Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-06-12 21:35:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cilium" Fri Jun 12 21:35:53 2020 rev:26 rq:813483 version:1.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cilium/cilium.changes 2020-05-07 15:05:33.231712331 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.3606/cilium.changes 2020-06-12 21:36:38.479610595 +0200 @@ -1,0 +2,8 @@ +Wed Jun 10 19:44:44 UTC 2020 - Dirk Mueller <[email protected]> + +- add 0002-bpf-re-add-a-proper-types.h-mapper.patch +- add 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch +- add 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch +- build BPF_SRCFILES to get the list of bpf files to install + +------------------------------------------------------------------- New: ---- 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch 0002-bpf-re-add-a-proper-types.h-mapper.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cilium.spec ++++++ --- /var/tmp/diff_new_pack.Bq7Mn4/_old 2020-06-12 21:36:41.083620170 +0200 +++ /var/tmp/diff_new_pack.Bq7Mn4/_new 2020-06-12 21:36:41.087620184 +0200 @@ -62,10 +62,16 @@ Patch7: 0007-reduce-default-number-for-TCP-CT-and-NAT-table-max-entries.patch # PATCH-FIX-UPSTREAM 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch Patch8: 0008-add-option-to-dynamically-size-BPF-maps-based-on-system-memory.patch +# PATCH-FIX-UPSTREAM 0002-bpf-re-add-a-proper-types.h-mapper.patch +Patch10: 0002-bpf-re-add-a-proper-types.h-mapper.patch +# PATCH-FIX-UPSTREAM 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch +Patch11: 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch +# PATCH-FIX-UPSTREAM 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch +Patch12: 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch # Cilium needs to be aware of the version string of cilium-proxy BuildRequires: cilium-proxy BuildRequires: clang -BuildRequires: git +BuildRequires: git-core BuildRequires: golang-github-jteeuwen-go-bindata BuildRequires: golang-packaging %if 0%{?suse_version} > 1510 && 0%{?is_opensuse} @@ -193,6 +199,10 @@ %prep %autosetup -p1 +# generate the BPF_SRCFILES which is normally part of the release tarballs but +# not when we generate it from git (but don't run the dist scripts) +find bpf/ -type f | grep -v .gitignore | tr "\n" ' ' > BPF_SRCFILES + %build %goprep %{provider_prefix} export GOPATH=%{_builddir}/go @@ -316,6 +326,7 @@ %{_bindir}/cilium-map-migrate %{_bindir}/cilium-node-monitor %{_bindir}/maptool +%{_localstatedir}/lib/cilium %license LICENSE %files cni ++++++ 0001-build-Avoid-using-git-if-not-in-a-git-repo.patch ++++++ >From 0c80bde138150fc7f5a275b075995ad8ba11caa9 Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme <[email protected]> Date: Fri, 15 May 2020 17:33:01 -0700 Subject: [PATCH] build: Avoid using git if not in a git repo Do not use git if not in a git repo. Only create GIT_VERSION if the existing file is already not the same. This helps docker caching. Store the list bpf files to a temporary file BPF_SRCFILES, which is ignored by git like GIT_VERSION. This allows builds to succeed without git. Signed-off-by: Jarno Rajahalme <[email protected]> --- .gitignore | 1 + Makefile | 9 ++++++--- Makefile.defs | 11 ++++++++--- 3 files changed, 15 insertions(+), 6 deletions(-) --- a/Makefile.defs +++ b/Makefile.defs @@ -38,7 +38,7 @@ BPF_FILES_EVAL := $(shell git ls-files $(ROOT_DIR)/bpf/ | grep -v .gitignore | tr "\n" ' ') BPF_FILES ?= $(BPF_FILES_EVAL) -BPF_SRCFILES := $(subst ../,,$(BPF_FILES)) +BPF_SRCFILES = $(shell cat $(ROOT_DIR)/BPF_SRCFILES) CILIUM_DATAPATH_SHA=$(shell cat $(BPF_FILES) | sha1sum | awk '{print $$1}') GOLDFLAGS += -X "github.com/cilium/cilium/pkg/datapath/loader.DatapathSHA=$(CILIUM_DATAPATH_SHA)" ++++++ 0001-datapath-Switch-to-upstream-bpftool-remove-additiona.patch ++++++ >From d4b7d5a7f86c11fde6ca764a02719fa4ea9ba915 Mon Sep 17 00:00:00 2001 From: Michal Rostecki <[email protected]> Date: Wed, 26 Feb 2020 23:48:02 +0100 Subject: [PATCH] datapath: Switch to upstream bpftool, remove additional arguments [ upstream commit 35bbe48c86fdfc430de47f7f4c488f3fb1d9b711 ] Upstream bpftool does not run probes which emit dmesg messages by default anymore. Additional arguments for filtering out probes are not needed anymore. Link: https://lore.kernel.org/bpf/[email protected]/T/ Signed-off-by: Michal Rostecki <[email protected]> --- pkg/datapath/linux/probes/probes.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/datapath/linux/probes/probes.go b/pkg/datapath/linux/probes/probes.go index b989f29ab..c967b15c4 100644 --- a/pkg/datapath/linux/probes/probes.go +++ b/pkg/datapath/linux/probes/probes.go @@ -133,9 +133,8 @@ func NewProbeManager() *ProbeManager { newProbeManager := func() { var features Features out, err := exec.WithTimeout( - defaults.ExecTimeout, "bpftool", "-j", "feature", - "probe", "filter_out", - "\\(trace\\|write_user\\)", + defaults.ExecTimeout, + "bpftool", "-j", "feature", "probe", ).CombinedOutput(log, true) if err != nil { log.WithError(err).Fatal("could not run bpftool") -- 2.26.2 ++++++ 0002-bpf-re-add-a-proper-types.h-mapper.patch ++++++ >From 1b9593941d7c8e35e4c1a9dc7385cc59413cdc70 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann <[email protected]> Date: Thu, 19 Mar 2020 23:36:15 +0100 Subject: [PATCH 2/2] bpf: re-add a proper types.h mapper Commit a1d93e044c1f ("bpf: don't use fixed size integer types from stdint.h") removed the types.h mapper to avoid dependency on stdint.h and instead relied on -I/usr/include/$(shell uname -m)-linux-gnu/ to pull in linux/types.h from the system headers. This is problematic in that for the docker runtime base image we want to get rid of libc6-dev-i386 package which pulls in gcc-multilib and latter pulls linux-libc-dev which includes all linux headers as well. Cilium's bpf/ code however already ships all linux header dependencies by itself, so linux-libc-dev is actually not needed. It's just that we need to have a proper type mapper for BPF. Implement one with basic types and also remove the -I/usr/include/$(shell uname -m)-linux-gnu/ inclusion. Signed-off-by: Daniel Borkmann <[email protected]> (cherry picked from commit 8b3435f91af72dfbc2eef13f463b95ec08faec55) --- bpf/Makefile.bpf | 2 +- bpf/include/bpf/types_mapper.h | 33 +++++++++++++++++++++++++++++++++ bpf/include/linux/types.h | 9 +++++++++ bpf/init.sh | 3 --- pkg/datapath/loader/compile.go | 24 ------------------------ test/bpf/Makefile | 4 ++-- 6 files changed, 45 insertions(+), 30 deletions(-) create mode 100644 bpf/include/bpf/types_mapper.h create mode 100644 bpf/include/linux/types.h diff --git a/bpf/Makefile.bpf b/bpf/Makefile.bpf index 371f60e7b..63ef5fdf6 100644 --- a/bpf/Makefile.bpf +++ b/bpf/Makefile.bpf @@ -1,4 +1,4 @@ -FLAGS := -I/usr/include/$(shell uname -m)-linux-gnu -I$(ROOT_DIR)/bpf/include -I$(ROOT_DIR)/bpf -D__NR_CPUS__=$(shell nproc) -O2 -g +FLAGS := -I$(ROOT_DIR)/bpf/include -I$(ROOT_DIR)/bpf -D__NR_CPUS__=$(shell nproc) -O2 -g CLANG_FLAGS := ${FLAGS} -target bpf -emit-llvm # eBPF verifier enforces unaligned access checks where necessary, so don't diff --git a/bpf/include/bpf/types_mapper.h b/bpf/include/bpf/types_mapper.h new file mode 100644 index 000000000..aca87d645 --- /dev/null +++ b/bpf/include/bpf/types_mapper.h @@ -0,0 +1,33 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* Copyright (C) 2020 Authors of Cilium */ + +#ifndef __BPF_TYPES_MAPPER__ +#define __BPF_TYPES_MAPPER__ + +typedef __signed__ char __s8; +typedef unsigned char __u8; + +typedef __signed__ short __s16; +typedef unsigned short __u16; + +typedef __signed__ int __s32; +typedef unsigned int __u32; + +typedef __signed__ long long __s64; +typedef unsigned long long __u64; + +typedef __u16 __le16; +typedef __u16 __be16; + +typedef __u32 __le32; +typedef __u32 __be32; + +typedef __u64 __le64; +typedef __u64 __be64; + +typedef __u16 __sum16; +typedef __u32 __wsum; + +typedef __u64 __aligned_u64; + +#endif /* __BPF_TYPES_MAPPER__ */ diff --git a/bpf/include/linux/types.h b/bpf/include/linux/types.h new file mode 100644 index 000000000..abed7f764 --- /dev/null +++ b/bpf/include/linux/types.h @@ -0,0 +1,9 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* Copyright (C) 2020 Authors of Cilium */ + +#ifndef _LINUX_TYPES_H +#define _LINUX_TYPES_H + +#include "../bpf/types_mapper.h" + +#endif /* _LINUX_TYPES_H */ diff --git a/bpf/init.sh b/bpf/init.sh index 5036ca3f7..8d18c4145 100755 --- a/bpf/init.sh +++ b/bpf/init.sh @@ -57,8 +57,6 @@ rm $RUNDIR/encap.state 2> /dev/null || true # This directory was created by the daemon and contains the per container header file DIR="$PWD/globals" -MACHINE=$(uname -m) - function setup_dev() { local -r NAME=$1 @@ -272,7 +270,6 @@ function bpf_compile() clang -O2 -g -target bpf -emit-llvm \ -Wno-address-of-packed-member -Wno-unknown-warning-option \ - -I/usr/include/${MACHINE}-linux-gnu \ -I. -I$DIR -I$LIB -I$LIB/include \ -D__NR_CPUS__=$(nproc) \ -DENABLE_ARP_RESPONDER \ diff --git a/pkg/datapath/loader/compile.go b/pkg/datapath/loader/compile.go index b244d46ad..5adc186ee 100644 --- a/pkg/datapath/loader/compile.go +++ b/pkg/datapath/loader/compile.go @@ -24,14 +24,12 @@ import ( "os" "path" "runtime" - "sync" "github.com/cilium/cilium/pkg/command/exec" "github.com/cilium/cilium/pkg/logging/logfields" "github.com/cilium/cilium/pkg/option" "github.com/sirupsen/logrus" - "golang.org/x/sys/unix" ) // OutputType determines the type to be generated by the compilation steps. @@ -194,27 +192,6 @@ func compileAndLink(ctx context.Context, prog *progInfo, dir *directoryInfo, deb return err } -var ( - unameOnce sync.Once - - // default fallback - machineName = "x86_64" -) - -// getMachineName returns the machine hardware name of this host. -func getMachineName() string { - unameOnce.Do(func() { - var uts unix.Utsname - err := unix.Uname(&uts) - if err != nil { - log.WithError(err).Warning("Failed to get machine hardware name") - } else { - machineName = string(uts.Machine[:bytes.IndexByte(uts.Machine[:], 0)]) - } - }) - return machineName -} - // progCFlags determines the compiler flags for the specified prog and paths. func progCFlags(prog *progInfo, dir *directoryInfo) []string { var output string @@ -226,7 +203,6 @@ func progCFlags(prog *progInfo, dir *directoryInfo) []string { } return append(testIncludes, - fmt.Sprintf("-I/usr/include/%s-linux-gnu", getMachineName()), fmt.Sprintf("-I%s", path.Join(dir.Runtime, "globals")), fmt.Sprintf("-I%s", dir.State), fmt.Sprintf("-I%s", dir.Library), diff --git a/test/bpf/Makefile b/test/bpf/Makefile index 49a85ce15..c5e006499 100644 --- a/test/bpf/Makefile +++ b/test/bpf/Makefile @@ -1,8 +1,8 @@ include ../../Makefile.defs -FLAGS := -I/usr/include/$(shell uname -m)-linux-gnu -I../../bpf/ -I../../bpf/include -I. -D__NR_CPUS__=$(shell nproc) -O2 +FLAGS := -I../../bpf/ -I../../bpf/include -I. -D__NR_CPUS__=$(shell nproc) -O2 BPF_CC_FLAGS := ${FLAGS} -target bpf -emit-llvm -BPF_LLC_FLAGS := -march=bpf -mcpu=probe -filetype=obj +BPF_LLC_FLAGS := -march=bpf -mcpu=probe -filetype=obj LIB := $(shell find ../../bpf/ -name '*.h') -- 2.26.2 ++++++ cilium-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.Bq7Mn4/_old 2020-06-12 21:36:41.195620582 +0200 +++ /var/tmp/diff_new_pack.Bq7Mn4/_new 2020-06-12 21:36:41.195620582 +0200 @@ -1,3 +1,4 @@ # glibc-devel* packages are needed as a runtime dependency, cilium uses them to # compile BPF programs. +addFilter("cilium.* devel-file-in-non-devel-package ") addFilter("cilium.* devel-dependency")
