Fix for bash's memory-leak (#1879)

* Fix for bash's memory-leak

Memory leak is observed during the execution of scripts that make use of bash-arrays. In scenarios where the offending script is executed on a regular basis (e.g. fancontrol), the leaking process may end up consuming most of the system resources.

In this PR i'm replacing bash in all the contexts where it executes (both host and dockers). The official patch for this issue is here: https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-040

* Fixing minor issue during code-merge

Signed-off-by: Rodny Molina <rmolina@linkedin.com>

files/build_templates/sonic_debian_extension.j2

@@ -100,6 +100,11 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/python-click*_all.deb || \
 sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/python-sonic-utilities_*.deb || \
     sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
 
+# Install customized bash version to patch memory-leak issue. This instruction shall be removed
+# once the migration to Debian-9 (Stretch) is completed.
+sudo dpkg --root=$FILESYSTEM_ROOT -i target/debs/bash_*.deb || \
+    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
+
 # SONiC utilities installs bash-completion as a dependency. However, it is disabled by default
 # in bash.bashrc, so we copy a version of the file with it enabled here.
 sudo cp -f $IMAGE_CONFIGS/bash/bash.bashrc $FILESYSTEM_ROOT/etc/

rules/bash.mk

@@ -0,0 +1,17 @@
+# bash package
+#
+# Created to patch memory-leak issue in the bash-package included in Debian-8 (Jessie)
+# release. This rule file, and the associated building-infra created to solve this
+# bug (src/bash/), should be eliminated once the migration to Debian-9 (Stretch) is
+# completed.
+
+# Bash major release-number corresponding to Debian-8 (Jessie)
+BASH_VERSION_MAJOR = 4.3
+# Bash complete release-number. This image contains all 4.3 fixes  up to patch '42'.
+BASH_VERSION_FULL = $(BASH_VERSION_MAJOR)-14
+
+export BASH_VERSION_MAJOR BASH_VERSION_FULL
+
+BASH = bash_$(BASH_VERSION_FULL)_amd64.deb
+$(BASH)_SRC_PATH = $(SRC_PATH)/bash
+SONIC_MAKE_DEBS += $(BASH)

rules/docker-base.mk

@@ -4,6 +4,7 @@ DOCKER_BASE = docker-base.gz
 $(DOCKER_BASE)_PATH = $(DOCKERS_PATH)/docker-base
 $(DOCKER_BASE)_DEPENDS += $(SUPERVISOR)
 $(DOCKER_BASE)_DEPENDS += $(LIBWRAP)
+$(DOCKER_BASE)_DEPENDS += $(BASH)
 
 ifeq ($(SONIC_INSTALL_DEBUG_TOOLS),y)
 GDB = gdb

slave.mk

@@ -458,6 +458,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                 $(SONIC_DEVICE_DATA) \
                 $(PYTHON_CLICK) \
                 $(SONIC_UTILS) \
+                $(BASH) \
                 $(LIBWRAP) \
                 $(LIBPAM_TACPLUS) \
                 $(LIBNSS_TACPLUS)) \

sonic-slave/Dockerfile

@@ -226,7 +226,10 @@ RUN apt-get update && apt-get install -y \
         python3-docutils \
         python3-requests \
         python3-pytest \
-        python3-colorama
+        python3-colorama \
+# For bash
+        texi2html
+
 
 # For linux build
 RUN apt-get -y build-dep linux

src/bash/Makefile

@@ -0,0 +1,16 @@
+SHELL = /bin/bash
+.ONESHELL:
+.SHELLFLAGS += -e
+
+MAIN_TARGET = bash_$(BASH_VERSION_FULL)_amd64.deb
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+	rm -rf bash-$(BASH_VERSION_MAJOR)
+
+	dget -u https://launchpad.net/debian/+archive/primary/+sourcefiles/bash/$(BASH_VERSION_FULL)/bash_$(BASH_VERSION_FULL).dsc
+
+	pushd bash-$(BASH_VERSION_MAJOR)
+	DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -us -uc -b -j$(SONIC_CONFIG_MAKE_JOBS)
+	popd
+
+	mv $* $(DEST)/