Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backports (stable-5.21) #14015

Merged
merged 116 commits into from
Aug 30, 2024
Merged

Backports (stable-5.21) #14015

merged 116 commits into from
Aug 30, 2024

Conversation

tomponline
Copy link
Member

No description provided.

@tomponline tomponline self-assigned this Aug 30, 2024
@github-actions github-actions bot added Documentation Documentation needs updating API Changes to the REST API 5.21 LTS labels Aug 30, 2024
@tomponline
Copy link
Member Author

@simondeziel something weird going on with the godeps test, this passes locally on my machine:

test/lint/godeps.sh 
==> Checking for imports/deps that have been added to client...
==> Checking for imports/deps that have been added to lxc/config...
==> Checking for imports/deps that have been added to lxd-agent...
==> Checking for imports/deps that have been added to shared/api...

But it complains about the sha3 dep on GH, but if I remove that line and run it locally it complains if its missing:

test/lint/godeps.sh 
==> Checking for imports/deps that have been added to client...
ERROR: you added a new dependency to client; please make sure this is what you want
--- test/godeps/client.list	2024-08-30 10:40:04.163084325 +0100
+++ -	2024-08-30 10:40:05.687302768 +0100
@@ -75,6 +75,7 @@
 vendor/golang.org/x/crypto/hkdf
 vendor/golang.org/x/crypto/internal/alias
 vendor/golang.org/x/crypto/internal/poly1305
+vendor/golang.org/x/crypto/sha3
 vendor/golang.org/x/net/dns/dnsmessage
 vendor/golang.org/x/net/http/httpguts
 vendor/golang.org/x/net/http/httpproxy

Any idea whats going on here?

@tomponline tomponline force-pushed the stable-5.21 branch 3 times, most recently from e2e5283 to 64a83f2 Compare August 30, 2024 15:05
stgraber and others added 22 commits August 30, 2024 16:41
@stgraber @tomponline
lxd/device/pci: Detect USB bus
dbded0a 
Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit c239189ef9a583c4e14bb7dcaef22babc6054612)
Signed-off-by: Wesley Hershberger <[email protected]>
License: Apache-2.0
@stgraber @tomponline
lxd/device/nic: Support USB parents for physical NICs in VMs
b772e37 
Closes lxc/incus#339

Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit 1e2843d53bccb8f4516e01c93fa584d841a12b21)
Signed-off-by: Wesley Hershberger <[email protected]>
License: Apache-2.0
@stgraber @tomponline
lxd/instance: Add new volatile keys
d1724a1 
Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit f9c119dccd6804f134dd10269a87bb911b12a21b)
Signed-off-by: Wesley Hershberger <[email protected]>
License: Apache-2.0
@stgraber @tomponline
lxd/instance/qemu: Handle USB NIC hotremove
30c1f03 
Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit 280e5c473ebc80d1dc5a8e25ff781b66fc7e4bae)
Signed-off-by: Wesley Hershberger <[email protected]>
License: Apache-2.0
@MggMuggins @tomponline
lxd/instance: lxdmeta for volatile usb NIC keys
adfea9f 
Signed-off-by: Wesley Hershberger <[email protected]>
@hamistao @tomponline
lxd/instance/drivers: Improve device ID generation
9bcdd82 
This applies the same approach of generating device IDs for dir passthrough devices to physical PCI and GPU devices.
This avoids issues with duplicate device IDs due to QEMU's internal trimming of the device ID.
Also supports using `/` in physical GPU and PCI device names.

Signed-off-by: hamistao <[email protected]>
@hamistao @tomponline
lxd/instance/drivers: Update unit tests to fit character escaping
b79b0d4 
Signed-off-by: hamistao <[email protected]>
@kadinsayani @tomponline
lxd/certificates: Disallow forward slashes and hyphen prefixes
c1dbaaa 
Signed-off-by: Kadin Sayani <[email protected]>
@gabrielmougard @tomponline
lxc/storage_bucket: Avoid govet error `printf: non-constant format st…
72f29e7 
…ring in call to fmt.Errorf (govet)`

Signed-off-by: Gabriel Mougard <[email protected]>
@ru-fu @tomponline
doc/tutorial: integrate feedback for UI tutorial
609cf95 
Update some wordings to make things clearer.

Signed-off-by: Ruth Fuchss <[email protected]>
@ru-fu @tomponline
doc/instances: add anchor to allow linking to section
bcc5118 
Signed-off-by: Ruth Fuchss <[email protected]>
@tomponline
lxd/patches: Log the stage of patches being applied
8abcd2d 
And correct doc block.

Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
lxd/patches: Fix patchesApply so that the specified stage takes effect
4ad4ea8 
Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
lxd/patches: Fix patchVMRenameUUIDKey so that it uses the correct fun…
1f628ed 
…ction to update snapshot config

Signed-off-by: Thomas Parrott <[email protected]>
@masnax @tomponline
shared: Allow adding multiple names to certificate SAN
8cc8e53 
Signed-off-by: Max Asnaashari <[email protected]>
@tomponline
lxd/patches: Updates selectedPatchClusterMember to use state.State
c166b1c 
And use s.ServerClustered as an indicator that the server is clustered.

Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
lxd/patches: No-op patchStorageZfsUnsetInvalidBlockSettings
225ba71 
As it was replaced by patchStorageZfsUnsetInvalidBlockSettingsV2.

Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
lxd/patches: Updates ZFS patches to use s.ServerClustered correctly
ccbee28 
Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
lxd/patches: Fix patchStorageRenameCustomISOBlockVolumesV2 to apply t…
b53c38a 
…o remote pools

Signed-off-by: Thomas Parrott <[email protected]>
@markylaing @tomponline
lxd: Fix network forward deletion entitlement.
d7d69cd 
Entitlements required for network forward APIs use the `network` entity
type. Therefore deleting a network forward is equivalent to editing the
network, not deleting the network.

Signed-off-by: Mark Laing <[email protected]>
@roosterfish @tomponline
lxd/cluster: Enforce cluster join token name cannot be 'none'
4edfbf9 
Signed-off-by: Julian Pelizäus <[email protected]>
@roosterfish @tomponline
lxd/cluster: Enforce cluster member name cannot be 'none'
aa02f68 
Signed-off-by: Julian Pelizäus <[email protected]>
MusicDin and others added 22 commits August 30, 2024 16:42
@MusicDin @tomponline
api/shared/instance: Fix json and yaml key name for source disk size
155f3d6 
Signed-off-by: Din Music <[email protected]>
@MusicDin @tomponline
doc: Update api definition
3ae56dd 
Signed-off-by: Din Music <[email protected]>
@mihalicyn @tomponline
lxd/apparmor/instance_lxc: allow procfs for unprivileged containers
c946524 
A new AppArmor includes security fixes and our ruleset become stricter,
while the source code remains unchanged.

procfs was always available for unprivileged containers because
of AppArmor bugs like [1]. Let's now allow it back by explicit rule.

[1] https://bugs.launchpad.net/apparmor/+bug/1597017

Signed-off-by: Alexander Mikhalitsyn <[email protected]>
@mihalicyn @tomponline
lxd/apparmor: allow signals receiving
c829ecd 
This is a workaround for AppArmor 4.0+ and new
unconfined profile feature. It was found [1]
that the new unconfined profile mode is not fully
permissive. Some things are forbidden for no reason.

We need this change to prevent breakage of LXD
when we eventually enable a new unconfined mode for
lxd-support plug in snapd.

This change is absolutely safe in general and there is
no reason to put it under "if" condition. [2]

[1] https://bugs.launchpad.net/apparmor/+bug/2077413
[2] https://gitlab.com/apparmor/apparmor/-/merge_requests/1310

Signed-off-by: Alexander Mikhalitsyn <[email protected]>
@awalvie @tomponline
lxc/storage_bucket: Add example for storage bucket create
5da2990 
lxc storage bucket create already has support for creation from a yaml
configuration file, but the same wasn't printed in the usage information
of the command.

This commit updates `lxc storage bucket create` to include an example.

Signed-off-by: Vishesh Agrawal <[email protected]>
(cherry picked from commit 930f00892116ef9baec537884d45abbed0f09c49)
Signed-off-by: Gabriel Mougard <[email protected]>
License: Apache-2.0
@stgraber @tomponline
client: Report source errors too on copy
5012228 
Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit 47310d37446077f9606705a6736952fae1ae5869)
Signed-off-by: Mark Bolton <[email protected]>
License: Apache-2.0
@simondeziel @tomponline
doc/guest-os-compatibility: add SUSE 12 and 15
5533b2e 
Signed-off-by: Simon Deziel <[email protected]>
@boltmark @tomponline
client: Fix potential panic-causing type assertions
b612aeb 
Signed-off-by: Mark Bolton <[email protected]>
@stgraber @tomponline
lxd/storage_volumes_state: Handle unsupported response from drivers
54957ee 
Signed-off-by: Stéphane Graber <[email protected]>
(cherry picked from commit 4f5efd6132a263fe56e98ad1262a70159f8f8934)
Signed-off-by: Wesley Hershberger <[email protected]>
License: Apache-2.0
@awalvie @tomponline
lxc/network_zone: Add example for create command
4364a91 
Signed-off-by: Vishesh Agrawal <[email protected]>
(cherry picked from commit 7455f5aee63045fcd3a28f73aaf7ea5f5561ec14)
Signed-off-by: Gabriel Mougard <[email protected]>
License: Apache-2.0
@gabrielmougard @tomponline
lxc/network_zone: fix go-vet linter errors
918db0f 
Signed-off-by: Gabriel Mougard <[email protected]>
@mihalicyn @tomponline
lxd/apparmor/instance_lxc: allow sysfs for unprivileged containers
9365358 
A new AppArmor includes security fixes and our ruleset become stricter,
while the source code remains unchanged.

sysfs was always available for unprivileged containers because
of AppArmor bugs like [1]. Let's now allow it back by explicit rule.

[1] https://bugs.launchpad.net/apparmor/+bug/1597017

Signed-off-by: Alexander Mikhalitsyn <[email protected]>
@simondeziel @tomponline
doc: add SLES to custom word list
2ca8038 
Signed-off-by: Simon Deziel <[email protected]>
@tomponline
lxd/main/init/interactive: asker.AskPasswordOnce usage
a273076 
Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
i18n: Update translation templates
07e9fd8 
Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
gomod: Update dependencies
92ab2b1 
Signed-off-by: Thomas Parrott <[email protected]>
@tomponline
test/godeps: Update go deps list
cd9b9ea 
Signed-off-by: Thomas Parrott <[email protected]>
@simondeziel @tomponline
doc/guest-os-compatibility: mention manual install from ISO
bc49bce 
Signed-off-by: Simon Deziel <[email protected]>
@simondeziel @tomponline
doc/guest-os-compatibility: Add Ubuntu 16.04 and 18.04
88104cd 
Signed-off-by: Simon Deziel <[email protected]>
@simondeziel @tomponline
doc/guest-os-compatibility: Add Ubuntu 18.04, 20.04 and 22.04
e5d1324 
Signed-off-by: Simon Deziel <[email protected]>
@simondeziel @tomponline
doc: add ESM to custom word list
4b1913f 
Signed-off-by: Simon Deziel <[email protected]>
@tomponline
Makefile: Pin github.com/dell/[email protected]
4813faf 
Until pending testing on the new version is completed.

Signed-off-by: Thomas Parrott <[email protected]>
@simondeziel
Copy link
Member

@simondeziel something weird going on with the godeps test, this passes locally on my machine:

test/lint/godeps.sh 
==> Checking for imports/deps that have been added to client...
==> Checking for imports/deps that have been added to lxc/config...
==> Checking for imports/deps that have been added to lxd-agent...
==> Checking for imports/deps that have been added to shared/api...

But it complains about the sha3 dep on GH, but if I remove that line and run it locally it complains if its missing:

test/lint/godeps.sh 
==> Checking for imports/deps that have been added to client...
ERROR: you added a new dependency to client; please make sure this is what you want
--- test/godeps/client.list	2024-08-30 10:40:04.163084325 +0100
+++ -	2024-08-30 10:40:05.687302768 +0100
@@ -75,6 +75,7 @@
 vendor/golang.org/x/crypto/hkdf
 vendor/golang.org/x/crypto/internal/alias
 vendor/golang.org/x/crypto/internal/poly1305
+vendor/golang.org/x/crypto/sha3
 vendor/golang.org/x/net/dns/dnsmessage
 vendor/golang.org/x/net/http/httpguts
 vendor/golang.org/x/net/http/httpproxy

Any idea whats going on here?

That's something you get with go 1.23 snap. Refreshing to 1.22/stable makes the sha3 module go away. Should I change the Code job to run with whatever is Go's stable release?

@tomponline
Copy link
Member Author

Should I change the Code job to run with whatever is Go's stable release?

I think we need to use the min go version not latest

@tomponline tomponline marked this pull request as ready for review August 30, 2024 17:29
simondeziel
simondeziel approved these changes Aug 30, 2024
View reviewed changes
lxc/console.go Show resolved Hide resolved
lxc/console.go Show resolved Hide resolved
@tomponline tomponline merged commit 4b06d18 into canonical:stable-5.21 Aug 30, 2024
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simondeziel simondeziel simondeziel approved these changes

@roosterfish roosterfish Awaiting requested review from roosterfish

Assignees

@tomponline tomponline

Labels
5.21 LTS API Changes to the REST API Documentation Documentation needs updating
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.