From ccdeeb211133a503c34f894a0006dec12d0d4383 Mon Sep 17 00:00:00 2001 From: Mark Bolton Date: Fri, 26 Jul 2024 07:26:28 -0700 Subject: [PATCH 1/3] Revert "daemon.start: group first run detection" This reverts commit 14cf45b4f08086be8b288a0f4f80999bd9bd10b0. Signed-off-by: Mark Bolton (cherry picked from commit 39bd791f56b1323b51e2f3eae6389b727c6fb7ed) (cherry picked from commit d2295fa34c84cf1643789a5029e81a5befeb1a4c) --- snapcraft/commands/daemon.start | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/snapcraft/commands/daemon.start b/snapcraft/commands/daemon.start index 536b8209c..db84d98b9 100755 --- a/snapcraft/commands/daemon.start +++ b/snapcraft/commands/daemon.start @@ -695,6 +695,12 @@ if [ "${daemon_verbose:-"false"}" = "true" ]; then CMD="${CMD} --verbose" fi +# Check if this is the first time LXD is started. +FIRSTRUN="false" +if [ ! -d "${SNAP_COMMON}/lxd/database" ]; then + FIRSTRUN="true" +fi + # We deal with errors ourselves from this point on set +e @@ -740,12 +746,11 @@ if [ "${RET}" -gt "0" ]; then exit 1 fi -## Check if this is the first time LXD is started -if [ ! -d "${SNAP_COMMON}/lxd/database" ]; then +## Process preseed if present +if [ "${FIRSTRUN}" = "true" ]; then set -e echo "=> First LXD execution on this system" - ## Process preseed if present if [ -e "${SNAP_COMMON}/init.yaml" ]; then echo "==> Running LXD preseed file" ${LXD} init --preseed < "${SNAP_COMMON}/init.yaml" From 46c439c4ceadf1925ccaeaf03f2f1f95310668ea Mon Sep 17 00:00:00 2001 From: Alexander Mikhalitsyn Date: Fri, 21 Jun 2024 13:09:47 +0200 Subject: [PATCH 2/3] snapcraft: add apparmor part Let's ship newer version of AppArmor with support of new features. Only needed for core22. But we will use with core24 based series for consistency. Also bumped apparmor to v4.0.2. Signed-off-by: Alexander Mikhalitsyn (cherry picked from commit 8591ed414b4dab7d045ccb344eb914d07f67b93f) Signed-off-by: Thomas Parrott (cherry picked from commit 7ff32eca9767999e8b23ccbe528b8b87c15c0176) (cherry picked from commit 363908d9c17a3c59a1abbb999d8dadfc5fd6b4ff) --- snapcraft.yaml | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/snapcraft.yaml b/snapcraft.yaml index e32075fd2..7c3b625d1 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1238,15 +1238,52 @@ parts: - bin/pzstd - bin/zstd + apparmor: + source: https://gitlab.com/apparmor/apparmor.git + source-commit: 84a6bc1b6dcdfeabb1ed3597f01e314f3bcee5c1 # v4.0.2 + source-depth: 1 + source-type: git + plugin: autotools + build-packages: + - g++ + - bison + - flex + - autoconf-archive + - gettext + override-build: |- + set -ex + + cd ./libraries/libapparmor + sh ./autogen.sh + sh ./configure --prefix=/ + make + make install + + cd ../../parser + make + make install + + mkdir "${CRAFT_PART_INSTALL}/bin" + cp /sbin/apparmor_parser "${CRAFT_PART_INSTALL}/bin/" + mkdir "${CRAFT_PART_INSTALL}/lib" + cp /lib/libapparmor.so* "${CRAFT_PART_INSTALL}/lib/" + + set +ex + prime: + - bin/apparmor_parser + - lib/libapparmor.so.1 + - lib/libapparmor.so.1.* + # Core components lxc: + after: + - apparmor source: https://github.com/lxc/lxc source-depth: 1 source-type: git source-tag: v6.0.0 build-packages: - dpkg-dev - - libapparmor-dev - libcap-dev - libdbus-1-dev - libgnutls28-dev From 7b7d90c6d3d5d67fd60a8704fb156a116a1747b5 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 20 Aug 2024 10:33:08 +0100 Subject: [PATCH 3/3] lxd: Cherry-picks - Fix for Oracular unprivileged containers from https://github.com/canonical/lxd/pull/13820 - Fix snapshot importing from https://github.com/canonical/lxd/pull/13899 - Fix Dell Powerflex migrations from https://github.com/canonical/lxd/pull/13934 Signed-off-by: Thomas Parrott --- snapcraft.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/snapcraft.yaml b/snapcraft.yaml index 7c3b625d1..ab66a6ad8 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -1474,6 +1474,12 @@ parts: git config user.name "LXD snap builder" git cherry-pick -x eee1a0408d503b518523554969e5657ae2bd6e1f # lxd/instance/drivers/driver/common: Fix crash when device doesn't return run config when being live updated + git cherry-pick -x 79b83bba26795d98e1cf37eb53242962e1d849a0 # lxd/apparmor/feature_check: add infastructure to check AppArmor features + git cherry-pick -x bd2e4ed14e580eaea7d34fb72063ea1efdf04d84 # lxd/apparmor/instance_lxc: allow nosymfollow mount flag + git cherry-pick -x 83d0d7bf4d952c76a7beb1ddad00d824c04d10ee # lxd/apparmor/instance_lxc: allow nosymfollow mount flag in more cases + git cherry-pick -x d3f044ba23e9ef633e7c99e8c2468678a6a58e5a # lxd/storage/backend/lxd: Pass full snapshot name when validating import in CreateInstanceFromBackup + git cherry-pick -x c0cfe64000c4b7c658347cf4b2833594ae0e6fc3 # lxd/instance/instance/utils: Don't allow snapshots named ".." in ValidName + git cherry-pick -x 8415f4ada4800e547c7c8764f28d83e7b6cab6a0 # lxd/instance: if storage location is remote, make cluster self healing available, and vm can migrate when src member is offline also # Setup build environment export GOPATH="$(realpath ./.go)"