mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-21 22:41:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2853 from ajeddeloh/rm-iproute2

Browse Source 
Move iproute2 back to portage-stable
This commit is contained in:
Andrew Jeddeloh 2017-10-25 17:27:31 -07:00 committed by GitHub
commit d5ea268c46
8 changed files with 4 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords vendored
View File

@ -75,3 +75,7 @@ dev-util/checkbashisms
# CVE-2017-1000117 # CVE-2017-1000117
=dev-vcs/git-2.14.1 =dev-vcs/git-2.14.1
# iproute2 4.13 includes a patch to avoid leaking netns mounts in rkt
# https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/commit/?id=d6a4076b6ba6547d7e52c377a7c58c56eb5ea16e
=sys-apps/iproute2-4.13 ~amd64 ~arm64

1
sdk_container/src/third_party/coreos-overlay/sys-apps/iproute2/Manifest vendored
View File

@ -1 +0,0 @@
DIST iproute2-4.12.0.tar.xz 662424 SHA256 2e0a4c4262d9f6c169885a6e16c4c5c5f1ef6fd57b6a0e7b41f42be5bb6ebd7d SHA512 275147f71e7c4698654f0d6d0981ab42f6f108066508c15cfcd5d9e0d3aaf8d33291968d9f06cb03f5494d801cfabf8d53308aaf56fc4fa92c52b137e970a3b0 WHIRLPOOL 590cc191e96ff0b777373603186e4416f064931d529878ec783759f31fd99e1119bb0604e8a89dc98d350f80eca2bfef05a13bca7ce24302408072002c0b17b2

48
sdk_container/src/third_party/coreos-overlay/sys-apps/iproute2/files/iproute2-3.1.0-mtu.patch vendored
View File

@ -1,48 +0,0 @@
http://bugs.gentoo.org/291907
This patch was merged from two patches extracted from this thread:
http://markmail.org/thread/qkd76gpdgefpjlfn
tc_stab.c: small fixes to commandline help
tc_core.c:
As kernel part of things relies on cell align which is always set to -1,
I also added it to userspace computation stage. This way if someone
specified e.g. 2048 and 512 for mtu and tsize respectively, one wouldn't
end with tsize supporting mtu 4096 suddenly, New default mtu is also set
to 2048 (disregarding weirdness of setting mtu to such values).
Unless I missed something, this is harmless and feels cleaner, but if it's
not allowed, documentation will have to be changed back to 2047 + extra
explanation as well.
--- iproute2/tc/tc_core.c
+++ iproute2/tc/tc_core.c
@@ -155,12 +155,12 @@
}
if (s->mtu == 0)
- s->mtu = 2047;
+ s->mtu = 2048;
if (s->tsize == 0)
s->tsize = 512;
s->cell_log = 0;
- while ((s->mtu >> s->cell_log) > s->tsize - 1)
+ while ((s->mtu - 1 >> s->cell_log) > s->tsize - 1)
s->cell_log++;
*stab = malloc(s->tsize * sizeof(__u16));
--- iproute2/tc/tc_stab.c
+++ iproute2/tc/tc_stab.c
@@ -32,7 +32,7 @@
fprintf(stderr,
"Usage: ... stab [ mtu BYTES ] [ tsize SLOTS ] [ mpu BYTES ] \n"
" [ overhead BYTES ] [ linklayer TYPE ] ...\n"
- " mtu : max packet size we create rate map for {2047}\n"
+ " mtu : max packet size we create size table for {2048}\n"
" tsize : how many slots should size table have {512}\n"
" mpu : minimum packet size used in rate computations\n"
" overhead : per-packet size overhead used in rate computations\n"

37
sdk_container/src/third_party/coreos-overlay/sys-apps/iproute2/files/iproute2-4.11.0-no-ipv6.patch vendored
View File

@ -1,37 +0,0 @@
--- iproute2-4.11.0/ip/ipmonitor.c
+++ iproute2-4.11.0/ip/ipmonitor.c
@@ -114,7 +114,6 @@
}
if (n->nlmsg_type == RTM_NEWPREFIX) {
print_headers(fp, "[PREFIX]", ctrl);
- print_prefix(who, n, arg);
return 0;
}
if (n->nlmsg_type == RTM_NEWRULE || n->nlmsg_type == RTM_DELRULE) {
--- iproute2-4.11.0/ip/iptunnel.c
+++ iproute2-4.11.0/ip/iptunnel.c
@@ -589,13 +589,6 @@
break;
case AF_INET:
break;
- /*
- * This is silly enough but we have no easy way to make it
- * protocol-independent because of unarranged structure between
- * IPv4 and IPv6.
- */
- case AF_INET6:
- return do_ip6tunnel(argc, argv);
default:
fprintf(stderr, "Unsupported protocol family: %d\n", preferred_family);
exit(-1);
--- iproute2-4.11.0/ip/Makefile
+++ iproute2-4.11.0/ip/Makefile
@@ -1,6 +1,6 @@
IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \
- rtm_map.o iptunnel.o ip6tunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
- ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o iptuntap.o iptoken.o \
+ rtm_map.o iptunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
+ ipmaddr.o ipmonitor.o ipmroute.o iptuntap.o iptoken.o \
ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \
iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o \
iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \

32
sdk_container/src/third_party/coreos-overlay/sys-apps/iproute2/files/iproute2-4.12.0-recursive-mount-netns.patch vendored
View File

@ -1,32 +0,0 @@
From d6a4076b6ba6547d7e52c377a7c58c56eb5ea16e Mon Sep 17 00:00:00 2001
From: Casey Callendrello <casey.callendrello@coreos.com>
Date: Tue, 1 Aug 2017 17:46:09 +0200
Subject: netns: make /var/run/netns bind-mount recursive
When ip netns {add|delete} is first run, it bind-mounts /var/run/netns
on top of itself, then marks it as shared. However, if there are already
bind-mounts in the directory from other tools, these would not be
propagated. Fix this by recursively bind-mounting.
Signed-off-by: Casey Callendrello <casey.callendrello@coreos.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
ip/ipnetns.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ip/ipnetns.c b/ip/ipnetns.c
index 198e9de..9ee1fe6 100644
--- a/ip/ipnetns.c
+++ b/ip/ipnetns.c
@@ -636,7 +636,7 @@ static int netns_add(int argc, char **argv)
}
/* Upgrade NETNS_RUN_DIR to a mount point */
- if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) {
+ if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND | MS_REC, NULL)) {
fprintf(stderr, "mount --bind %s %s failed: %s\n",
NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno));
return -1;
--
cgit v1.1

38
sdk_container/src/third_party/coreos-overlay/sys-apps/iproute2/files/iproute2-4.12.0-uclibc-ng-add-ipproto_mh.patch vendored
View File

@ -1,38 +0,0 @@
From 2ac2f416072d9968a9ea2dd9f48168223a1147b0 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Tue, 18 Jul 2017 14:09:06 +0300
Subject: [PATCH] Fix build with uClibc-ng
Add a local definition for IPPROTO_MH to fix build with uClibc-ng. As of
version 1.0.25, the uClibc-ng netinet/in.h header does not provide this
definition. The kernel provided definition is masked by libc-compat.h. Add
this local fix until uClibc-ng syncs netinet/in.h with glibc.
This partially reverts upstream commit a9ae195a2169 (xfrm: get #define's from
linux includes)
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: non upstreamable; local uClibc-ng compatibility fix
---
ip/xfrm.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ip/xfrm.h b/ip/xfrm.h
index 54d80ce5e949..50b85550fb45 100644
--- a/ip/xfrm.h
+++ b/ip/xfrm.h
@@ -30,6 +30,10 @@
#include <linux/xfrm.h>
#include <linux/ipsec.h>
+#ifndef IPPROTO_MH
+# define IPPROTO_MH 135
+#endif
+
#define XFRMS_RTA(x) ((struct rtattr*)(((char*)(x)) + NLMSG_ALIGN(sizeof(struct xfrm_usersa_info))))
#define XFRMS_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct xfrm_usersa_info))
--
2.13.2

151
sdk_container/src/third_party/coreos-overlay/sys-apps/iproute2/iproute2-4.12.0.ebuild vendored
View File

@ -1,151 +0,0 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI=5
inherit eutils toolchain-funcs flag-o-matic multilib
if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git"
inherit git-2
else
SRC_URI="mirror://kernel/linux/utils/net/${PN}/${P}.tar.xz"
KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
fi
DESCRIPTION="kernel routing and traffic control utilities"
HOMEPAGE="https://wiki.linuxfoundation.org/networking/iproute2"
LICENSE="GPL-2"
SLOT="0"
IUSE="atm berkdb +iptables ipv6 minimal selinux"
# We could make libmnl optional, but it's tiny, so eh
RDEPEND="
!net-misc/arpd
!minimal? ( net-libs/libmnl )
iptables? ( >=net-firewall/iptables-1.4.20:= )
berkdb? ( sys-libs/db:= )
atm? ( net-dialup/linux-atm )
selinux? ( sys-libs/libselinux )
"
# We require newer linux-headers for ipset support #549948 and some defines #553876
DEPEND="
${RDEPEND}
app-arch/xz-utils
iptables? ( virtual/pkgconfig )
sys-devel/bison
sys-devel/flex
>=sys-kernel/linux-headers-3.16
elibc_glibc? ( >=sys-libs/glibc-2.7 )
"
PATCHES=(
"${FILESDIR}"/${PN}-3.1.0-mtu.patch #291907
"${FILESDIR}"/${PN}-4.12.0-recursive-mount-netns.patch # rkt/rkt#3761
)
src_prepare() {
if ! use ipv6 ; then
PATCHES+=(
"${FILESDIR}"/${PN}-4.11.0-no-ipv6.patch #326849
)
fi
# Local uclibc-ng compat fix until uclibc-ng upstream can sync
# netinet/in.h with glibc. Resolves #626546.
if use elibc_uclibc ; then
PATCHES+=(
"${FILESDIR}"/${PN}-4.12.0-uclibc-ng-add-ipproto_mh.patch
)
fi
epatch "${PATCHES[@]}"
sed -i \
-e '/^CC :=/d' \
-e "/^LIBDIR/s:=.*:=/$(get_libdir):" \
-e "s:-O2:${CFLAGS} ${CPPFLAGS}:" \
-e "/^HOSTCC/s:=.*:= $(tc-getBUILD_CC):" \
-e "/^WFLAGS/s:-Werror::" \
-e "/^DBM_INCLUDE/s:=.*:=${T}:" \
Makefile || die
# Use /run instead of /var/run.
sed -i \
-e 's:/var/run:/run:g' \
include/namespace.h \
man/man8/ip-netns.8 || die
# build against system headers
rm -r include/netinet #include/linux include/ip{,6}tables{,_common}.h include/libiptc
sed -i 's:TCPI_OPT_ECN_SEEN:16:' misc/ss.c || die
use minimal && sed -i -e '/^SUBDIRS=/s:=.*:=lib tc ip:' Makefile
}
src_configure() {
tc-export AR CC PKG_CONFIG
# This sure is ugly. Should probably move into toolchain-funcs at some point.
local setns
pushd "${T}" >/dev/null
printf '#include <sched.h>\nint main(){return setns(0, 0);}\n' > test.c
${CC} ${CFLAGS} ${CPPFLAGS} -D_GNU_SOURCE ${LDFLAGS} test.c >&/dev/null && setns=y || setns=n
echo 'int main(){return 0;}' > test.c
${CC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} test.c -lresolv >&/dev/null || sed -i '/^LDLIBS/s:-lresolv::' "${S}"/Makefile
popd >/dev/null
cat <<-EOF > Config
TC_CONFIG_ATM := $(usex atm y n)
TC_CONFIG_XT := $(usex iptables y n)
TC_CONFIG_NO_XT := $(usex iptables n y)
# We've locked in recent enough kernel headers #549948
TC_CONFIG_IPSET := y
HAVE_BERKELEY_DB := $(usex berkdb y n)
HAVE_MNL := $(usex minimal n y)
HAVE_SELINUX := $(usex selinux y n)
IP_CONFIG_SETNS := ${setns}
# Use correct iptables dir, #144265 #293709
IPT_LIB_DIR := $(use iptables && ${PKG_CONFIG} xtables --variable=xtlibdir)
EOF
}
src_install() {
if use minimal ; then
into /
dosbin tc/tc
dobin ip/ip
return 0
fi
emake \
DESTDIR="${D}" \
LIBDIR="${EPREFIX}"/$(get_libdir) \
SBINDIR="${EPREFIX}"/sbin \
CONFDIR="${EPREFIX}"/usr/share/iproute2 \
DOCDIR="${EPREFIX}"/usr/share/doc/${PF} \
MANDIR="${EPREFIX}"/usr/share/man \
ARPDDIR="${EPREFIX}"/var/lib/arpd \
install
rm "${ED}"/usr/share/doc/${PF}/*.{sgml,tex} || die #455988
dodir /bin
mv "${ED}"/{s,}bin/ip || die #330115
dolib.a lib/libnetlink.a
insinto /usr/include
doins include/libnetlink.h
# This local header pulls in a lot of linux headers it
# doesn't directly need. Delete this header that requires
# linux-headers-3.8 until that goes stable. #467716
sed -i '/linux\/netconf.h/d' "${ED}"/usr/include/libnetlink.h || die
if use berkdb ; then
dodir /var/lib/arpd
# bug 47482, arpd doesn't need to be in /sbin
dodir /usr/bin
mv "${ED}"/sbin/arpd "${ED}"/usr/bin/ || die
fi
}

13
sdk_container/src/third_party/coreos-overlay/sys-apps/iproute2/metadata.xml vendored
View File

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
<use>
<flag name="berkdb">build programs that use berkdb (just arpd)</flag>
<flag name="iptables">include support for iptables filtering</flag>
<flag name="minimal">only install ip and tc programs</flag>
</use>
</pkgmetadata>