[iproute2]: Add macsec-xpn-support iproute2 in syncd #8702
Conversation
Signed-off-by: Ze Gan <[email protected]>
Pterosaur
requested review from
lguohan,
qiluo-msft and
xumia
as code owners
| @@ -9,7 +9,7 @@ ENV DEBIAN_FRONTEND=noninteractive | |||
|
|
|||
| RUN apt-get update | |||
|
|
|||
| RUN apt-get install -f -y iproute2 libcap2-bin | |||
| RUN apt-get install -f -y libbsd0 libcap2-bin | |||
There was a problem hiding this comment.
Is this build dependency? If yes, add some comment.
Alternatively, use apt-get build-dep iproute2 ? #Closed
There was a problem hiding this comment.
I think libbsd0 is a run-time dependency. And I want the original iproute2 from apt source is replaced by this PR. So I remove the original one.
There was a problem hiding this comment.
If it is a runtime dependency, is it better to install by apt-get install -f without specifying them one-by-one. In future, the dependency is free to change, and we are still good.
src/iproute2/Makefile
Outdated
| wget -O iproute2_$(IPROUTE2_VERSION_FULL).dsc -N "https://sonicstorage.blob.core.windows.net/packages/iproute2_4.9.0-1.dsc?sv=2015-04-05&sr=b&sig=m6FcMH9dOh8ggipBgOsONiXvDxoi6bfUO%2BxvidsMNMQ%3D&se=2154-10-23T11%3A59%3A53Z&sp=r" | ||
| wget -O iproute2_$(IPROUTE2_VERSION_FULL).debian.tar.xz -N "https://sonicstorage.blob.core.windows.net/packages/iproute2_4.9.0-1.debian.tar.xz?sv=2015-04-05&sr=b&sig=U5NFuwG5C3vZXlUUNvoPMnKDtMKk66zbweA9rQYbEVY%3D&se=2154-10-23T12%3A00%3A15Z&sp=r" | ||
| dpkg-source -x iproute2_$(IPROUTE2_VERSION_FULL).dsc | ||
| git clone https://salsa.debian.org/debian/iproute2.git iproute2-$(IPROUTE2_VERSION) |
There was a problem hiding this comment.
Did you ever try source code from debian website, like https://packages.debian.org/buster-backports/iproute2 ? #Closed
There was a problem hiding this comment.
Is there any difference? I saw some other components use the source from salsa.debian.org. Which one is recommended?
There was a problem hiding this comment.
Debian source code is more similiar to the debian vanilla installation package.
| From f07b3b162f23c7159146b4098fb25994e3b55a9d Mon Sep 17 00:00:00 2001 | ||
| From: Ze Gan <[email protected]> | ||
| Date: Mon, 30 Aug 2021 06:45:28 +0000 | ||
| Subject: [PATCH] MACsec XPN support |
There was a problem hiding this comment.
Did you submit this patch to upstream? #Pending
There was a problem hiding this comment.
No, I just generated this patch from my private repo, is it a right way?
There was a problem hiding this comment.
Just a recommendation. If the feature is useful in general, you may collect more feedback there.
There was a problem hiding this comment.
Sure, I will do that, but I think it will take a long cycle to merge my change to the upstream and backport it to the debian.
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
Signed-off-by: Ze Gan <[email protected]>
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
You have several pipelines (over 10) configured to build pull requests in this repository. Specify which pipelines you would like to run by using /azp run [pipelines] command. You can specify multiple pipelines using a comma separated list. |
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
sonic-slave-buster/Dockerfile.j2
Outdated
| pkg-config | ||
| pkg-config \ | ||
| # For iproute2 | ||
| libbpf-dev=1:0.3-2~bpo10+1 \ |
There was a problem hiding this comment.
Good suggestion, let me try it.
There was a problem hiding this comment.
Done, please review it.
|
/azp run Azure.sonic-buildimage |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run Azure.sonic-buildimage (Build vs),Azure.sonic-buildimage (Build mellanox),Azure.sonic-buildimage (Build broadcom),Azure.docker-slave-bullseye (Build Build_bullseye_arm64),Azure.docker-slave-bullsey |
|
No pipelines are associated with this pull request. |
Signed-off-by: Ze Gan <[email protected]>
Pterosaur
force-pushed
the
update_iproute2
branch
from
1841e89 to
bfb322d
Compare
Signed-off-by: Ze Gan <[email protected]>
Pterosaur
force-pushed
the
update_iproute2
branch
from
aab3060 to
1478966
Compare
| wget -O iproute2_$(IPROUTE2_VERSION_FULL).debian.tar.xz -N "https://sonicstorage.blob.core.windows.net/packages/iproute2_4.9.0-1.debian.tar.xz?sv=2015-04-05&sr=b&sig=U5NFuwG5C3vZXlUUNvoPMnKDtMKk66zbweA9rQYbEVY%3D&se=2154-10-23T12%3A00%3A15Z&sp=r" | ||
| wget -O iproute2_$(IPROUTE2_VERSION).orig.tar.xz http://deb.debian.org/debian/pool/main/i/iproute2/iproute2_$(IPROUTE2_VERSION).orig.tar.xz | ||
| wget -O iproute2_$(IPROUTE2_VERSION_FULL).dsc http://deb.debian.org/debian/pool/main/i/iproute2/iproute2_$(IPROUTE2_VERSION_FULL).dsc | ||
| wget -O iproute2_$(IPROUTE2_VERSION_FULL).debian.tar.xz http://deb.debian.org/debian/pool/main/i/iproute2/iproute2_$(IPROUTE2_VERSION_FULL).debian.tar.xz |
There was a problem hiding this comment.
@xumia, for reproducible build, do we still need to manually backup the downloaded files to sonicstorage?
There was a problem hiding this comment.
Not necessary, it will upload the package automatically.
Signed-off-by: Ze Gan [email protected]
Wait for PR: sonic-net/sonic-swss#1970
Why I did it
The iproute2 from apt source is out-of-date to support 256 bits cipher of MACsec and the iproute2 isn't support XPN of MACsec in current version.
How I did it
Install the iproute2 from debian source code and patch the XPN support change.
How to verify it
Run
ip link add link eth0 name macsec0 type macsec sci 1 encrypt on cipher gcm-aes-xpn-256in syncd container without errorWhich release branch to backport (provide reason below if selected)
Description for the changelog
A picture of a cute animal (not mandatory but encouraged)