From 2513d363ff5479725d0dd672cc32424c1eeeb503 Mon Sep 17 00:00:00 2001 From: zhuyan Date: Wed, 22 Sep 2021 16:45:27 +0800 Subject: [PATCH 1/5] iSulad support arm32 Signed-off-by: zhuyan --- .../iSulad/modify_printf_to_arm32.patch | 208 ++++++++++++++++++ .../recipes-core/iSulad/iSulad_2.0.9.bb | 1 + .../recipes-core/lxc/lxc/support_arm32.patch | 81 +++++++ meta-openeuler/recipes-core/lxc/lxc_4.0.3.bb | 1 + 4 files changed, 291 insertions(+) create mode 100644 meta-openeuler/recipes-core/iSulad/iSulad/modify_printf_to_arm32.patch create mode 100644 meta-openeuler/recipes-core/lxc/lxc/support_arm32.patch diff --git a/meta-openeuler/recipes-core/iSulad/iSulad/modify_printf_to_arm32.patch b/meta-openeuler/recipes-core/iSulad/iSulad/modify_printf_to_arm32.patch new file mode 100644 index 00000000000..7d3947be0d7 --- /dev/null +++ b/meta-openeuler/recipes-core/iSulad/iSulad/modify_printf_to_arm32.patch @@ -0,0 +1,208 @@ +commit 5c290cec5e0022eb81e082ebcbc3bbcdf4f9807d +Author: lisimin +Date: Wed Sep 22 10:05:34 2021 +0800 + + modify printf to arm32 + + Signed-off-by: lisimin + +diff --git a/src/cmd/isula/extend/stats.c b/src/cmd/isula/extend/stats.c +index b35156a..8fd23a7 100644 +--- a/src/cmd/isula/extend/stats.c ++++ b/src/cmd/isula/extend/stats.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + #include "client_arguments.h" + #include "utils.h" +@@ -169,7 +170,7 @@ static void stats_print_original_data(const struct isula_container_info *stats) + short_id[SHORTIDLEN] = '\0'; + } + +- printf("%-16s %-10llu %-10s %-20lu %-20lu %-15u %-15lu %-15lu %-15lu %-15lu %-15lu %-15lu %-40s", short_id, ++ printf("%-16s %-10llu %-10s %-20"PRIu64" %-20"PRIu64" %-15u %-15"PRIu64" %-15"PRIu64" %-15"PRIu64" %-15"PRIu64" %-15"PRIu64" %-15"PRIu64" %-40s", short_id, + (unsigned long long)stats->pids_current, stats->status, stats->cpu_use_nanos, stats->cpu_system_use, + stats->online_cpus, stats->blkio_read, stats->blkio_write, stats->mem_used, stats->mem_limit, + stats->kmem_used, stats->cache, stats->name); +diff --git a/src/cmd/isulad/isulad_commands.c b/src/cmd/isulad/isulad_commands.c +index d0ab029..8df1dbc 100644 +--- a/src/cmd/isulad/isulad_commands.c ++++ b/src/cmd/isulad/isulad_commands.c +@@ -19,6 +19,7 @@ + #include + #include + #include ++#include + + #include "config.h" + #include "isula_libutils/log.h" +@@ -250,7 +251,7 @@ static int check_args_log_conf(const struct service_arguments *args) + /* validate max-size */ + if ((args->json_confs->log_driver && strcasecmp("file", args->json_confs->log_driver) == 0) && + (args->max_size < (4 * 1024))) { +- ERROR("Max-size \"%ld\" must large than 4KB.", args->max_size); ++ ERROR("Max-size \"%"PRId64"\" must large than 4KB.", args->max_size); + ret = -1; + goto out; + } +diff --git a/src/daemon/executor/container_cb/execution_stream.c b/src/daemon/executor/container_cb/execution_stream.c +index 7d165fb..c83162f 100644 +--- a/src/daemon/executor/container_cb/execution_stream.c ++++ b/src/daemon/executor/container_cb/execution_stream.c +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + #include "isula_libutils/log.h" + #include "io_wrapper.h" +@@ -1622,7 +1623,7 @@ static int container_logs_cb(const struct isulad_logs_request *request, stream_f + goto out; + } + +- EVENT("Event: {Object: %s, Content: path: %s, rotate: %d, size: %ld }", id, log_config->path, log_config->rotate, ++ EVENT("Event: {Object: %s, Content: path: %s, rotate: %d, size: %"PRId64" }", id, log_config->path, log_config->rotate, + log_config->size); + + nret = check_log_config(log_config); +diff --git a/src/daemon/executor/container_cb/list.c b/src/daemon/executor/container_cb/list.c +index d8f2632..fee7d23 100644 +--- a/src/daemon/executor/container_cb/list.c ++++ b/src/daemon/executor/container_cb/list.c +@@ -620,7 +620,7 @@ static int pack_list_containers(char **idsarray, const struct list_context *ctx, + } + + if (container_nums > (SIZE_MAX / sizeof(container_container *))) { +- ERROR("Get too many containers:%ld", container_nums); ++ ERROR("Get too many containers: %zu", container_nums); + ret = -1; + goto out; + } +diff --git a/src/daemon/modules/log/log_gather.c b/src/daemon/modules/log/log_gather.c +index b981391..2c42f84 100644 +--- a/src/daemon/modules/log/log_gather.c ++++ b/src/daemon/modules/log/log_gather.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + #include "log_gather_api.h" + #include "isula_libutils/log.h" +@@ -223,7 +224,7 @@ static int check_log_file() + if (ret != 0) { + COMMAND_ERROR("Rotate log file %s failed.", g_log_file); + } else { +- INFO("Log file large than %lu, rotate it.", g_max_size); ++ INFO("Log file large than %"PRId64", rotate it.", g_max_size); + } + } else { + ret = 0; +diff --git a/src/daemon/modules/plugin/plugin.c b/src/daemon/modules/plugin/plugin.c +index 2532656..20ce4ec 100644 +--- a/src/daemon/modules/plugin/plugin.c ++++ b/src/daemon/modules/plugin/plugin.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #include "isula_libutils/log.h" + #include "plugin_api.h" +@@ -519,7 +520,7 @@ static int pm_register_plugin(const char *name, const char *addr) + goto failed; + } + +- INFO("add activated plugin %s 0x%lx", plugin->name, plugin->manifest->watch_event); ++ INFO("add activated plugin %s %"PRIu64"", plugin->name, plugin->manifest->watch_event); + return 0; + + failed: +@@ -854,7 +855,7 @@ bool plugin_is_watching(plugin_t *plugin, uint64_t pe) + } + plugin_unlock(plugin); + +- INFO("plugin %s watching=%s for event 0x%lx", plugin->name, (ok ? "true" : "false"), pe); ++ INFO("plugin %s watching=%s for event %"PRIu64"", plugin->name, (ok ? "true" : "false"), pe); + + return ok; + } +@@ -885,7 +886,7 @@ static int unpack_activate_response(const struct parsed_http_message *message, v + goto out; + } + +- INFO("get resp 0x%lx", resp->watch_event); ++ INFO("get resp %"PRIu64"", resp->watch_event); + manifest->init_type = resp->init_type; + manifest->watch_event = resp->watch_event; + +@@ -1371,7 +1372,7 @@ static int plugin_event_handle_dispath_impl(const char *cid, const char *plugins + ret = plugin_event_post_remove_handle(plugin, cid); + break; + default: +- ERROR("plugin event %ld not support.", pe); ++ ERROR("plugin event %"PRIu64" not support.", pe); + ret = -1; + break; + } +diff --git a/src/daemon/modules/spec/verify.c b/src/daemon/modules/spec/verify.c +index 57501cd..42300b6 100644 +--- a/src/daemon/modules/spec/verify.c ++++ b/src/daemon/modules/spec/verify.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include "constants.h" + #include "err_msg.h" +@@ -962,7 +963,7 @@ static bool check_hugetlbs_repeated(size_t newlen, const char *pagesize, + + for (j = 0; j < newlen; j++) { + if (newtlb[j] != NULL && newtlb[j]->page_size != NULL && !strcmp(newtlb[j]->page_size, pagesize)) { +- WARN("hugetlb-limit setting of %s is repeated, former setting %lu will be replaced with %lu", pagesize, ++ WARN("hugetlb-limit setting of %s is repeated, former setting %"PRIu64" will be replaced with %"PRIu64"", pagesize, + newtlb[j]->limit, hugetlb->limit); + newtlb[j]->limit = hugetlb->limit; + repeated = true; +@@ -1090,9 +1091,9 @@ static int verify_resources_device(defs_resources *resources) + + for (i = 0; i < resources->devices_len; i++) { + if (!util_valid_device_mode(resources->devices[i]->access)) { +- ERROR("Invalid device mode \"%s\" for device \"%ld %ld\"", resources->devices[i]->access, ++ ERROR("Invalid device mode \"%s\" for device \"%"PRId64" %"PRId64"\"", resources->devices[i]->access, + resources->devices[i]->major, resources->devices[i]->minor); +- isulad_set_error_message("Invalid device mode \"%s\" for device \"%ld %ld\"", resources->devices[i]->access, ++ isulad_set_error_message("Invalid device mode \"%s\" for device \"%"PRId64" %"PRId64"\"", resources->devices[i]->access, + resources->devices[i]->major, resources->devices[i]->minor); + ret = -1; + goto out; +@@ -1678,7 +1679,7 @@ static int add_hugetbl_element(host_config_hugetlbs_element ***hugetlb, size_t * + for (j = 0; j < *len; j++) { + if (strcmp((*hugetlb)[j]->page_size, pagesize) == 0) { + WARN("Hostconfig: hugetlb-limit setting of %s is repeated, " +- "former setting %lu will be replaced with %lu", ++ "former setting %"PRIu64" will be replaced with %"PRIu64"", + pagesize, (*hugetlb)[j]->limit, element->limit); + (*hugetlb)[j]->limit = element->limit; + goto out; +diff --git a/src/utils/cutils/utils_base64.c b/src/utils/cutils/utils_base64.c +index 2eb6b6b..aebf097 100644 +--- a/src/utils/cutils/utils_base64.c ++++ b/src/utils/cutils/utils_base64.c +@@ -115,7 +115,7 @@ size_t util_base64_decode_len(const char *input, size_t len) + size_t padding_count = 0; + + if (input == NULL || len < 4 || len % 4 != 0) { +- ERROR("Invalid param for base64 decode length, length is %ld", len); ++ ERROR("Invalid param for base64 decode length, length is %zu ", len); + return -1; + } + diff --git a/meta-openeuler/recipes-core/iSulad/iSulad_2.0.9.bb b/meta-openeuler/recipes-core/iSulad/iSulad_2.0.9.bb index 1cc15310e9c..a363466deaa 100644 --- a/meta-openeuler/recipes-core/iSulad/iSulad_2.0.9.bb +++ b/meta-openeuler/recipes-core/iSulad/iSulad_2.0.9.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;m SRC_URI = "file://iSulad/v2.0.9.tar.gz \ file://fix_bug_disable_selinux_not_selinux_label_file.patch \ file://delete_call_setlocale.patch \ + file://modify_printf_to_arm32.patch \ " FILESPATH_prepend += "${LOCAL_FILES}/${BPN}:" diff --git a/meta-openeuler/recipes-core/lxc/lxc/support_arm32.patch b/meta-openeuler/recipes-core/lxc/lxc/support_arm32.patch new file mode 100644 index 00000000000..6b4a9eace24 --- /dev/null +++ b/meta-openeuler/recipes-core/lxc/lxc/support_arm32.patch @@ -0,0 +1,81 @@ +commit 05f1ae3dac69f1c677d3d8d0fabfb1536b8c2583 +Author: lisimin +Date: Wed Sep 22 09:34:22 2021 +0800 + + support arm32 + + Signed-off-by: lisimin + +diff --git a/configure.ac b/configure.ac +index 9eb6dcb..929d670 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -812,6 +812,7 @@ AM_CONDITIONAL([HAVE_ISULAD], [test "x$adapt_isulad" = "xyes"]) + if test "x$adapt_isulad" = "xyes"; then + AC_DEFINE([HAVE_ISULAD], 1, [adapt to iSulad]) + AC_MSG_RESULT([yes]) ++ AC_SUBST([YAJL_LIBS], [-lyajl]) + else + AC_MSG_RESULT([no]) + fi +diff --git a/src/lxc/confile.c b/src/lxc/confile.c +index e898e23..522fefa 100644 +--- a/src/lxc/confile.c ++++ b/src/lxc/confile.c +@@ -6233,21 +6233,21 @@ static int set_config_init_args(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) + { + int ret = 0; +- char *tmp = NULL; ++ char **tmp = NULL; + char *new_value = NULL; + + ret = set_config_string_item(&new_value, value); + if (ret || !new_value) + return ret; + +- tmp = realloc(lxc_conf->init_argv, (lxc_conf->init_argc + 1) * sizeof(char *)); ++ tmp = (char **)realloc(lxc_conf->init_argv, (lxc_conf->init_argc + 1) * sizeof(char *)); + if (!tmp) { + ERROR("Out of memory"); + free(new_value); + return -1; + } + +- lxc_conf->init_argv = (char **)tmp; ++ lxc_conf->init_argv = tmp; + + lxc_conf->init_argv[lxc_conf->init_argc] = new_value; + lxc_conf->init_argc++; +diff --git a/src/lxc/json/json_common.c b/src/lxc/json/json_common.c +index ec20c59..87895b0 100755 +--- a/src/lxc/json/json_common.c ++++ b/src/lxc/json/json_common.c +@@ -764,11 +764,11 @@ int append_json_map_int_string(json_map_int_string *map, int key, const char *va + if (map == NULL) { + return -1; + } +- ++#if 0 + if ((SIZE_MAX / sizeof(int) - 1) < map->len || (SIZE_MAX / sizeof(char *) - 1) < map->len) { + return -1; + } +- ++#endif + len = map->len + 1; + keys = safe_malloc(len * sizeof(int)); + vals = safe_malloc(len * sizeof(char *)); +@@ -886,11 +886,11 @@ int append_json_map_string_int(json_map_string_int *map, const char *key, int va + if (map == NULL) { + return -1; + } +- ++#if 0 + if ((SIZE_MAX / sizeof(char *) - 1) < map->len || (SIZE_MAX / sizeof(int) - 1) < map->len) { + return -1; + } +- ++#endif + len = map->len + 1; + keys = safe_malloc(len * sizeof(char *)); + vals = safe_malloc(len * sizeof(int)); diff --git a/meta-openeuler/recipes-core/lxc/lxc_4.0.3.bb b/meta-openeuler/recipes-core/lxc/lxc_4.0.3.bb index b7eda6378d7..9d7ba8c1378 100644 --- a/meta-openeuler/recipes-core/lxc/lxc_4.0.3.bb +++ b/meta-openeuler/recipes-core/lxc/lxc_4.0.3.bb @@ -32,6 +32,7 @@ SRC_URI = "file://lxc/lxc-4.0.3.tar.gz \ file://lxc/0024-log-adjust-log-level-from-error-to-warn.patch \ file://lxc/0025-get-cgroup-data-len-first-and-malloc-read-buff-by-le.patch \ file://lxc/0026-coredump-fix-coredump-when-cgroup-get-return-error.patch \ + file://support_arm32.patch \ " FILESPATH_prepend += "${LOCAL_FILES}/${BPN}:" -- Gitee From b65bcfdd41e4195cf3b9394071177072b14b8c8b Mon Sep 17 00:00:00 2001 From: zhuyan Date: Wed, 22 Sep 2021 17:48:57 +0800 Subject: [PATCH 2/5] add audit security config files Signed-off-by: zhuyan --- meta-openeuler/recipes-core/audit/audit_3.0.bb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/meta-openeuler/recipes-core/audit/audit_3.0.bb b/meta-openeuler/recipes-core/audit/audit_3.0.bb index 90288d847c3..01235508283 100644 --- a/meta-openeuler/recipes-core/audit/audit_3.0.bb +++ b/meta-openeuler/recipes-core/audit/audit_3.0.bb @@ -10,7 +10,10 @@ LICENSE = "GPLv2+ & LGPLv2+" inherit autotools LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" -SRC_URI = "file://audit/audit-${PV}.tar.gz" +SRC_URI = "file://audit/audit-${PV}.tar.gz \ + file://auditd.conf \ + file://audit.rules \ + " UPDATERCPN = "auditd" @@ -88,7 +91,8 @@ do_install_append() { # audit-2.5 doesn't install any rules by default, so we do that here mkdir -p ${D}/etc/audit ${D}/etc/audit/rules.d - cp ${S}/rules/10-base-config.rules ${D}/etc/audit/rules.d/audit.rules + cp ${WORKDIR}/audit.rules ${D}/etc/audit/rules.d/audit.rules + cp ${WORKDIR}/auditd.conf ${D}/etc/audit/auditd.conf chmod 750 ${D}/etc/audit ${D}/etc/audit/rules.d chmod 640 ${D}/etc/audit/auditd.conf ${D}/etc/audit/rules.d/audit.rules -- Gitee From 143fa4b65c9797a3e6e26ae280a6d228a33221c4 Mon Sep 17 00:00:00 2001 From: zhuyan Date: Wed, 22 Sep 2021 18:56:31 +0800 Subject: [PATCH 3/5] add openssh security config files Signed-off-by: zhuyan --- meta-openeuler/recipes-core/openssh/openssh_8.2p1.bb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/meta-openeuler/recipes-core/openssh/openssh_8.2p1.bb b/meta-openeuler/recipes-core/openssh/openssh_8.2p1.bb index 91125344602..cbe83402e86 100644 --- a/meta-openeuler/recipes-core/openssh/openssh_8.2p1.bb +++ b/meta-openeuler/recipes-core/openssh/openssh_8.2p1.bb @@ -71,6 +71,9 @@ file://sshd@.service \ file://sshdgenkeys.service \ file://volatiles.99_sshd \ file://config/common/sshd_check_keys \ +file://sshd_config \ +file://sshd_config_readonly \ +file://sshd \ " @@ -128,6 +131,11 @@ do_install_append () { sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ ${D}${sysconfdir}/init.d/sshd + cp ${WORKDIR}/ssh_config ${D}${sysconfdir}/ssh/ssh_config + cp ${WORKDIR}/sshd_config ${D}${sysconfdir}/ssh/sshd_config + cp ${WORKDIR}/sshd_config_readonly ${D}${sysconfdir}/ssh/sshd_config_readonly + install -d ${D}${sysconfdir}/pam.d + cp ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd install -D -m 0755 ${WORKDIR}/config/common/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys chmod -s ${D}/usr/libexec/ssh-keysign -- Gitee From 3a3ce0702e984f2315616dec973b73aaf3d27315 Mon Sep 17 00:00:00 2001 From: zhuyan Date: Wed, 22 Sep 2021 19:38:37 +0800 Subject: [PATCH 4/5] fix sshd running error Signed-off-by: zhuyan --- meta-openeuler/recipes-core/openssh/openssh/init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-openeuler/recipes-core/openssh/openssh/init b/meta-openeuler/recipes-core/openssh/openssh/init index 8887e3af130..837340d84ad 100644 --- a/meta-openeuler/recipes-core/openssh/openssh/init +++ b/meta-openeuler/recipes-core/openssh/openssh/init @@ -4,7 +4,7 @@ set -e PIDFILE=/var/run/sshd.pid # source function library -. /etc/init.d/functions +#. /etc/init.d/functions # /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon -- Gitee From c2155374a798152d744a3ad0c4527a546635ecf9 Mon Sep 17 00:00:00 2001 From: zhuyan Date: Wed, 22 Sep 2021 20:12:01 +0800 Subject: [PATCH 5/5] add rc.local to start auditd and syslogd Signed-off-by: zhuyan --- meta-openeuler/recipes-core/os-base/os-base/rc.local | 4 ++++ meta-openeuler/recipes-core/os-base/os-base_1.0.bb | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 meta-openeuler/recipes-core/os-base/os-base/rc.local diff --git a/meta-openeuler/recipes-core/os-base/os-base/rc.local b/meta-openeuler/recipes-core/os-base/os-base/rc.local new file mode 100644 index 00000000000..8a74590bcec --- /dev/null +++ b/meta-openeuler/recipes-core/os-base/os-base/rc.local @@ -0,0 +1,4 @@ +#!/bin/bash + +/sbin/auditd +/sbin/syslogd diff --git a/meta-openeuler/recipes-core/os-base/os-base_1.0.bb b/meta-openeuler/recipes-core/os-base/os-base_1.0.bb index 942954a8f15..82521a72fd0 100644 --- a/meta-openeuler/recipes-core/os-base/os-base_1.0.bb +++ b/meta-openeuler/recipes-core/os-base/os-base_1.0.bb @@ -23,7 +23,8 @@ SRC_URI = "file://bashrc \ file://shadow \ file://sysctl.conf \ file://rc.functions \ - file://rc.sysinit" + file://rc.sysinit \ + file://rc.local" do_install() { install -d ${D}/etc @@ -43,6 +44,7 @@ do_install() { install -d ${D}/etc/rc.d cp ${WORKDIR}/rc.functions ${D}/etc/rc.d cp ${WORKDIR}/rc.sysinit ${D}/etc/rc.d + cp ${WORKDIR}/rc.local ${D}/etc/rc.d } -- Gitee