Hello community, here is the log from the commit of package cilium-proxy for openSUSE:Factory checked in at 2020-02-18 13:29:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cilium-proxy (Old) and /work/SRC/openSUSE:Factory/.cilium-proxy.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cilium-proxy" Tue Feb 18 13:29:09 2020 rev:1 rq:774853 version:20200109 Changes: -------- New Changes file: --- /dev/null 2019-12-19 10:12:34.003146842 +0100 +++ /work/SRC/openSUSE:Factory/.cilium-proxy.new.26092/cilium-proxy.changes 2020-02-18 13:29:15.812685962 +0100 @@ -0,0 +1,111 @@ +------------------------------------------------------------------- +Tue Feb 4 14:39:12 UTC 2020 - Michał Rostecki <mroste...@opensuse.org> + +- Remove nanopb from requirements. + +------------------------------------------------------------------- +Fri Jan 17 02:26:57 UTC 2020 - Michał Rostecki <mroste...@opensuse.org> + +- Update to version 20200109: + * Based on Envoy 1.12.2, which fixes CVE-2019-18801, + CVE-2019-18802, CVE-2019-18838 amd CVE-2019-18836. For details + please refer to changelog of envoy-proxy package. + * Improvements for incremental xDS. + +------------------------------------------------------------------- +Wed Nov 6 21:11:18 UTC 2019 - Michał Rostecki <mroste...@opensuse.org> + +- Do not bundle any dependencies, move everything to separate + packages. +- Add patch which makes cilium-proxy compatible with newer + googleapis: + * 0003-tracing-update-googleapis-use-SetName-for-operation-.patch + +------------------------------------------------------------------- +Fri Nov 1 13:30:50 UTC 2019 - Michał Rostecki <mroste...@opensuse.org> + +- Do not use global optflags (temporarily) - enabling them causes + linker errors. + +------------------------------------------------------------------- +Fri Oct 18 14:46:31 UTC 2019 - Michał Rostecki <mroste...@opensuse.org> + +- Disable incompatible_bzl_disallow_load_after_statement check in + Bazel - some dependencies still do not pass it. + +------------------------------------------------------------------- +Thu Oct 17 15:48:01 UTC 2019 - Richard Brown <rbr...@suse.com> + +- Remove obsolete Groups tag (fate#326485) + +------------------------------------------------------------------- +Tue Oct 15 09:52:11 UTC 2019 - Michał Rostecki <mroste...@opensuse.org> + +- Update to version 20191004: + * Compatibility with Cilium 1.6. + * Compatibility with Envoy 1.11.1. +- Add sources of envoy-openssl project which makes use of OpenSSL + instead of BoringSSL. +- Add patches which makes Envoy compatible with versions of + libraries available in openSUSE: + * 0001-bazel-Update-protobuf-and-other-needed-dependencies.patch + * 0002-bazel-Update-grpc-to-1.23.0.patch +- Remove patches which are not needed anymore: + * 0001-Remove-deprecated-Blaze-PACKAGE_NAME-macro-5330.patch + * 0001-Upgrade-gabime-spdlog-dependency-to-1.3.0-5604.patch + * 0001-bazel-transport-sockets-Update-grpc-to-1.19.1.patch + +------------------------------------------------------------------- +Thu Apr 4 09:50:46 UTC 2019 - Jan Engelhardt <jeng...@inai.de> + +- openssl-devel should be pkgconfig(openssl) + +------------------------------------------------------------------- +Tue Mar 19 13:35:44 UTC 2019 - Michal Rostecki <mroste...@opensuse.org> + +- Add patch which allows to use grpc 1.19.x. + * 0001-bazel-transport-sockets-Update-grpc-to-1.19.1.patch +- Use source packages of grpc-httpjson-transcoding, opentracing-cpp + and lightstep-tracer-cpp. (boo#1129568) + +------------------------------------------------------------------- +Tue Mar 12 12:18:08 UTC 2019 - Bernhard Wiedemann <bwiedem...@suse.com> + +- Use fixed date for reproducible builds (boo#1047218) + +------------------------------------------------------------------- +Tue Feb 26 13:52:00 UTC 2019 - Michał Rostecki <mroste...@opensuse.org> + +- Add upstream patch which allows to use spdlog 1.3.x. + * 0001-Upgrade-gabime-spdlog-dependency-to-1.3.0-5604.patch + +------------------------------------------------------------------- +Wed Feb 20 17:30:58 UTC 2019 - Michał Rostecki <mroste...@opensuse.org> + +- Add upstream patch which fixes build with Bazel 0.22.0. + * 0001-Remove-deprecated-Blaze-PACKAGE_NAME-macro-5330.patch + +------------------------------------------------------------------- +Tue Dec 04 10:03:30 UTC 2018 - Michał Rostecki <mroste...@suse.de> + +- Initial version 20181115 +- Add patch which applies Envoy patches (mentioned in envoy-proxy + package's changelog) via Bazel build system. Cilium-proxy uses + Envoy's tarball as a Bazel dependency - that's why it needs to + be done this way. + * cilium-proxy-apply-envoy-patches.patch +- Add patch which apply Istio Proxy patches (mentioned in + istio-proxy package's changelog) via Bazel build system. + Cilium-proxy uses Istio's tarball as a Bazel dependency - that's + why it needs to be done this way. + * cilium-proxy-apply-istio-patches.patch +- Add patch to use Go from the system and prevent Bazel trying to + download Go on its own. + * cilium-proxy-use-go-sdk-from-host.patch +- Add patch to use dynamically linked libraries as third-party + dependencies in Envoy. + * cilium-proxy-use-prebuilt-envoy-deps.patch +- Add patch which makes cilium-proxy compatible with Envoy + 1.8.0+git20181105, upstream supports lower version. + * cilium-proxy-upgrade-envoy-version.patch + New: ---- 0001-Adjust-cilium-proxy-to-Envoy-1.12.2.patch BUILD _constraints _service cilium-proxy-20200109.obscpio cilium-proxy.changes cilium-proxy.obsinfo cilium-proxy.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cilium-proxy.spec ++++++ # # spec file for package cilium-proxy # # Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: cilium-proxy Version: 20200109 Release: 0 Summary: L7 proxy and communication bus for Cilium License: Apache-2.0 Url: https://github.com/cilium/proxy Source0: %{name}-%{version}.tar.xz Source1: BUILD Patch0: 0001-Adjust-cilium-proxy-to-Envoy-1.12.2.patch BuildRequires: abseil-cpp-source BuildRequires: backward-cpp-devel BuildRequires: bazel-apple-support-source BuildRequires: bazel-gazelle-source BuildRequires: bazel-platforms BuildRequires: bazel-rules-apple-source BuildRequires: bazel-rules-cc-source BuildRequires: bazel-rules-foreign-cc-source BuildRequires: bazel-rules-go-source BuildRequires: bazel-rules-java-source BuildRequires: bazel-rules-proto-source BuildRequires: bazel-rules-swift-source BuildRequires: bazel-skylib-source BuildRequires: bazel-toolchains-source BuildRequires: bazel-workspaces BuildRequires: bazel2.0 BuildRequires: benchmark-devel BuildRequires: c-ares-devel BuildRequires: cel-cpp-source BuildRequires: cmake BuildRequires: dd-opentracing-cpp-devel BuildRequires: envoy-build-tools BuildRequires: envoy-protoc-gen-validate-source BuildRequires: envoy-proxy-source BuildRequires: fdupes BuildRequires: fmt-devel BuildRequires: gcc-c++ BuildRequires: gcovr BuildRequires: git BuildRequires: golang-github-golang-protobuf BuildRequires: golang-org-x-tools BuildRequires: golang-packaging BuildRequires: googleapis-source BuildRequires: gperftools-devel BuildRequires: grpc-httpjson-transcoding-source BuildRequires: grpc-source BuildRequires: gtest BuildRequires: http-parser-devel BuildRequires: jwt_verify_lib-source BuildRequires: kafka-source BuildRequires: libcircllhist-devel BuildRequires: libcurl-devel BuildRequires: libevent-devel BuildRequires: libnghttp2-devel BuildRequires: libprotobuf-mutator-devel BuildRequires: libtool BuildRequires: lightstep-tracer-cpp-source BuildRequires: moonjit-devel BuildRequires: msgpack-devel BuildRequires: nghttp2-devel BuildRequires: ninja BuildRequires: opencensus-cpp-source BuildRequires: opencensus-proto-source BuildRequires: opentracing-cpp-source BuildRequires: prometheus-client-model-source BuildRequires: protobuf-source BuildRequires: protoc-gen-gogo-source BuildRequires: python3 BuildRequires: python3-Jinja2 BuildRequires: python3-MarkupSafe BuildRequires: rapidjson-devel BuildRequires: re2-devel BuildRequires: spdlog-devel BuildRequires: sql-parser-devel BuildRequires: tclap BuildRequires: udpa-source BuildRequires: upb-source BuildRequires: vim BuildRequires: xxhash-devel BuildRequires: yaml-cpp-devel BuildRequires: zipkin-api-source BuildRequires: zlib-devel BuildRequires: golang(API) >= 1.12 BuildRequires: pkgconfig(openssl) ExcludeArch: %ix86 %description Cilium Proxy is an L7 proxy for microservices which forms a microservice mesh. It's a part of Cilium infrastructure. %prep %autosetup -p1 # Point cilium-proxy TLS bits to the module with OpenSSL support. sed -i \ "s|@envoy//source/extensions/transport_sockets/tls|@envoy_openssl//source/extensions/transport_sockets/tls|" \ cilium/BUILD # cilium-proxy is built from the envoy-proxy source tree, with cilium-proxy # sources included as a dependency. cp -r /usr/src/envoy-proxy %{_builddir} cd %{_builddir}/envoy-proxy cp %{SOURCE1} . # Add cilium-proxy as a depencency cat <<EOF >> WORKSPACE local_repository( name = "cilium_proxy", path = "%{_builddir}/%{name}-%{version}", ) EOF # Envoy has to be built as a git repository, so let's create one... git config --global user.email "y...@example.com" git config --global user.name "Your Name" git init git add . # use fixed date for reproducible builds (boo#1047218): GIT_AUTHOR_DATE=2000-01-01T01:01:01 GIT_COMMITTER_DATE=2000-01-01T01:01:01 \ git commit -m "Dummy commit just to satisfy bazel" &> /dev/null %build cd %{_builddir}/envoy-proxy # TODO(mrostecki): Create a macro in bazel package. GO_PROTOBUF_DIR=$(find %{_datadir}/go -name protobuf -type d | grep -v vendor) GO_TOOLS_DIR=$(find %{_datadir}/go -name tools -type d | grep -v vendor) bazel build \ -c dbg \ --color=no \ --copt="-Wno-error=old-style-cast" \ --cxxopt="-Wno-error=old-style-cast" \ --copt="-Wno-unused-parameter" \ --cxxopt="-Wno-unused-parameter" \ --curses=no \ --host_force_python=PY3 \ --incompatible_bzl_disallow_load_after_statement=false \ --override_repository="bazel_gazelle=/usr/src/bazel-gazelle" \ --override_repository="bazel_skylib=/usr/src/bazel-skylib" \ --override_repository="bazel_toolchains=/usr/src/bazel-toolchains" \ --override_repository="bssl_wrapper=%{_datadir}/bazel-workspaces/bsslwrapper" \ --override_repository="build_bazel_apple_support=/usr/src/bazel-apple-support" \ --override_repository="build_bazel_rules_apple=/usr/src/bazel-rules-apple" \ --override_repository="build_bazel_rules_swift=/usr/src/bazel-rules-swift" \ --override_repository="com_envoyproxy_protoc_gen_validate=/usr/src/envoy-protoc-gen-validate" \ --override_repository="com_lightstep_tracer_cpp=/usr/src/lightstep-tracer-cpp" \ --override_repository="com_github_c_ares_c_ares=%{_datadir}/bazel-workspaces/c-ares" \ --override_repository="com_github_circonus_labs_libcircllhist=%{_datadir}/bazel-workspaces/libcircllhist" \ --override_repository="com_github_cncf_udpa=/usr/src/udpa" \ --override_repository="com_github_curl=%{_datadir}/bazel-workspaces/curl" \ --override_repository="com_github_cyan4973_xxhash=%{_datadir}/bazel-workspaces/xxhash" \ --override_repository="com_github_datadog_dd_opentracing_cpp=%{_datadir}/bazel-workspaces/dd-opentracing-cpp" \ --override_repository="com_github_mirror_tclap=%{_datadir}/bazel-workspaces/tclap" \ --override_repository="com_github_eile_tclap=%{_datadir}/bazel-workspaces/tclap" \ --override_repository="com_github_envoyproxy_sqlparser=%{_datadir}/bazel-workspaces/sql-parser" \ --override_repository="com_github_fmtlib_fmt=%{_datadir}/bazel-workspaces/fmtlib" \ --override_repository="com_github_gabime_spdlog=%{_datadir}/bazel-workspaces/spdlog" \ --override_repository="com_github_gogo_protobuf=/usr/src/protoc-gen-gogo" \ --override_repository="com_github_golang_protobuf=${GO_PROTOBUF_DIR}" \ --override_repository="com_github_google_jwt_verify=/usr/src/jwt_verify_lib" \ --override_repository="com_github_google_jwt_verify_patched=/usr/src/jwt_verify_lib" \ --override_repository="com_github_google_libprotobuf_mutator=%{_datadir}/bazel-workspaces/libprotobuf-mutator" \ --override_repository="com_github_gperftools_gperftools=%{_datadir}/bazel-workspaces/gperftools" \ --override_repository="com_github_grpc_grpc=/usr/src/grpc" \ --override_repository="com_github_jbeder_yaml_cpp=%{_datadir}/bazel-workspaces/yaml-cpp" \ --override_repository="com_github_libevent_libevent=%{_datadir}/bazel-workspaces/libevent" \ --override_repository="com_github_luajit_luajit=%{_datadir}/bazel-workspaces/luajit" \ --override_repository="com_github_nghttp2_nghttp2=%{_datadir}/bazel-workspaces/nghttp2" \ --override_repository="com_github_nodejs_http_parser=%{_datadir}/bazel-workspaces/http-parser" \ --override_repository="com_github_openzipkin_zipkinapi=/usr/src/zipkin-api" \ --override_repository="com_github_tencent_rapidjson=%{_datadir}/bazel-workspaces/rapidjson" \ --override_repository="com_google_absl=/usr/src/abseil-cpp" \ --override_repository="com_google_cel_cpp=/usr/src/cel-cpp" \ --override_repository="com_google_googleapis=/usr/src/googleapis" \ --override_repository="com_google_protobuf=/usr/src/protobuf" \ --override_repository="com_googlesource_code_re2=%{_datadir}/bazel-workspaces/re2" \ --override_repository="envoy_build_tools=%{_datadir}/envoy-build-tools" \ --override_repository="grpc_httpjson_transcoding=/usr/src/grpc-httpjson-transcoding" \ --override_repository="io_bazel_rules_go=/usr/src/bazel-rules-go" \ --override_repository="io_opencensus_cpp=/usr/src/opencensus-cpp" \ --override_repository="io_opentracing_cpp=/usr/src/opentracing-cpp" \ --override_repository="kafka_source=/usr/src/kafka" \ --override_repository="opencensus_proto=/usr/src/opencensus-proto/src" \ --override_repository="openssl_cbs=%{_datadir}/bazel-workspaces/openssl-cbs" \ --override_repository="org_golang_x_tools=${GO_TOOLS_DIR}" \ --override_repository="platforms=/usr/share/bazel-platforms" \ --override_repository="prometheus_metrics_model=/usr/src/prometheus-client-model" \ --override_repository="rules_cc=/usr/src/bazel-rules-cc" \ --override_repository="rules_foreign_cc=/usr/src/bazel-rules-foreign-cc" \ --override_repository="rules_java=/usr/src/bazel-rules-java" \ --override_repository="rules_proto=/usr/src/bazel-rules-proto" \ --override_repository="upb=/usr/src/upb" \ --override_repository="zlib=%{_datadir}/bazel-workspaces/zlib" \ --strip=never \ --verbose_failures \ //:envoy bazel shutdown %install cd %{_builddir}/envoy-proxy install -D -m0755 bazel-bin/envoy %{buildroot}%{_bindir}/cilium-envoy %files %license LICENSE %doc README.md %{_bindir}/cilium-envoy %changelog ++++++ 0001-Adjust-cilium-proxy-to-Envoy-1.12.2.patch ++++++ >From a25ec5657261f66f34515563dde3b44d6bd3334d Mon Sep 17 00:00:00 2001 From: Michal Rostecki <mroste...@opensuse.org> Date: Thu, 16 Jan 2020 19:35:55 +0100 Subject: [PATCH] Adjust cilium proxy to Envoy 1.12.2 Signed-off-by: Michal Rostecki <mroste...@opensuse.org> --- WORKSPACE | 7 ++----- cilium/l7policy.cc | 2 +- cilium/l7policy.h | 1 + cilium/network_filter.cc | 2 +- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index adae9df..574198d 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -7,8 +7,8 @@ workspace(name = "cilium") # # No other line in this file may have ENVOY_SHA followed by an equals sign! # -ENVOY_SHA = "fc40c08a807111943c4b3cbe11df494f3e0df4d4" -ENVOY_SHA256 = "f6bb1bfbd5a6681ef4898f396e671ff4adcd372f6dca8d0cfa980f8b91914ff1" +ENVOY_SHA = "9153a6077d17ed4af1457b998a9a6b3c75572456" +ENVOY_SHA256 = "53467391b515ac088d7d89f8d177669ff5e3486f1c9d1d42fdab940e6bc0c04b" load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") @@ -17,9 +17,6 @@ http_archive( url = "https://github.com/jrajahalme/envoy/archive/" + ENVOY_SHA + ".tar.gz", sha256 = ENVOY_SHA256, strip_prefix = "envoy-" + ENVOY_SHA, - patches = [ - "@//patches:sni_support_fix.patch", - ], patch_args = ["-p1"], ) diff --git a/cilium/l7policy.cc b/cilium/l7policy.cc index d354482..51e23d9 100644 --- a/cilium/l7policy.cc +++ b/cilium/l7policy.cc @@ -22,7 +22,7 @@ class ConfigFactory public: Http::FilterFactoryCb createFilterFactory(const Json::Object& json, const std::string &, - Server::Configuration::FactoryContext& context) override { + Server::Configuration::FactoryContext& context) { auto config = std::make_shared<Cilium::Config>(json, context); return [config]( Http::FilterChainFactoryCallbacks& callbacks) mutable -> void { diff --git a/cilium/l7policy.h b/cilium/l7policy.h index e5e2bd6..e36357e 100644 --- a/cilium/l7policy.h +++ b/cilium/l7policy.h @@ -4,6 +4,7 @@ #include "absl/types/optional.h" +#include "envoy/json/json_object.h" #include "envoy/stats/stats_macros.h" #include "envoy/server/filter_config.h" diff --git a/cilium/network_filter.cc b/cilium/network_filter.cc index 92be1b6..ce2e0f2 100644 --- a/cilium/network_filter.cc +++ b/cilium/network_filter.cc @@ -34,7 +34,7 @@ public: } Network::FilterFactoryCb - createFilterFactory(const Json::Object& json_config, FactoryContext& context) override { + createFilterFactory(const Json::Object& json_config, FactoryContext& context) { auto config = std::make_shared<Filter::CiliumL3::Config>(json_config, context); return [config](Network::FilterManager &filter_manager) mutable -> void { filter_manager.addFilter(std::make_shared<Filter::CiliumL3::Instance>(config)); -- 2.16.4 ++++++ BUILD ++++++ package(default_visibility = ["//visibility:public"]) load( "@envoy//bazel:envoy_build_system.bzl", "envoy_cc_binary", ) envoy_cc_binary( name = "envoy", repository = "@envoy", deps = [ # Cilium filters. "@cilium_proxy//cilium:bpf_metadata_lib", "@cilium_proxy//cilium:network_filter_lib", "@cilium_proxy//cilium:l7policy_lib", "@cilium_proxy//cilium:tls_wrapper_lib", "@envoy//source/exe:envoy_main_entry_lib", ], ) ++++++ _constraints ++++++ <?xml version="1.0"?> <constraints> <overwrite> <conditions> <arch>x86_64</arch> <arch>aarch64</arch> </conditions> <hardware> <processors>4</processors> <memory> <size unit="M">16000</size> </memory> </hardware> </overwrite> </constraints> ++++++ _service ++++++ <services> <service mode="disabled" name="obs_scm"> <param name="url">https://github.com/cilium/proxy</param> <param name="scm">git</param> <param name="changesgenerate">disable</param> <param name="filename">cilium-proxy</param> <param name="versionformat">%cd</param> <param name="revision">c16d0f195d4fa5e26c3a7cff9a27fc69a13437c5</param> </service> <service mode="buildtime" name="tar" /> <service mode="buildtime" name="recompress"> <param name="file">*.tar</param> <param name="compression">xz</param> </service> <service mode="disabled" name="set_version" /> </services> ++++++ cilium-proxy.obsinfo ++++++ name: cilium-proxy version: 20200109 mtime: 1578607175 commit: c16d0f195d4fa5e26c3a7cff9a27fc69a13437c5