The Samba-Bugzilla – Attachment 17547 Details for
Bug 15193
Allow rebuild of Centos 8 images after move to vault for Samba 4.15
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for Samba 4.15 to allow rebuilding the lost CI image
4.15-rebuild-ok.patch (text/plain), 15.30 KB, created by
Andrew Bartlett
on 2022-10-10 00:05:51 UTC
(
hide
)
Description:
Patch for Samba 4.15 to allow rebuilding the lost CI image
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2022-10-10 00:05:51 UTC
Size:
15.30 KB
patch
obsolete
>From 4169b31587b14a921f50239f0d9dbc4f3dbdecd3 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 3 Feb 2022 07:53:33 +0100 >Subject: [PATCH 1/4] bootstrap: Fix CentOS8 runner > >CentOS8 is EOL since December 31, 2021. The packages move to vault.centos.org. >We should migrate to CentOS8 Stream soon. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15193 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Thu Feb 3 14:31:01 UTC 2022 on sn-devel-184 > >[abartlet@samba.org Adapted from commit 0c6554aa0d6812343a8155fca3d7a7993cd5c703 > by updating sha1sum] >--- > .gitlab-ci-main.yml | 2 +- > bootstrap/config.py | 9 +++++++++ > bootstrap/generated-dists/centos8/bootstrap.sh | 9 +++++++++ > bootstrap/sha1sum.txt | 2 +- > 4 files changed, 20 insertions(+), 2 deletions(-) > >diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml >index 125b3901832..c9864707de4 100644 >--- a/.gitlab-ci-main.yml >+++ b/.gitlab-ci-main.yml >@@ -42,7 +42,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: dd2b9a1848eed2d200e1a525695e40f06c23d888 >+ SAMBA_CI_CONTAINER_TAG: fcac3e6e4fef4e0bef6c6e364c35e6e192b23add > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >diff --git a/bootstrap/config.py b/bootstrap/config.py >index fd75a771252..326d96ff9d8 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -235,6 +235,10 @@ CENTOS8_YUM_BOOTSTRAP = r""" > {GENERATED_MARKER} > set -xueo pipefail > >+# CentOS8 is EOL >+sed -i -e "s|^mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* >+sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* >+ > yum update -y > yum install -y dnf-plugins-core > yum install -y epel-release >@@ -244,6 +248,11 @@ yum config-manager --set-enabled PowerTools -y || \ > yum config-manager --set-enabled powertools -y > yum config-manager --set-enabled Devel -y || \ > yum config-manager --set-enabled devel -y >+ >+# CentOS8 is EOL >+sed -i -e "s|^mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* >+sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* >+ > yum update -y > > yum install -y \ >diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8/bootstrap.sh >index 60cf3937cf7..db9d0bb8b6c 100755 >--- a/bootstrap/generated-dists/centos8/bootstrap.sh >+++ b/bootstrap/generated-dists/centos8/bootstrap.sh >@@ -7,6 +7,10 @@ > > set -xueo pipefail > >+# CentOS8 is EOL >+sed -i -e "s|^mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* >+sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* >+ > yum update -y > yum install -y dnf-plugins-core > yum install -y epel-release >@@ -16,6 +20,11 @@ yum config-manager --set-enabled PowerTools -y || \ > yum config-manager --set-enabled powertools -y > yum config-manager --set-enabled Devel -y || \ > yum config-manager --set-enabled devel -y >+ >+# CentOS8 is EOL >+sed -i -e "s|^mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* >+sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* >+ > yum update -y > > yum install -y \ >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 11369ced5f7..5716af2a689 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-dd2b9a1848eed2d200e1a525695e40f06c23d888 >+fcac3e6e4fef4e0bef6c6e364c35e6e192b23add >-- >2.25.1 > > >From 685f019e3e23937febcfb7bdcaaaf4ef2b0a28ef Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 6 May 2022 13:29:05 +1200 >Subject: [PATCH 2/4] bootstrap: chown the whole cloned repo, not just the > subfolders > >Modern git versions have started to notice the possible security issue. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15193 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >[abartlet@samba.org adapted from commit c771d197eeebf2b01d46451cc51b698a99502935 > with new sha1sum] >--- > .gitlab-ci-main.yml | 2 +- > bootstrap/.gitlab-ci.yml | 2 +- > bootstrap/sha1sum.txt | 2 +- > 3 files changed, 3 insertions(+), 3 deletions(-) > >diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml >index c9864707de4..2c7548e41d6 100644 >--- a/.gitlab-ci-main.yml >+++ b/.gitlab-ci-main.yml >@@ -42,7 +42,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: fcac3e6e4fef4e0bef6c6e364c35e6e192b23add >+ SAMBA_CI_CONTAINER_TAG: d541fb969b486082ab6113df5945debfc5ff95c6 > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index 33534f5f1dd..168272e9872 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -47,7 +47,7 @@ services: > diff -u bootstrap/sha1sum.txt /tmp/sha1sum-template.txt > # run smoke test with samba-o3 or samba-fuzz > docker run --volume $(pwd):${samba_repo_root} --workdir ${samba_repo_root} ${ci_image_name} \ >- /bin/bash -c "sudo chown -R samba:samba ./** && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase" >+ /bin/bash -c "sudo chown -R samba:samba ${samba_repo_root} && export PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig && script/autobuild.py ${SAMBA_CI_TEST_JOB} --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase" > docker tag ${ci_image_name} ${ci_image_path}:${SAMBA_CI_CONTAINER_TAG} > docker tag ${ci_image_name} ${ci_image_path}:${timestamp_tag} > # We build all images, but only upload is it's not marked as broken >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 5716af2a689..0d8cc2224b2 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-fcac3e6e4fef4e0bef6c6e364c35e6e192b23add >+d541fb969b486082ab6113df5945debfc5ff95c6 >-- >2.25.1 > > >From 7d3f7df98458767f9fbbba56486a699157a7a544 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 3 Feb 2022 15:43:54 +0100 >Subject: [PATCH 3/4] bootstrap: Migrate to CentOS8 Stream > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15193 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Alexander Bokovoy <ab@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Fri Feb 4 21:11:40 UTC 2022 on sn-devel-184 > >[adapted from commit 136ec5bc01e2648bae34a1158f923fbf5a86d561 in the > hope of getting lmdb-devel to be available for the CentoS 8 image] >--- > .gitlab-ci-main.yml | 8 +++---- > bootstrap/.gitlab-ci.yml | 2 +- > bootstrap/config.py | 22 +++++-------------- > bootstrap/generated-dists/Vagrantfile | 10 ++++----- > .../{centos8 => centos8s}/Dockerfile | 2 +- > .../{centos8 => centos8s}/bootstrap.sh | 12 +--------- > .../{centos8 => centos8s}/locale.sh | 0 > .../{centos8 => centos8s}/packages.yml | 0 > bootstrap/sha1sum.txt | 2 +- > 9 files changed, 19 insertions(+), 39 deletions(-) > rename bootstrap/generated-dists/{centos8 => centos8s}/Dockerfile (90%) > rename bootstrap/generated-dists/{centos8 => centos8s}/bootstrap.sh (79%) > rename bootstrap/generated-dists/{centos8 => centos8s}/locale.sh (100%) > rename bootstrap/generated-dists/{centos8 => centos8s}/packages.yml (100%) > >diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml >index 2c7548e41d6..b8bae9b10b7 100644 >--- a/.gitlab-ci-main.yml >+++ b/.gitlab-ci-main.yml >@@ -42,7 +42,7 @@ variables: > # Set this to the contents of bootstrap/sha1sum.txt > # which is generated by bootstrap/template.py --render > # >- SAMBA_CI_CONTAINER_TAG: d541fb969b486082ab6113df5945debfc5ff95c6 >+ SAMBA_CI_CONTAINER_TAG: fbf9c4c8a2055936d4ca279878df7811af46d86d > # > # We use the ubuntu1804 image as default as > # it matches what we have on sn-devel-184. >@@ -64,7 +64,7 @@ variables: > SAMBA_CI_CONTAINER_IMAGE_fedora33: fedora33 > SAMBA_CI_CONTAINER_IMAGE_fedora34: fedora34 > SAMBA_CI_CONTAINER_IMAGE_centos7: centos7 >- SAMBA_CI_CONTAINER_IMAGE_centos8: centos8 >+ SAMBA_CI_CONTAINER_IMAGE_centos8s: centos8s > > include: > # The image creation details are specified in a separate file >@@ -594,10 +594,10 @@ centos7-samba-o3: > # We need a newer GnuTLS version on CentOS7 > PKG_CONFIG_PATH: "/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig" > >-centos8-samba-o3: >+centos8s-samba-o3: > extends: .samba-o3-template > variables: >- SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos8} >+ SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos8s} > > fedora33-samba-o3: > extends: .samba-o3-template >diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml >index 168272e9872..58e0642a70d 100644 >--- a/bootstrap/.gitlab-ci.yml >+++ b/bootstrap/.gitlab-ci.yml >@@ -112,7 +112,7 @@ fedora33: > fedora34: > extends: .build_image_template > >-centos8: >+centos8s: > extends: .build_image_template > > centos7: >diff --git a/bootstrap/config.py b/bootstrap/config.py >index 326d96ff9d8..164ab306329 100644 >--- a/bootstrap/config.py >+++ b/bootstrap/config.py >@@ -230,28 +230,18 @@ if [ ! -f /usr/bin/python3 ]; then > fi > """ > >-CENTOS8_YUM_BOOTSTRAP = r""" >+CENTOS8S_YUM_BOOTSTRAP = r""" > #!/bin/bash > {GENERATED_MARKER} > set -xueo pipefail > >-# CentOS8 is EOL >-sed -i -e "s|^mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* >-sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* >- > yum update -y > yum install -y dnf-plugins-core > yum install -y epel-release > > yum -v repolist all >-yum config-manager --set-enabled PowerTools -y || \ >+yum config-manager --set-enabled powertools -y || \ > yum config-manager --set-enabled powertools -y >-yum config-manager --set-enabled Devel -y || \ >- yum config-manager --set-enabled devel -y >- >-# CentOS8 is EOL >-sed -i -e "s|^mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* >-sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* > > yum update -y > >@@ -480,10 +470,10 @@ RPM_DISTS = { > 'tracker-devel': '', # do not install > } > }, >- 'centos8': { >- 'docker_image': 'centos:8', >- 'vagrant_box': 'centos/8', >- 'bootstrap': CENTOS8_YUM_BOOTSTRAP, >+ 'centos8s': { >+ 'docker_image': 'quay.io/centos/centos:stream8', >+ 'vagrant_box': 'centos/stream8', >+ 'bootstrap': CENTOS8S_YUM_BOOTSTRAP, > 'replace': { > 'lsb-release': 'redhat-lsb', > '@development-tools': '"@Development Tools"', # add quotes >diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile >index 780320ec7c8..10075800c01 100644 >--- a/bootstrap/generated-dists/Vagrantfile >+++ b/bootstrap/generated-dists/Vagrantfile >@@ -17,11 +17,11 @@ Vagrant.configure("2") do |config| > v.vm.provision :shell, path: "centos7/locale.sh" > end > >- config.vm.define "centos8" do |v| >- v.vm.box = "centos/8" >- v.vm.hostname = "centos8" >- v.vm.provision :shell, path: "centos8/bootstrap.sh" >- v.vm.provision :shell, path: "centos8/locale.sh" >+ config.vm.define "centos8s" do |v| >+ v.vm.box = "centos/stream8" >+ v.vm.hostname = "centos8s" >+ v.vm.provision :shell, path: "centos8s/bootstrap.sh" >+ v.vm.provision :shell, path: "centos8s/locale.sh" > end > > config.vm.define "debian10" do |v| >diff --git a/bootstrap/generated-dists/centos8/Dockerfile b/bootstrap/generated-dists/centos8s/Dockerfile >similarity index 90% >rename from bootstrap/generated-dists/centos8/Dockerfile >rename to bootstrap/generated-dists/centos8s/Dockerfile >index f6343e9d5a2..1c932f58a94 100644 >--- a/bootstrap/generated-dists/centos8/Dockerfile >+++ b/bootstrap/generated-dists/centos8s/Dockerfile >@@ -3,7 +3,7 @@ > # See also bootstrap/config.py > # > >-FROM centos:8 >+FROM quay.io/centos/centos:stream8 > > # pass in with --build-arg while build > ARG SHA1SUM >diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh b/bootstrap/generated-dists/centos8s/bootstrap.sh >similarity index 79% >rename from bootstrap/generated-dists/centos8/bootstrap.sh >rename to bootstrap/generated-dists/centos8s/bootstrap.sh >index db9d0bb8b6c..1111450c400 100755 >--- a/bootstrap/generated-dists/centos8/bootstrap.sh >+++ b/bootstrap/generated-dists/centos8s/bootstrap.sh >@@ -7,23 +7,13 @@ > > set -xueo pipefail > >-# CentOS8 is EOL >-sed -i -e "s|^mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* >-sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* >- > yum update -y > yum install -y dnf-plugins-core > yum install -y epel-release > > yum -v repolist all >-yum config-manager --set-enabled PowerTools -y || \ >+yum config-manager --set-enabled powertools -y || \ > yum config-manager --set-enabled powertools -y >-yum config-manager --set-enabled Devel -y || \ >- yum config-manager --set-enabled devel -y >- >-# CentOS8 is EOL >-sed -i -e "s|^mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-* >-sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-* > > yum update -y > >diff --git a/bootstrap/generated-dists/centos8/locale.sh b/bootstrap/generated-dists/centos8s/locale.sh >similarity index 100% >rename from bootstrap/generated-dists/centos8/locale.sh >rename to bootstrap/generated-dists/centos8s/locale.sh >diff --git a/bootstrap/generated-dists/centos8/packages.yml b/bootstrap/generated-dists/centos8s/packages.yml >similarity index 100% >rename from bootstrap/generated-dists/centos8/packages.yml >rename to bootstrap/generated-dists/centos8s/packages.yml >diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt >index 0d8cc2224b2..120d935186d 100644 >--- a/bootstrap/sha1sum.txt >+++ b/bootstrap/sha1sum.txt >@@ -1 +1 @@ >-d541fb969b486082ab6113df5945debfc5ff95c6 >+fbf9c4c8a2055936d4ca279878df7811af46d86d >-- >2.25.1 > > >From 3bbbd1ac99f9e9eacc05603a667b93d31a0ff32d Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 6 May 2022 17:53:29 +1200 >Subject: [PATCH 4/4] .gitlab-ci: Work around new git restrictions arising from > CVE-2022-24765 > >It was realised that git would run commands found in a git repo >(eg from configuration). > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15193 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit dd568490089ae6d5bcf03068bfc4ca6b9103badb) >--- > .gitlab-ci-main.yml | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml >index b8bae9b10b7..e0b9b9d20b9 100644 >--- a/.gitlab-ci-main.yml >+++ b/.gitlab-ci-main.yml >@@ -137,6 +137,8 @@ include: > - export CXX="ccache c++" > - ccache -z -M 500M > - ccache -s >+ # We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI >+ - git config --global --add safe.directory `pwd` > after_script: > - mount > - df -h >-- >2.25.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jsutton
:
review+
abartlet
:
ci-passed+
Actions:
View
Attachments on
bug 15193
: 17547