Plain Docker #13
Open
Plain Docker #13
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…mbers Make all partition numbers relative to root partition
Signed-off-by: James Hilliard <james.hilliard1@gmail.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
- update project URL (where the old one re-directs to) Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This issue was reported by Firas Khalil Khana on a Github pull request at buildroot/buildroot#113. There is no --disable-static in m4. Research in the dark corners of the Git history has shown that it was apparently added by Peter Korsgaard back in 2009, in commit 3467cf7 ("m4: cleanup"). At this time, the version of m4 used was 1.4.9, but even looking at the tarball of this old release shows that the ./configure did not support --disable-static. So let's drop this option. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When compiling host-m4 1.4.19 with a host gcc 15 (which is the version
included in Fedora 42, released on 2025-04-15), compilation fails with
error:
In file included from gl_avltree_oset.h:21,
from gl_avltree_oset.c:21:
gl_oset.h:275:1: warning: 'nodiscard' attribute ignored [-Wattributes]
275 | GL_OSET_INLINE _GL_ATTRIBUTE_NODISCARD int
| ^~~~~~~~~~~~~~
gl_oset.h:275:40: error: expected identifier or '(' before 'int'
275 | GL_OSET_INLINE _GL_ATTRIBUTE_NODISCARD int
| ^~~
This error is due to the gnulib copy included in m4 1.4.19, which does
not detect properly the default C language standard of gcc 15 which
has been changed from "gnu17" to "gnu23". See [1]. Note that m4 1.4.19
is the latest version available at the time of this commit, and was
released in May 2021. The issue is tracked upstream in [2].
Upcoming m4 release is expected to fix this issue, by updating its
gnulib copy. See [3], which states: "Update to comply with newer C
standards, and inherit portability improvements from gnulib".
Until this new m4 version is released, this commit fixes the issue by
forcing the C langage standard to "-std=gnu17" (the previous gcc
default) when host-gcc 15 is detected.
Note that the "-std=gnu17" option was introduced in gcc 8. See [4].
This is the reason why this patch adds this option only when the
problematic gcc 15 version is detected.
See also the discussions around this patch at [5].
Fixes:
https://autobuild.buildroot.org/results/1c33ef0a710cfae13e496485787b351c8f951217/
(and many, many others)
[1] https://gcc.gnu.org/gcc-15/changes.html#c
[2] https://savannah.gnu.org/support/?111150
[3] https://git.savannah.gnu.org/cgit/m4.git/commit/?h=branch-1.4&id=a22c9802dd7e724eaefb21dc21d84ac2d3a49c89
[4] https://gcc.gnu.org/gcc-8/changes.html#c
[5] https://lore.kernel.org/buildroot/CAPWx8vsoJUt8YMJG1aUqFRK1=yizNbgjVjGL1Q1+9ygjJGnZLA@mail.gmail.com/
Signed-off-by: Joseph Zikusooka (ZIK) <zik@jambula.net>
Tested-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
[Julien:
- change mail url to lore.kernel.org for stable link
- reword, reflow and add extra info in the commit log
- force -std=gnu17 only when host gcc-15 is detected
- add a comment in .mk to remove the workaround at next bump
]
Signed-off-by: Julien Olivain <ju.o@free.fr>
The new version bundles an updated gnulib that includes support for -std=c23 which is the default for gcc 15. Signed-off-by: Vincent Fazio <vfazio@gmail.com> Signed-off-by: Arnout Vandecappelle <arnout@rnout.be>
- Drop first patch (not needed anymore) - Drop second to fifth patches (already in version) - Drop autoreconf https://salsa.debian.org/clint/fakeroot/-/blob/debian/1.26-1/debian/changelog Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When generating a filesystem image on a power10 build machine running Ubuntu, we see a segfault when fakeroot is running chmod. This has been reported and fixed upstream in Debian in version 1.26-1.2: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995393#53 Add the same patch to resolve the segfault. Signed-off-by: Joel Stanley <joel@jms.id.au> [Arnout: add patch signoff and give proper name (check-package)] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
remove upstream patch remove mkdir build-aux (no longer needed, like AUTORECONF) Signed-off-by: Francois Perrad <francois.perrad@gadz.org> [yann.morin.1998@free.fr: keep using snapshot.debian.org] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
- remove upstream patch level patches 0001-bash51-001.patch 0002-bash51-002.patch 0003-bash51-003.patch 0004-bash51-004.patch - renumber remaining patches For details see [1]. [1] http://git.savannah.gnu.org/cgit/bash.git/log Signed-off-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Martin Hundebøll <martin@geanix.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Builds using toolchains without WCHAR support would fail due to an undeclared reference to `shell_input_line_property`. Fix this by using a guard to check if ENABLE_MULTIBYTE is defined. Fixes: - http://autobuild.buildroot.net/results/133ddcbc37512e6bcc5daab669ce316efa7ec4fc/ Signed-off-by: Vincent Fazio <vfazio@xes-inc.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport fixes from upstream to fix an issue where the strtoimax builtin got built when not necessary. This resolves bash static builds issues when using musl and uClibc. We fix both the m4 file and configure in that order, to be safe andnot trigger an automatic autoreconf (even though bash does not have a rule to automatically regenerate configure if an m4 file changes). Fixes: http://autobuild.buildroot.org/results/f8c/f8cb91f7f9ac6a46bb2ecfc22c1e42cf699f28d3// http://autobuild.buildroot.org/results/b0e/b0e5fcab9eeb799e31bca27fcb7280b728349bc6// Upstream: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=43e861c2cd840946a81dfd0386966eb4f3a17ce9 Signed-off-by: Vincent Fazio <vfazio@gmail.com> [yann.morin.1998@free.fr: - patch configure after the m4 file - add blurb in commit log to explain that ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When the target-finalize-hook for bash was added in commit 311c9ee in order to write bash into /etc/shells, it was done at the same time as for package/mksh and it was incorrectly copied and MKSH still appeared in the name of the hook. The hook is now correctly named BASH_ADD_BASH_TO_SHELLS Signed-off-by: Sebastian Weyer <sebastian.weyer@smile.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Build tested using the following config option:
BR2_PACKAGE_BASH=y
$ ./utils/test-pkg -c bash.config -p bash
bootlin-armv5-uclibc [1/6]: OK
bootlin-armv7-glibc [2/6]: OK
bootlin-armv7m-uclibc [3/6]: SKIPPED
bootlin-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
6 builds, 1 skipped, 0 build failed, 0 legal-info failed, 0 show-info failed
Signed-off-by: Kadambini Nema <kadambini.nema@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
For change log, see: https://git.savannah.gnu.org/cgit/bash.git/log/?h=c5c97b371044a44b701b6efa35984a3e1956344e Other changes: - Refactor necessary patches - Remove upstream patch 0003-configure-invert-condition-for-strtoimax-builtin.patch run-tests tests.package.test_bash.TestBash.test_run passed Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> [Julien: - add change log url in commit log - remove .checkpackageignore entry to fix check-package error - update gpg signature url in bash.hash ] Signed-off-by: Julien Olivain <ju.o@free.fr>
bash uses K&R function declarations which have been removed in C23. Since part of the build process (like the mkbuiltins helper) is written in C, building bash now fails on hosts with GCC 15 (which defaults to C23). Since properly fixing this on the source code level is a larger endeavor, just set the C standard to an old enough version for now. Signed-off-by: Florian Larysch <fl@n621.de> Signed-off-by: Julien Olivain <ju.o@free.fr>
This reverts commit 2ba03f9.
This reverts commit d558b29.
This reverts commit b2d3d1f.
This reverts commit 19edeb2.
The eighth patch release for containerd 1.5 contains a mitigation for CVE-2021-41190 as well as several fixes and updates. https://github.com/containerd/containerd/releases/tag/v1.5.8 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Christian Stewart <christian@paral.in> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
CVE-2021-43816: "Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux" Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of specially-configured bind mounts in a hostPath volume. This relabeling elevates permissions for the container, granting full read/write access over the affected files and directories. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. GHSA-mvff-h3cj-wj9c https://github.com/containerd/containerd/releases/tag/v1.5.9 Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues: - CVE-2022-23648: containerd CRI plugin: Insecure handling of image volumes GHSA-crp2-qrr5-8pq7 - CVE-2022-24769: Default inheritable capabilities for linux container should be empty GHSA-c9cp-9c75-9v8c Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Note: this version adds compatibility for Go 1.18. Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
v1.6.2 -> v1.6.6: The third patch release for containerd 1.6 includes various fixes and updates. https://github.com/containerd/containerd/releases/tag/v1.6.3 The fourth patch release for containerd 1.6 includes two fixes for CNI and SELinux. https://github.com/containerd/containerd/releases/tag/v1.6.4 The fifth patch release for containerd 1.6 includes a few fixes. https://github.com/containerd/containerd/releases/tag/v1.6.5 The sixth patch release for containerd 1.6 includes a fix for CVE-2022-31030. https://github.com/containerd/containerd/releases/tag/v1.6.6 Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
https://github.com/containerd/containerd/releases/tag/v1.6.8 Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
CVE-2022-23471: GHSA-2qjp-425j-52j9 and other bugfixes, see: https://github.com/containerd/containerd/releases/tag/v1.6.12 Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
crun is a drop-in replacement for runc. If crun is enabled, but runc is not, we already install an impersonation symlink, so we do not need to force runc if crun is enabled. Still, runc is the default if crun is not enabled. Signed-off-by: TIAN Yuanhao <tianyuanhao3@163.com> Reviewed-by: Christian Stewart <christian@paral.in> [yann.morin.1998@free.fr: split into its own patch] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Bugfixes and improvements. We now install the containerd.service systemd unit. https://github.com/containerd/containerd/releases/tag/v1.6.16 Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Various bugfixes and improvements. Noteable security fixes: - CVE-2023-25153: Fix OCI image importer memory exhaustion GHSA-259w-8hf6-59c2 - CVE-2023-25173: Fix supplementary groups not being set up properly GHSA-hmfx-3pcx-653p https://github.com/containerd/containerd/releases/tag/v1.6.20 Signed-off-by: Stefan Agner <stefan@agner.ch> [Peter: add CVE references] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://github.com/containerd/containerd/releases/tag/v1.6.21 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bugfixes and updates. https://github.com/containerd/containerd/releases/tag/v1.6.22 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bugfixes and updates. Containerd v1.7.x comes with new features including container sandboxing. https://github.com/containerd/containerd/releases/tag/v1.7.6 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Contains various fixes and updates. https://github.com/containerd/containerd/releases/tag/v1.7.7 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Disable the AUFS snapshotter by default. AUFS support has been deprecated since v1.5 and won't be available with containerd v2.0. Add configuration option for the ZFS snapshotter and add the proper runtime dependencies. Add configuration option for Kubernetes CRI support. Note that CRI support requires a writeable /etc or an appropriate containerd configuration. Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The eighth patch release for containerd 1.7 contains various fixes and updates. https://github.com/containerd/containerd/releases/tag/v1.7.8 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit 35af2bb set CONTAINERD_CPE_ID_PRODUCT to containerd but this is not needed as CONTAINERD_CPE_ID_PRODUCT will be set to the package name (i.e. containerd) by default Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Reviewed-by: Antoine Coutant <antoine.coutant@smile.fr>
https://github.com/containerd/containerd/releases/tag/v1.7.13 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
btrfs handling doesn't depend on btrfs-progs but on kernel >= 4.12 since bump to version 1.7.7 in commit 79e01ef9506a6cdc4836912607dc594ae7b1999d and containerd/containerd@024a748 resulting in the following build failure: In file included from vendor/github.com/containerd/btrfs/v2/btrfs.go:21:0: ./btrfs.h:19:2: error: #error "Headers from kernel >= 4.12 are required on compilation time (not on run time)" #error "Headers from kernel >= 4.12 are required on compilation time (not on run time)" ^~~~~ In file included from vendor/github.com/containerd/btrfs/v2/btrfs.go:21:0: ./btrfs.h:22:10: fatal error: linux/btrfs_tree.h: No such file or directory #include <linux/btrfs_tree.h> ^~~~~~~~~~~~~~~~~~~~ Fixes: 79e01ef9506a6cdc4836912607dc594ae7b1999d - http://autobuild.buildroot.org/results/d6afeef47daae1783dcce3e2b6a0a16e3e5d5fbd Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Updates containerd to v1.7.14.
Highlights
Fix various timing issues with docker pusher
Register imagePullThroughput and count with MiB
Move high volume event logs to Trace level
Container Runtime Interface (CRI)
Handle pod transition states gracefully while listing pod stats
Runtime
Update runc-shim to process exec exits before init
https://github.com/containerd/containerd/releases/tag/1.7.14
Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The docker-proxy binary (libnetwork) has been merged into the docker-engine source (moby). Drop the docker-proxy package and add cmd/docker-proxy as a build target of docker-engine instead. moby/libnetwork@563fe8e Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The seccomp and apparmor build tags have been removed in 23.0.0. Don't use those buildtags anymore. Signed-off-by: Stefan Agner <stefan@agner.ch> Reviewed-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This release contains some fixes and an improved error message. For the full list see: https://github.com/moby/moby/releases/tag/v23.0.1 Signed-off-by: Stefan Agner <stefan@agner.ch> Reviewed-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libseccomp is mandatory since bump to version 23.0.0 in commit 485b47e025541a58358d8852c600b8e7644b4ec6: moby/moby#42501 Fixes: - https://bugs.buildroot.org/show_bug.cgi?id=15321 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security issue: - CVE-2023-26054: (Buildkit): Credentials inlined to Git URLs could end up in provenance attestation GHSA-gc89-7gcr-jxqc In addition, a number of issues have been fixed. For the full list, see: https://github.com/moby/moby/releases/tag/v23.0.2 Signed-off-by: Stefan Agner <stefan@agner.ch> [Peter: Mark as security bump] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixed a number of issues that can cause Swarm encrypted overlay networks to fail to uphold their guarantees, addressing CVE-2023-28841, CVE-2023-28840, and CVE-2023-28842. https://github.com/moby/moby/releases/tag/v23.0.3 Signed-off-by: Stefan Agner <stefan@agner.ch> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
https://github.com/moby/moby/releases/tag/v23.0.5 Signed-off-by: Christian Stewart <christian@aperture.us> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Run qToggleServer directly from Docker, avoiding unnecessary OS updates for each
qtoggleserverrelease.