5 files changed, 15 insertions, 182 deletions
diff --git a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch b/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
deleted file mode 100644
index f0a58139..00000000
--- a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e Mon Sep 17 00:00:00 2001
-From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
-Date: Mon, 23 Aug 2021 22:04:40 +0200
-Subject: [PATCH] config: enable seccomp profile only when compiled with
- libseccomp
-Make lxc fail if seccomp.profile is specified but lxc is compiled
-without seccomp support. Currently, seccomp.profile is silently ignored
-if is specified in such a scenario. This could lead to the false
-impression that the seccomp filter is applied while it actually isn't.
-Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
---
- src/lxc/confile.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-Upstream-Status: Submitted [https://github.com/lxc/lxc/pull/3947/commits/3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e]
-diff --git a/src/lxc/confile.c b/src/lxc/confile.c
-index d8b96c6921..1cc8da15f1 100644
--- a/src/lxc/confile.c
-+++ b/src/lxc/confile.c
-@@ -1211,7 +1211,11 @@ static int set_config_seccomp_notify_proxy(const char *key, const char *value,
- static int set_config_seccomp_profile(const char *key, const char *value,
-                                      struct lxc_conf *lxc_conf, void *data)
- {
-+#ifdef HAVE_SECCOMP
-        return set_config_path_item(&lxc_conf->seccomp.seccomp, value);
-+#else
-+       return ret_set_errno(-1, ENOSYS);
-+#endif
- }
- 
- static int set_config_execute_cmd(const char *key, const char *value,
-@@ -4383,7 +4387,11 @@ static int get_config_seccomp_notify_proxy(const char *key, char *retv, int inle
- static int get_config_seccomp_profile(const char *key, char *retv, int inlen,
-                                      struct lxc_conf *c, void *data)
- {
-+#ifdef HAVE_SECCOMP
-        return lxc_get_conf_str(retv, inlen, c->seccomp.seccomp);
-+#else
-+       return ret_errno(ENOSYS);
-+#endif
- }
- 
- static int get_config_autodev(const char *key, char *retv, int inlen,
diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch
deleted file mode 100644
index 1ed8dafd..00000000
--- a/recipes-containers/lxc/files/fix_c_command.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
-From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
-Date: Mon, 23 Aug 2021 15:39:28 +0200
-Subject: [PATCH] attach: Fix -c command
-Currently, the -c command (to set the selinux context) seems to be
-broken because the passed context is ignored and always overwritten by
-the context specified in the config file. The intention behind the -c
-imho was to be able to manually overwrite this behavior. This patch
-ensures that the selinux context will be set if passed via the command
-line.
-Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
---
- src/lxc/tools/lxc_attach.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
-Comment: No change in any hunk
-diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
-index 0374d980b4..e6b388b20c 100644
--- a/src/lxc/tools/lxc_attach.c
-+++ b/src/lxc/tools/lxc_attach.c
-@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
-                attach_options.gid = my_args.gid;
- 
-        // selinux_context will be NULL if not set
-       attach_options.lsm_label = selinux_context;
-+       if (selinux_context) {
-+               attach_options.attach_flags |= LXC_ATTACH_LSM_LABEL;
-+               attach_options.lsm_label = selinux_context;
-+       }
- 
-        if (command.program) {
-                ret = c->attach_run_wait(c, &attach_options, command.program,
diff --git a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
index 156df82f..4556293a 100644
--- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
+++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
@@ -1,4 +1,4 @@
-From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001
+From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001
 From: Joakim Roubert <joakimr@axis.com>
 Date: Fri, 16 Aug 2019 07:52:48 +0200
 Subject: [PATCH] Use curl instead of wget
@@ -7,16 +7,16 @@ When curl's MIT license is preferable to wget's GPLv3.
 Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8
 Signed-off-by: Joakim Roubert <joakimr@axis.com>
+Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
 ---
 templates/lxc-download.in | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 diff --git a/templates/lxc-download.in b/templates/lxc-download.in
-index d7e6128..8a4b567 100644
+index e8570692a..f7291b0cc 100755
 --- a/templates/lxc-download.in
 +++ b/templates/lxc-download.in
-@@ -74,9 +74,9 @@ cleanup() {
+@@ -75,9 +75,9 @@ cleanup() {
   fi
 }
 
@@ -28,18 +28,18 @@ index d7e6128..8a4b567 100644
       return 0
     fi
   done
-@@ -85,8 +85,8 @@ wget_wrapper() {
+@@ -86,8 +86,8 @@ wget_wrapper() {
 }
 
 download_file() {
-  if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
+-  if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-    if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
+-    if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
-+  if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
+  if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
-+    if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
+    if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
       if [ "$3" = "noexit" ]; then
         return 1
       else
-@@ -271,7 +271,7 @@ while :; do
+@@ -277,7 +277,7 @@ while :; do
 done
 
 # Check for required binaries
@@ -48,3 +48,6 @@ index d7e6128..8a4b567 100644
   if ! command -V "${bin}" >/dev/null 2>&1; then
     echo "ERROR: Missing required tool: ${bin}" 1>&2
     exit 1
+-- 
+2.27.0
diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
deleted file mode 100644
index f335e796..00000000
--- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
-From: Mark Asselstine <mark.asselstine@windriver.com>
-Date: Thu, 31 May 2018 15:14:26 -0400
-Subject: [PATCH] tests: add '--no-validate' when using download template
-We are usually running the ptests with core-image-minimal which has no
-mechanism to validate the downloads. Validation isn't really of
-interest to this test at any rate so simply add '--no-validate' to
-avoid failing due to no GPG validation.
-Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
---
- src/tests/lxc-test-apparmor-mount | 2 +-
- src/tests/lxc-test-autostart      | 2 +-
- src/tests/lxc-test-no-new-privs   | 2 +-
- src/tests/lxc-test-unpriv         | 2 +-
- src/tests/lxc-test-usernic.in     | 2 +-
- 5 files changed, 5 insertions(+), 5 deletions(-)
-Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount
-===================================================================
--- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount
-+++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount
-@@ -170,7 +170,7 @@
-     done
- fi
- 
-run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a $ARCH
-+run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r $release -a $ARCH
- 
- echo "test default confined container"
- run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
-Index: lxc-4.0.9/src/tests/lxc-test-autostart
-===================================================================
--- lxc-4.0.9.orig/src/tests/lxc-test-autostart
-+++ lxc-4.0.9/src/tests/lxc-test-autostart
-@@ -55,7 +55,7 @@
-     done
- fi
- 
-lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r $release -a $ARCH
-+lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d ubuntu -r $release -a $ARCH
- CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://')
- cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak
- 
-Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs
-===================================================================
--- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs
-+++ lxc-4.0.9/src/tests/lxc-test-no-new-privs
-@@ -49,7 +49,7 @@
-        ARCH=$(dpkg --print-architecture)
- fi
- 
-lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
-+lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a $ARCH
- echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
- 
- lxc-start -n c1
-Index: lxc-4.0.9/src/tests/lxc-test-unpriv
-===================================================================
--- lxc-4.0.9.orig/src/tests/lxc-test-unpriv
-+++ lxc-4.0.9/src/tests/lxc-test-unpriv
-@@ -178,7 +178,7 @@
-     cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
-     chown -R $TUSER: $HDIR/.cache/lxc
- 
-run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d ubuntu -r $release -a $ARCH
-+run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- --no-validate -d ubuntu -r $release -a $ARCH
- 
- # Make sure we can start it - twice
- 
-Index: lxc-4.0.9/src/tests/lxc-test-usernic.in
-===================================================================
--- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in
-+++ lxc-4.0.9/src/tests/lxc-test-usernic.in
-@@ -147,7 +147,7 @@
- fi
- 
- # Create three containers
-run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
-+run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r $release -a $ARCH"
- run_cmd "lxc-start -n b1 -d"
- p1=$(run_cmd "lxc-info -n b1 -p -H")
- 
diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/lxc_git.bb
index f98cba05..94a1e1e1 100644
--- a/recipes-containers/lxc/lxc_git.bb
+++ b/recipes-containers/lxc/lxc_git.bb
@@ -46,15 +46,12 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \
        file://template-make-busybox-template-compatible-with-core-.patch \
        file://templates-use-curl-instead-of-wget.patch \
        file://tests-our-init-is-not-busybox.patch \
-        file://tests-add-no-validate-when-using-download-template.patch \
        file://dnsmasq.conf \
        file://lxc-net \
-        file://enable_seccomp_profile_when_compiled_libseccomp.patch \
-        file://fix_c_command.patch \
        "
-SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"
+SRCREV = "48e079bf318982ae7d5684feeb7358870fa71c10"
-PV = "4.0.10+git${SRCPV}"
+PV = "4.0.11+git${SRCPV}"
 S = "${WORKDIR}/git"

diff --git a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch b/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch deleted file mode 100644 index f0a58139..00000000 --- a/recipes-containers/lxc/files/enable_seccomp_profile_when_compiled_libseccomp.patch +++ /dev/null
@@ -1,46 +0,0 @@
1	From 3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e Mon Sep 17 00:00:00 2001
2	From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
3	Date: Mon, 23 Aug 2021 22:04:40 +0200
4	Subject: [PATCH] config: enable seccomp profile only when compiled with
5	libseccomp
6
7	Make lxc fail if seccomp.profile is specified but lxc is compiled
8	without seccomp support. Currently, seccomp.profile is silently ignored
9	if is specified in such a scenario. This could lead to the false
10	impression that the seccomp filter is applied while it actually isn't.
11
12	Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
13	---
14	src/lxc/confile.c \| 8 ++++++++
15	1 file changed, 8 insertions(+)
16
17	Upstream-Status: Submitted [https://github.com/lxc/lxc/pull/3947/commits/3d46e1d1f8e904fddd4fab3e8d0c6cf57d2ddd4e]
18
19	diff --git a/src/lxc/confile.c b/src/lxc/confile.c
20	index d8b96c6921..1cc8da15f1 100644
21	--- a/src/lxc/confile.c
22	+++ b/src/lxc/confile.c
23	@@ -1211,7 +1211,11 @@ static int set_config_seccomp_notify_proxy(const char key, const char value,
24	static int set_config_seccomp_profile(const char key, const char value,
25	struct lxc_conf lxc_conf, void data)
26	{
27	+#ifdef HAVE_SECCOMP
28	return set_config_path_item(&lxc_conf->seccomp.seccomp, value);
29	+#else
30	+ return ret_set_errno(-1, ENOSYS);
31	+#endif
32	}
33
34	static int set_config_execute_cmd(const char key, const char value,
35	@@ -4383,7 +4387,11 @@ static int get_config_seccomp_notify_proxy(const char key, char retv, int inle
36	static int get_config_seccomp_profile(const char key, char retv, int inlen,
37	struct lxc_conf c, void data)
38	{
39	+#ifdef HAVE_SECCOMP
40	return lxc_get_conf_str(retv, inlen, c->seccomp.seccomp);
41	+#else
42	+ return ret_errno(ENOSYS);
43	+#endif
44	}
45
46	static int get_config_autodev(const char key, char retv, int inlen,


diff --git a/recipes-containers/lxc/files/fix_c_command.patch b/recipes-containers/lxc/files/fix_c_command.patch deleted file mode 100644 index 1ed8dafd..00000000 --- a/recipes-containers/lxc/files/fix_c_command.patch +++ /dev/null
@@ -1,36 +0,0 @@
1	From 9becf309a81806ef08acf9ca99ab95c1bcfa1f65 Mon Sep 17 00:00:00 2001
2	From: Maximilian Blenk <Maximilian.Blenk@bmw.de>
3	Date: Mon, 23 Aug 2021 15:39:28 +0200
4	Subject: [PATCH] attach: Fix -c command
5
6	Currently, the -c command (to set the selinux context) seems to be
7	broken because the passed context is ignored and always overwritten by
8	the context specified in the config file. The intention behind the -c
9	imho was to be able to manually overwrite this behavior. This patch
10	ensures that the selinux context will be set if passed via the command
11	line.
12
13	Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
14	---
15	src/lxc/tools/lxc_attach.c \| 5 ++++-
16	1 file changed, 4 insertions(+), 1 deletion(-)
17
18	Upstream-Status: Backport [https://github.com/lxc/lxc/commit/9becf309a81806ef08acf9ca99ab95c1bcfa1f65.patch]
19	Comment: No change in any hunk
20
21	diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
22	index 0374d980b4..e6b388b20c 100644
23	--- a/src/lxc/tools/lxc_attach.c
24	+++ b/src/lxc/tools/lxc_attach.c
25	@@ -379,7 +379,10 @@ int main(int argc, char *argv[])
26	attach_options.gid = my_args.gid;
27
28	// selinux_context will be NULL if not set
29	- attach_options.lsm_label = selinux_context;
30	+ if (selinux_context) {
31	+ attach_options.attach_flags \|= LXC_ATTACH_LSM_LABEL;
32	+ attach_options.lsm_label = selinux_context;
33	+ }
34
35	if (command.program) {
36	ret = c->attach_run_wait(c, &attach_options, command.program,


diff --git a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch index 156df82f..4556293a 100644 --- a/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch +++ b/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch
@@ -1,4 +1,4 @@
1	From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001	1	From 1db2db7783bd7ec2aa1da86e640019891634c659 Mon Sep 17 00:00:00 2001
2	From: Joakim Roubert <joakimr@axis.com>	2	From: Joakim Roubert <joakimr@axis.com>
3	Date: Fri, 16 Aug 2019 07:52:48 +0200	3	Date: Fri, 16 Aug 2019 07:52:48 +0200
4	Subject: [PATCH] Use curl instead of wget	4	Subject: [PATCH] Use curl instead of wget
@@ -7,16 +7,16 @@ When curl's MIT license is preferable to wget's GPLv3.
7		7
8	Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8	8	Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8
9	Signed-off-by: Joakim Roubert <joakimr@axis.com>	9	Signed-off-by: Joakim Roubert <joakimr@axis.com>
10		10	Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
11	---	11	---
12	templates/lxc-download.in \| 10 +++++-----	12	templates/lxc-download.in \| 10 +++++-----
13	1 file changed, 5 insertions(+), 5 deletions(-)	13	1 file changed, 5 insertions(+), 5 deletions(-)
14		14
15	diff --git a/templates/lxc-download.in b/templates/lxc-download.in	15	diff --git a/templates/lxc-download.in b/templates/lxc-download.in
16	index d7e6128..8a4b567 100644	16	index e8570692a..f7291b0cc 100755
17	--- a/templates/lxc-download.in	17	--- a/templates/lxc-download.in
18	+++ b/templates/lxc-download.in	18	+++ b/templates/lxc-download.in
19	@@ -74,9 +74,9 @@ cleanup() {	19	@@ -75,9 +75,9 @@ cleanup() {
20	fi	20	fi
21	}	21	}
22		22
@@ -28,18 +28,18 @@ index d7e6128..8a4b567 100644
28	return 0	28	return 0
29	fi	29	fi
30	done	30	done
31	@@ -85,8 +85,8 @@ wget_wrapper() {	31	@@ -86,8 +86,8 @@ wget_wrapper() {
32	}	32	}
33		33
34	download_file() {	34	download_file() {
35	- if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then	35	- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
36	- if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then	36	- if ! wget_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then
37	+ if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then	37	+ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
38	+ if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then	38	+ if ! curl_wrapper --user-agent="lxc/@PACKAGE_VERSION@ compat:${DOWNLOAD_COMPAT_LEVEL}" -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then
39	if [ "$3" = "noexit" ]; then	39	if [ "$3" = "noexit" ]; then
40	return 1	40	return 1
41	else	41	else
42	@@ -271,7 +271,7 @@ while :; do	42	@@ -277,7 +277,7 @@ while :; do
43	done	43	done
44		44
45	# Check for required binaries	45	# Check for required binaries
@@ -48,3 +48,6 @@ index d7e6128..8a4b567 100644
48	if ! command -V "${bin}" >/dev/null 2>&1; then	48	if ! command -V "${bin}" >/dev/null 2>&1; then
49	echo "ERROR: Missing required tool: ${bin}" 1>&2	49	echo "ERROR: Missing required tool: ${bin}" 1>&2
50	exit 1	50	exit 1
		51	--
		52	2.27.0
		53


diff --git a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch deleted file mode 100644 index f335e796..00000000 --- a/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch +++ /dev/null
@@ -1,85 +0,0 @@
1	From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001
2	From: Mark Asselstine <mark.asselstine@windriver.com>
3	Date: Thu, 31 May 2018 15:14:26 -0400
4	Subject: [PATCH] tests: add '--no-validate' when using download template
5
6	We are usually running the ptests with core-image-minimal which has no
7	mechanism to validate the downloads. Validation isn't really of
8	interest to this test at any rate so simply add '--no-validate' to
9	avoid failing due to no GPG validation.
10
11	Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
12
13	---
14	src/tests/lxc-test-apparmor-mount \| 2 +-
15	src/tests/lxc-test-autostart \| 2 +-
16	src/tests/lxc-test-no-new-privs \| 2 +-
17	src/tests/lxc-test-unpriv \| 2 +-
18	src/tests/lxc-test-usernic.in \| 2 +-
19	5 files changed, 5 insertions(+), 5 deletions(-)
20
21	Index: lxc-4.0.9/src/tests/lxc-test-apparmor-mount
22	===================================================================
23	--- lxc-4.0.9.orig/src/tests/lxc-test-apparmor-mount
24	+++ lxc-4.0.9/src/tests/lxc-test-apparmor-mount
25	@@ -170,7 +170,7 @@
26	done
27	fi
28
29	-run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a $ARCH
30	+run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r $release -a $ARCH
31
32	echo "test default confined container"
33	run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile"
34	Index: lxc-4.0.9/src/tests/lxc-test-autostart
35	===================================================================
36	--- lxc-4.0.9.orig/src/tests/lxc-test-autostart
37	+++ lxc-4.0.9/src/tests/lxc-test-autostart
38	@@ -55,7 +55,7 @@
39	done
40	fi
41
42	-lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r $release -a $ARCH
43	+lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d ubuntu -r $release -a $ARCH
44	CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) \| sed -e 's/dir://')
45	cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak
46
47	Index: lxc-4.0.9/src/tests/lxc-test-no-new-privs
48	===================================================================
49	--- lxc-4.0.9.orig/src/tests/lxc-test-no-new-privs
50	+++ lxc-4.0.9/src/tests/lxc-test-no-new-privs
51	@@ -49,7 +49,7 @@
52	ARCH=$(dpkg --print-architecture)
53	fi
54
55	-lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH
56	+lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a $ARCH
57	echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config
58
59	lxc-start -n c1
60	Index: lxc-4.0.9/src/tests/lxc-test-unpriv
61	===================================================================
62	--- lxc-4.0.9.orig/src/tests/lxc-test-unpriv
63	+++ lxc-4.0.9/src/tests/lxc-test-unpriv
64	@@ -178,7 +178,7 @@
65	cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
66	chown -R $TUSER: $HDIR/.cache/lxc
67
68	-run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- -d ubuntu -r $release -a $ARCH
69	+run_cmd lxc-create -t download -n c1 -l trace -o "${UNPRIV_LOG}" -- --no-validate -d ubuntu -r $release -a $ARCH
70
71	# Make sure we can start it - twice
72
73	Index: lxc-4.0.9/src/tests/lxc-test-usernic.in
74	===================================================================
75	--- lxc-4.0.9.orig/src/tests/lxc-test-usernic.in
76	+++ lxc-4.0.9/src/tests/lxc-test-usernic.in
77	@@ -147,7 +147,7 @@
78	fi
79
80	# Create three containers
81	-run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
82	+run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r $release -a $ARCH"
83	run_cmd "lxc-start -n b1 -d"
84	p1=$(run_cmd "lxc-info -n b1 -p -H")
85


diff --git a/recipes-containers/lxc/lxc_git.bb b/recipes-containers/lxc/lxc_git.bb index f98cba05..94a1e1e1 100644 --- a/recipes-containers/lxc/lxc_git.bb +++ b/recipes-containers/lxc/lxc_git.bb
@@ -46,15 +46,12 @@ SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-4.0 \
46	file://template-make-busybox-template-compatible-with-core-.patch \	46	file://template-make-busybox-template-compatible-with-core-.patch \
47	file://templates-use-curl-instead-of-wget.patch \	47	file://templates-use-curl-instead-of-wget.patch \
48	file://tests-our-init-is-not-busybox.patch \	48	file://tests-our-init-is-not-busybox.patch \
49	file://tests-add-no-validate-when-using-download-template.patch \
50	file://dnsmasq.conf \	49	file://dnsmasq.conf \
51	file://lxc-net \	50	file://lxc-net \
52	file://enable_seccomp_profile_when_compiled_libseccomp.patch \
53	file://fix_c_command.patch \
54	"	51	"
55		52
56	SRCREV = "cec7cb14b2a4367d4cb21a90e1b90d0f98a9d874"	53	SRCREV = "48e079bf318982ae7d5684feeb7358870fa71c10"
57	PV = "4.0.10+git${SRCPV}"	54	PV = "4.0.11+git${SRCPV}"
58		55
59	S = "${WORKDIR}/git"	56	S = "${WORKDIR}/git"
60		57