ARM64 buildah and edk2 blocked packages fix.
#3101
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
the
jslobodzian
approved these changes
Jun 2, 2022
PawelWMS
changed the title
buildah and edk2 blocked packages fix.
jslobodzian
pushed a commit
that referenced
this pull request
Jun 3, 2022
jslobodzian
added a commit
that referenced
this pull request
Jun 3, 2022
osamaesmailmsft
added a commit
that referenced
this pull request
Oct 12, 2022
* Only build bond against x86_64 architecture (#1800) (#1801) * fix bond build break for ARM64 on main branch * fix bond build break for ARM64 on main branch * fix bond build break for ARM64 on main branch Co-authored-by: nicolas guibourge <nicolasg@microsoft.com> Co-authored-by: nicolas guibourge <nicolasg@microsoft.com> * [main extended] Enable libguestfs (#1970) * Remove libreport support from mdadm * Conditionally pull in perl-Sys-Virt test deps * Fix dependency resolution for ocaml-ctypes * Upgrade to latest ocaml-gettext * Fix ocaml-ounit build * Upgrade ocaml-base to latest * Upgrade ocaml-migrate-parsetree to latest * Upgrade ocaml-stdio to 0.15.0 * Upgrade ocaml-parsexp to 0.15.0 * Upgrade ocaml-ppxlib to 0.24.0 * Upgrade ocaml-sexplib to 0.15.0 * Upgrade ocaml-sexplib0 to 0.15.0 * Upgrade supermin to 5.2.1 * Fixup libguestfs patches and configuration * [main extended] Fix dnf-plugins-core, ocaml-findlib builds (#1950) * [main] Removing in-spec sources verification using `libguestfs.keyring`. (#1971) * kernel: Update Mariner cert in kernel keyring (#1979) * kernel: Update mariner cert in kernel keyring * kernel-hyperv: Update mariner cert in kernel keyring * kernel-headers: Bump to match kernel release number * kernel-signed: Bump to match kernel release Signed-off-by: Chris Co <chrco@microsoft.com> * lttng-consume: disable tests to fix build break (#1980) Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com> * Revert "Upgrading Parted to v3.4" (#1966) * Revert "Upgrading Parted to v3.4 (#1898)" This reverts commit 24382cf. * verifying license to unblock upgrade revert pr * Temporary: Add python3-distro to azurevm-packages packagelist (#2016) * Upgrade libmemcached, memcached and promote to core specs (#1981) * kernel-signed: workaround errant .build-id file (#2032) After the upgrade to RPM 4.17, when building on ARM64 only, we are observing an unexpected /usr/lib/debug/.build-id/xx/yyyy.debug file being packaged into the kernel.rpm package. This errant file is causing build errors when repackaging in the kernel-signed build phase. This patch workarounds the build issue by specifically excluding the /usr/lib/debug/.build-id folder when building for ARM64. More investigation underway to identify why this unexpect /usr/lib/debug/.build-id/xx/yyyy.debug file is being included. Signed-off-by: Chris Co <chrco@microsoft.com> * Fix grubby build with newer versions of RPM (#2036) * Update libgit2 to latest upstream version 1.1.0 (#2021) Signed-off-by: Kate Goldenring <kagold@microsoft.com> * Fix build break (signature) for libgit2 * Fix TDNF download of packages during libguestfs build * Replace perl(Locale::TextDomain) BR in libguestfs with actual package * [main] Fixing tooling issues during package candidates resolution. (#2091) * Fix dependency constraints, UUID parsing in libguestfs (#2113) * Bring over libguestfs changes from 2.0 * Fix selinux-policy, file bugs in libguestfs * kernel: Update input aarch64 config file (#2358) ARM64 kernel package builds are failing due to a config diff missing between the expected config and the actual config file. Add missing CONFIG_USBIP_VUDC line Signed-off-by: Chris Co <chrco@microsoft.com> * Revert "[main] Update envoy to v1.21.0 (#2330)" This reverts commit 5c0c47a. * toolkit only - use local /run folder in chroot instead of mounted tmpfs (#2435) * toolkit - use local /run folder in chroot instead of mounted tmpfs * address PR comments * address PR comments * address PR comments Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com> * [main] iperf3: Update to 3.11 (#2512) * Update iperf3 to 3.11 * toolchain: Remove alsa-lib (#2543) * Fix post-install script args in imageconfig being ignored (#2414) * Upgrade nodejs to 16.14.0 (#2485) * upgrade nodejs to 16.14.0 * upgrade nodejs to 16.14.0 * upgrade nodejs to 16.14.0 * upgrade nodejs Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com> * [main] upgrading libarchive to v3.6.0 (#2515) * upgrading libarchive to v3.6.0 * removing patch file * adding missing URL * fixing URL * [2.0] Modify pam to require audit-libs (#2572) * update pam * update manifests * install audit-libs before systemd (#2584) * Revert "install audit-libs before systemd (#2584)" This reverts commit 2170975. * Build rubygems with ruby to fix build error in pipeline (#2601) * Add rubygems to build with ruby to fix build error in pipeline * Remove bundler requirement * [main] Adding `--assumeyes` for TDNF calls. (#2641) (#2642) * Fix bad ruby merge issue * Revert "python3: Add python-unversioned-command subpackage (#2637)" This reverts commit b62bb32. * dnf-plugins-core: Fix bad python path in cmake call (#2658) * dnf-plugins-core: Fix bad python path in cmake call * Update license map * Empty commit to trigger GH checks * Unblock build, exclude SymCrypt from ARM64 * Update python requirement in azurevm packagelist for 2.0 (#2667) * Revert "Unblock build, exclude SymCrypt from ARM64" This reverts commit 9b0a48f. * Repair toolkit merge issue * fix boringssl license issue (#2775) * revert arm64 exclusion workaround (#2769) * [main] Build break workaround. (#2788) * Revert "fix boringssl license issue (#2775)" This reverts commit 50b3397. * Remove boringssl to reconcile with main branch * [main] Fixing installation paths with new version of Ruby. (#2859) * vim: Fix vi provides with reversed EVR (#2872) * cri-o: Replace openSUSE systemd macros with Mariner's (#2874) * toolchain: Rebuild audit with systemd-bootstrap-rpm-macros installed (#2878) * toolchain: Rebuild audit with systemd-bootstrap-rpm-macros installed * audit: Add BR on systemd-bootstrap-rpm-macros * [2.0] Cherry-pick credscan failure caused by unattended installer image config (#2908) * minor fix to build doc (#2907) Co-authored-by: Henry Li <lihl@microsoft.com> * fix image config json (#2906) Co-authored-by: Henry Li <lihl@microsoft.com> Co-authored-by: Henry Li <lihl@microsoft.com> * download msopenjdk-11 from prod folder (#2921) * Cherry Pick build fixes to Extended (#3105) * ARM64 `buildah` and `edk2` blocked packages fix. (#3101) * Adding missing signature for `perl-Module-Install-Repository`. (#3086) Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com> * Python-twisted: upgrade to version 22.4.0 to fix CVE-2022-24801 (#3079) * python-twisted upgrade to 22.4.0 to fix CVE-2022-24801 * python-twisted upgrade to 22.4.0 to fix CVE-2022-24801 * python-twisted upgrade to 22.4.0 to fix CVE-2022-24801 * python-twisted upgrade to 22.4.0 to fix CVE-2022-24801 Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com> * upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-… (#3087) * upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796 * upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796 * upgrading vim to 8.2.4979 for CVE-2022-1619, CVE-2022-1621, CVE-2022-1629, CVE-2022-1616, CVE-2022-1733, CVE-2022-1735, CVE-2022-1769, CVE-2022-1620, CVE-2022-1674, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796 Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com> * Updating `vim` to version 8.2.5064. (#3112) * Bump Mariner Release (#3140) * Revert "Add missing e2fsprogs dep to cloud-init (#3141)" This reverts commit 7417d8a. Reverting this change temporarily because we are not ready to upgrade cloud-init * Revert "cloud-init: uprev to 22.2 (#3104)" This reverts commit 3bcdc43. Reverting this change temporarily because we are not ready to upgrade cloud-init. * Fix build errors caused by ncurses 6.3 upgrade (#3184) * Fix ARM64 Build Break (#3191) * t1lib: Fix SRPM packing (#3192) * Revert "cloud-init: patch for CVE-2022-2084 (#3281)" This reverts commit e317430. * Revert "Revert "cloud-init: uprev to 22.2 (#3104)"" This reverts commit ae3a7d8. * Revert "Revert "Add missing e2fsprogs dep to cloud-init (#3141)"" This reverts commit 68bd0ec. * Revert "Revert "cloud-init: patch for CVE-2022-2084 (#3281)"" This reverts commit 0b1ba72. * Revert "Initial KeysInUse Integration (#3182)" This reverts commit 7de96f6. * Updating 'mariner-release' version for July update 2. (#3444) * remove provides from unsigned grub2 (#3461) Co-authored-by: Henry Li <lihl@microsoft.com> * Updating 'mariner-release' for the August release. * Updating licenses after the 'main' merge. * KeysInUse: re-introduce package back to 2.0. (#3531) * Update helm version 3.9.3 (#3586) * Update helm version 3.9.3 * Fix helm version info not displaying correctly * fix cloud-init dependency issue (#3606) * `mariadb`: update to v10.6.9 to fix CVE-2022-32091, CVE-2022-32081 (#3645) * fix npm version in nodejs.spec (#3571) * upgrade vim to 9.0.0232 (#3580) * qemu : fix CVE-2022-35414 (#3597) * qemu : fix CVE-2022-35414 * address PR comment Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com> * libxml2 and python-lxml: fix CVE-2022-2309 (#3583) * libxml2 and python-lxml: fix CVE-2022-2309 * libxml2 and python-lxml: fix CVE-2022-2309 * address PR comments Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com> * rubygem-yajl-ruby: fix CVE 2022 24795 (#3598) * rubygem-yajl-ruby : fix CVE-2022-24795 * rubygem-yajl-ruby : fix CVE-2022-24795 * back port patch from 1.4.1 * fix spec issue * address PR comments Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com> * Update cert-manager to v1.7.3. (#3575) - Update cert-manager to v1.7.3. - Split cert-manager binaries into separate packages. - Remove cert-manager build dependency on Bazel and just build the binaries directly using `go build`. This makes building easier. Also, the latest upstream version of cert-manager does this. - Use the Go "vendor" directory for Go dependencies instead of dumping files in the global Go cache. * Bump supported go versions to 1.17.13, 1.18.5 to fix fifteen CVEs (#3600) Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com> * dpkd: bump version to 21.11.2 to address CVE-2022-2132 (#3631) * dpkd: bump version to 21.11.2 to address CVE-2022-2132 * dpdk: cgmanifest: update entry Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com> * `vim`: upgrade to 9.0.0325 to fix CVE-2022-2980, CVE-2022-2982, CVE-2022-2923, CVE-2022-2946 (#3643) * `python3`: fix CVE-2015-20107 (#3644) * `python3`: fix CVE-2021-28861 (#3654) * `colord`: fix CVE-2021-42523 (#3675) * `virglrenderer`: fix CVE-2022-0135 (#3674) * libtar: Pull misc Fedora patches, fix CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646 (#3686) * Apply Fedora patches * Apply linter * Use upstream patch * Patch qemu CVE-2021-4158 (#3696) * libtar: Fixup spec formatting, remove .la files, remove explicit provides (#3698) * Fixup libtar spec formatting, .la files, provides * Add comment so we can track CVE fixes * update mariner-release to 2.0-19 (#3723) * fix br in libvirt (#3726) * Added nopatch to libtirpc for CVE-2021-46828 (#3779) Co-authored-by: Nick Samson <nisamson@microsoft.com> * update mariner-release to 2.0-21 (#3778) * revert changes for adding sysinit.target dependency (#3777) * Expat fix CVE-2022-40674 (#3799) Co-authored-by: Betty Lakes <bettylakes@microsoft.com> * bump mariner-release to 2.0-21 * switching branches * Ensure rpm-* ABI compatibility (#3880) * Ensure `python3-rpm` pulls in appropriate libs * Add rpm-build-libs -> rpm-libs dependency too * Declare release `4.18.0-2` with fixes * toolkit.mk: fix 'clean-rpms-snapshot' target. (#3843) * 7.4.14 to 8.1.11; need to delete the old SPECS-EXTENDED folders * php 8.1.11 build now * removed libraries from SPECS-EXTENDED * merged current 2.0; added changelog for php & updated other licenses; need to verify changelog for php & version thing olivia said * update cgmanifest.json * reresolving old mr comments * updated hunspell to fix CVE; added aspell patch to fix CVE; fixed some PHP linting issues * one linting fix * removed commented-out modphp code; updated changelog * debugging url issues * trying 2sec timeout instead of 1sec * echoing to txt log * undoing validate-cg-manifests.sh changes; trying new url * resolving mr comments * updating malaga in cgmanifest * trying source-git's mirror * trying with local tarball * trying with local tarball * using blob storage * Delete bad_registrations.txt * updating tokyocabinet url * changing branches * resolving conflicts with upstream/main * mr comments * updating cgmanifest * actually fixing validate_cg_manifest.sh * Delete php-8.1.11.tar.xz.asc * Delete php-keyring.gpg Signed-off-by: Chris Co <chrco@microsoft.com> Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com> Signed-off-by: Kate Goldenring <kagold@microsoft.com> Co-authored-by: nicolas guibourge <nicogbg@gmail.com> Co-authored-by: nicolas guibourge <nicolasg@microsoft.com> Co-authored-by: Jon Slobodzian <joslobo@microsoft.com> Co-authored-by: Thomas Crain <thcrain@microsoft.com> Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com> Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com> Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com> Co-authored-by: Max Brodeur-Urbas <35381493+MaxBrodeurUrbas@users.noreply.github.com> Co-authored-by: Kate Goldenring <kate.goldenring@microsoft.com> Co-authored-by: rlmenge <rachelmenge@microsoft.com> Co-authored-by: Vince Perri <5596945+vinceaperri@users.noreply.github.com> Co-authored-by: Andrew Phelps <anphel31@users.noreply.github.com> Co-authored-by: Neha Agarwal <58672330+neha170@users.noreply.github.com> Co-authored-by: Olivia Crain <olivia@olivia.dev> Co-authored-by: Henry Li <69694695+henryli001@users.noreply.github.com> Co-authored-by: Henry Li <lihl@microsoft.com> Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com> Co-authored-by: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com> Co-authored-by: Nan Liu <108544011+liunan-ms@users.noreply.github.com> Co-authored-by: Henry Beberman <henry.beberman@microsoft.com> Co-authored-by: Cameron E Baird <cameronbaird@microsoft.com> Co-authored-by: Chris Gunn <chrisgun@microsoft.com> Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com> Co-authored-by: Nick Samson <nick.samson@microsoft.com> Co-authored-by: Nick Samson <nisamson@microsoft.com> Co-authored-by: Minghe Ren <mingheren@microsoft.com> Co-authored-by: Betty <38226164+BettyRain@users.noreply.github.com> Co-authored-by: Betty Lakes <bettylakes@microsoft.com> Co-authored-by: Andrew Phelps <anphel@microsoft.com> Co-authored-by: Andy Caldwell <andycaldwell@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/tools/cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json)./SPECS/LICENSES-AND-NOTICES/data/licenses.json,./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md,./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
For ARM64 builds we've had 2 blocked packages:
buildahandedk2. The former was blocked onostree, which used to be built exclusively for AMD64 and this PR makes it build for ARM64 as well. The latter was blocked onnasmfor the same reason but since officiallynasmdoesn't support ARM64, we've decided to disable buildingedk2on ARM64 for now.Change Log
ExclusiveArchfromostree.spec.ExclusiveArch: x86_64toedk2.spec.Does this affect the toolchain?
No.
Test Methodology