1. 16 Dec, 2021 5 commits
  2. 15 Dec, 2021 10 commits
  3. 14 Dec, 2021 3 commits
  4. 13 Dec, 2021 10 commits
  5. 12 Dec, 2021 7 commits
  6. 10 Dec, 2021 5 commits
    • Kirill Smelkov's avatar
      fixup! component/nxdtest: Prepare for nexedi/nxdtest!13 · aa6f42e2
      Kirill Smelkov authored
      Fix the following build failure in nxdtest's own test:
      
          [2021-12-10 15:57:15,142] INFO     While:
          [2021-12-10 15:57:15,142] INFO       Installing.
          [2021-12-10 15:57:15,142] INFO       Getting section python-interpreter.
          [2021-12-10 15:57:15,142] INFO       Initializing section python-interpreter.
          [2021-12-10 15:57:15,142] INFO       Getting option python-interpreter:eggs.
          [2021-12-10 15:57:15,142] INFO       Getting section nxdtest.
          [2021-12-10 15:57:15,142] INFO       Initializing section nxdtest.
          [2021-12-10 15:57:15,142] INFO       Getting option nxdtest:eggs.
          [2021-12-10 15:57:15,142] INFO       Getting section .nxdtest.pyexe.
          [2021-12-10 15:57:15,142] INFO       Initializing section .nxdtest.pyexe.
          [2021-12-10 15:57:15,142] INFO       Getting option .nxdtest.pyexe:eggs.
          [2021-12-10 15:57:15,142] INFO       Getting option nxdtest:eggs.
          [2021-12-10 15:57:15,142] INFO       Getting option .nxdtest.pyexe:eggs.
          [2021-12-10 15:57:15,142] INFO     Error: Circular reference in substitutions.
      
      This is hot, not a proper, fix to recover nxdtest.UnitTest-Master status.
      I will think more calmly what to properly do.
      aa6f42e2
    • Kirill Smelkov's avatar
      golang += patches to fix tests under user namespaces · 71ced145
      Kirill Smelkov authored
      If we enter user namespace via regular unshare without help from SUID
      newuidmap/newgidmap, all supplementary groups are mapped to -1. As the result
      when Go test tries to chown to a supplementary group, it gets EINVAL:
      
      https://github.com/golang/go/issues/42525
      
      -> work it around with patch to skip this chown tests.
      
      A more proper, longer-term fix would be to fix Linux kernel to allow writes to
      /proc/self/gid_map to setup mapping not only to original gid, but to all
      original supplementary groups as well here:
      
      https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c?id=v5.16-rc4-0-g0fcfb00b28c0#n1143
      
      this fix, even if accepted by upstream, would be long to be waited for to
      propagate to distribution kernels that we currently use. So we go with this
      workaround for now.
      
      --------
      
      Another patch is to fix the following TestSCMCredentials failure:
      
          === RUN   TestSCMCredentials
              creds_test.go:81: WriteMsgUnix failed with invalid argument, want EPERM
          --- FAIL: TestSCMCredentials (0.00s)
      
      There the code tries to send uid0/gid0 credentials from non-zero uid and
      expects EPERM reject from kernel. However under `unshare -Umc` uid0/gid0 are
      not mapped to anywhere and so implicitly map to -1 and are rejected with EINVAL
      by the kernel.
      
      /reviewed-by @jerome
      /reviewed-on nexedi/slapos!1095
      71ced145
    • Kirill Smelkov's avatar
      component/nxdtest: Prepare for nexedi/nxdtest!13 (II) · 0fcadfbd
      Kirill Smelkov authored
      4) Hook in python-prctl, as it becomes nxdtest dependency: see
         nexedi/nxdtest!13 (79d13eff)
      
      /reviewed-by @jerome
      /reviewed-on nexedi/slapos!1095
      0fcadfbd
    • Kirill Smelkov's avatar
      component/nxdtest: Prepare for nexedi/nxdtest!13 · e328aa49
      Kirill Smelkov authored
      Prepare for upcoming nxdtest changes to run each testcase with its own
      /tmp and /dev/shm:
      
      1) put unshare from SlapOS component into $PATH, so that our version is
         used even if OS provides /bin/unshare. As @jerome explains we need
         features that were added relatively recently and are missing in unshare
         on Debian 10: nexedi/nxdtest!13 (comment 146752)
      
         It is anyway better to "isolate" from OS by using our own component
         instead of system-provided one.
      
         Correspondingly adjust util-linux to enable unshare in its build.
      
      2) similarly to "1" adjust util-linux to enable mount so that our version
         is used instead of /bin/mount. For example on Debian 9, even if we
         successfully enter user/mount namespace with `unshare -Umc`
      
             /bin/mount -t tmpfs none /tmp
      
         complains that
      
             mount: only root can use "--types" option
      
         -> Fix it the same way as with unshare by forcing usage of
         SlapOS-provided mount.
      
      3) rework how nxdtest script is generated and split it into .nxdtest.pyexe and
         nxdtest itself. .nxdtest.pyexe is python interpreter via which nxdtest is run.
         This interpreter has all eggs required by nxdtest in sys.path, so that
         nxdtest could spawn its trun.py via sys.executable. If we don't care to have
         properly setup sys.executable, trun.py will fail when importing any module that
         nxdtest.py could already successfully import.
      
         Initially I tried to workaround this issue via adjusting $PYTHONPATH <-
         sys.path in main nxdtest script, but @jerome points out that, $PYTHONPATH,
         if set, also affects processes that trun.py spawns, which is not good:
      
         nexedi/slapos!1095 (comment 146799)
      
         -> so fix this via running nxdtest via environment where sys.executable is
         properly setup python interpreter with path for all eggs that nxdtest has
         access to.
      
         Because we already have half-way workarounds for similar problem in several
         places, and because running a script with correctly setup sys.executable is
         generally better, I would say it should be a good idea to rework
         zc.recipe.egg:scripts to generate all scripts to work this way, but I do not
         want to fight about it.
      
         So let's leave this scheme nxdtest-specific for now.
      
      /cc @tomo
      /helped-and-reviewed-by @jerome
      /reviewed-on nexedi/slapos!1095
      e328aa49
    • Thomas Gambier's avatar
      software/kvm: fix netconfig.sh and ipv6_config.sh scripts · 07439e2e
      Thomas Gambier authored
      When adding a route to an interface not up yet, "ip route" command fails
      with:
      
      Error: Device for nexthop is not up.
      
      So we need to up the device before adding the routes.
      07439e2e