diff options
| -rw-r--r-- | docker/Dockerfile | 4 | ||||
| -rwxr-xr-x | scripts/check-qemu-install | 2 | ||||
| -rw-r--r-- | scripts/package-build/hsflowd/package.toml | 4 | ||||
| -rw-r--r-- | scripts/package-build/keepalived/package.toml | 2 | ||||
| -rw-r--r-- | scripts/package-build/keepalived/patches/keepalived/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch | 129 | ||||
| -rw-r--r-- | scripts/package-build/linux-kernel/.gitignore | 3 | ||||
| -rw-r--r-- | scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig | 4 | ||||
| -rw-r--r-- | scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig | 4 | ||||
| -rwxr-xr-x | scripts/package-build/linux-kernel/build-intel-ixgbevf.sh | 105 | ||||
| -rwxr-xr-x | scripts/package-build/linux-kernel/build-intel-nic.sh (renamed from scripts/package-build/linux-kernel/build-intel-ixgbe.sh) | 10 | ||||
| -rwxr-xr-x | scripts/package-build/linux-kernel/build.py | 19 | ||||
| -rw-r--r-- | scripts/package-build/linux-kernel/package.toml | 10 |
12 files changed, 35 insertions, 261 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index a638a438..3dfcb9f9 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -108,6 +108,7 @@ RUN apt-get update && apt-get install -y \ debootstrap \ live-build \ gdisk \ + sbsigntool \ dosfstools # Packages for TPM test @@ -264,7 +265,8 @@ RUN pip install --break-system-packages \ python3-zmq \ pylint \ quilt \ - whois + whois \ + python3-cracklib # Go required for telegraf and prometheus exporters build RUN GO_VERSION_INSTALL="1.23.2" ; \ diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install index dd4c739d..551d1e7e 100755 --- a/scripts/check-qemu-install +++ b/scripts/check-qemu-install @@ -361,7 +361,7 @@ if args.qemu_cmd: os.system(tmp) exit(0) -test_timeout = 3 *3600 # 3 hours (in seconds) +test_timeout = 5 *3600 # 3 hours (in seconds) tpm_process = None try: # Start TPM emulator diff --git a/scripts/package-build/hsflowd/package.toml b/scripts/package-build/hsflowd/package.toml index 05ec13fe..823b0db3 100644 --- a/scripts/package-build/hsflowd/package.toml +++ b/scripts/package-build/hsflowd/package.toml @@ -1,8 +1,8 @@ [[packages]] name = "host-sflow" -commit_id = "v2.0.55-1" +commit_id = "v2.1.11-5" scm_url = "https://github.com/sflow/host-sflow.git" -build_cmd = "make deb FEATURES='PCAP DROPMON DBUS PSAMPLE'" +build_cmd = "make deb FEATURES='PCAP DROPMON DBUS PSAMPLE VPP'" [dependencies] packages = ["libpcap0.8-dev"] diff --git a/scripts/package-build/keepalived/package.toml b/scripts/package-build/keepalived/package.toml index ad1008e6..3f5ec071 100644 --- a/scripts/package-build/keepalived/package.toml +++ b/scripts/package-build/keepalived/package.toml @@ -1,4 +1,4 @@ [[packages]] name = "keepalived" -commit_id = "debian/1%2.2.8-1" +commit_id = "debian/1%2.3.2-1" scm_url = "https://salsa.debian.org/debian/pkg-keepalived.git" diff --git a/scripts/package-build/keepalived/patches/keepalived/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch b/scripts/package-build/keepalived/patches/keepalived/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch deleted file mode 100644 index b099dc7b..00000000 --- a/scripts/package-build/keepalived/patches/keepalived/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch +++ /dev/null @@ -1,129 +0,0 @@ -From af4aa758c3512bec8233549e138b03741c5404f9 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage <quentin@armitage.org.uk> -Date: Sat, 14 Oct 2023 15:37:19 +0100 -Subject: [PATCH] vrrp: Set sysctl arp_ignore to 1 on IPv6 VMACs - -Setting arp_ignore to 1 ensures that the VMAC interface does not respond -to ARP requests for IPv4 addresses not configured on the VMAC. - -Signed-off-by: Quentin Armitage <quentin@armitage.org.uk> ---- - keepalived/include/vrrp_if_config.h | 2 +- - keepalived/vrrp/vrrp_if_config.c | 28 ++++++++++++++++++++-------- - keepalived/vrrp/vrrp_vmac.c | 5 ++--- - 3 files changed, 23 insertions(+), 12 deletions(-) - -diff --git a/keepalived/include/vrrp_if_config.h b/keepalived/include/vrrp_if_config.h -index 35465cd..c35e56e 100644 ---- a/keepalived/include/vrrp_if_config.h -+++ b/keepalived/include/vrrp_if_config.h -@@ -34,7 +34,7 @@ extern void set_promote_secondaries(interface_t*); - extern void reset_promote_secondaries(interface_t*); - #ifdef _HAVE_VRRP_VMAC_ - extern void restore_rp_filter(void); --extern void set_interface_parameters(const interface_t*, interface_t*); -+extern void set_interface_parameters(const interface_t*, interface_t*, sa_family_t); - extern void reset_interface_parameters(interface_t*); - extern void link_set_ipv6(const interface_t*, bool); - #endif -diff --git a/keepalived/vrrp/vrrp_if_config.c b/keepalived/vrrp/vrrp_if_config.c -index cfce7e2..fbfd34c 100644 ---- a/keepalived/vrrp/vrrp_if_config.c -+++ b/keepalived/vrrp/vrrp_if_config.c -@@ -81,6 +81,11 @@ static sysctl_opts_t vmac_sysctl[] = { - { 0, 0} - }; - -+static sysctl_opts_t vmac_sysctl_6[] = { -+ { IPV4_DEVCONF_ARP_IGNORE, 1 }, -+ { 0, 0} -+}; -+ - #endif - #endif - -@@ -216,11 +221,14 @@ netlink_set_interface_flags(unsigned ifindex, const sysctl_opts_t *sys_opts) - - #ifdef _HAVE_VRRP_VMAC_ - static inline int --netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) -+netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { -- if (netlink_set_interface_flags(ifp->ifindex, vmac_sysctl)) -+ if (netlink_set_interface_flags(ifp->ifindex, family == AF_INET6 ? vmac_sysctl_6 : vmac_sysctl)) - return -1; - -+ if (family == AF_INET6) -+ return 0; -+ - /* If the underlying interface is a MACVLAN that has been moved into - * a separate network namespace from the parent, we can't access the - * parent. */ -@@ -271,9 +279,9 @@ netlink_reset_interface_parameters(const interface_t* ifp) - } - - static inline void --set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { -- if (netlink_set_interface_parameters(ifp, base_ifp)) -+ if (netlink_set_interface_parameters(ifp, base_ifp, family)) - log_message(LOG_INFO, "Unable to set parameters for %s", ifp->ifname); - } - -@@ -310,11 +318,15 @@ reset_promote_secondaries_devconf(interface_t *ifp) - - #ifdef _HAVE_VRRP_VMAC_ - static inline void --set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { - unsigned val; - - set_sysctl("net/ipv4/conf", ifp->ifname, "arp_ignore", 1); -+ -+ if (family == AF_INET6) -+ return; -+ - set_sysctl("net/ipv4/conf", ifp->ifname, "accept_local", 1); - set_sysctl("net/ipv4/conf", ifp->ifname, "rp_filter", 0); - -@@ -524,15 +536,15 @@ restore_rp_filter(void) - } - - void --set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { - if (all_rp_filter == UINT_MAX) - clear_rp_filter(); - - #ifdef _HAVE_IPV4_DEVCONF_ -- set_interface_parameters_devconf(ifp, base_ifp); -+ set_interface_parameters_devconf(ifp, base_ifp, family); - #else -- set_interface_parameters_sysctl(ifp, base_ifp); -+ set_interface_parameters_sysctl(ifp, base_ifp, family); - #endif - } - -diff --git a/keepalived/vrrp/vrrp_vmac.c b/keepalived/vrrp/vrrp_vmac.c -index e5ff0e9..021953a 100644 ---- a/keepalived/vrrp/vrrp_vmac.c -+++ b/keepalived/vrrp/vrrp_vmac.c -@@ -407,10 +407,9 @@ netlink_link_add_vmac(vrrp_t *vrrp, const interface_t *old_interface) - if (!ifp->ifindex) - return false; - -- if (vrrp->family == AF_INET && create_interface) { -+ if (create_interface) { - /* Set the necessary kernel parameters to make macvlans work for us */ --// If this saves current base_ifp's settings, we need to be careful if multiple VMACs on same i/f -- set_interface_parameters(ifp, ifp->base_ifp); -+ set_interface_parameters(ifp, ifp->base_ifp, vrrp->family); - } - - #ifdef _WITH_FIREWALL_ --- -2.34.1 - diff --git a/scripts/package-build/linux-kernel/.gitignore b/scripts/package-build/linux-kernel/.gitignore index 6e18781a..f3a564a4 100644 --- a/scripts/package-build/linux-kernel/.gitignore +++ b/scripts/package-build/linux-kernel/.gitignore @@ -18,8 +18,7 @@ # Intel Driver source i40e-*/ igb-*/ -ethernet-linux-ixgbe/ -ixgbevf-*/ +ethernet-linux-*/ vyos-intel-*/ vyos-linux-firmware*/ kernel-vars diff --git a/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig index 9592b39b..fe174f63 100644 --- a/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig @@ -5362,7 +5362,9 @@ CONFIG_VIRTIO_MEM=m CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_MMIO=m CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y -# CONFIG_VDPA is not set +CONFIG_VIRTIO_VDPA=m +CONFIG_VDPA=m +CONFIG_VHOST_VDPA=m CONFIG_VHOST_IOTLB=m CONFIG_VHOST_TASK=y CONFIG_VHOST=m diff --git a/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig index f33cde92..124c9aa8 100644 --- a/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig @@ -5028,7 +5028,9 @@ CONFIG_VIRTIO_BALLOON=m CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_MMIO=m CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y -# CONFIG_VDPA is not set +CONFIG_VIRTIO_VDPA=m +CONFIG_VDPA=m +CONFIG_VHOST_VDPA=m CONFIG_VHOST_IOTLB=m CONFIG_VHOST_TASK=y CONFIG_VHOST=m diff --git a/scripts/package-build/linux-kernel/build-intel-ixgbevf.sh b/scripts/package-build/linux-kernel/build-intel-ixgbevf.sh deleted file mode 100755 index f0e4c89b..00000000 --- a/scripts/package-build/linux-kernel/build-intel-ixgbevf.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if ! dpkg-architecture -iamd64; then - echo "Intel ixgbevf is only buildable on amd64 platforms" - exit 0 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -url="https://sourceforge.net/projects/e1000/files/ixgbevf%20stable/4.18.9/ixgbevf-4.18.9.tar.gz" - -cd ${CWD} - -DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/) -DRIVER_DIR="${DRIVER_FILE%.tar.gz}" -DRIVER_NAME="ixgbevf" -DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//') -DRIVER_VERSION_EXTRA="" - -# Build up Debian related variables required for packaging -DEBIAN_ARCH=$(dpkg --print-architecture) -DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}" -DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" -DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbevf.postinst" - -# Fetch Intel driver source from SourceForge -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -curl -L -o ${DRIVER_FILE} ${url} -if [ "$?" -ne "0" ]; then - exit 1 -fi - -# Unpack archive -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -mkdir -p ${DRIVER_DIR} -tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE} - -cd ${DRIVER_DIR}/src -if [ -z $KERNEL_DIR ]; then - echo "KERNEL_DIR not defined" - exit 1 -fi - -# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/ -echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel" -sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbevf_main.c -sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbevf_main.c - -echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver" -make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install - -if [ "x$?" != "x0" ]; then - exit 1 -fi - -if [ -f ${DEBIAN_DIR}.deb ]; then - rm ${DEBIAN_DIR}.deb -fi - -# build Debian package -echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" -cd ${CWD} - -# Sign generated Kernel modules -${CWD}/sign-modules.sh ${DEBIAN_DIR} - -# delete non required files which are also present in the kernel package -# und thus lead to duplicated files -find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f - -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ - --version ${DRIVER_VERSION} --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Vendor based driver for Intel ${DRIVER_NAME}" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} - -# echo "I: Cleanup ${DRIVER_NAME} source" -# cd ${CWD} -# if [ -e ${DRIVER_FILE} ]; then -# rm -f ${DRIVER_FILE} -# fi -# if [ -d ${DRIVER_DIR} ]; then -# rm -rf ${DRIVER_DIR} -# fi -# if [ -d ${DEBIAN_DIR} ]; then -# rm -rf ${DEBIAN_DIR} -# fi -# if [ -f ${DEBIAN_POSTINST} ]; then -# rm -f ${DEBIAN_POSTINST} -# fi diff --git a/scripts/package-build/linux-kernel/build-intel-ixgbe.sh b/scripts/package-build/linux-kernel/build-intel-nic.sh index b2736514..3e8bbb37 100755 --- a/scripts/package-build/linux-kernel/build-intel-ixgbe.sh +++ b/scripts/package-build/linux-kernel/build-intel-nic.sh @@ -3,7 +3,7 @@ CWD=$(pwd) KERNEL_VAR_FILE=${CWD}/kernel-vars if ! dpkg-architecture -iamd64; then - echo "Intel ixgbe is only buildable on amd64 platforms" + echo "Intel drivers only buildable on amd64 platforms" exit 0 fi @@ -19,24 +19,24 @@ if [ -z $KERNEL_DIR ]; then exit 1 fi -cd ${CWD}/ethernet-linux-ixgbe +DRIVER_NAME=$1 +cd ${CWD}/ethernet-linux-${DRIVER_NAME} if [ -d .git ]; then git clean --force -d -x git reset --hard origin/main fi -DRIVER_NAME="ixgbe" DRIVER_VERSION=$(git describe | sed s/^v//) # Build up Debian related variables required for packaging DEBIAN_ARCH=$(dpkg --print-architecture) DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}" DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" -DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbe.postinst" +DEBIAN_POSTINST="${CWD}/vyos-intel-${DRIVER_NAME}.postinst" # See https://vyos.dev/T6155 # See https://vyos.dev/T6162 -PATCH_DIR=${CWD}/patches/ixgbe +PATCH_DIR=${CWD}/patches/${DRIVER_NAME} if [ -d $PATCH_DIR ]; then for patch in $(ls ${PATCH_DIR}) do diff --git a/scripts/package-build/linux-kernel/build.py b/scripts/package-build/linux-kernel/build.py index a1b7e3e5..6a43fc25 100755 --- a/scripts/package-build/linux-kernel/build.py +++ b/scripts/package-build/linux-kernel/build.py @@ -131,10 +131,12 @@ def build_package(package: dict, dependencies: list) -> None: create_tarball(f'{package["name"]}-{package["commit_id"]}', f'{package["name"]}') elif package['build_cmd'] == 'build_intel_qat': build_intel_qat() + elif package['build_cmd'] == 'build_intel_igb': + build_intel(package['name'], package['commit_id'], package['scm_url']) elif package['build_cmd'] == 'build_intel_ixgbe': - build_intel_ixgbe(package['commit_id'], package['scm_url']) + build_intel(package['name'], package['commit_id'], package['scm_url']) elif package['build_cmd'] == 'build_intel_ixgbevf': - build_intel_ixgbevf() + build_intel(package['name'], package['commit_id'], package['scm_url']) elif package['build_cmd'] == 'build_mellanox_ofed': build_mellanox_ofed() elif package['build_cmd'] == 'build_realtek_r8152': @@ -215,16 +217,11 @@ def build_intel_qat(): run(['./build-intel-qat.sh'], check=True) -def build_intel_ixgbe(commit_id, scm_url): - """Build Intel IXGBE""" - repo_dir = Path('ethernet-linux-ixgbe') +def build_intel(driver_name: str, commit_id: str, scm_url: str): + """Build Intel driver from Git repository""" + repo_dir = Path(f'ethernet-linux-{driver_name}') clone_or_update_repo(repo_dir, scm_url, commit_id) - run(['./build-intel-ixgbe.sh'], check=True) - - -def build_intel_ixgbevf(): - """Build Intel IXGBEVF""" - run(['./build-intel-ixgbevf.sh'], check=True) + run(['./build-intel-nic.sh', driver_name], check=True) def build_mellanox_ofed(): diff --git a/scripts/package-build/linux-kernel/package.toml b/scripts/package-build/linux-kernel/package.toml index c407ab91..2d80fdfe 100644 --- a/scripts/package-build/linux-kernel/package.toml +++ b/scripts/package-build/linux-kernel/package.toml @@ -43,6 +43,12 @@ scm_url = "" build_cmd = "build_intel_qat" [[packages]] +name = "igb" +commit_id = "v5.18.7" +scm_url = "https://github.com/intel/ethernet-linux-igb" +build_cmd = "build_intel_igb" + +[[packages]] name = "ixgbe" commit_id = "v6.0.5" scm_url = "https://github.com/intel/ethernet-linux-ixgbe" @@ -50,8 +56,8 @@ build_cmd = "build_intel_ixgbe" [[packages]] name = "ixgbevf" -commit_id = "" -scm_url = "" +commit_id = "v5.0.2" +scm_url = "http://github.com/intel/ethernet-linux-ixgbevf" build_cmd = "build_intel_ixgbevf" [[packages]] |