From e4a3cd1fa6b44e76836a21a7bc7e0351121959eb Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Wed, 14 Dec 2022 09:43:25 -0800 Subject: [PATCH 1/2] Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye Signed-off-by: Saikrishna Arcot --- platform/vs/docker-sonic-vs.mk | 11 ++--- platform/vs/docker-sonic-vs/Dockerfile.j2 | 52 +++-------------------- platform/vs/docker-syncd-vs.mk | 2 +- platform/vs/docker-syncd-vs/Dockerfile.j2 | 2 +- rules/iproute2.mk | 2 +- sonic-slave-bullseye/Dockerfile.j2 | 3 +- 6 files changed, 15 insertions(+), 57 deletions(-) diff --git a/platform/vs/docker-sonic-vs.mk b/platform/vs/docker-sonic-vs.mk index 4adc9c10ac25..18b1e92cf58c 100644 --- a/platform/vs/docker-sonic-vs.mk +++ b/platform/vs/docker-sonic-vs.mk @@ -2,9 +2,7 @@ DOCKER_SONIC_VS = docker-sonic-vs.gz $(DOCKER_SONIC_VS)_PATH = $(PLATFORM_PATH)/docker-sonic-vs -$(DOCKER_SONIC_VS)_DEPENDS += $(SWSS) \ - $(SYNCD_VS) \ - $(PYTHON_SWSSCOMMON) \ +$(DOCKER_SONIC_VS)_DEPENDS += $(SYNCD_VS) \ $(PYTHON3_SWSSCOMMON) \ $(LIBTEAMDCTL) \ $(LIBTEAM_UTILS) \ @@ -24,8 +22,7 @@ $(DOCKER_SONIC_VS)_PYTHON_WHEELS += $(SONIC_PY_COMMON_PY3) \ $(SONIC_HOST_SERVICES_PY3) ifeq ($(INSTALL_DEBUG_TOOLS), y) -$(DOCKER_SONIC_VS)_DEPENDS += $(SWSS_DBG) \ - $(LIBSWSSCOMMON_DBG) \ +$(DOCKER_SONIC_VS)_DEPENDS += $(LIBSWSSCOMMON_DBG) \ $(LIBSAIREDIS_DBG) \ $(LIBSAIVS_DBG) \ $(SYNCD_VS_DBG) @@ -46,7 +43,7 @@ $(DOCKER_SONIC_VS)_FILES += $(CONFIGDB_LOAD_SCRIPT) \ $(UPDATE_CHASSISDB_CONFIG_SCRIPT) \ $(COPP_CONFIG_TEMPLATE) -$(DOCKER_SONIC_VS)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE_BUSTER) +$(DOCKER_SONIC_VS)_LOAD_DOCKERS += $(DOCKER_SWSS_LAYER_BULLSEYE) SONIC_DOCKER_IMAGES += $(DOCKER_SONIC_VS) -SONIC_BUSTER_DOCKERS += $(DOCKER_SONIC_VS) +SONIC_BULLSEYE_DOCKERS += $(DOCKER_SONIC_VS) diff --git a/platform/vs/docker-sonic-vs/Dockerfile.j2 b/platform/vs/docker-sonic-vs/Dockerfile.j2 index 7585b7f6f6e3..eb7c9e8f932f 100644 --- a/platform/vs/docker-sonic-vs/Dockerfile.j2 +++ b/platform/vs/docker-sonic-vs/Dockerfile.j2 @@ -1,4 +1,4 @@ -FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} +FROM docker-swss-layer-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name RUN [ -f /etc/rsyslog.conf ] && sed -ri "s/%syslogtag%/$docker_container_name#%syslogtag%/;" /etc/rsyslog.conf @@ -22,10 +22,6 @@ RUN apt-get install -y net-tools \ python-ply \ libqt5core5a \ libqt5network5 \ - libboost-program-options1.71.0 \ - libboost-serialization1.71.0 \ - libboost-system1.71.0 \ - libboost-thread1.71.0 \ libgmp10 \ libjudydebian1 \ openssh-client \ @@ -39,8 +35,7 @@ RUN apt-get install -y net-tools \ logrotate \ apt-utils \ psmisc \ - tcpdump \ - python-scapy \ + python3-scapy \ conntrack \ iptables \ jq \ @@ -50,8 +45,6 @@ RUN apt-get install -y net-tools \ # For installing Python m2crypto package # (these can be uninstalled after installation) build-essential \ - python-dev \ - python-pip \ python3-dev \ libssl-dev \ swig \ @@ -70,40 +63,10 @@ RUN apt-get install -y net-tools \ libdbus-1-3 \ libgirepository-1.0-1 \ {%- if ENABLE_ASAN == "y" %} - libasan5 \ + libasan6 \ {%- endif %} - libsystemd0 \ - dbus - -# Install redis-server -{% if CONFIGURED_ARCH == "armhf" %} -RUN curl -k -o redis-tools_6.0.6-1~bpo10+1_armhf.deb "https://sonicstorage.blob.core.windows.net/packages/redis/redis-tools_6.0.6-1_bpo10+1_armhf.deb?sv=2015-04-05&sr=b&sig=67vHAMxsl%2BS3X1KsqhdYhakJkGdg5FKSPgU8kUiw4as%3D&se=2030-10-24T04%3A22%3A40Z&sp=r" -RUN curl -k -o redis-server_6.0.6-1~bpo10+1_armhf.deb "https://sonicstorage.blob.core.windows.net/packages/redis/redis-server_6.0.6-1_bpo10+1_armhf.deb?sv=2015-04-05&sr=b&sig=xTdayvm0RBguxi9suyv855jKRjU%2FmKQ8nHuct4WSX%2FA%3D&se=2030-10-24T04%3A22%3A05Z&sp=r" -RUN dpkg -i redis-tools_6.0.6-1~bpo10+1_armhf.deb redis-server_6.0.6-1~bpo10+1_armhf.deb || apt-get install -f -RUN rm redis-tools_6.0.6-1~bpo10+1_armhf.deb redis-server_6.0.6-1~bpo10+1_armhf.deb -{% elif CONFIGURED_ARCH == "arm64" %} -RUN curl -o redis-tools_6.0.6-1~bpo10+1_arm64.deb "https://sonicstorage.blob.core.windows.net/packages/redis/redis-tools_6.0.6-1_bpo10+1_arm64.deb?sv=2015-04-05&sr=b&sig=GbkJV2wWln3hoz27zKi5erdk3NDKrAFrQriA97bcRCY%3D&se=2030-10-24T04%3A22%3A21Z&sp=r" -RUN curl -o redis-server_6.0.6-1~bpo10+1_arm64.deb "https://sonicstorage.blob.core.windows.net/packages/redis/redis-server_6.0.6-1_bpo10+1_arm64.deb?sv=2015-04-05&sr=b&sig=622w2KzIKIjAaaA0Bz12MzU%2BUBzY2AiXFIFfuKNoKSk%3D&se=2030-10-24T04%3A21%3A44Z&sp=r" -RUN dpkg -i redis-tools_6.0.6-1~bpo10+1_arm64.deb redis-server_6.0.6-1~bpo10+1_arm64.deb || apt-get install -f -RUN rm redis-tools_6.0.6-1~bpo10+1_arm64.deb redis-server_6.0.6-1~bpo10+1_arm64.deb -{% else %} -RUN curl -o redis-tools_6.0.6-1~bpo10+1_amd64.deb "https://sonicstorage.blob.core.windows.net/packages/redis/redis-tools_6.0.6-1~bpo10+1_amd64.deb?sv=2015-04-05&sr=b&sig=73zbmjkf3pi%2Bn0R8Hy7CWT2EUvOAyzM5aLYJWCLySGM%3D&se=2030-09-06T19%3A44%3A59Z&sp=r" -RUN curl -o redis-server_6.0.6-1~bpo10+1_amd64.deb "https://sonicstorage.blob.core.windows.net/packages/redis/redis-server_6.0.6-1~bpo10+1_amd64.deb?sv=2015-04-05&sr=b&sig=2Ketg7BmkZEaTxR%2FgvAFVmhjn7ywdmkc7l2T2rsL57o%3D&se=2030-09-06T19%3A45%3A20Z&sp=r" -RUN dpkg -i redis-tools_6.0.6-1~bpo10+1_amd64.deb redis-server_6.0.6-1~bpo10+1_amd64.deb || apt-get install -f -RUN rm redis-tools_6.0.6-1~bpo10+1_amd64.deb redis-server_6.0.6-1~bpo10+1_amd64.deb -{% endif %} - -RUN pip2 install --upgrade 'pip<21' -RUN apt-get purge -y python-pip -RUN pip2 install setuptools==40.8.0 -RUN pip2 install wheel==0.33.6 -RUN pip2 install py2_ipaddress -RUN pip2 install six -RUN pip2 install pyroute2==0.5.3 netifaces==0.10.7 -RUN pip2 install monotonic==1.5 -RUN pip2 install urllib3 -RUN pip2 install requests -RUN pip2 install crontab + dbus \ + redis-server # For sonic-config-engine Python 3 package # Install pyangbind here, outside sonic-config-engine dependencies, as pyangbind causes enum34 to be installed. @@ -148,7 +111,7 @@ RUN pip{% if 'py3' in whl %}3{% else %}2{% endif %} install python-wheels/{{ whl # Clean up RUN apt-get purge -y build-essential libssl-dev swig -RUN apt-get purge -y python-dev python3-dev +RUN apt-get purge -y python3-dev RUN apt-get purge -y libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config RUN apt-get clean -y RUN apt-get autoclean -y @@ -194,9 +157,6 @@ RUN rm -f /usr/share/sonic/templates/supervisord.conf.j2 RUN mkdir -p /var/log/asan {%- endif %} -# Workaround the tcpdump issue -RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump - RUN echo "docker-sonic-vs" > /etc/hostname RUN mkdir -p /etc/quagga RUN touch /etc/quagga/zebra.conf diff --git a/platform/vs/docker-syncd-vs.mk b/platform/vs/docker-syncd-vs.mk index 7ec1ddd5d537..4a062e35036e 100644 --- a/platform/vs/docker-syncd-vs.mk +++ b/platform/vs/docker-syncd-vs.mk @@ -1,7 +1,7 @@ # docker image for vs syncd DOCKER_SYNCD_PLATFORM_CODE = vs -include $(PLATFORM_PATH)/../template/docker-syncd-base.mk +include $(PLATFORM_PATH)/../template/docker-syncd-bullseye.mk $(DOCKER_SYNCD_BASE)_DEPENDS += $(SYNCD_VS) \ $(IPROUTE2) diff --git a/platform/vs/docker-syncd-vs/Dockerfile.j2 b/platform/vs/docker-syncd-vs/Dockerfile.j2 index dd6bc2d0f71e..a2fc5fd19584 100644 --- a/platform/vs/docker-syncd-vs/Dockerfile.j2 +++ b/platform/vs/docker-syncd-vs/Dockerfile.j2 @@ -1,4 +1,4 @@ -FROM docker-config-engine-buster-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} +FROM docker-config-engine-bullseye-{{DOCKER_USERNAME}}:{{DOCKER_USERTAG}} ARG docker_container_name diff --git a/rules/iproute2.mk b/rules/iproute2.mk index 302849eaf47e..ec2aa76e94e1 100644 --- a/rules/iproute2.mk +++ b/rules/iproute2.mk @@ -1,7 +1,7 @@ # iproute2 package IPROUTE2_VERSION = 5.10.0 -IPROUTE2_VERSION_FULL = $(IPROUTE2_VERSION)-4~bpo10+1 +IPROUTE2_VERSION_FULL = $(IPROUTE2_VERSION)-4 export IPROUTE2_VERSION export IPROUTE2_VERSION_FULL diff --git a/sonic-slave-bullseye/Dockerfile.j2 b/sonic-slave-bullseye/Dockerfile.j2 index f4f24d847e84..7279ca88e927 100644 --- a/sonic-slave-bullseye/Dockerfile.j2 +++ b/sonic-slave-bullseye/Dockerfile.j2 @@ -298,6 +298,7 @@ RUN apt-get update && apt-get install -y \ # For iproute2 cm-super-minimal \ libatm1-dev \ + libbpf-dev \ libelf-dev \ libmnl-dev \ libselinux1-dev \ @@ -596,7 +597,7 @@ RUN apt-get install -y nodejs {%- if CROSS_BUILD_ENVIRON == "y" %} RUN apt-get install -y rsync dh-python -RUN apt-get install -y libelf-dev:$arch libdw-dev:$arch libbz2-dev:$arch liblzo2-dev:$arch libedit-dev:$arch libevent-dev:$arch libopts25-dev:$arch libssl-dev:$arch pps-tools:$arch libpam-cap:$arch libcap-dev:$arch libpam0g-dev:$arch libaudit-dev:$arch libgtk-3-dev:$arch libkrb5-dev:$arch libsystemd-dev:$arch libwrap0-dev:$arch libkrb5-dev:$arch libboost1.74-dev:$arch libboost-dev:$arch libzmq5:$arch libzmq3-dev:$arch libdaemon-dev:$arch libjansson-dev:$arch libmnl-dev:$arch libsensors5:$arch libsensors4-dev:$arch libperl-dev:$arch libmariadb-dev:$arch libmariadb-dev-compat:$arch libpci-dev:$arch libjson-c-dev:$arch libreadline-dev:$arch librtr-dev:$arch librrd-dev:$arch libnetfilter-conntrack-dev:$arch libnetfilter-conntrack3:$arch libnfnetlink-dev:$arch libnftnl-dev:$arch libldap2-dev:$arch libbind-export-dev:$arch check:$arch libboost-atomic-dev:$arch libboost-test-dev:$arch libglib2.0-dev:$arch libexplain-dev:$arch libc-ares-dev:$arch libiptc0:$arch libxtables12:$arch libatm1-dev:$arch libdb-dev:$arch pkg-config:$arch libnghttp2-14:$arch librtmp1:$arch libssh2-1:$arch libcjson1:$arch libcjson-dev:$arch libcurl3-gnutls:$arch libcurl3-nss-dev:$arch libboost-thread1.74-dev:$arch libboost-thread-dev:$arch libboost-system1.74-dev:$arch libboost-system-dev:$arch libgtest-dev:$arch libgmock-dev:$arch libfido2-dev:$arch libcunit1:$arch libcunit1-dev:$arch libauparse-dev:$arch libnetsnmptrapd40:$arch qtbase5-dev:$arch libboost-log-dev:$arch libboost-filesystem-dev:$arch libboost-program-options-dev:$arch +RUN apt-get install -y libelf-dev:$arch libdw-dev:$arch libbz2-dev:$arch liblzo2-dev:$arch libedit-dev:$arch libevent-dev:$arch libopts25-dev:$arch libssl-dev:$arch pps-tools:$arch libpam-cap:$arch libcap-dev:$arch libpam0g-dev:$arch libaudit-dev:$arch libgtk-3-dev:$arch libkrb5-dev:$arch libsystemd-dev:$arch libwrap0-dev:$arch libkrb5-dev:$arch libboost1.74-dev:$arch libboost-dev:$arch libzmq5:$arch libzmq3-dev:$arch libdaemon-dev:$arch libjansson-dev:$arch libmnl-dev:$arch libsensors5:$arch libsensors4-dev:$arch libperl-dev:$arch libmariadb-dev:$arch libmariadb-dev-compat:$arch libpci-dev:$arch libjson-c-dev:$arch libreadline-dev:$arch librtr-dev:$arch librrd-dev:$arch libnetfilter-conntrack-dev:$arch libnetfilter-conntrack3:$arch libnfnetlink-dev:$arch libnftnl-dev:$arch libldap2-dev:$arch libbind-export-dev:$arch check:$arch libboost-atomic-dev:$arch libboost-test-dev:$arch libglib2.0-dev:$arch libexplain-dev:$arch libc-ares-dev:$arch libiptc0:$arch libxtables12:$arch libatm1-dev:$arch libbpf-dev:$arch libdb-dev:$arch pkg-config:$arch libnghttp2-14:$arch librtmp1:$arch libssh2-1:$arch libcjson1:$arch libcjson-dev:$arch libcurl3-gnutls:$arch libcurl3-nss-dev:$arch libboost-thread1.74-dev:$arch libboost-thread-dev:$arch libboost-system1.74-dev:$arch libboost-system-dev:$arch libgtest-dev:$arch libgmock-dev:$arch libfido2-dev:$arch libcunit1:$arch libcunit1-dev:$arch libauparse-dev:$arch libnetsnmptrapd40:$arch qtbase5-dev:$arch libboost-log-dev:$arch libboost-filesystem-dev:$arch libboost-program-options-dev:$arch RUN apt-get download libgirepository1.0-dev:$arch && dpkg --force-all -i libgirepository1.0-dev* RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install pycairo From eeb60136c939c5066ede14d10d0dc88ad8d506cf Mon Sep 17 00:00:00 2001 From: Saikrishna Arcot Date: Wed, 25 Jan 2023 11:38:47 -0800 Subject: [PATCH 2/2] iproute2: Force a new version and timestamp to be used for the package There is an issue with Docker's overlay2 storage driver when not using native diffs (and thus falling back to naive diff mode), which is the case in the CI builds. The way the naive diff mode detects changes is by comparing the file size and comparing the timestamps (specifically, I believe it's the modification timestamp), and if there's a change there, then it's considered a change that needs to be recorded as part of that layer. The problem is that with the code being added in the patch, the file size remains the same, and the timestamp of binary files appear to be the same timestamp as the changelog entry (likely for reproducible build purposes). The file size remains the same likely due to extra padding within the file introduced by relro. Because of this, Docker doesn't detect this file has changed, and doesn't save the new file as part of this layer. To work around this, create a new changelog entry (with a new version as well) with a new timestamp. This will result in the binary files having a different timestamp, and thus will get saved by Docker as part of that layer. Signed-off-by: Saikrishna Arcot --- rules/iproute2.mk | 4 +++- src/iproute2/Makefile | 2 +- .../patch/0001-patch-macsec-xpn-support.patch | 14 ++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/rules/iproute2.mk b/rules/iproute2.mk index ec2aa76e94e1..ac0b2d576ef9 100644 --- a/rules/iproute2.mk +++ b/rules/iproute2.mk @@ -2,10 +2,12 @@ IPROUTE2_VERSION = 5.10.0 IPROUTE2_VERSION_FULL = $(IPROUTE2_VERSION)-4 +IPROUTE2_VERSION_SONIC = $(IPROUTE2_VERSION)-4sonic1 export IPROUTE2_VERSION export IPROUTE2_VERSION_FULL +export IPROUTE2_VERSION_SONIC -IPROUTE2 = iproute2_$(IPROUTE2_VERSION_FULL)_$(CONFIGURED_ARCH).deb +IPROUTE2 = iproute2_$(IPROUTE2_VERSION_SONIC)_$(CONFIGURED_ARCH).deb $(IPROUTE2)_SRC_PATH = $(SRC_PATH)/iproute2 SONIC_MAKE_DEBS += $(IPROUTE2) diff --git a/src/iproute2/Makefile b/src/iproute2/Makefile index fe5cf17a292a..ecf849182fcb 100644 --- a/src/iproute2/Makefile +++ b/src/iproute2/Makefile @@ -2,7 +2,7 @@ SHELL = /bin/bash .ONESHELL: .SHELLFLAGS += -e -MAIN_TARGET = iproute2_$(IPROUTE2_VERSION_FULL)_$(CONFIGURED_ARCH).deb +MAIN_TARGET = iproute2_$(IPROUTE2_VERSION_SONIC)_$(CONFIGURED_ARCH).deb $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% : # Remove any stale files diff --git a/src/iproute2/patch/0001-patch-macsec-xpn-support.patch b/src/iproute2/patch/0001-patch-macsec-xpn-support.patch index 54b8ab7968a7..db477fbd3613 100644 --- a/src/iproute2/patch/0001-patch-macsec-xpn-support.patch +++ b/src/iproute2/patch/0001-patch-macsec-xpn-support.patch @@ -8,6 +8,20 @@ Signed-off-by: Ze Gan ip/ipmacsec.c | 97 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 83 insertions(+), 14 deletions(-) +diff --git a/debian/changelog b/debian/changelog +index 2b114c1..bf3c253 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,3 +1,9 @@ ++iproute2 (5.10.0-4sonic1) unstable; urgency=medium ++ ++ * Enhance iproute2 to update PN for XPN ++ ++ -- Ze Gan Wed, 25 Jan 2023 11:25:50 -0800 ++ + iproute2 (5.10.0-4) unstable; urgency=medium + + * Backport 0012-iproute-force-rtm_dst_len-to-32-128.patch to fix ip diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c index 18289ec..fffe94a 100644 --- a/ip/ipmacsec.c