Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2019-02-24 17:09:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cilium" Sun Feb 24 17:09:29 2019 rev:6 rq:674486 version:1.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cilium/cilium.changes 2018-09-04 22:58:12.281417533 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.28833/cilium.changes 2019-02-24 17:09:37.532520076 +0100 @@ -1,0 +2,91 @@ +Wed Feb 13 10:09:55 UTC 2019 - Michał Rostecki <[email protected]> + +- Update to version 1.4.0: + * doc: Fix key generation for encryption + * doc: Add validation and troubleshooting section to encryption + GSG + * datapath: Report IPsec route installation errors + * datapath: Fix IPsec with IPv4 or IPv6 disabled + * docs: Add ipvlan-based datapath limitations and requirements + * doc, configmap: add missing entries + * examples/kubernetes: Add tofqdns-enable-poller option + * doc: Minor update to encryption guide + * cilium: transparent encryption with ipsec getting started docs + * Note about apiserver outside of cluster +- Add upstream patch which allows to set additional `go build` + flags + * cilium-allow-to-add-extra-go-build-flags.patch +- Add upstream patch which allows to specify installation + directories for CNI files + * cilium-allow-to-specify-cni-install-dirs.patch +- Make use of golang-packaging macros. +- Add rc* symlinks. + +------------------------------------------------------------------- +Thu Feb 7 12:46:51 UTC 2019 - Michał Rostecki <[email protected]> + +- Run code checkers/linters only on openSUSE Tumbleweed. + +------------------------------------------------------------------- +Wed Feb 6 14:30:47 UTC 2019 - Michał Rostecki <[email protected]> + +- Add devel package which contains a header and .so file. +- Improve descriptions of all packages. +- Set BINDIR, DESTDIR and LIBDIR variables properly instead of + manual installation of files in those destinations. +- Install bash completion script. +- Execute ldconfig in post and postun phases of the lib package. +- Fix Source attribute. + +------------------------------------------------------------------- +Tue Feb 5 17:44:40 CET 2019 - [email protected] + +- Updated to 1.4-rc7 + *pkg/datapath/ipcache: stop leaking FD + *pkg/fqdn: make any operation in the sourceRuleCopy + *daemon: change policyAdd message type from Info to Debug for dns policies + *pkg/endpoint: do not leak go routines if endpoint is disconnected + *pkg/endpoint: ignore negative time durations in metrics + *Endpoint: set a new context per endpoint regeneration + *endpoint: revert endpoint BPF config map update if regenerateBPF fails + *bpf: pin endpoint configuration map + *endpoint: Unlock endpoint to prevent deadlocks. + *daemon: Allow releasing builder while waiting for proxy ACKs + *endpoint: Make regenaration timeout greater than ExecTimeout + *endpoint: Eliminate ExecTimeout, ctx. + *daemon: Use sync.Once, rewamp comments. + *bpf: Fix node-port access to l7 proxy + *bpf: Templatize endpoint configuration + *maps: Add BPFConfigMap for endpoint configuration + *endpoint: Support dynamic BPF configuration + *bpf: Relax verifier in IPv6 drop case + *bpf: Fix tcp flag access + *bpf: Don't reset TCP timer on final ACK + *cilium: spelling: sha is an acronym replace with SHA + *bpf: Provide more specific drop reasons + *proxylib: Update proxylib.h with go 1.11 + *agent: Fix invalid printf style invocations + *gitignore: Ingore cilium-ring-dump binary + *lbmap: Retrieve service ID when dumping BPF map + *service: Restore service IDs before connecting to Kubernetes apiserver + *service: Restore bpfservie cache on startup + *lbmap: Add unit test for getBackends() + *idpool: Factor out IDPool from allocator into package for reuse + *idpool: Fix leaseAvailableID() and slice out of bounds + *node: Don't insert own node into tunnel map + *bpf: Avoid routing loops for former local endpoint IPs + *test: Use cilium-etcd-operator + *clustermesh: Fix race when shutting down clustermesh + *clustermesh: Wait for controllers to be shutdown when closing + *cni: Synchroneous pod label retrieval on CNI add + *identity: Block createEndpoint() while identity is being resolved + *bpf: Remove source MAC address validation + *bpf: Remove destination MAC address verification + *agent: Ignore IPV4_GATEWAY=0x0 when restoring + - details changelogs are in https://github.com/cilium/cilium/projects/11 +- disable bash completion +- added a new package libcilium1 +- build with go1.10(need fix for cgo alignchecker issue) + + +------------------------------------------------------------------- Old: ---- v1.2.1.tar.gz New: ---- _service _servicedata cilium-1.4.0.tar.gz cilium-allow-to-add-extra-go-build-flags.patch cilium-allow-to-specify-cni-install-dirs.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cilium.spec ++++++ --- /var/tmp/diff_new_pack.482pMp/_old 2019-02-24 17:09:38.700519708 +0100 +++ /var/tmp/diff_new_pack.482pMp/_new 2019-02-24 17:09:38.704519707 +0100 @@ -1,7 +1,7 @@ # # spec file for package cilium # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -24,30 +24,41 @@ %global import_path %{provider_prefix} %define cni_bin_dir %{_libexecdir}/cni +%define sover 1 +%define lname libcilium%{sover} + +%define bash_completion_dir %{_datadir}/bash-completion/completions + #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates %endif Name: cilium -Version: 1.2.1 +Version: 1.4.0 Release: 0 Summary: Linux Native, HTTP Aware Networking and Security for Containers License: Apache-2.0 Group: System/Management URL: https://github.com/cilium/cilium -Source0: https://github.com/cilium/cilium/archive/v%{version}.tar.gz +Source: %{name}-%{version}.tar.gz +Patch0: cilium-allow-to-add-extra-go-build-flags.patch +Patch1: cilium-allow-to-specify-cni-install-dirs.patch BuildRequires: clang BuildRequires: git BuildRequires: glibc-devel BuildRequires: glibc-devel-32bit -BuildRequires: go BuildRequires: golang-github-jteeuwen-go-bindata +BuildRequires: golang-packaging +%if 0%{?suse_version} > 1510 && 0%{?is_opensuse} +BuildRequires: ineffassign +%endif BuildRequires: libelf-devel BuildRequires: llvm BuildRequires: protobuf-devel BuildRequires: shadow BuildRequires: unzip +BuildRequires: golang(API) = 1.10 Requires: clang Requires: llvm Requires: protobuf-c @@ -61,36 +72,99 @@ services deployed using Linux container management platforms like Docker and Kubernetes. +%package -n %{lname} +Summary: Shared library for Cilium +Group: System/Libraries + +%description -n %{lname} +Cilium is a software for providing, and transparently securing, network +connectivity, and for load-balancing between application containers and +services deployed using Linux container management platforms like Docker and +Kubernetes. + +This package contains shared library for Cilium which is used by Cilium filters +in Envoy. + +%package devel +Summary: Development files for Cilium +Group: Development/Libraries/C and C++ +Requires: %{lname} = %{version} + +%description devel +Cilium is a software for providing, and transparently securing, network +connectivity, and for load-balancing between application containers and +services deployed using Linux container management platforms like Docker and +Kubernetes. + +This package contains shared development files for Cilium which are used by +Cilium filters in Envoy. + %prep -mkdir -p %{name}-%{version}/src/github.com/cilium/%{name} -tar -zxf %{SOURCE0} --strip-components=1 -C %{name}-%{version}/src/github.com/cilium/%{name} +%setup -q +%patch0 -p1 +%patch1 -p1 %build -export GOPATH=$(pwd)/%{name}-%{version} -export CILIUM_DISABLE_ENVOY_BUILD=1 -cd %{name}-%{version}/src/github.com/cilium/%{name} +%goprep %{provider_prefix} +export GOPATH=%{_builddir}/go +cd $GOPATH/src/%{provider_prefix} + +export EXTRA_GOBUILD_FLAGS="-v -p 4 -x -buildmode=pie" + sed -i '/groupadd /s/^/#/' daemon/Makefile -make precheck +sed -i '/groupadd /s/^/#/' operator/Makefile +# need to fix it upstream or get clearification why we need it +touch bpf/.gitignore +# create bindata.go which is no included in the source as it is ignored +# because of .gitignore +make -C daemon apply-bindata + +%if 0%{?suse_version} > 1510 && 0%{?is_opensuse} +# Currently the full precheck is failing because: +# - Cilium uses Go in version 1.11.3 due to the following bug which happens +# when Go >= 1.11.4 is used: +# https://github.com/cilium/cilium/issues/6559 +# - openSUSE ships only the newest 1.11.x version +# - Thus we have to use Go 1.10.x, but Cilium code follows 1.11.x gofmt +# rules, which differ from 1.10.x. +# +# make precheck + +# Before the issue above gets fixed, let's at least run single code checks +# which are working. +make govet +make ineffassign +make logging-subsys-field +%endif + make build %install -cd %{name}-%{version}/src/github.com/cilium/%{name} +export GOPATH=%{_builddir}/go +cd $GOPATH/src/%{provider_prefix} + +export DISABLE_ENVOY_INSTALLATION=1 +export PKG_BUILD=1 +export BINDIR=%{_bindir} +export CNIBINDIR=%{cni_bin_dir} +export DESTDIR=%{buildroot} +export LIBDIR=%{_libdir} %make_install +mkdir -p %{buildroot}%{_sbindir} for service in cilium cilium-docker cilium-etcd cilium-consul; do install -D -m 644 contrib/systemd/${service}.service \ %{buildroot}%{_unitdir}/${service}.service + ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc${service} done install -D -m 0644 contrib/systemd/cilium %{buildroot}%{_fillupdir}/sysconfig.cilium -install -D -m 0644 plugins/cilium-cni/00-cilium-cni.conf %{buildroot}%{_sysconfdir}/cni/net.d/10-cilium-cni.conf -install -D %{buildroot}/opt/cni/bin/cilium-cni "%{buildroot}%{cni_bin_dir}/cilium-cni" -mkdir -p %{buildroot}/usr/share/bash-completion/completions/ -install -D %{buildroot}%{_sysconfdir}/bash_completion.d/cilium %{buildroot}/usr/share/bash-completion/completions/ - -rm %{buildroot}/opt/cni/bin/cilium-cni -rm %{buildroot}%{_sysconfdir}/bash_completion.d/cilium -rm %{buildroot}/etc/cni/net.d/00-cilium-cni.conf +install -D -m 0644 proxylib/libcilium.h %{buildroot}%{_includedir}/libcilium.h + +mkdir -p %{buildroot}%{bash_completion_dir} +%{buildroot}%{_bindir}/cilium completion > %{buildroot}%{bash_completion_dir}/cilium + +mv %{buildroot}%{_sysconfdir}/cni/net.d/05-cilium-cni.conf %{buildroot}%{_sysconfdir}/cni/net.d/10-cilium-cni.conf %pre getent group cilium >/dev/null || groupadd -r cilium @@ -101,32 +175,49 @@ %service_add_post cilium.service %{fillup_only -n cilium} +%post -n %{lname} -p /sbin/ldconfig + %preun %service_del_preun cilium-consul.service cilium-docker.service cilium-etcd.service cilium.service %postun %service_del_postun cilium-consul.service cilium-docker.service cilium-etcd.service cilium.service +%postun -n %{lname} -p /sbin/ldconfig + %files %dir %{_sysconfdir}/cni %dir %{_sysconfdir}/cni/net.d %dir %{cni_bin_dir} -/usr/share/bash-completion/completions/cilium %config(noreplace) %{_sysconfdir}/cni/net.d/10-cilium-cni.conf +%{bash_completion_dir}/cilium %{_fillupdir}/sysconfig.cilium -%{_usr}/lib/systemd/system/cilium-consul.service -%{_usr}/lib/systemd/system/cilium-docker.service -%{_usr}/lib/systemd/system/cilium-etcd.service -%{_usr}/lib/systemd/system/cilium.service +%{_unitdir}/cilium-consul.service +%{_unitdir}/cilium-docker.service +%{_unitdir}/cilium-etcd.service +%{_unitdir}/cilium.service +%{_sbindir}/rccilium-consul +%{_sbindir}/rccilium-docker +%{_sbindir}/rccilium-etcd +%{_sbindir}/rccilium %{_bindir}/cilium %{_bindir}/cilium-agent +%{_bindir}/cilium-bugtool %{_bindir}/cilium-docker +%{_bindir}/cilium-health %{_bindir}/cilium-map-migrate %{_bindir}/cilium-node-monitor -%{_bindir}/cilium-health -%{_bindir}/cilium-bugtool +%{_bindir}/cilium-operator +%{_bindir}/cilium-ring-dump %{cni_bin_dir}/cilium-cni -%license %{name}-%{version}/src/github.com/cilium/cilium/LICENSE +%license LICENSE + +%files -n %{lname} +%{_libdir}/libcilium.so.%{sover} + +%files devel +%{_includedir}/libcilium.h +%{_libdir}/libcilium.so %changelog ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/cilium/cilium</param> <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="revision">refs/tags/v1.4.0</param> <param name="filename">cilium</param> <param name="changesgenerate">enable</param> </service> <service name="recompress" mode="disabled"> <param name="file">cilium-*.tar</param> <param name="compression">gz</param> </service> <service name="set_version" mode="disabled"/> </services> ++++++ _servicedata ++++++ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/cilium/cilium</param> <param name="changesrevision">73d2a68360bac1a17a07e299e51373b379c8d408</param></service></servicedata>++++++ cilium-allow-to-add-extra-go-build-flags.patch ++++++ >From d1db71e99487e25a42ab81d7354ef43daa62daa6 Mon Sep 17 00:00:00 2001 From: Michal Rostecki <[email protected]> Date: Wed, 6 Feb 2019 13:27:17 +0100 Subject: [PATCH 1/2] make: Allow to add extra `go build` flags Add EXTRA_GOBUILD_FLAGS variable which allows to provide additional flags for `go build` command. Example: ``` make EXTRA_GOBUILD_FLAGS="-linkshared -buildmode=pie" ``` Signed-off-by: Michal Rostecki <[email protected]> --- Makefile.defs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.defs b/Makefile.defs index 8be1e8821..16dca0194 100644 --- a/Makefile.defs +++ b/Makefile.defs @@ -32,7 +32,7 @@ ifeq ($(DOCKER_IMAGE_TAG),) DOCKER_IMAGE_TAG="latest" endif -GOBUILD = -ldflags '$(GOLDFLAGS)' +GOBUILD = -ldflags '$(GOLDFLAGS)' $(EXTRA_GOBUILD_FLAGS) # Uncomment to enable race detection #GOBUILD += -race -- 2.20.1 ++++++ cilium-allow-to-specify-cni-install-dirs.patch ++++++ >From 23141c2dc3ac85aa3dcbc994ddc00f01157bca11 Mon Sep 17 00:00:00 2001 From: Michal Rostecki <[email protected]> Date: Wed, 6 Feb 2019 15:51:48 +0100 Subject: [PATCH 2/2] make: Allow to specify CNI install directories Add CNIBINDIR and CNICONFDIR variables which allow to specify directories in which CNI plugin binary and configuration file are installed. Example: ``` make install CNIBINDIR=/usr/libexec/cni CNICONFDIR=/etc/cni/net.d ``` Signed-off-by: Michal Rostecki <[email protected]> --- Makefile.defs | 2 ++ plugins/cilium-cni/Makefile | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Makefile.defs b/Makefile.defs index 16dca0194..f98cd2e72 100644 --- a/Makefile.defs +++ b/Makefile.defs @@ -4,6 +4,8 @@ include $(ROOT_DIR)/Makefile.quiet PREFIX?=/usr BINDIR?=$(PREFIX)/bin +CNIBINDIR?=/opt/cni/bin +CNICONFDIR?=/etc/cni/net.d LIBDIR?=$(PREFIX)/lib RUNDIR?=/var/run CONFDIR?=/etc diff --git a/plugins/cilium-cni/Makefile b/plugins/cilium-cni/Makefile index 97e3f0f2c..166a8fa98 100644 --- a/plugins/cilium-cni/Makefile +++ b/plugins/cilium-cni/Makefile @@ -17,7 +17,7 @@ $(TARGET): $(SOURCES) $(QUIET)CGO_ENABLED=0 $(GO) build $(GOBUILD) -o $(TARGET) ./cilium-cni.go install: - $(INSTALL) -m 0755 -d $(DESTDIR)/etc/cni/net.d - $(INSTALL) -m 0644 05-cilium-cni.conf $(DESTDIR)/etc/cni/net.d - $(INSTALL) -m 0755 -d $(DESTDIR)/opt/cni/bin - $(INSTALL) -m 0755 $(TARGET) $(DESTDIR)/opt/cni/bin + $(INSTALL) -m 0755 -d $(DESTDIR)$(CNICONFDIR) + $(INSTALL) -m 0644 05-cilium-cni.conf $(DESTDIR)$(CNICONFDIR) + $(INSTALL) -m 0755 -d $(DESTDIR)$(CNIBINDIR) + $(INSTALL) -m 0755 $(TARGET) $(DESTDIR)$(CNIBINDIR) -- 2.20.1
