* fixes:
ERROR: uxen-guest-tools-4.1.7-r0 do_patch: Command Error: 'quilt --quiltrc /OE/build/oe-core/tmp-glibc/work/qemux86_64-oe-linux/uxen-guest-tools/4.1.7-r0/recipe-sysroot-native/etc/quiltrc push' exited with 0 Output:
stdout: Applying patch fix-Makefile-for-OE-kernel-build.patch
patching file Makefile
Hunk #1 FAILED at 1 (different line endings).
Hunk #2 FAILED at 19 (different line endings).
2 out of 2 hunks FAILED -- rejects in file Makefile
Patch fix-Makefile-for-OE-kernel-build.patch does not apply (enforce with -f)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
In oe-core hardknott branch busybox was updated to 1.33.1. Hence, do the same
for busybox-initrd recipe.
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Cherry picked from master.
Although we don't normally bump versions on releasd branches, the
podman is causing pseudo aborts and the version on the release branch
is no longer active upstream. It is riskier to try and isolate fixes
and backport them, than it is to just update to the latest bugfix
release.
Original commit log follows:
============================
Bumping libpod to version v3.2.1-2-gab4d0cf90, which comprises the following commits:
60752b320 Bump to v3.2.2-dev
152952fe6 Bump to v3.2.1
c5d9c0a6f Updated release notes for v3.2.1
4f56f7f13 Fix network connect race with docker-compose
e42d727a9 Revert "Ensure minimum API version is set correctly in tests"
f69789155 Fall back to string for dockerfile parameter
5a158563c remote events: fix --stream=false
38fbd2cb9 [CI:DOCS] fix incorrect network remove api doc
26eae3bf8 remote: always send resize before the container starts
c751544fa remote events: support labels
c28f442b2 remote pull: cancel pull when connection is closed
2993bdf1e Fix network prune api docs
8ba0c92e6 Improve systemd-resolved detection
c3f6ef63a logs: k8s-file: fix race
f1e7a0747 Fix image prune --filter cmd behavior
5ddd76edd Several shell completion fixes
2afb5eeab podman-remote build should handle -f option properly
6beae86f0 System tests: deal with crun 0.20.1
80362b34c Fix build tags for pkg/machine...
c85b6b3fe Fix pre-checkpointing
b61701acb container: ignore named hierarchies
e0dcffa8d [v3.2] vendor containers/common@v0.38.9
d46deca8c rootless: fix fast join userns path
f2b3da502 [v3.2] vendor containers/common@v0.38.7
78430ee1d [v3.2] vendor containers/common@v0.38.6
b6ef7cf21 Correct qemu options for Intel macs
9647d8844 Ensure minimum API version is set correctly in tests
72455ece4 Bump to v3.2.1-dev
0281ef262 Bump to v3.2.0
cff73766f Fix network create macvlan with subnet option
8688f54ea Final release notes updates for v3.2.0
f62c6bf6e add ipv6 nameservers only when the container has ipv6 enabled
4b8ca6303 Use request context instead of background
ce5c3b554 [v.3.2] events: support disjunctive filters
dd83f5c0c System tests: add :Z to volume mounts
32927f5d6 generate systemd: make mounts portable
abb57e5cf vendor containers/storage@v1.31.3
1e4563182 vendor containers/common@v0.38.5
fbf8b78a3 Bump to v3.2.0-dev
684729482 Bump to v3.2.0-RC3
f49023031 Update release notes for v3.2.0-RC3
ee5dd0603 Fix race on podman start --all
6c9de9382 Fix race condition in running ls container in a pod
69bae4774 docs: --cert-dir: point to containers-certs.d(5)
934f36df5 Handle hard links in different directories
5eecc2761 Improve OCI Runtime error
ba884865c Handle hard links in remote builds
c53638e9f Podman info add support for status of cgroup controllers
ac8b7ddd8 Drop container does not exist on removal to debugf
18e917cdc Downgrade API service routing table logging
efa15b96c add libimage events
a9108ab25 docs: generate systemd: XDG_RUNTIME_DIR
bb589bec2 Fix problem copying files when container is in host pid namespace
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The upstream project switched from master to main, so we add
an explicit branch specification to avoid fetch errors (as
the deafult of master no longer works).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The cni plugins already have mod=vendor, but we also need to ensure
that the main CNI build is not using go module based builds.
To avoid inconsistent vendoring messages, we switch all plugins to
no module builds as well.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
It was unoticed in the 3.0.x update to podman, that the _git was
changed. That was unintended and this restores to the _git so we
can more easily track changes in master and do updates.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The upstream project has removed the master branch in favour of
'main'.
We were relying on the fetcher default of master previously, and
now that master no longer exists, we get a fetch failure.
Adding an explicit branch=main gets things working again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As of the gatesgarth you are no longer allowed to remove setscene tasks
as the eSDK generation expects for tasks to actually be executed.
Signed-off-by: Mark Hatle <mark.hatle@xilinx.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Allows the yocto cve-checker to flag CVEs, which would otherwise go
unreported due to the package name not matching NIST NVD data.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Dropping the backported CVE patch, as it is part of this version bump,
which contains the followig commits:
c64cfa03b runtime/v2/runc: fix the defer cleanup of the NewContainer
60c139c9a gha: use sudo -E in some places to prevent dropping env-vars
e0d452986 GHA: use setup-go@v2
ac87e05f6 [release/1.4] update Go to 1.15.11
425a6e4f8 night ci fix: add packages for ubuntu 20.04
80de6e2b4 vendor: golang.org/x/sys 5cba982894dd4e8879e3ef0a0c308ceff39f6154
92da2dbfa vendor: golang.org/x/sync 67f06af15bc961c363a7260195bcd53487529a21
b24c8a2ec vendor: golang.org/x/net 69a78807bb2bb6d1599c68698c6b009505012083
ebdd88cc0 vendor: sigs.k8s.io/structured-merge-diff/v4 v4.0.3
fe197b9b5 vendor: update kubernetes to v1.19.10
07e347903 adds log for each failed host and status not found on host
18a271509 need to bring critest backup
8c5422eb6 Fix error log when copy file
f9d6a7604 runtime/v2/runc: fix leaking socket path
24921417f Fix missing close
bfe95947f install-runc: set GO111MODULE=off to use vendor
520d179ed Prevent runc inheriting BUILDTAGS from containerd
039c24043 move runc version to a separate file for easier consumption
0e957e5ad Separate runc binary version from libcontainer version
bd5bbbd1a Remove references to apparmor and selinux buildtags for runc
fca4a0d1b script/setup: use git clone instead of go get -d
4c875c81a cmd/ctr: fix export command
bbde7b700 overlay: support "userxattr" option (kernel 5.11)
4c2f6a7ab Fix advisory link in release notes for containerd 1.4.4
3ba4a3171 Prepare release notes for 1.4.4
cbcb2f57f vendor: update cri
633bfb712 CI: cache ~/.vagrant.d/boxes
e7851d743 CI: fix "ls: cannot access '/etc/cni/net.d': Permission denied"
f4a6e163e Update continuity
2ec4a495f Update gogo/protobuf to v1.3.2
232cee448 Update to go 1.15.8
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The latest Xen Test Framework has removed the gcc-multilib dependency.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Xen 4.15 added support for standalone x86-64 hvmloader build and
previous commit provided Xen 4.14 backports.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Backport Xen patches to enable hvmloader to be built without needing
32-bit glibc.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The master branch contains an uprev for containerd that includes the
fix, so backport the patch separately for hardknott.
Tested by pulling a hello-world image with podman to
core-image-full-cmdline, with the following added to local.conf:
DISTRO_FEATURES_append = " systemd seccomp"
VIRTUAL-RUNTIME_init_manager = "systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"
NETWORK_MANAGER = "systemd"
IMAGE_ROOTFS_EXTRA_SPACE = "8192000"
PREFERRED_PROVIDER_virtual/containerd = "containerd-opencontainers"
IMAGE_INSTALL_append = " podman virtual/containerd"
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add nsenter to Busybox configuration as it is required by Podman at runtime
Signed-off-by: Nathan Dunne <Nathan.Dunne@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Added kernel modules kernel-module-xt-masquerade and
kernel-module-xt-comment to RRECOMMENDS, to avoid iptables
errors with podman
Signed-off-by: Nathan Dunne <Nathan.Dunne@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Enable building the PV shim for x86_64 only.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Testing the Xen hypervisor, with the qemux86-64 MACHINE:
runqemu xtf-image nographic slirp
(login as root)
cd /usr/libexec/xtf
./xtf-runner --list pv
# run an example test:
./xtf-runner test-pv64-livepatch-priv-check
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Describes the versions of Xen to be included in meta-virtualization
and recipe maintenance in release branches.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updated to the branch point for 4.16 development.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recipes are introduced as the non-default version by adding an
expressed PREFERRED_VERSION for 4.14 in:
conf/distro/include/meta-virt-default-versions.inc
to keep the Xen 4.14 recipes as default for the Hardknott release.
Signed-off-by: Christopher Clark <christopher.w.clark@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 1.17.48:
- api-change:lookoutequipment: [botocore] This release introduces
support for Amazon Lookout for Equipment.
- api-change:kinesis-video-archived-media: [botocore]
Documentation updates for archived.kinesisvideo
- api-change:robomaker: [botocore] This release allows RoboMaker
customers to specify custom tools to run with their simulation
job
- api-change:appstream: [botocore] This release provides support
for image updates
- api-change🐏 [botocore] Documentation updates for AWS RAM
resource sharing
- api-change:customer-profiles: [botocore] Documentation updates
for Put-Integration API
- api-change:autoscaling: [botocore] Amazon EC2 Auto Scaling
announces Warm Pools that help applications to scale out faster
by pre-initializing EC2 instances and save money by requiring
fewer continuously running instances
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 0.17.0:
- Make dotenv get <key> only show the value, not key=value
- Add --override/--no-override option to dotenv run
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 6.2.0.156:
- Improved CPU metric sampling
- Improved memory metric sampling
- Increased custom attribute limit from 64 to 128
- Fixed a TypeError with Uvicorn and unix sockets
- Fixed a crash when using a FIPS compliant system with Cross
Agent Tracing enabled
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 1.8.7:
- Decoding deflate-encoded responses now supports data which is
packed in a zlib container as it is supposed to be. The old,
non-standard behaviour is still supported.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Upgrade to release 2.7.2:
- Update our CI to catch issues with sdist generation,
installation and testing.
- Add missing test suite fixtures directory to MANIFEST.in,
reinstating the ability to run Paramiko's tests from an sdist
tarball.
- Remove leading whitespace from OpenSSH RSA test suite static
key fixture, to conform better to spec.
- Fix incorrect string formatting causing unhelpful error message
annotation when using Kerberos/GSSAPI.
- Fix incorrectly swapped order of p and q numbers when loading
OpenSSH-format RSA private keys. At minimum this should address
a slowdown when using such keys, and it also means Paramiko
works with Cryptography 3.1 and above (which complains
strenuously when this problem appears).
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As part of this update to crun, we now much run autogen.sh before
running configure.
Otherwise, these are incremental changes and comprise the following
commits:
9effaeb On exec, honor additional_gids from the process spec, not the container definition
c25a2db tests: add explicit python3-pip dependency
e67a756 NEWS: tag 0.19
18c0274 gitignore: update
471a7b8 libocispec: update from upstream
f642968 tests: fix check for cgroup v2
3e7fa1d linux: always remount bind mounts
78aeac9 linux: ignore unknown capabilities
f11d742 Add linuxdevicecgroup to maintain parity with runc spec
9aa382b cgroup: skip parsing empty file
d9c9fd0 container: initialize tmp_err
00371ae src: initialize statx struct
2e88d19 src: initialize first_arg
5e4efb7 seccomp: always NUL terminate lowercase_arch
7812572 tests: add test for seccomp listener
f80e98d init: add check for seccomp listener
5d9010b init: fix check for nargs
5a627f4 seccomp: support notify listener
c3361c1 status: use function to convert from yajl errors
873b62d container: use new error function for hooks JSON
14083ab error: new function to convert from yajl errors
6e19235 linux: pass own pid to container process
8fd3320 contrib: new tool to test seccomp notifications
8722858 crun: always use absolute path for the bundle
ae9ea92 container: improve OOM error message
919aac9 utils: receive fd detect closed connection
a52e480 cgroup: new function to detect OOM
2e37d2a sync-libocispec
75ad96b Let autogen.sh generate m4
14c260f libcrun_warn if newuidmap/newgidmap invoke fails
5598401 README.md: drop pids limit comparison
9ea6857 github: add fuzzing test
0fd03ba tests: add container image for fuzzing libcrun
bbd5c7d fuzzer: reap child processes
c7350ef tests: add more fuzzing tests
816f95b fuzzer: merge two tests
effa508 linux: cleanup zombie on errors
b32f1eb linux: release only on error
5ca72f5 status: attempt open again on interrupts
9b5d4c1 Added static analysis Adding clang compilation Fixing comparison of integers of different signs
3b199ef Update GNUmakefile
dcd1a34 linux: label the tmpfs for masked directories
edf7f15 seccomp: check if the action supports errnoRet
bc222b6 seccomp: fail if no default action specified
0c5b920 seccomp: honor default errno value
92c0afe yajl: support static link of containers/yajl
f3d920d src: fix unitialized variable
7d89a02 src: add error check
765971c status: fix memory leak on error
31274d8 utils: fix check for fd
62d1c4d tests: add test to feed honggfuzz
ab75091 ebpf: return the program instead of NULL
8b16552 src: check if seccomp is defined
f721efb container: fix error ownership
4472e35 container: allow config from memory
6b369b8 container: fix memory leak
0fede0f container: initialize variable
2b6c0b6 container: fix dereference of def->linux if NULL
1dd9b5b container: check for def->process before deref
1b1a691 fix: cross-compiling for Android
b25cb2d tests: add device access test
86251b0 ebpf: handle access(dev_name, F_OK) call correctly
e2d79dc fix: access violate if ret < -2
4f35406 cgroup: read controllers from /proc/self/cgroup
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
In the time between the k3s work starting and ending, meta-networking
picked up the support we need for ipset.
Now that the recipe is in a layer we already depend on, we don't need
our own copy.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
commit 1b83c21436 [openvswitch: Fix build with musl libc] mistakenly
copies common files and then clobbers the SRC_URI.
While we could drop the SRC_URI components from the .inc now that we
only have one active version in master (_git), we avoid that for now,
since it is possible that a LTS version will be introduced in future
cycles.
So to fix the oddity, we drop the common components from the _git
SRC_URI and append versus clobber.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* don't use github archives
* upgrade to fix build with security-flags.inc enabled, fixed upstream in:
537e806f8c
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* git.ipxe.org is gone:
fatal: unable to access 'https://git.ipxe.org/ipxe.git/': Couldn't connect to server
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* PNBLACKLISTs are IMHO a bit easier to read and easier to override from distro
which e.g. provides own recipe for libseccomp
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
