summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--alpine/APKBUILD.in2
-rw-r--r--docker/alpine/Dockerfile56
-rw-r--r--docker/alpine/libyang/10-remove-non-standard-headers.patch298
-rw-r--r--docker/alpine/libyang/11-utest-dont-parse-dlerror.patch40
-rwxr-xr-xdocker/alpine/libyang/APKBUILD46
5 files changed, 424 insertions, 18 deletions
diff --git a/alpine/APKBUILD.in b/alpine/APKBUILD.in
index e6776cb3a..138ec4f1d 100644
--- a/alpine/APKBUILD.in
+++ b/alpine/APKBUILD.in
@@ -13,7 +13,7 @@ makedepends="ncurses-dev net-snmp-dev gawk texinfo perl
expat fakeroot flex fortify-headers gdbm git gmp isl json-c-dev kmod
lddtree libacl libatomic libattr libblkid libburn libbz2 libc-dev
libcap-dev libcurl libedit libffi libgcc libgomp libisoburn libisofs
- libltdl libressl libssh2 libstdc++ libtool libuuid libyang-dev
+ libltdl libressl libssh2 libstdc++ libtool libuuid
linux-headers lzip lzo m4 make mkinitfs mpc1 mpfr4 mtools musl-dev
ncurses-libs ncurses-terminfo ncurses-terminfo-base patch pax-utils pcre
perl pkgconf python3 python3-dev readline readline-dev sqlite-libs
diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile
index 8fc36c0e5..79ae31567 100644
--- a/docker/alpine/Dockerfile
+++ b/docker/alpine/Dockerfile
@@ -1,3 +1,26 @@
+# syntax=docker/dockerfile:1
+
+# Create a basic stage set up to build APKs
+FROM alpine:3.13 as alpine-builder
+RUN apk add \
+ --update-cache \
+ abuild \
+ alpine-conf \
+ alpine-sdk \
+ && setup-apkcache /var/cache/apk \
+ && mkdir -p /pkgs/apk \
+ && echo 'builder ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+RUN adduser -D -G abuild builder && su builder -c 'abuild-keygen -a -n'
+
+# This stage builds a libyang APK from source
+FROM alpine-builder as libyang-builder
+RUN mkdir -p /libyang && chown -R builder /pkgs /libyang
+COPY docker/alpine/libyang/ /libyang
+USER builder
+RUN cd /libyang \
+ && abuild checksum \
+ && abuild -r -P /pkgs/apk
+
# This stage builds a dist tarball from the source
FROM alpine:3.13 as source-builder
@@ -9,8 +32,15 @@ RUN source /src/alpine/APKBUILD.in \
--update-cache \
$makedepends \
gzip \
+ py-pip \
&& pip install pytest
+RUN mkdir -p /pkgs/apk
+COPY --from=libyang-builder /pkgs/apk/ /pkgs/apk/
+RUN apk add \
+ --no-cache \
+ --allow-untrusted /pkgs/apk/*/*.apk
+
COPY . /src
ARG PKGVER
RUN cd /src \
@@ -20,25 +50,17 @@ RUN cd /src \
--with-pkg-extra-version="_git$PKGVER" \
&& make dist
-# This stage builds an apk from the dist tarball
-FROM alpine:3.13 as alpine-builder
-# Don't use nocache here so that abuild can use the cache
-RUN apk add \
- --update-cache \
- abuild \
- alpine-conf \
- alpine-sdk \
- py-pip \
- && pip install pytest \
- && setup-apkcache /var/cache/apk \
- && mkdir -p /pkgs/apk \
- && echo 'builder ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
-
+# This stage builds an APK from the dist tarball
+FROM alpine-builder as frr-apk-builder
+COPY --from=libyang-builder /pkgs/apk/ /pkgs/apk/
COPY --from=source-builder /src/frr-*.tar.gz /src/alpine/* /dist/
-RUN adduser -D -G abuild builder && chown -R builder /dist /pkgs
+RUN find /pkgs/apk -type f -name APKINDEX.tar.gz -delete
+RUN apk add \
+ --no-cache \
+ --allow-untrusted /pkgs/apk/*/*.apk
+RUN chown -R builder /dist /pkgs
USER builder
RUN cd /dist \
- && abuild-keygen -a -n \
&& abuild checksum \
&& git init \
&& abuild -r -P /pkgs/apk
@@ -46,7 +68,7 @@ RUN cd /dist \
# This stage installs frr from the apk
FROM alpine:3.13
RUN mkdir -p /pkgs/apk
-COPY --from=alpine-builder /pkgs/apk/ /pkgs/apk/
+COPY --from=frr-apk-builder /pkgs/apk/ /pkgs/apk/
RUN apk add \
--no-cache \
--update-cache \
diff --git a/docker/alpine/libyang/10-remove-non-standard-headers.patch b/docker/alpine/libyang/10-remove-non-standard-headers.patch
new file mode 100644
index 000000000..18812b534
--- /dev/null
+++ b/docker/alpine/libyang/10-remove-non-standard-headers.patch
@@ -0,0 +1,298 @@
+From 8f4907590afbe3eafabcf5b461c0ae51b65c3a37 Mon Sep 17 00:00:00 2001
+From: Michal Vasko <mvasko@cesnet.cz>
+Date: Thu, 10 Jun 2021 15:07:02 +0200
+Subject: [PATCH] libyang BUGFIX do not include non-standard headers
+
+Fixes #1614
+---
+ src/context.c | 1 -
+ src/diff.c | 1 -
+ src/log.c | 1 -
+ src/out.c | 1 -
+ src/plugins_types.c | 1 -
+ src/plugins_types/bits.c | 1 -
+ src/plugins_types/date_and_time.c | 1 -
+ src/plugins_types/identityref.c | 1 -
+ src/plugins_types/integer.c | 1 -
+ src/plugins_types/ipv4_address.c | 1 -
+ src/plugins_types/ipv4_address_no_zone.c | 1 -
+ src/plugins_types/ipv4_prefix.c | 1 -
+ src/plugins_types/ipv6_address.c | 1 -
+ src/plugins_types/ipv6_address_no_zone.c | 1 -
+ src/plugins_types/ipv6_prefix.c | 1 -
+ src/plugins_types/union.c | 1 -
+ src/schema_compile_node.c | 1 -
+ src/tree_data_helpers.c | 1 -
+ src/tree_schema.c | 1 -
+ src/validation.c | 1 -
+ src/xpath.c | 1 -
+ tools/re/main.c | 1 -
+ 22 files changed, 22 deletions(-)
+
+diff --git a/src/context.c b/src/context.c
+index eb671255..ac62cac5 100644
+--- a/src/context.c
++++ b/src/context.c
+@@ -17,7 +17,6 @@
+ #define _XOPEN_SOURCE 1
+ #define _XOPEN_SOURCE_EXTENDED 1
+ #endif
+-#include <sys/cdefs.h>
+
+ #include "context.h"
+
+diff --git a/src/diff.c b/src/diff.c
+index b40dd73a..4971c6fe 100644
+--- a/src/diff.c
++++ b/src/diff.c
+@@ -12,7 +12,6 @@
+ * https://opensource.org/licenses/BSD-3-Clause
+ */
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "diff.h"
+
+diff --git a/src/log.c b/src/log.c
+index 97c7b283..9cd5fd0d 100644
+--- a/src/log.c
++++ b/src/log.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "log.h"
+
+diff --git a/src/out.c b/src/out.c
+index 37beb696..898d663a 100644
+--- a/src/out.c
++++ b/src/out.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "out.h"
+ #include "out_internal.h"
+diff --git a/src/plugins_types.c b/src/plugins_types.c
+index 26bac210..a2cf0f38 100644
+--- a/src/plugins_types.c
++++ b/src/plugins_types.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/bits.c b/src/plugins_types/bits.c
+index 9d086ffb..ef87691b 100644
+--- a/src/plugins_types/bits.c
++++ b/src/plugins_types/bits.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/date_and_time.c b/src/plugins_types/date_and_time.c
+index 0d52dbb1..a23caaa9 100644
+--- a/src/plugins_types/date_and_time.c
++++ b/src/plugins_types/date_and_time.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/identityref.c b/src/plugins_types/identityref.c
+index 90546d69..91ddbde2 100644
+--- a/src/plugins_types/identityref.c
++++ b/src/plugins_types/identityref.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/integer.c b/src/plugins_types/integer.c
+index 44e87f99..bf2b7812 100644
+--- a/src/plugins_types/integer.c
++++ b/src/plugins_types/integer.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/ipv4_address.c b/src/plugins_types/ipv4_address.c
+index a95752ea..a7369d6b 100644
+--- a/src/plugins_types/ipv4_address.c
++++ b/src/plugins_types/ipv4_address.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/ipv4_address_no_zone.c b/src/plugins_types/ipv4_address_no_zone.c
+index a17a7efe..1fb34b06 100644
+--- a/src/plugins_types/ipv4_address_no_zone.c
++++ b/src/plugins_types/ipv4_address_no_zone.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/ipv4_prefix.c b/src/plugins_types/ipv4_prefix.c
+index 3108b2c5..6fb93390 100644
+--- a/src/plugins_types/ipv4_prefix.c
++++ b/src/plugins_types/ipv4_prefix.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/ipv6_address.c b/src/plugins_types/ipv6_address.c
+index c0d20fa4..d09425b3 100644
+--- a/src/plugins_types/ipv6_address.c
++++ b/src/plugins_types/ipv6_address.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/ipv6_address_no_zone.c b/src/plugins_types/ipv6_address_no_zone.c
+index c612b663..06bd1891 100644
+--- a/src/plugins_types/ipv6_address_no_zone.c
++++ b/src/plugins_types/ipv6_address_no_zone.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/ipv6_prefix.c b/src/plugins_types/ipv6_prefix.c
+index b3ad34b6..91431fef 100644
+--- a/src/plugins_types/ipv6_prefix.c
++++ b/src/plugins_types/ipv6_prefix.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/plugins_types/union.c b/src/plugins_types/union.c
+index a8ec43b3..89e81c7a 100644
+--- a/src/plugins_types/union.c
++++ b/src/plugins_types/union.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* strdup */
+-#include <sys/cdefs.h>
+
+ #include "plugins_types.h"
+
+diff --git a/src/schema_compile_node.c b/src/schema_compile_node.c
+index 424b7f8f..273023de 100644
+--- a/src/schema_compile_node.c
++++ b/src/schema_compile_node.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "schema_compile_node.h"
+
+diff --git a/src/tree_data_helpers.c b/src/tree_data_helpers.c
+index 488efbbb..2d9ba624 100644
+--- a/src/tree_data_helpers.c
++++ b/src/tree_data_helpers.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include <assert.h>
+ #include <ctype.h>
+diff --git a/src/tree_schema.c b/src/tree_schema.c
+index 93f29796..4a57cc47 100644
+--- a/src/tree_schema.c
++++ b/src/tree_schema.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "tree_schema.h"
+
+diff --git a/src/validation.c b/src/validation.c
+index b9eda810..e2062256 100644
+--- a/src/validation.c
++++ b/src/validation.c
+@@ -12,7 +12,6 @@
+ * https://opensource.org/licenses/BSD-3-Clause
+ */
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "validation.h"
+
+diff --git a/src/xpath.c b/src/xpath.c
+index b68a76b8..ea1cdfc9 100644
+--- a/src/xpath.c
++++ b/src/xpath.c
+@@ -12,7 +12,6 @@
+ * https://opensource.org/licenses/BSD-3-Clause
+ */
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include "xpath.h"
+
+diff --git a/tools/re/main.c b/tools/re/main.c
+index b512ad80..4d8aa99c 100644
+--- a/tools/re/main.c
++++ b/tools/re/main.c
+@@ -13,7 +13,6 @@
+ */
+
+ #define _GNU_SOURCE /* asprintf, strdup */
+-#include <sys/cdefs.h>
+
+ #include <errno.h>
+ #include <getopt.h>
+--
+2.31.1
+
diff --git a/docker/alpine/libyang/11-utest-dont-parse-dlerror.patch b/docker/alpine/libyang/11-utest-dont-parse-dlerror.patch
new file mode 100644
index 000000000..054862fcb
--- /dev/null
+++ b/docker/alpine/libyang/11-utest-dont-parse-dlerror.patch
@@ -0,0 +1,40 @@
+From 2054431ea3024b177083f09c66c1bb4c3d08b048 Mon Sep 17 00:00:00 2001
+From: Wesley Coakley <w@wesleycoakley.com>
+Date: Wed, 16 Jun 2021 00:30:50 -0400
+Subject: [PATCH] don't attempt to parse dlerror() in utests
+
+---
+ tests/utests/basic/test_plugins.c | 17 -----------------
+ 1 file changed, 17 deletions(-)
+
+diff --git a/tests/utests/basic/test_plugins.c b/tests/utests/basic/test_plugins.c
+index fd9e6130..662fd9b4 100644
+--- a/tests/utests/basic/test_plugins.c
++++ b/tests/utests/basic/test_plugins.c
+@@ -36,23 +36,6 @@ static void
+ test_add_invalid(void **state)
+ {
+ assert_int_equal(LY_ESYS, lyplg_add(TESTS_BIN "/plugins/plugin_does_not_exist" LYPLG_SUFFIX));
+-
+-#ifdef __APPLE__
+- CHECK_LOG("Loading \""TESTS_BIN "/plugins/plugin_does_not_exist" LYPLG_SUFFIX "\" as a plugin failed "
+- "(dlopen("TESTS_BIN "/plugins/plugin_does_not_exist" LYPLG_SUFFIX ", 2): image not found).", NULL);
+-#else
+- CHECK_LOG("Loading \""TESTS_BIN "/plugins/plugin_does_not_exist" LYPLG_SUFFIX "\" as a plugin failed "
+- "("TESTS_BIN "/plugins/plugin_does_not_exist" LYPLG_SUFFIX ": cannot open shared object file: "
+- "No such file or directory).", NULL);
+-#endif
+-
+- assert_int_equal(LY_EINVAL, lyplg_add(TESTS_BIN "/plugins/plugin_invalid" LYPLG_SUFFIX));
+-#ifndef __APPLE__
+- /* OS X prints address of the symbol being searched and cmocka doesn't support wildcards in string checking assert */
+- CHECK_LOG("Processing user type plugin \""TESTS_BIN "/plugins/plugin_invalid"LYPLG_SUFFIX "\" failed, "
+- "missing type plugins information ("TESTS_BIN "/plugins/plugin_invalid"LYPLG_SUFFIX ": "
+- "undefined symbol: plugins_types__).", NULL);
+-#endif
+ }
+
+ static void
+--
+2.31.1
+
diff --git a/docker/alpine/libyang/APKBUILD b/docker/alpine/libyang/APKBUILD
new file mode 100755
index 000000000..9fa20bf4d
--- /dev/null
+++ b/docker/alpine/libyang/APKBUILD
@@ -0,0 +1,46 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Maintainer: Christian Franke <nobody@nowhere.ws>
+pkgname=libyang
+pkgver=2.0.7
+pkgrel=0
+pkgdesc="YANG data modelling language parser and toolkit"
+url="https://github.com/CESNET/libyang"
+arch="all"
+license="BSD-3-Clause-Clear"
+makedepends="bison cmake cmocka-dev flex pcre2-dev"
+checkdepends="expect grep shunit2"
+subpackages="$pkgname-dev $pkgname-doc"
+source="$pkgname-$pkgver.tar.gz::https://github.com/CESNET/libyang/archive/v$pkgver.tar.gz
+ 10-remove-non-standard-headers.patch
+ 11-utest-dont-parse-dlerror.patch"
+
+# secfixes:
+# 1.0.215-r1:
+# - CVE-2021-28902
+# - CVE-2021-28903
+# - CVE-2021-28904
+# - CVE-2021-28905
+# - CVE-2021-28906
+
+build() {
+ if [ "$CBUILD" != "$CHOST" ]; then
+ CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux"
+ fi
+ cmake -B build \
+ -DCMAKE_BUILD_TYPE=None \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_INSTALL_LIBDIR=lib \
+ -DBUILD_SHARED_LIBS=True \
+ -DCMAKE_C_FLAGS="$CFLAGS" \
+ -DENABLE_BUILD_TESTS=ON \
+ "$CMAKE_CROSSOPTS"
+ make -C build
+}
+
+package() {
+ make -C build DESTDIR="$pkgdir" install
+}
+
+sha512sums="edb1d8d372b25ed820fa312e0dc96d4af7c8cd5ddeb785964de73f64774062ea7a5586bb27e2039ad24189d4a2ba04268921ca86e82423fc48647d1d10a2a0a7 libyang-2.0.7.tar.gz
+385008c715e6b0dc9e8f33c9cb550b3af7ee16f056f35d09a4ba01b9e00ddb88940915f93fc608fedd30b4f9a6a1503df414ae0be64b1263681b0ee18e6f4db8 10-remove-non-standard-headers.patch
+b16881d301a6aec68fbe6bfb7ba53a8fcdb4b9eead3b03573e0e2a4a8c3c3d6962db623be14d29c023b5a7ad0f685da1f6033dd9985f7a2914ad2f4da07e60cb 11-utest-dont-parse-dlerror.patch"