Commit Graph

49 Commits

Author SHA1 Message Date
Konstantin Vasin
2245ea4830
[Build] use eatmydata to reduce build time of sonic slave images (#15857)
Why I did it
We install many deb packages when building sonic slave images.
To guarantee that the filesystem data is always consistent and safe,
dpkg performs fsync(2)s on its database and files unpacked from packages.
We don't need to use fsync for sonic slave images.
So we can reduce build time using eatmydata.

How I did it
Install deb package eatmydata in sonic-slave-buster and sonic-slave-bullseye docker images.
Pass apt-get install, apt install, apt-get upgrade, and dpkg -i with arguments directly to eatmydata.

How to verify it
Compare the build time of sonic-slave images with and without eatmydata.
For some NVME SSD I improved it by 30-40%.
You get no performance boost if your fs is mounted with options like nobarrier.
2023-09-23 01:57:34 -07:00
Saikrishna Arcot
065c35cc34
Add nlohmann-json3-dev package into the slave container (#16308)
### Why I did it

The json.hpp header file from that package is used in the sonic-swss-common build. An old version of that header file (from 2016) has been checked into the sonic-swss-common repo. However, since then, there have been changes to that header file, and starting with GCC 12 in Bookworm, generates some errors about variables being possibly uninitialized before use.

##### Work item tracking
- Microsoft ADO **(number only)**: 25027439

#### How I did it

To fix this, install the nlohmann-json3-dev package, and allow using the header file from the Debian package instead of a static checked-in version. The version in Debian Bullseye is much newer than this version.

#### How to verify it

With this change alone, sonic-swss-common will still be using the json.hpp file in its own codebase. The change to actually use the system header file instead of the local header file will happen in a separate PR in the necessary repoes.
2023-09-06 19:23:07 -07:00
Saikrishna Arcot
24ae0a9606
Don't build libhiredis anymore (#15633)
### Why I did it

We're not adding any patch on top of hiredis, and there's no apparent reason to build this. Remove the build step here, and just install the package from the Debian repos.

##### Work item tracking
- Microsoft ADO **(number only)**: 24381590

#### How to verify it

Build the SONiC image, and load it. Verify that services come up.
2023-09-06 16:23:34 -07:00
jcaiMR
a522a63e25
[dhcp-relay]: dhcp/dhcpv6 per interface counter support (#16377)
Why I did it
Support DHCP/DHCPv6 per-interface counter, code change in sonic-build image.

Work item tracking
Microsoft ADO (17271822):

How I did it
- Introduce libjsoncpp-dev in dhcpmon and dhcprelay repo
- Show CLI changes after counter format change

How to verify it
- Manually run show command
- dhcpmon, dhcprelay integration tests
2023-09-05 10:16:39 -07:00
Saikrishna Arcot
5723ba29e4
Remove depot_tools repo (#16114)
It appears that this was initially added to provide the git-retry
command (which doesn't appear to be used today). However, this repo is
now also providing bazel (which is actually used in our build today),
and this command (along with git-retry) expects some vpython3 binary to
be set up/installed.

Rather than going through that, just get rid of this repo.
2023-08-16 14:18:50 -07:00
xumia
bdef73ea96
[Build] Fix the PyYang python package installation issue (#15890)
Why I did it
Fix the armhf build failure.
How to reproduce the issue:

docker run -it debain:bullseye bash
apt-get update && apt-get install -y python3-pip
pip3 install PyYAML==5.4.1
Error message:

Collecting PyYAML==5.4.1
  Installing build dependencies ... done
  Getting requirements to build wheel ... error
  ERROR: Command errored out with exit status 1:
   command: /usr/bin/python3 /tmp/tmp6xabslgb_in_process.py get_requires_for_build_wheel /tmp/tmp_er01ztl
....
      raise AttributeError(attr)
  AttributeError: cython_sources
  ----------------------------------------
WARNING: Discarding d63f2d7597/PyYAML-5.4.1.tar.gz (sha256)=607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e (from https://pypi.org/simple/pyyaml/) (requires-python:>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*). Command errored out with exit status 1: /usr/bin/python3 /tmp/tmp6xabslgb_in_process.py get_requires_for_build_wheel /tmp/tmp_er01ztl Check the logs for full command output.
ERROR: Could not find a version that satisfies the requirement PyYAML==5.4.1
ERROR: No matching distribution found for PyYAML==5.4.1
root@fa2fa92edcfd:/# 
But if adding the option --no-build-isolation, then it is good, see fix.

install "PyYAML==5.4.1" --no-build-isolation
The same error can be found in the multiple builds.

Work item tracking
Microsoft ADO (number only): 24567457

How I did it
Add a build option --no-build-isolation.
2023-07-19 06:33:49 +08:00
xumia
30959ec901
[Build] Change the build option from ENABLE_FIPS_FEATURE to INCLUDE_FIPS (#15758)
Why I did it
[Build] Change the build option from ENABLE_FIPS_FEATURE to INCLUDE_FIPS

Work item tracking
Microsoft ADO (number only): 24485797
How I did it
2023-07-13 23:00:38 +08:00
Saikrishna Arcot
e46be54f14
Update the docker daemon to 24.0.2 (#15652)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-07-06 14:44:29 -07:00
Ze Gan
2f8994999b
[dash-api]: Add dash-api and related protobuf library (#14515)
Why I did it
For the DASH scenario, the APP_DB will be optimized by protobuf message for less memory consumption.

How I did it
Download the Debian package of protobuf 3.21.12 and create a corresponding rule for building it.
Add a submodule of sonic-dash-api and generated its Debian package which includes C++ library and Python library

How to verify it
Check artifacts of Azp that the protobuf-related and dash-api deb packages should be generated.

Signed-off-by: Ze Gan <ganze718@gmail.com>
2023-07-05 09:59:35 -07:00
Guilt
6745691eb5
[CI][doc][build] Trim script and sonic-slave-* folders files trailing blanks (#15161)
- run pre-commit tox profile to trim all trailing blanks
- use several commits with a per-folder based strategy
  to ease their merge

Issue #15114

Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com>
2023-05-24 09:25:12 -07:00
Lior Avramov
2922f26b6c
[Mellanox] Replace iproute2 supplied by SDK to iproute2 downloaded from Debian repository (#14726)
- Why I did it
Mellanox syncd container will be based on Debian iproute2 plus patches instead of Nvidia internal version of iproute2

- How I did it
Download iproute2 from Debian repository, apply patches and compile to create a new target.
The target is then deployed in syncd container of Mellanox switches only.
The new target is called IPROUTE2_MLNX.

- How to verify it
Compile and load on switch, verify interfaces network devices created successfully.
Verify LLDP shows connections to neighbors.
Verify ping between 2 hosts over 2 router ports is successful.
2023-04-30 12:30:09 +03:00
Saikrishna Arcot
9726ec8420
Always use the openssl backend of curl (#14351)
Why I did it
This should make sure that the openssl backend of curl is used, instead of the gnutls or nss backend, for consistency reasons.
2023-03-28 13:44:49 +08:00
xumia
7209666374
[Security] Fix some of vulnerability issue relative python packages (#14269)
Why I did it
Fix some of vulnerability issue relative python packages #14269
Pillow: [CVE-2021-27921]
Wheel: [CVE-2022-40898]
lxml: [CVE-2022-2309]

How I did it
2023-03-20 14:15:45 +08:00
Saikrishna Arcot
3bbfaa1ee8
Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye (#13294)
* Upgrade docker-sonic-vs and docker-syncd-vs to Bullseye

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* iproute2: Force a new version and timestamp to be used for the package

There is an issue with Docker's overlay2 storage driver when not using
native diffs (and thus falling back to naive diff mode), which is the
case in the CI builds. The way the naive diff mode detects changes is by
comparing the file size and comparing the timestamps (specifically, I
believe it's the modification timestamp), and if there's a change there,
then it's considered a change that needs to be recorded as part of that
layer.

The problem is that with the code being added in the patch, the file
size remains the same, and the timestamp of binary files appear to be
the same timestamp as the changelog entry (likely for reproducible build
purposes). The file size remains the same likely due to extra padding
within the file introduced by relro. Because of this, Docker doesn't
detect this file has changed, and doesn't save the new file as part of
this layer.

To work around this, create a new changelog entry (with a new version as
well) with a new timestamp. This will result in the binary files having
a different timestamp, and thus will get saved by Docker as part of that
layer.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

---------

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2023-03-19 21:14:27 -07:00
jhli-cisco
838d76b52f
[sonci-slave]: update sonic-slave docker files to include cisco sdk dependencies (#14203)
cisco SDK dependencies needed
2023-03-13 14:32:34 -07:00
Konstantin Vasin
bf90b498a4
[Build] use pigz to speed up a build (#12825)
Why I did it

It's possible to speed up some parts of a build using parallel compression/decompression.
This is especially important for build_debian.sh.

How I did it
pigz is a parallel implementation of gzip: https://zlib.net/pigz/
Some programs like docker and mkinitramfs can automatically detect and use it instead of gzip.
For tar we need to select it directly.

To enable this feature you need to set GZ_COMPRESS_PROGRAM=pigz
2022-12-17 14:38:31 -08:00
Konstantin Vasin
6448afd338
[Build] set apt Acquire::Retries to 3 for bullseye (#12758)
Why I did it
There were some changes in apt source code in version 2.1.9.
As a result apt used in bullseye (2.2.4) is intolerant to network issues.
This was fixed in 10631550f1 Already fixed version is used in bookworm (2.5.4)
And not yet affected version is used in buster (1.8.2.3)

How I did it
Set Acquire::Retries to 3 for sonic-slave-bullseye, docker-base-bullseye and final Debian image.

Ref: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1876035

Signed-off-by: Konstantin Vasin k.vasin@yadro.com
2022-11-21 08:05:16 +08:00
xumia
ac5d89c6ac
[Build] Support j2 template for debian sources (#12557)
Why I did it
Unify the Debian mirror sources
Make easy to upgrade to the next Debian release, not source url code change required.
Support to customize the Debian mirror sources during the build
Relative issue: #12523
2022-11-09 08:09:53 +08:00
Mai Bui
66012b4a28
[bullseye] Update libswsscommon deps (#12463)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
When updating the container from Buster to Bullseye in azure pipelines in sonic-utilities repo, the build checker failed due to missing one of the dependencies in libswsscommon
```
+ sudo dpkg -i libswsscommon_1.0.0_amd64.deb
Selecting previously unselected package libswsscommon.
(Reading database ... 196324 files and directories currently installed.)
Preparing to unpack libswsscommon_1.0.0_amd64.deb ...
Unpacking libswsscommon (1.0.0) ...
dpkg: dependency problems prevent configuration of libswsscommon:
 libswsscommon depends on libboost-serialization1.71.0; however:
  Package libboost-serialization1.71.0 is not installed.

dpkg: error processing package libswsscommon (--install):
 dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.31-13+deb11u4) ...
Errors were encountered while processing:
 libswsscommon
```
#### How I did it
Update the libboost-serialization dependency to a specific version that >= 1.71
#### How to verify it
Verified locally, build sonic-utilities successfully with this version
2022-10-21 10:09:28 -04:00
Yakiv Huryk
6462f45433
[bullseye] add dependencies for saithriftv2 build (#11666)
- Why I did it
To support saithriftv2 build for bullseye dockers

- How I did it
Added the dependencies documented in the SAI docs and used in sonic-slave-buster

- How to verify it
Build saithriftv2 in the sonic-slave-bullseye

Signed-off-by: Yakiv Huryk <yhuryk@nvidia.com>
2022-08-24 11:53:54 +03:00
Zain Budhwani
59d570b997
Event libswsscommon deps (#11618)
Why I did it
Building docker-sonic-vs requires dependencies installed in sonic-slave-buster

How I did it
Add libs to sonic-slave-buster and sonic-slave-bullseye

How to verify it
Check files
2022-08-04 10:17:38 -07:00
gregshpit
5df09490dc
Ported Marvell armhf build on amd64 host for debian buster to use cross-comp… (#8035)
* Ported Marvell armhf build on x86 for debian buster to use cross-compilation instead of qemu emulation

Current armhf Sonic build on amd64 host uses qemu emulation. Due to the
nature of the emulation it takes a very long time, about 22-24 hours to
complete the build. The change I did to reduce the building time by
porting Sonic armhf build on amd64 host for Marvell platform for debian
buster to use cross-compilation on arm64 host for armhf target. The
overall Sonic armhf building time using cross-compilation reduced to
about 6 hours.

Signed-off-by: marvell <marvell@cpss-build3.marvell.com>

* Fixed final Sonic image build with dockers inside

* Update Dockerfile.j2

Fixed qemu-user-static:x86_64-aarch64-5.0.0-2 .

* Update cross-build-arm-python-reqirements.sh

Added support for both armhf and arm64 cross-build platform using $PY_PLAT environment variable.

* Update Makefile

Added TARGET=<cross-target> for armhf/arm64 cross-compilation.

* Reviewer's @qiluo-msft requests done

Signed-off-by: marvell <marvell@cpss-build3.marvell.com>

* Added new radius/pam patch for arm64 support

* Update slave.mk

Added missing back tick.

* Added libgtest-dev: libgmock-dev: to the buster Dockerfile.j2. Fixed arm perl version to be generic

* Added missing armhf/arm64 entries in /etc/apt/sources.list

* fix libc-bin core dump issue from xumia:fix-libc-bin-install-issue commit

* Removed unnecessary 'apt-get update' from sonic-slave-buster/Dockerfile.j2

* Fixed saiarcot895 reviewer's requests

* Fixed README and replaced 'sed/awk' with patches

* Fixed ntp build to use openssl

* Unuse sonic-slave-buster/cross-build-arm-python-reqirements.sh script (put all prebuilt python packages cross-compilation/install inside Dockerfile.j2). Fixed src/snmpd/Makefile to use -j1 in all cases

* Clean armhf cross-compilation build fixes

* Ported cross-compilation armhf build to bullseye

* Additional change for bullseye

* Set CROSS_BUILD_ENVIRON default value n

* Removed python2 references

* Fixes after merge with the upstream

* Deleted unused sonic-slave-buster/cross-build-arm-python-reqirements.sh file

* Fixed 2 @saiarcot895 requests

* Fixed @saiarcot895 reviewer's requests

* Removed use of prebuilt python wheels

* Incorporated saiarcot895 CC/CXX and other simplification/generalization changes

Signed-off-by: marvell <marvell@cpss-build3.marvell.com>

* Fixed saiarcot895 reviewer's  additional requests

* src/libyang/patch/debian-packaging-files.patch

* Removed --no-deps option when installing wheels. Removed unnecessary lazy_object_proxy arm python3 package instalation

Co-authored-by: marvell <marvell@cpss-build3.marvell.com>
Co-authored-by: marvell <marvell@cpss-build2.marvell.com>
2022-07-21 14:15:16 -07:00
Liu Shilong
2aac988049
[build] Fix libssl version issue. (#11287)
The following packages have unmet dependencies:
 libssl-dev : Depends: libssl1.1 (= 1.1.1n-0+deb11u3) but 1.1.1n-0+deb11u2 is to be installed
E: Unable to correct problems, you have held broken packages.
2022-06-30 17:51:25 +08:00
Alexander Allen
d202bf26d7
Upgrade mellanox platform containers (syncd / saiserver / syncd-rpc) and pmon to bullseye (#10580)
Fixes #9279

- Why I did it
Part of larger effort to move all SONiC systems to bullseye

- How I did it
1. Update container makefiles with correct dependencies
2. Update container Dockerfile with correct base image
3. Update container Dockerfile with correct apt dependencies
4. Update any other makefiles with dependencies to remove python2 support
5. Minor changes to support bullseye / python3

- How to verify it
Run regression on the switch:
1. Verify PTF community tests work
2. Verify syncd runs and all ports come up / pass traffic
3. Verify all platform tests succeed
2022-05-10 12:45:28 +03:00
xumia
8ec8900d31
Support SONiC OpenSSL FIPS 140-3 based on SymCrypt engine (#9573)
Why I did it
Support OpenSSL FIPS 140-3, see design doc: https://github.com/Azure/SONiC/blob/master/doc/fips/SONiC-OpenSSL-FIPS-140-3.md.

How I did it
Install the fips packages.
To build the fips packages, see https://github.com/Azure/sonic-fips
Azure pipelines: https://dev.azure.com/mssonic/build/_build?definitionId=412

How to verify it
Validate the SymCrypt engine:

admin@sonic:~$ dpkg-query -W | grep openssl
openssl 1.1.1k-1+deb11u1+fips
symcrypt-openssl        0.1

admin@sonic:~$ openssl engine -v | grep -i symcrypt
(symcrypt) SCOSSL (SymCrypt engine for OpenSSL)
admin@sonic:~$
2022-05-06 07:21:30 +08:00
Saikrishna Arcot
313cced32b
Update Docker to 20.10.14 (#10677)
* Upgrade docker version from 20.10.7 to 20.10.14, and pin containerd.io

Update the Docker engine version from 20.10.7 to 20.10.14. This brings
in some CVE and bug fixes.

Additionally, pin the version of containerd.io to a specific version,
mainly for consistency/reproducibility.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* Remove the containerd ordering change to docker.service

This appears to be already present in the current docker.service.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* Remove use of apt-key

apt-key is considered deprecated, and the current practice is to just
add the key into /etc/apt/trusted.gpg.d/.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* Upgrade docker container in Bullseye slave to 20.10.14

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-04-27 10:20:42 -07:00
Sachin Naik
598ab99469
secureboot: Enable signing SONiC kernel (#10557)
Why I did it
To sign SONiC kernel image and allow secure boot based system to verify SONiC image before loading into the system.

How I did it
Pass following parameter to rules/config.user
Ex:
SONIC_ENABLE_SECUREBOOT_SIGNATURE := y
SIGNING_KEY := /path/to/key/private.key
SIGNING_CERT := /path/to/public/public.cert

How to verify it
Secure boot enabled system enrolled with right public key of the, image in the platform UEFI database will able to verify image before load.

Alternatively one can verify with offline sbsign tool as below.

export SBSIGN_KEY=/abc/bcd/xyz/
sbverify --cert $SBSIGN_KEY/public_cert.cert fsroot-platform-XYZ/boot/vmlinuz-5.10.0-8-2-amd64 mage

O/P:
Signature verification OK
2022-04-19 13:23:15 +08:00
Longxiang Lyu
812f17d6f1
Add libgmock package for linkmgrd (#10294)
Why I did it
Add libgmock-dev to the package list required by linkmgrd unittests.
Required by PR: Azure/sonic-linkmgrd#45

How I did it
Add the package to the package list.

How to verify it
Build docker-mux with KEEP_SLAVE_ON=yes and verify libgmock-dev is present.

Signed-off-by: Longxiang Lyu <lolv@microsoft.com>
2022-04-14 08:59:54 +08:00
xumia
ce26c04a09
[Build]: fix debian package not found issue (#10447)
Why I did it
[Build]: fix debian package not found issue
2022-04-06 13:51:41 +08:00
Shilong Liu
3fa627f290
Add a config variable to override default container registry instead of dockerhub. (#10166)
* Add variable to reset default docker registry
* fix bug in docker version control
2022-03-14 18:09:20 +08:00
Kebo Liu
fe0a7693f4
[smartmontools] Install smartmontools with apt-get and upgrade it to 7.2-1 (#10087)
Why I did it
Smartmontools 6.6 has an issue with reading SMART info of nvme SSD
Smartmontools can be installed with apt-get, no need to build and install

How I did it
Use apt-get to install smartmontools 7.2-1
Remove previous make files for smartmontools 6.6

How to verify it
verify with "smartctl" can read out correct SMART info on NVME ssd.
verify "show platform ssdhealth" can still work

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2022-03-07 09:39:33 -08:00
Saikrishna Arcot
bb3362760d
[docker-dhcprelay]: Update to Bullseye (#9736)
As part of this, update the isc-dhcp package to match the Bullseye
version (this fixes some compile errors related to BIND), clean up some
of the build dependencies and runtime dependencies for debian packaging,
and use the default Boost version to compile against instead of
explicitly saying using 1.74.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-01-18 15:11:36 -08:00
Saikrishna Arcot
fee2441717
Create docker-base-bullseye and docker-config-engine-bullseye (#9666)
* [slave-bullseye]: Remove Python 2

It shouldn't be needed anymore.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>

* [dockers]: Add docker-base-bullseye and docker-config-engine-bullseye

Also upgrade socat from 1.7.3.1 to 1.7.4.1

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-01-11 09:23:42 -08:00
Qi Luo
5f524e2ec6
Revert "[sonic-slave]: Fix redis version during pip3 install (#9317)" (#9704)
Reverts Azure/sonic-buildimage#9317
Since upstream fixed the issue https://github.com/redis/redis-py/pull/1726
We can continue use latest version on master branch.

Fixes https://github.com/Azure/sonic-buildimage/issues/9318
2022-01-09 18:24:07 -08:00
Saikrishna Arcot
4acdc2a81e
Arm64 fixes and optimizations (#9274)
* [arm64]: Fix registration of the qemu interpreters

The current code doesn't properly run the container that registers the
qemu interpreters. It checks to see if the container is "known" by
Docker, but that doesn't indicate whether it's been run or not.
Therefore, just always register the qemu interpreters in the kernel, to
make sure the binary that's in the slave images that we build is used.

* [build]: Reduce the number of python calls

Modify the BLDENV and PROJECT_ROOT variables in slave.mk to be
immediate execution instead of lazy execution. Neither of these
variables should be changing for the duration of the build in each slave
container, so just run it once instead of every time they're referenced.

When running `make configure` for broadcom arm64 (where all of the slave
images are already built) on an amd64 host, this reduces the time spent
in each slave container from 4.5-5 minutes to 2 minutes.

* [sonic-slave]: Upgrade the qemu used for Bullseye arm64 to 6.1.0

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2021-12-13 18:20:39 -08:00
Brian O'Connor
46bcda359c
[PINS] Build P4RT container for PINS (#9083)
- Add INCLUDE_PINS to config to enable/disable container
- Add Docker files and supporting resources
- Add sonic-pins submodule and associated make files

Submission containing materials of a third party:
    Copyright Google LLC; Licensed under Apache 2.0

#### Why I did it

Adds P4RT container to SONiC for PINS

The P4RT app is covered by this HLD:
https://github.com/pins/SONiC/blob/master/doc/pins/p4rt_app_hld.md

#### How I did it

Followed the pattern and templates used for other SONiC applications

#### How to verify it

Build SONiC with INCLUDE_P4RT set to "y".
Verify that the resulting build has a container called "p4rt" running.
You can verify that the service is up by running the following command on the SONiC switch:
```bash
sudo netstat -lpnt | grep p4rt
```
You should see the service listening on TCP port 9559.

#### Which release branch to backport (provide reason below if selected)

None

#### Description for the changelog

Build P4RT container for PINS
2021-12-07 11:11:25 -08:00
liuh-80
739c45645c
[TACACS+] Add audisp-tacplus for per-command accounting. (#8750)
This pull request integrate audisp-tacplus to SONiC for per-command accounting.

#### Why I did it
To support TACACS per-command accounting, we integrate audisp-tacplus project to sonic.

#### How I did it
1. Add auditd service to SONiC
2. Port and patch audisp-tacplus to SONiC

#### How to verify it
UT with CUnit to cover all new code in usersecret-filter.c
Also pass all current UT.

#### Which release branch to backport (provide reason below if selected)
N/A

#### Description for the changelog
Add audisp-tacplus for per-command accounting.

#### A picture of a cute animal (not mandatory but encouraged)
2021-12-01 11:50:09 +08:00
LuiSzee
14fb629ab6
[arm64][qemu] upgrade qemu to 6.1.0-8 for fix systemd-sonic-generator compile error (#9320)
for compile error when build systemd-sonic-generator_1.0.0_arm64.deb on qemu arm64 bullseye.
```
boost::filesystem::copy_file: Function not implemented: "tests/testfiles/single_inst.service", "tests/ssg-test/systemd/single_inst.service"
boost::filesystem::copy_file: Function not implemented: "tests/testfiles/multi_inst_b.service", "tests/ssg-test/systemd/multi_inst_b.service"
boost::filesystem::copy_file: Function not implemented: "tests/testfiles/multi_inst_a.service", "tests/ssg-test/systemd/multi_inst_a.service"
boost::filesystem::copy_file: Function not implemented: "tests/testfiles/multi_inst_b@.service", "tests/ssg-test/systemd/multi_inst_b@.service"
boost::filesystem::copy_file: Function not implemented: "tests/testfiles/multi_inst_a@.service", "tests/ssg-test/systemd/multi_inst_a@.service"
boost::filesystem::copy_file: Function not implemented: "tests/testfiles/test.timer", "tests/ssg-test/systemd/test.timer"
boost::filesystem::copy_file: Function not implemented: "tests/testfiles/test.service", "tests/ssg-test/systemd/test.service"
ssg-test.cc:244: Failure
Expected equality of these values:
  fs::exists(path)
    Which is: false
  expected_result
    Which is: true
Failed validation: "tests/ssg-test/generator/multi-user.target.wants/multi_inst_b.service"
```

Co-authored-by: shil <shil@centecnetworks.com>
2021-11-20 08:46:56 -08:00
Qi Luo
da1503d7be
[sonic-slave]: Fix redis version during pip3 install (#9317)
The recent release of redis 4.0.0 or newer (for python3) breaks sonic-config-engine unit test. Fix to last known good version.
ref: https://pypi.org/project/redis/#history
2021-11-18 17:07:58 -08:00
dflynn-Nokia
df12ac5abd
[build]: marvell-armhf bullseye fixes (#9243)
This commit fixes/avoids the following errors encountered during the
marvell-armhf build for bullseye

- Fix Marvell prestera DMA driver build failure due to kallsyms_lookup_name()
  no longer being exported by the updated bullseye kernel. This is a temporary
  fix that will be replaced by a future version of the DMA driver.

- Update qemu-user-static version to align with the new glibc version included
  in bullseye

- Skip systemd-sonic-generator unit tests to avoid test failures. Root cause is
  still TBD

#### Why I did it
Fix the following build errors observed when building marvell-armhf for bullseye
1. Marvell Prestera DMA driver uses kernel API no longer exported
ERROR: modpost: "kallsyms_lookup_name" [/sonic/platform/marvell-armhf/prestera/mrvl-prestera/cpssEnabler/linuxNoKernelModule/drivers//mvDmaDrv.ko] undefined!

2. Old qemu-user-static version does not support semop() leading to following build failure
semop(1): encountered an error: Function not implemented

3. systemd-sonic-generator unit test failure
ssg-test.cc:217: Failure
Expected equality of these values:
  find_string_in_file(str_t, target, num_asics)
    Which is: false
  expected_result
    Which is: true
Error validating Before=single_inst.service in test.service
[  FAILED  ] SsgMainTest.ssg_main_40_npu (20 ms)
[----------] 4 tests from SsgMainTest (36 ms total)

[----------] Global test environment tear-down
[==========] 10 tests from 3 test suites ran. (54 ms total)
[  PASSED  ] 7 tests.
[  FAILED  ] 3 tests, listed below:
[  FAILED  ] SsgMainTest.ssg_main_single_npu
[  FAILED  ] SsgMainTest.ssg_main_10_npu
[  FAILED  ] SsgMainTest.ssg_main_40_npu

 3 FAILED TESTS
2021-11-13 10:48:58 -08:00
KostiantynYarovyiBf
9894116205 Update Barefoot platform module for Bullseye and 5.10 kernel (#8)
Update Barefoot platform support for Bullseye and 5.10 kernel, and add
python3-venv.
2021-11-10 15:27:22 -08:00
LuiSzee
5b284767f6 Update Centec platform support for Bullseye and 5.10 kernel (#7)
1. Fix build for armhf and arm64
2. upgrade centec tsingma bsp support to 5.10 kernel
3. modify centec platform driver for linux 5.10

Co-authored-by: Shi Lei <shil@centecnetworks.com>
2021-11-10 15:27:22 -08:00
Saikrishna Arcot
97d70e3e8b Update repos for Bullseye slave container
Update the repos for amd64, and add support for at least arm64.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2021-11-06 11:31:42 -07:00
donNewtonAlpha
51c9c98648
[sonic-slave]: Add gmock for sonic-swss-common tests (#8950)
Sonic-swss-common requires gmock for staged unit tests

Signed-off-by: Don Newton <don@opennetworking.org>
2021-10-28 12:14:21 -07:00
Guohan Lu
e6733e96fe [build]: update sonic-slave-bullseye for armhf and arm64
Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-10-19 12:18:16 +00:00
liuh-80
7d40384c58
[TACACS+] Add plugin support to bash. (#8660)
This pull request add plugin support library to bash.
    And we will create a TACACS+ plugin for bash in an other PR, which will bring per command authorization feature to bash.

Why I did it
    To support TACACS per command authorization, we check user command before execute it.

How I did it
    Add plugin support to bash.

How to verify it
    UT with CUnit under bash project cover all new code in plugin.c.
    Also pass all current UT.

Which release branch to backport (provide reason below if selected)
    N/A

Description for the changelog
    Add plugin support to bash.
2021-10-11 15:20:51 +08:00
Saikrishna Arcot
91f9b6f4e4 Add cron and the python 3 mock packages to the Bullseye slave image
When using dpkg with the --root flag to install a deb package in a
chroot, dpkg checks to see if the users and groups specified in the
/var/lib/dpkg/statoverride file are valid. The problem is, it checks
against the host system's /etc/passwd and /etc/group files, instead of
/etc/passwd and /etc/group inside the chroot.

In the slave image for Buster, cron appears to have been automatically
installed, and so the crontab group existed. This doesn't appear to be
true for Bullseye, so explicitly install it. This makes sure that the
crontab group exists on the slave image itself.

Also install the mock python 3 package, this is needed by some test.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2021-08-12 23:18:01 -07:00
Guohan Lu
fff17563b7 [openssh]: add build dep installation to sonic-slave-bullseye
This is the continuation of PR 8381 and is needed for debian 11 build.

Signed-off-by: Guohan Lu <lguohan@gmail.com>
2021-08-10 01:39:26 -07:00
Saikrishna Arcot
d4261a693b Define the Bullseye-based slave container
This will be used to build our image as well as tools that need to go
into this image.

Notable changes from Buster:
* Python 2/pip2 module installations have been removed, since nothing
besides the main Python 2 binary (and virtualenv support) is now
available through Bullseye.
* In the cases where both the main library package and the development
package are being installed, now, only the dev package is specified. The
main library is typically marked as a dependency of the dev package.
This reduces the number of changes we have to make as SONAMEs change.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2021-07-15 00:02:18 -07:00