diff --git a/build_debian.sh b/build_debian.sh index 0a66f73389..6a005910c4 100755 --- a/build_debian.sh +++ b/build_debian.sh @@ -31,9 +31,9 @@ set -x -e CONFIGURED_ARCH=$([ -f .arch ] && cat .arch || echo amd64) ## docker engine version (with platform) -DOCKER_VERSION=5:24.0.2-1~debian.11~$IMAGE_DISTRO +DOCKER_VERSION=5:24.0.2-1~debian.12~$IMAGE_DISTRO CONTAINERD_IO_VERSION=1.6.21-1 -LINUX_KERNEL_VERSION=5.10.0-23-2 +LINUX_KERNEL_VERSION=6.1.0-11-2 ## Working directory to prepare the file system FILESYSTEM_ROOT=./fsroot @@ -375,6 +375,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in sysfsutils \ squashfs-tools \ $bootloader_packages \ + rsyslog \ screen \ hping3 \ tcptraceroute \ @@ -390,9 +391,9 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in python3-pip \ python-is-python3 \ cron \ - libprotobuf23 \ + libprotobuf32 \ libgrpc++1 \ - libgrpc10 \ + libgrpc29 \ haveged \ fdisk \ gpg \ @@ -401,11 +402,8 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in linux-perf \ resolvconf \ lsof \ - sysstat - -# default rsyslog version is 8.2110.0 which has a bug on log rate limit, -# use backport version -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -t bullseye-backports -y install rsyslog + sysstat \ + zstd # Have systemd create the auditd log directory sudo mkdir -p ${FILESYSTEM_ROOT}/etc/systemd/system/auditd.service.d @@ -451,14 +449,6 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in systemd-sysv \ ntp -# Workaround for issue: The udev rule may fail to be executed because the -# daemon-reload command is executed in parallel -# Github issue: https://github.com/systemd/systemd/issues/24668 -# Github PR: https://github.com/systemd/systemd/pull/24673 -# This workaround should be removed after a upstream already contains the fixes -sudo patch $FILESYSTEM_ROOT/lib/systemd/system/systemd-udevd.service \ - files/image_config/systemd/systemd-udevd/fix-udev-rule-may-fail-if-daemon-reload-command-runs.patch - if [[ $TARGET_BOOTLOADER == grub ]]; then if [[ $CONFIGURED_ARCH == amd64 ]]; then GRUB_PKG=grub-pc-bin @@ -535,13 +525,11 @@ done < files/image_config/sysctl/sysctl-net.conf sudo augtool --autosave "$sysctl_net_cmd_string" -r $FILESYSTEM_ROOT -# Upgrade pip via PyPI and uninstall the Debian version -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install --upgrade pip -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y python3-pip +# Specify that we want to explicitly install Python packages into the system environment, and risk breakages +sudo cp files/image_config/pip/pip.conf $FILESYSTEM_ROOT/etc/pip.conf # For building Python packages -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install 'setuptools==49.6.00' -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install 'wheel==0.35.1' +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install python3-setuptools python3-wheel # docker Python API package is needed by Ansible docker module as well as some SONiC applications sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install 'docker==6.1.1' @@ -772,7 +760,8 @@ if [[ $TARGET_BOOTLOADER == uboot ]]; then sudo LANG=C chroot $FILESYSTEM_ROOT mv /boot/u${INITRD_FILE} /boot/$INITRD_FILE elif [[ $CONFIGURED_ARCH == arm64 ]]; then sudo cp -v $PLATFORM_DIR/${sonic_asic_platform}-${CONFIGURED_ARCH}/sonic_fit.its $FILESYSTEM_ROOT/boot/ - sudo LANG=C chroot $FILESYSTEM_ROOT mkimage -f /boot/sonic_fit.its /boot/sonic_${CONFIGURED_ARCH}.fit + # TODO: fix for bookworm, probably needs arm64 patches in sonic-linux-kernel to be updated + #sudo LANG=C chroot $FILESYSTEM_ROOT mkimage -f /boot/sonic_fit.its /boot/sonic_${CONFIGURED_ARCH}.fit fi fi diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2 index 915e4698cb..5e6f5ae880 100644 --- a/files/build_templates/sonic_debian_extension.j2 +++ b/files/build_templates/sonic_debian_extension.j2 @@ -110,7 +110,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in python3-dev # Install j2cli for handling jinja template -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "j2cli==0.3.10" +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install j2cli # Install Python client for Redis sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "redis==3.5.3" @@ -130,8 +130,8 @@ sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install ipaddr # Install Python module for grpcio and grpcio-toole if [[ $CONFIGURED_ARCH == amd64 ]]; then - sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio==1.39.0" - sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio-tools==1.39.0" + sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio==1.51.1" + sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install "grpcio-tools==1.51.1" fi # Install sonic-py-common Python 3 package @@ -146,9 +146,8 @@ if [[ $CONFIGURED_ARCH == armhf || $CONFIGURED_ARCH == arm64 ]]; then fi # Install sonic-yang-models Python 3 package, install dependencies -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang_*.deb -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang-cpp_*.deb -sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/python3-yang_*.deb +sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libyang_*.deb $debs_path/libyang-cpp_*.deb $debs_path/python3-yang_*.deb || \ + sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f SONIC_YANG_MODEL_PY3_WHEEL_NAME=$(basename {{sonic_yang_models_py3_wheel_path}}) sudo cp {{sonic_yang_models_py3_wheel_path}} $FILESYSTEM_ROOT/$SONIC_YANG_MODEL_PY3_WHEEL_NAME sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SONIC_YANG_MODEL_PY3_WHEEL_NAME @@ -165,7 +164,7 @@ sudo rm -rf $FILESYSTEM_ROOT/$SONIC_YANG_MGMT_PY3_WHEEL_NAME # Then immediately uninstall enum34, as enum34 should not be installed for Python >= 3.4, as it causes a # conflict with the new 'enum' module in the standard library # https://github.com/robshakir/pyangbind/issues/232 -sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install pyangbind==0.8.1 +sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install pyangbind==0.8.2 sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 uninstall -y enum34 # Install SONiC config engine Python 3 package @@ -200,12 +199,8 @@ sudo cp {{system_health_py3_wheel_path}} $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHE sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install $SYSTEM_HEALTH_PY3_WHEEL_NAME sudo rm -rf $FILESYSTEM_ROOT/$SYSTEM_HEALTH_PY3_WHEEL_NAME -# Install prerequisites needed for installing the Python m2crypto package, used by sonic-utilities -# These packages can be uninstalled after intallation -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install build-essential libssl-dev swig - -# Install prerequisites needed for using the Python m2crypto package, used by sonic-utilities -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install openssl +# Install m2crypto, cryptography, cffi, and pynacl packages, used by sonic-utilities +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install python3-m2crypto python3-cryptography python3-cffi python3-nacl # install libffi-dev to match utilities' dependency. sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libffi-dev @@ -233,7 +228,7 @@ sudo cp -f $IMAGE_CONFIGS/readline/inputrc $FILESYSTEM_ROOT/etc/ # Install prerequisites needed for installing the dependent Python packages of sonic-host-services # These packages can be uninstalled after installation -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config python3-dbus # Mark runtime dependencies as manually installed to avoid them being auto-removed while uninstalling build dependencies sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-mark manual gir1.2-glib-2.0 libdbus-1-3 libgirepository-1.0-1 libsystemd0 python3-dbus @@ -270,7 +265,7 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/sonic-device-data_*.deb || \ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f # package for supporting password hardening -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libpam-cracklib +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install libpam-pwquality # Install pam-tacplus and nss-tacplus sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/libtac2_*.deb || \ @@ -356,7 +351,8 @@ sudo cp $IMAGE_CONFIGS/monit/restart_service $FILESYSTEM_ROOT/usr/bin/ sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/restart_service # Installed smartmontools version should match installed smartmontools in docker-platform-monitor Dockerfile -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install smartmontools=7.2-1 +# TODO: are mismatching versions fine for bookworm? +sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install smartmontools # Install custom-built openssh sshd sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_${OPENSSH_VERSION}_*.deb $debs_path/openssh-client_${OPENSSH_VERSION}_*.deb $debs_path/openssh-sftp-server_${OPENSSH_VERSION}_*.deb @@ -481,16 +477,6 @@ sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable systemd-bootchart {% endif %} {% endif %} -if [[ $CONFIGURED_ARCH == armhf ]]; then - # The azure-storage package depends on the cryptography package. Newer - # versions of cryptography require the rust compiler, the correct version - # for which is not readily available in buster. Hence we pre-install an - # older version here to satisfy the azure-storage dependency. - # Note: This is not a problem for other architectures as pre-built versions - # of cryptography are available for those. This sequence can be removed - # after upgrading to debian bullseye. - sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install cryptography==3.3.1 -fi sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install azure-storage==0.36.0 sudo https_proxy=$https_proxy LANG=C chroot $FILESYSTEM_ROOT pip3 install watchdog==0.10.3 @@ -927,7 +913,6 @@ sudo cp $BUILD_TEMPLATES/sonic.target $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM sudo LANG=C chroot $FILESYSTEM_ROOT systemctl enable sonic.target sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y python3-dev -sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y build-essential libssl-dev swig sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get purge -y libcairo2-dev libdbus-1-dev libgirepository1.0-dev libsystemd-dev pkg-config sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get clean -y sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get autoremove -y diff --git a/files/image_config/pip/pip.conf b/files/image_config/pip/pip.conf new file mode 100644 index 0000000000..9d54ef9028 --- /dev/null +++ b/files/image_config/pip/pip.conf @@ -0,0 +1,2 @@ +[global] +break-system-packages = true diff --git a/sonic-slave-bookworm/Dockerfile.j2 b/sonic-slave-bookworm/Dockerfile.j2 index b5b5fd6e4d..d859286f84 100644 --- a/sonic-slave-bookworm/Dockerfile.j2 +++ b/sonic-slave-bookworm/Dockerfile.j2 @@ -76,7 +76,7 @@ RUN LIBPYTHON3_DEPS="`apt-cache depends libpython3-dev:$arch |grep Depends|awk { RUN apt-get install -y swig libssl-dev RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyang==2.4.0 -RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyangbind==0.8.1 +RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip install pyangbind==0.8.2 RUN PATH=/python_virtualenv/env3/bin/:$PATH python3 -m pip uninstall -y enum34 RUN PATH=/python_virtualenv/env3/bin/:$PATH pip3 install --force-reinstall --no-cache-dir coverage {%- endif %}