guest2) PASS
*4 Check result (ovs_vm2vm_netperf_test) PASS
*5 Check result (ovs_vm2vm_destroy_guest1) PASS
*6 Check result (ovs_vm2vm_destroy_guest2) PASS
*7 check testcase call trace(do_check_call_trace) PASS
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The latest Xen Test Framework has removed the gcc-multilib dependency.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Xen 4.15 added support for standalone x86-64 hvmloader build and
previous commit provided Xen 4.14 backports.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Backport Xen patches to enable hvmloader to be built without needing
32-bit glibc.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As per the policy, we'll keep 4.15 and 4.16+ in master, while
leaving 4.14 availability in the hardknott branch.
Further on in the development cycle, we'll add 4.16 and move
dev to 4.17+ before release.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Testing the Xen hypervisor, with the qemux86-64 MACHINE:
runqemu xtf-image nographic slirp
(login as root)
cd /usr/libexec/xtf
./xtf-runner --list pv
# run an example test:
./xtf-runner test-pv64-livepatch-priv-check
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Describes the versions of Xen to be included in meta-virtualization
and recipe maintenance in release branches.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updated to the branch point for 4.16 development.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recipes are introduced as the non-default version by adding an
expressed PREFERRED_VERSION for 4.14 in:
conf/distro/include/meta-virt-default-versions.inc
to keep the Xen 4.14 recipes as default for the Hardknott release.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Enable building the PV shim for x86_64 only.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
