Contains build files to build lxd RPMs in copr using tito and git-annex.
License: MIT
RPM spec files for building lxd on Fedora COPR
License: MIT License
When running rpmlint (rpmlint-1.10-5.fc26.noarch
) on the current lxd.spec
(for lxd-2.21-1
), the following errors are printed:
lxd.spec:337: E: hardcoded-library-path in %{buildroot}/usr/lib/%{name}
A library path is hardcoded to one of the following paths: /lib, /usr/lib. It
should be replaced by something like /%{_lib} or %{_libdir}.
lxd.spec:338: E: hardcoded-library-path in %{buildroot}/usr/lib/%{name}/shutdown
A library path is hardcoded to one of the following paths: /lib, /usr/lib. It
should be replaced by something like /%{_lib} or %{_libdir}.
lxd.spec:440: E: hardcoded-library-path in /usr/lib/%{name}
A library path is hardcoded to one of the following paths: /lib, /usr/lib. It
should be replaced by something like /%{_lib} or %{_libdir}.
lxd.spec:441: E: hardcoded-library-path in /usr/lib/%{name}/*
A library path is hardcoded to one of the following paths: /lib, /usr/lib. It
should be replaced by something like /%{_lib} or %{_libdir}.
0 packages and 1 specfiles checked; 4 errors, 0 warnings.
The origin of this is the shutdown helper script /usr/lib/lxd/shutdown
(used by lxd-containers.service
) which is installed into an arch-independent library path. The current packaging copies the structure of the Ubuntu package.
Not sure yet, where this would belong according to FHS. Maybe /usr/libexec/lxd-shutdown
?
When running rpmlint (rpmlint-1.9-3.fc24.noarch
) on lxcfs-2.0.5-3.fc24.x86_64.rpm
the following error is thrown:
lxcfs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib/lxcfs/liblxcfs.so
This executable appears to call chroot without using chdir to change the
current directory. This is likely an error and permits an attacker to break
out of the chroot by using fchdir. While that's not always a security issue,
this has to be checked.
Examining the source code shows that the issue might be a false positive as chdir()
is obviously called. Might be related to rpm-software-management/rpmlint#84. Will need to try again with a newer version of rpmlint
.
Running rpmlint
on lxd-2.6.2-5.fc24.x86_64.rpm
results in the following error:
lxd.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/lxd
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this means it didn't relinquish all groups, and
this would be a potential security issue to be fixed. Seek POS36-C on the web
for details about the problem.
The issue was raised upstream in lxc/lxd#2724 and will likely be fixed in the next major release of LXD.
Hi,
Followed the installation instructions and ended up with the following installed packages;
lxc-libs-2.1.0-0.1.fc26.x86_64
lxcfs-2.0.7-1.fc26.x86_64
lxd-tools-2.18-3.fc26.x86_64
libvirt-daemon-driver-lxc-3.2.1-6.fc26.x86_64
lxd-2.18-3.fc26.x86_64
libvirt-daemon-lxc-3.2.1-6.fc26.x86_64
python3-lxc-2.1.0-0.1.fc26.x86_64
lxc-2.0.8-2.fc26.x86_64
lxc-templates-2.1.0-0.1.fc26.x86_64
lxd-client-2.18-3.fc26.x86_64
result:
Segmentation fault (core dumped)
[11773.196526] lxc-ls[15027]: segfault at 18 ip 00007ff306946696 sp 00007fff9f80d080 error 4 in liblxc.so.1.3.0[7ff3068e3000+ac000]
Gr, J
============================= test session starts ==============================
platform linux2 -- Python 2.7.12, pytest-3.0.5, py-1.4.31, pluggy-0.4.0
rootdir: /builddir/build/BUILD/requests-unixsocket-0.1.5, inifile: pytest.ini
plugins: pep8-1.0.6, capturelog-0.7
collected 10 items
setup.py .
requests_unixsocket/__init__.py .
requests_unixsocket/adapters.py .
requests_unixsocket/testutils.py .
requests_unixsocket/tests/test_requests_unixsocket.py .FF..F
=================================== FAILURES ===================================
_________________________ test_unix_domain_adapter_ok __________________________
requests_unixsocket/tests/test_requests_unixsocket.py:37: in test_unix_domain_adapter_ok
assert r.url == url
E assert 'http+unix://.../path/to/page' == 'http+unix://%.../path/to/page'
E Skipping 37 identical trailing characters in diff, use -v to show
E - http+unix://%2ftmp%2ftest_requ
E ? ^ ^
E + http+unix://%2Ftmp%2Ftest_requ
E ? ^ ^
--------------------------------- Captured log ---------------------------------
testutils.py 88 DEBUG Starting <UnixSocketServerThread(Thread-1, initial)> ...
testutils.py 79 DEBUG Call waitress.serve in <UnixSocketServerThread(Thread-1, started 140024719906560)> ...
testutils.py 90 DEBUG Started <UnixSocketServerThread(Thread-1, started 140024719906560)>.
test_requests_unixsocket.py 26 DEBUG Calling session.get('http+unix://%2Ftmp%2Ftest_requests.56842_5026_44257451/path/to/page') ...
testutils.py 45 DEBUG WSGIApp.__call__: Invoked for /path/to/page
testutils.py 46 DEBUG WSGIApp.__call__: environ = {'SERVER_SOFTWARE': 'waitress', 'SCRIPT_NAME': '', 'REQUEST_METHOD': 'GET', 'PATH_INFO': '/path/to/page', 'SERVER_PROTOCOL': 'HTTP/1.1', 'QUERY_STRING': '', 'HTTP_USER_AGENT': 'python-requests/2.12.3', 'HTTP_CONNECTION': 'keep-alive', 'SERVER_NAME': 'unix', 'REMOTE_ADDR': 'localhost', 'wsgi.url_scheme': 'http', 'SERVER_PORT': '/tmp/test_requests.56842_5026_44257451', 'wsgi.input': <_io.BytesIO object at 0x7f5a0bbb50b0>, 'HTTP_HOST': 'localhost', 'wsgi.multithread': True, 'HTTP_ACCEPT': '*/*', 'wsgi.version': (1, 0), 'wsgi.run_once': False, 'wsgi.errors': <_pytest.capture.EncodedFile object at 0x7f5a0d959150>, 'wsgi.multiprocess': False, 'wsgi.file_wrapper': <class 'waitress.buffers.ReadOnlyFileBasedBuffer'>, 'HTTP_ACCEPT_ENCODING': 'gzip, deflate'}
testutils.py 60 DEBUG WSGIApp.__call__: Responding with status_text = '200 OK'; response_headers = [('X-Transport', 'unix domain socket'), ('X-Socket-Path', '/tmp/test_requests.56842_5026_44257451'), ('X-Requested-Query-String', ''), ('X-Requested-Path', '/path/to/page')]; body_bytes = 'Hello world!'
connectionpool.py 400 DEBUG http://localhost:None "GET /path/to/page HTTP/1.1" 200 12
test_requests_unixsocket.py 30 DEBUG Received response: <Response [200]> with text: u'Hello world!' and headers: {'Content-Length': '12', 'X-Socket-Path': '/tmp/test_requests.56842_5026_44257451', 'X-Requested-Query-String': '', 'Server': 'waitress', 'X-Requested-Path': '/path/to/page', 'Date': 'Sun, 18 Dec 2016 02:42:35 GMT', 'X-Transport': 'unix domain socket'}
For the full build logs see COPR Build 490629: fedora-26-x86_64
Might be related to msabramo/requests-unixsocket#24 as Fedora 26 already uses python2-requests-2.12.3-1.fc26
. Although pylxd
upstream only has python-requests-2.12.1
and python-requests-2.12.2
excluded in requirements.txt
so it might be something different.
Have you considered getting LXD into Fedora proper? The process to do so isn't particularly difficult...
First, thanks for wonderful project.
I have a tiny problem - my containers do not have IPv4 addresses assigned. Could you please write a guide how to make it work?
The (latest) lxd-*
package update fails with the following error:
# dnf update --disablerepo=* --enablerepo=ganto-lxd --refresh
Copr repo for lxd owned by ganto 12 kB/s | 25 kB 00:02
Dependencies resolved.
==========================================================================================================================================================================
Package Arch Version Repository Size
==========================================================================================================================================================================
Upgrading:
lxd-doc noarch 2.17-1.fc25 ganto-lxd 61 k
lxd-tools x86_64 2.17-1.fc25 ganto-lxd 2.6 M
Skipping packages with broken dependencies:
lxd x86_64 2.17-1.fc25 ganto-lxd 3.5 M
lxd-client x86_64 2.17-1.fc25 ganto-lxd 2.0 M
Transaction Summary
==========================================================================================================================================================================
Upgrade 2 Packages
Skip 2 Packages
Total download size: 2.7 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): lxd-doc-2.17-1.fc25.noarch.rpm 12 kB/s | 61 kB 00:05
(2/2): lxd-tools-2.17-1.fc25.x86_64.rpm 166 kB/s | 2.6 MB 00:15
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 170 kB/s | 2.7 MB 00:15
Running transaction check
Transaction check succeeded.
Running transaction test
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Transaction check error:
file /usr/share/man/man1/lxc-to-lxd.1.gz from install of lxd-tools-2.17-1.fc25.x86_64 conflicts with file from package lxd-client-2.16-1.fc25.x86_64
file /usr/share/man/man1/lxd-benchmark.1.gz from install of lxd-tools-2.17-1.fc25.x86_64 conflicts with file from package lxd-2.16-1.fc25.x86_64
Error Summary
-------------
A June 10th update installed the new kernel.x86_64 4.11.3-202.fc25 on Fedora.
Since then the LXC containers won't start anymore (without error messages). But there is a LXD process:
/usr/bin/lxd waitready --timeout=600
lxd.log:
lvl=info msg="LXD 2.14 is starting in normal mode" path=/var/lib/lxd t=2017-06-11T11:11:48+0200
lvl=warn msg="AppArmor support has been disabled because of lack of kernel support" t=2017-06-11T11:11:48+0200
lvl=info msg="Kernel uid/gid map:" t=2017-06-11T11:11:48+0200
lvl=info msg=" - u 0 0 4294967295" t=2017-06-11T11:11:48+0200
lvl=info msg=" - g 0 0 4294967295" t=2017-06-11T11:11:48+0200
lvl=info msg="Configured LXD uid/gid map:" t=2017-06-11T11:11:48+0200
lvl=info msg=" - u 0 1000000 65536" t=2017-06-11T11:11:48+0200
lvl=info msg=" - g 0 1000000 65536" t=2017-06-11T11:11:48+0200
lvl=info msg="Updating the LXD database schema. Backup made as \"lxd.db.bak\"" t=2017-06-11T11:11:48+0200
Hi,
I am trying to install lxd on fedora 26 via
dnf install lxd lxd-client lxd-tools
It fails with
Copr repo for lxd owned by ganto
Error:
Problem: conflicting requests
Since its the first time im trying to install from copr, this might be a PEBKAC issue. Any help appreciated.
LXD supports go test
checks and has a test script at test/main.sh. Currently the following (default) spec file section results in an empty result:
%check
%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel}
%if 0%{?with_bundled}
export GOPATH=$(pwd)/Godeps/_workspace:%{gopath}
%else
export GOPATH=%{buildroot}/%{gopath}:%{gopath}
%endif
%if ! 0%{?gotest:1}
%global gotest go test
%endif
%gotest %{import_path}
%endif
Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.VzKcvk
+ umask 022
+ cd /builddir/build/BUILD
+ cd lxd-2bf72f0f16a07020fa92e5a4e2f77487f0804491
+ export GOPATH=/builddir/build/BUILDROOT/lxd-2.7-1.fc24.x86_64//usr/share/gocode:/usr/share/gocode
+ GOPATH=/builddir/build/BUILDROOT/lxd-2.7-1.fc24.x86_64//usr/share/gocode:/usr/share/gocode
+ go test -compiler gc -ldflags '' github.com/lxc/lxd
? github.com/lxc/lxd [no test files]
+ exit 0
On a Fedora 27 with SELinux enabled, starting the LXD socket fails with a permission denied error:
# systemctl start lxd.socket
# systemctl status lxd.socket
● lxd.socket - LXD - unix socket
Loaded: loaded (/usr/lib/systemd/system/lxd.socket; enabled; vendor preset: disabled)
Active: failed (Result: resources)
Docs: man:lxd(1)
Listen: /var/lib/lxd/unix.socket (Stream)
Apr 02 11:45:44 fedora27.example.com systemd[1]: lxd.socket: Failed to listen on sockets: Permission denied
Apr 02 11:45:44 fedora27.example.com systemd[1]: Failed to listen on LXD - unix socket.
Apr 02 11:45:44 fedora27.example.com systemd[1]: lxd.socket: Unit entered failed state.
The /var/log/audit/audit.log
would show the following error:
type=AVC msg=audit(1522669544.856:959): avc: denied { create } for pid=1 comm="systemd" name="unix.socket" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file permissive=0
Hi, instructions on your copr page works perfectly with Fedora 25 but on Fedora 26 after all steps lxd.service
doesn't start. The problem with lxd
daemon in:
[hostmorke@stormey ~]$ systemctl status lxd
● lxd.service - LXD - main daemon
Loaded: loaded (/usr/lib/systemd/system/lxd.service; indirect; vendor preset: disabled)
Active: activating (start-post) (Result: exit-code) since Mon 2017-10-02 14:57:47 EEST; 1min 15s ago
Docs: man:lxd(1)
Process: 2750 ExecStart=/usr/bin/lxd --group lxd --logfile=/var/log/lxd/lxd.log (code=exited, status=1/FAILURE)
Main PID: 2750 (code=exited, status=1/FAILURE); Control PID: 2751 (lxd)
Tasks: 5
Memory: 18.8M
CPU: 119ms
CGroup: /system.slice/lxd.service
└─control
└─2751 /usr/bin/lxd waitready --timeout=600
Oct 02 14:57:47 stormey systemd[1]: Starting LXD - main daemon...
Oct 02 14:57:49 stormey lxd[2750]: lvl=warn msg="AppArmor support has been disabled because of lack of kernel support"
Oct 02 14:57:50 stormey lxd[2750]: error: failed to fetch update versions: query yields column, not INTEGER
Oct 02 14:57:50 stormey systemd[1]: lxd.service: Main process exited, code=exited, status=1/FAILURE
Manual running lxd
binary gives this error:
[hostmorke@stormey ~]$ sudo /usr/bin/lxd --group lxd --logfile=/var/log/lxd/lxd.log
WARN[10-02|15:02:51] AppArmor support has been disabled because of lack of kernel support
error: failed to fetch update versions: query yields column, not INTEGER
Any advice?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.