lxc: update to 4.0.11

update to 4.0.11

1.drop two patches that have been integrated to upstream repo.
2.drop tests-add-no-validate-when-using-download-template.patch
  because it is no longer appropriate as the "download" has been
  replaced with "busybox"
3.fix the apply failure of templates-use-curl-instead-of-wget.patch
4.update lxc from 4.0.10 to 4.0.11

Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

5 files changed, 15 insertions, 182 deletions

diff --git a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch b/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
deleted file mode 100644
index f0a58139..00000000
--- a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e Mon Sep 17 00:00:00 2001
-From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
-Date: Mon, 23 Aug 2021 22:04:40 +0200
-Subject: [PATCH] config: enable seccomp profile only when compiled with
- libseccomp
-
-Make lxc fail if seccomp.profile is specified but lxc is compiled
-without seccomp support. Currently, seccomp.profile is silently ignored
-if is specified in such a scenario. This could lead to the false
-impression that the seccomp filter is applied while it actually isn't.
-
-Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
----
- src/lxc/confile.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-Upstream-Status: Submitted [https://github.com/lxc/lxc/pull/3947/commits/3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e]
-
-diff --git a/src/lxc/confile.c b/src/lxc/confile.c
-index d8b96c6921..1cc8da15f1 100644
---- a/src/lxc/confile.c
-+++ b/src/lxc/confile.c
-@@ -1211,7 +1211,11 @@ static int set_config_seccomp_notify_proxy(const char *key, const char *value,
- static int set_config_seccomp_profile(const char *key, const char *value,
-                                      struct lxc_conf *lxc_conf, void *data)
- {
-+#ifdef HAVE_SECCOMP
-        return set_config_path_item(&lxc_conf->seccomp.seccomp, value);
-+#else
-+       return ret_set_errno(-1, ENOSYS);
-+#endif
- }
- 
- static int set_config_execute_cmd(const char *key, const char *value,
-@@ -4383,7 +4387,11 @@ static int get_config_seccomp_notify_proxy(const char *key, char *retv, int inle
- static int get_config_seccomp_profile(const char *key, char *retv, int inlen,
-                                      struct lxc_conf *c, void *data)
- {
-+#ifdef HAVE_SECCOMP
-        return lxc_get_conf_str(retv, inlen, c->seccomp.seccomp);
-+#else
-+       return ret_errno(ENOSYS);
-+#endif
- }
- 
- static int get_config_autodev(const char *key, char *retv, int inlen,
diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch
deleted file mode 100644
index 1ed8dafd..00000000
--- a/recipes-containers/lxc/files/fix_c_command.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
-From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
-Date: Mon, 23 Aug 2021 15:39:28 +0200
-Subject: [PATCH] attach: Fix -c command
-
-Currently, the -c command (to set the selinux context) seems to be
-broken because the passed context is ignored and always overwritten by
-the context specified in the config file. The intention behind the -c
-imho was to be able to manually overwrite this behavior. This patch
-ensures that the selinux context will be set if passed via the command
-line.
-
-Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
----
- src/lxc/tools/lxc_attach.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
-Comment: No change in any hunk
-
-diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
-index 0374d980b4..e6b388b20c 100644
---- a/src/lxc/tools/lxc_attach.c
-+++ b/src/lxc/tools/lxc_attach.c
-@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
-                attach_options.gid = my_args.gid;
- 
-        // selinux_context will be NULL if not set
--       attach_options.lsm_label = selinux_context;
-+       if (selinux_context) {
-+               attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
-+               attach_options.lsm_label = selinux_context;
-+       }
- 
-        if (command.program) {
-                ret = c->attach_run_wait(c, &attach_options, command.program,
diff --git a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
index 156df82f..4556293a 100644
--- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
+++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
@@ -1,4 +1,4 @@
-From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001
+From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001
 From: Joakim Roubert <joakimr@axis.com>
 Date: Fri, 16 Aug 2019 07:52:48 +0200
 Subject: [PATCH] Use curl instead of wget
@@ -7,16 +7,16 @@ When curl's MIT license is preferable to wget's GPLv3.
 
 Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8
 Signed-off-by: Joakim Roubert <joakimr@axis.com>
-
+Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
 ---
  templates/lxc-download.in | 10 +++++-----
  1 file changed, 5 insertions(+), 5 deletions(-)
 
 diff --git a/templates/lxc-download.in b/templates/lxc-download.in
-index d7e6128..8a4b567 100644
+index e8570692a..f7291b0cc 100755
 --- a/templates/lxc-download.in
 +++ b/templates/lxc-download.in
-@@ -74,9 +74,9 @@ cleanup() {
+@@ -75,9 +75,9 @@ cleanup() {
    fi
  }
  
@@ -28,18 +28,18 @@ index d7e6128..8a4b567 100644
        return 0
      fi
    done
-@@ -85,8 +85,8 @@ wget_wrapper() {
+@@ -86,8 +86,8 @@ wget_wrapper() {
  }
  
  download_file() {
--  if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
--    if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-+  if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
-+    if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
+-  if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
+-    if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
++  if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
++    if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
        if [ "$3" = "noexit" ]; then
          return 1
        else
-@@ -271,7 +271,7 @@ while :; do
+@@ -277,7 +277,7 @@ while :; do
  done
  
  # Check for required binaries
@@ -48,3 +48,6 @@ index d7e6128..8a4b567 100644
    if ! command -V "${bin}" >/dev/null 2>&1; then
      echo "ERROR: Missing required tool: ${bin}" 1>&2
      exit 1
+-- 
+2.27.0
+
diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
deleted file mode 100644
index f335e796..00000000
--- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
-From: Mark Asselstine <mark.asselstine@windriver.com>
-Date: Thu, 31 May 2018 15:14:26 -0400
-Subject: [PATCH] tests: add '--no-validate' when using download template
-
-We are usually running the ptests with core-image-minimal which has no
-mechanism to validate the downloads. Validation isn't really of
-interest to this test at any rate so simply add '--no-validate' to
-avoid failing due to no GPG validation.
-
-Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
-
----
- src/tests/lxc-test-apparmor-mount | 2 +-
- src/tests/lxc-test-autostart      | 2 +-
- src/tests/lxc-test-no-new-privs   | 2 +-
- src/tests/lxc-test-unpriv         | 2 +-
- src/tests/lxc-test-usernic.in     | 2 +-
- 5 files changed, 5 insertions(+), 5 deletions(-)
-
-Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount
-+++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount
-@@ -170,7 +170,7 @@
-     done
- fi
- 
--run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a $ARCH
-+run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r $release -a $ARCH
- 
- echo "test default confined container"
- run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
-Index: lxc-4.0.9/src/tests/lxc-test-autostart
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-autostart
-+++ lxc-4.0.9/src/tests/lxc-test-autostart
-@@ -55,7 +55,7 @@
-     done
- fi
- 
--lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r $release -a $ARCH
-+lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d ubuntu -r $release -a $ARCH
- CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://')
- cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak
- 
-Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs
-+++ lxc-4.0.9/src/tests/lxc-test-no-new-privs
-@@ -49,7 +49,7 @@
-        ARCH=$(dpkg --print-architecture)
- fi
- 
--lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
-+lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a $ARCH
- echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
- 
- lxc-start -n c1
-Index: lxc-4.0.9/src/tests/lxc-test-unpriv
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-unpriv
-+++ lxc-4.0.9/src/tests/lxc-test-unpriv
-@@ -178,7 +178,7 @@
-     cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
-     chown -R $TUSER: $HDIR/.cache/lxc
- 
--run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d ubuntu -r $release -a $ARCH
-+run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- --no-validate -d ubuntu -r $release -a $ARCH
- 
- # Make sure we can start it - twice
- 
-Index: lxc-4.0.9/src/tests/lxc-test-usernic.in
-===================================================================
---- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in
-+++ lxc-4.0.9/src/tests/lxc-test-usernic.in
-@@ -147,7 +147,7 @@
- fi
- 
- # Create three containers
--run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
-+run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r $release -a $ARCH"
- run_cmd "lxc-start -n b1 -d"
- p1=$(run_cmd "lxc-info -n b1 -p -H")
- 
diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/lxc_git.bb
index f5b5128b..ba1cef5a 100644
--- a/recipes-containers/lxc/lxc_git.bb
+++ b/recipes-containers/lxc/lxc_git.bb
@@ -46,15 +46,12 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \
         file://template-make-busybox-template-compatible-with-core-.patch \
         file://templates-use-curl-instead-of-wget.patch \
         file://tests-our-init-is-not-busybox.patch \
-        file://tests-add-no-validate-when-using-download-template.patch \
         file://dnsmasq.conf \
         file://lxc-net \
-        file://enable_seccomp_profile_when_compiled_libseccomp.patch \
-        file://fix_c_command.patch \
         "
 
-SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"
-PV = "4.0.10+git${SRCPV}"
+SRCREV = "48e079bf318982ae7d5684feeb7358870fa71c10"
+PV = "4.0.11+git${SRCPV}"
 
 S = "${WORKDIR}/git"