diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-utilities/nbdkit')
5 files changed, 249 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0001-Force-nbdkit-to-send-PATCH-as-upload-method.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0001-Force-nbdkit-to-send-PATCH-as-upload-method.patch new file mode 100644 index 000000000..dc7f7b924 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0001-Force-nbdkit-to-send-PATCH-as-upload-method.patch @@ -0,0 +1,71 @@ +From ad236d3f04cb2547fea33d72aeeb695ce3035bba Mon Sep 17 00:00:00 2001 +From: Iwona Winiarska <iwona.winiarska@intel.com> +Date: Mon, 9 Dec 2019 01:58:15 +0100 +Subject: [PATCH] Force nbdkit to send PATCH as upload method + +This modifies pwrite to send PATCH rather than default upload method +used by curl. + +FIXME: This patch only works around lack of PATCH method support in curl. +It's just a hack and it should be removed if/when proper PATCH support +is implemented in curl. + +We've added it to nbdkit rather than curl, because currently PATCH +support is unlikely to be accepted in upstream curl and it is easier to +maintain this patch in nbdkit. + +Signed-off-by: Iwona Winiarska <iwona.winiarska@intel.com> +--- + plugins/curl/curl.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c +index 0ed3984..804ad78 100644 +--- a/plugins/curl/curl.c ++++ b/plugins/curl/curl.c +@@ -787,6 +787,7 @@ static int + curl_pwrite (void *handle, const void *buf, uint32_t count, uint64_t offset) + { + struct curl_handle *h = handle; ++ struct curl_slist *list = NULL; + CURLcode r; + char range[128]; + +@@ -800,15 +801,21 @@ curl_pwrite (void *handle, const void *buf, uint32_t count, uint64_t offset) + h->read_count = count; + + curl_easy_setopt (h->c, CURLOPT_UPLOAD, 1L); ++ curl_easy_setopt (h->c, CURLOPT_CUSTOMREQUEST, "PATCH"); + + /* Make an HTTP range request. */ +- snprintf (range, sizeof range, "%" PRIu64 "-%" PRIu64, ++ snprintf (range, sizeof range, "Range: bytes=%" PRIu64 "-%" PRIu64, + offset, offset + count); +- curl_easy_setopt (h->c, CURLOPT_RANGE, range); ++ list = curl_slist_append(list, range); ++ curl_easy_setopt(h->c, CURLOPT_HTTPHEADER, list); + + /* The assumption here is that curl will look after timeouts. */ + r = curl_easy_perform (h->c); + if (r != CURLE_OK) { ++ curl_easy_setopt (h->c, CURLOPT_RANGE, NULL); ++ curl_easy_setopt(h->c, CURLOPT_HTTPHEADER, NULL); ++ curl_slist_free_all(list); ++ curl_easy_setopt (h->c, CURLOPT_CUSTOMREQUEST, NULL); + display_curl_error (h, r, "pwrite: curl_easy_perform"); + return -1; + } +@@ -819,6 +826,10 @@ curl_pwrite (void *handle, const void *buf, uint32_t count, uint64_t offset) + + /* As far as I understand the cURL API, this should never happen. */ + assert (h->read_count == 0); ++ curl_easy_setopt (h->c, CURLOPT_RANGE, NULL); ++ curl_easy_setopt(h->c, CURLOPT_HTTPHEADER, NULL); ++ curl_slist_free_all(list); ++ curl_easy_setopt (h->c, CURLOPT_CUSTOMREQUEST, NULL); + + return 0; + } +-- +2.21.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch new file mode 100644 index 000000000..cec2813e9 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0002-Add-support-for-ssl-config.patch @@ -0,0 +1,66 @@ +diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c +index 610511f7..92be4656 100644 +--- a/plugins/curl/curl.c ++++ b/plugins/curl/curl.c +@@ -69,6 +69,8 @@ static const char *proxy = NULL; + char *proxy_password = NULL; + const char *proxy_user = NULL; + bool sslverify = true; ++const char *ssl_version = NULL; ++const char *ssl_cipher_list = NULL; + bool tcp_keepalive = false; + bool tcp_nodelay = true; + uint32_t timeout = 0; +@@ -232,6 +234,12 @@ curl_config (const char *key, const char *value) + sslverify = r; + } + ++ else if (strcmp (key, "ssl-version") == 0) ++ ssl_version = value; ++ ++ else if (strcmp (key, "ssl-cipher-list") == 0) ++ ssl_cipher_list = value; ++ + else if (strcmp (key, "tcp-keepalive") == 0) { + r = nbdkit_parse_bool (value); + if (r == -1) +@@ -302,6 +310,8 @@ curl_config_complete (void) + "proxy-user=<USER> The proxy user.\n" \ + "timeout=<TIMEOUT> Set the timeout for requests (seconds).\n" \ + "sslverify=false Do not verify SSL certificate of remote host.\n" \ ++ "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \ ++ "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \ + "tcp-keepalive=true Enable TCP keepalives.\n" \ + "tcp-nodelay=false Disable Nagle’s algorithm.\n" \ + "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \ +@@ -418,6 +428,30 @@ curl_open (int readonly) + curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt (h->c, CURLOPT_SSL_VERIFYHOST, 0L); + } ++ if (ssl_version) { ++ if (strcmp (ssl_version, "tlsv1") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); ++ else if (strcmp (ssl_version, "sslv2") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2); ++ else if (strcmp (ssl_version, "sslv3") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3); ++ else if (strcmp (ssl_version, "tlsv1.0") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0); ++ else if (strcmp (ssl_version, "tlsv1.1") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1); ++ else if (strcmp (ssl_version, "tlsv1.2") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); ++ else if (strcmp (ssl_version, "tlsv1.3") == 0) ++ curl_easy_setopt (h->c, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3); ++ else { ++ display_curl_error (h, r, "curl_easy_setopt: CURLOPT_SSLVERSION [%s]", ++ ssl_version); ++ goto err; ++ } ++ ++ } ++ if (ssl_cipher_list) ++ curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list); + if (tcp_keepalive) + curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L); + if (!tcp_nodelay) diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch new file mode 100644 index 000000000..398cef63c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0003-Add-support-for-tls13-ciphers.patch @@ -0,0 +1,39 @@ +diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c +index fad84140..d3dc3bde 100644 +--- a/plugins/curl/curl.c ++++ b/plugins/curl/curl.c +@@ -85,6 +85,7 @@ const char *proxy_user = NULL; + bool sslverify = true; + const char *ssl_version = NULL; + const char *ssl_cipher_list = NULL; ++const char *tls13_ciphers = NULL; + bool tcp_keepalive = false; + bool tcp_nodelay = true; + uint32_t timeout = 0; +@@ -309,6 +310,9 @@ curl_config (const char *key, const char *value) + else if (strcmp (key, "ssl-cipher-list") == 0) + ssl_cipher_list = value; + ++ else if (strcmp (key, "tls13-ciphers") == 0) ++ tls13_ciphers = value; ++ + else if (strcmp (key, "tcp-keepalive") == 0) { + r = nbdkit_parse_bool (value); + if (r == -1) +@@ -413,6 +417,7 @@ curl_config_complete (void) + "sslverify=false Do not verify SSL certificate of remote host.\n" \ + "ssl-version=<VERSION> Specify preferred TLS/SSL version.\n " \ + "ssl-cipher-list=C1:C2:.. Specify TLS/SSL cipher suites to be used.\n" \ ++ "tls13-ciphers=C1:C2:.. Specify TLS 1.3 cipher suites to be used.\n" \ + "tcp-keepalive=true Enable TCP keepalives.\n" \ + "tcp-nodelay=false Disable Nagle’s algorithm.\n" \ + "unix-socket-path=<PATH> Open Unix domain socket instead of TCP/IP.\n" \ +@@ -550,6 +555,8 @@ curl_open (int readonly) + } + if (ssl_cipher_list) + curl_easy_setopt (h->c, CURLOPT_SSL_CIPHER_LIST, ssl_cipher_list); ++ if (tls13_ciphers) ++ curl_easy_setopt (h->c, CURLOPT_TLS13_CIPHERS, tls13_ciphers); + if (tcp_keepalive) + curl_easy_setopt (h->c, CURLOPT_TCP_KEEPALIVE, 1L); + if (!tcp_nodelay) diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0004-Handle-empty-CAInfo-in-curl-plugin-correctly.patch b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0004-Handle-empty-CAInfo-in-curl-plugin-correctly.patch new file mode 100644 index 000000000..867f2e166 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit/0004-Handle-empty-CAInfo-in-curl-plugin-correctly.patch @@ -0,0 +1,35 @@ +From f86b22a450589cdcac6bb3afa1818dfa6d2eefe4 Mon Sep 17 00:00:00 2001 +From: Wiktor Golgowski <wiktor.golgowski@intel.com> +Date: Fri, 27 Aug 2021 17:39:59 +0200 +Subject: [PATCH] Handle empty CAInfo in curl plugin correctly. + +Recent change in libcurl causes CAINFO option to be set when +the library is compiled. If we do not want to use the default +certificate store, we set the option to an empty string. +This change recognizes zero-length CAInfo and clears the libcurl +option. + +Signed-off-by: Wiktor Golgowski <wiktor.golgowski@intel.com> +--- + plugins/curl/curl.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/plugins/curl/curl.c b/plugins/curl/curl.c +index fad84140..176f9a1f 100644 +--- a/plugins/curl/curl.c ++++ b/plugins/curl/curl.c +@@ -498,8 +498,12 @@ curl_open (int readonly) + curl_easy_setopt (h->c, CURLOPT_FAILONERROR, 1L); + + /* Options. */ +- if (cainfo) +- curl_easy_setopt (h->c, CURLOPT_CAINFO, cainfo); ++ if (cainfo) { ++ if (strlen (cainfo) == 0) ++ curl_easy_setopt (h->c, CURLOPT_CAINFO, NULL); ++ else ++ curl_easy_setopt (h->c, CURLOPT_CAINFO, cainfo); ++ } + if (capath) + curl_easy_setopt (h->c, CURLOPT_CAPATH, capath); + if (cookie) diff --git a/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit_git.bb b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit_git.bb new file mode 100644 index 000000000..f7d690ff8 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-utilities/nbdkit/nbdkit_git.bb @@ -0,0 +1,38 @@ +SUMMARY = "nbdkit is a toolkit for creating NBD servers." +DESCRIPTION = "NBD — Network Block Device — is a protocol \ +for accessing Block Devices (hard disks and disk-like things) \ +over a Network. \ +\ +nbdkit is a toolkit for creating NBD servers." + +HOMEPAGE = "https://github.com/libguestfs/nbdkit" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=f9dcc2d8acdde215fa4bd6ac12bb14f0" + +SRC_URI = "git://github.com/libguestfs/nbdkit.git;protocol=https" +SRC_URI += "file://0001-Force-nbdkit-to-send-PATCH-as-upload-method.patch" +SRC_URI += "file://0002-Add-support-for-ssl-config.patch" +SRC_URI += "file://0003-Add-support-for-tls13-ciphers.patch" +SRC_URI += "file://0004-Handle-empty-CAInfo-in-curl-plugin-correctly.patch" + +PV = "1.25.5+git${SRCPV}" +SRCREV = "c828c6d48ff6b69454cad98054a1920d03c4b4c7" + +S = "${WORKDIR}/git" + +DEPENDS = "curl xz e2fsprogs zlib" + +inherit pkgconfig python3native perlnative autotools +inherit autotools-brokensep + +# Specify any options you want to pass to the configure script using EXTRA_OECONF: +EXTRA_OECONF = "--disable-python --disable-perl --disable-ocaml \ + --disable-rust --disable-ruby --disable-tcl \ + --disable-lua --disable-vddk --without-libvirt \ + --without-libguestfs" + +do_install:append() { + rm -f ${D}/usr/share/bash-completion/completions/nbdkit + rmdir ${D}/usr/share/bash-completion/completions + rmdir ${D}/usr/share/bash-completion +} |