Bump libyang, libnetconf2, sysrepo and netopeer2

For netopeer2 we need to patch away local-users, since if it is enabled netopeer2 requires all users that should be allowed to use netconf to also be configured in ietf-netconf-server. Also add some upstream patches.
kernelkit · Jul 3, 2024 · 2b5ed06 · 2b5ed06
1 parent a672074
commit 2b5ed06
Show file tree

Hide file tree

Showing 13 changed files with 594 additions and 2 deletions.
diff --git a/buildroot b/buildroot
diff --git a/patches/netopeer2/2.2.28/0001-Allow-factory-as-copy-from-only-in-rpc-copy-config.patch b/patches/netopeer2/2.2.28/0001-Allow-factory-as-copy-from-only-in-rpc-copy-config.patch
@@ -0,0 +1,27 @@
+From 1175168ef202c32ce07a674b0c14678c5c130274 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <[email protected]>
+Date: Thu, 22 Jun 2023 10:24:57 +0200
+Subject: [PATCH] Allow 'factory' as copy-from (only) in rpc copy-config
+Organization: Addiva Elektronik
+
+Signed-off-by: Joachim Wiberg <[email protected]>
+---
+ src/netconf.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/netconf.c b/src/netconf.c
+index 840debb..fa778d5 100644
+--- a/src/netconf.c
++++ b/src/netconf.c
+@@ -332,6 +332,8 @@ np2srv_rpc_copyconfig_cb(sr_session_ctx_t *session, uint32_t UNUSED(sub_id), con
+         ds = SR_DS_STARTUP;
+     } else if (!strcmp(nodeset->dnodes[0]->schema->name, "candidate")) {
+         ds = SR_DS_CANDIDATE;
++    } else if (!strcmp(nodeset->dnodes[0]->schema->name, "factory")) {
++        ds = SR_DS_FACTORY_DEFAULT; /* only allowed as copy-from */
+     } else {
+         assert(!strcmp(nodeset->dnodes[0]->schema->name, "url"));
+ #ifdef NP2SRV_URL_CAPAB
+-- 
+2.34.1
+
diff --git a/patches/netopeer2/2.2.28/0002-disable-local-users.patch b/patches/netopeer2/2.2.28/0002-disable-local-users.patch
@@ -0,0 +1,27 @@
+diff --git a/scripts/common.sh b/scripts/common.sh
+index c3271de..86c4c44 100644
+--- a/scripts/common.sh
++++ b/scripts/common.sh
+@@ -29,7 +29,7 @@ LN2_MODULES=(
+ "[email protected] -e tcp-server-keepalives"
+ "[email protected] -e local-binding-supported -e tcp-client-keepalives"
+ "[email protected] -e transport-params"
+-"[email protected] -e local-users-supported -e local-user-auth-publickey -e local-user-auth-password -e local-user-auth-none"
++"[email protected]"
+ "[email protected] -e tls10 -e tls11 -e tls12 -e tls13 -e hello-params"
+ "[email protected] -e server-ident-x509-cert -e client-auth-supported -e client-auth-x509-cert"
+ "[email protected] -e ssh-listen -e tls-listen -e ssh-call-home -e tls-call-home -e central-netconf-server-supported"
+diff --git a/scripts/merge_config.sh b/scripts/merge_config.sh
+index 4b476d6..e588369 100755
+--- a/scripts/merge_config.sh
++++ b/scripts/merge_config.sh
+@@ -81,9 +81,6 @@ CONFIG="<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\
+                                 </public-key>
+                             </host-key>
+                         </server-identity>
+-                        <client-authentication>
+-                            ${USERS_CONFIG}
+-                        </client-authentication>
+                     </ssh-server-parameters>
+                 </ssh>
+             </endpoint>
diff --git a/patches/netopeer2/2.2.28/0003-UPSTREAM-maain-BUGFIX-clear-url-protocolos.patch b/patches/netopeer2/2.2.28/0003-UPSTREAM-maain-BUGFIX-clear-url-protocolos.patch
@@ -0,0 +1,20 @@
+commit 2a7478b93b9779b70e5565544c334381947c9e3f
+Author: Michal Vasko <[email protected]>
+Date:   Mon Jul 1 13:01:35 2024 +0200
+
+    maain BUGFIX clear url protocolos
+
+    Affects static reinitialization.
+
+diff --git a/src/main.c b/src/main.c
+index 92ab3de..a24f3bf 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -658,6 +658,7 @@ server_destroy(void)
+
+     /* free dynamic members */
+     free(np2srv.url_protocols);
++    np2srv.url_protocols = NULL;
+ }
+
+ /**
diff --git a/patches/netopeer2/2.2.28/0004-UPSTREAM-main-UPDATE-zero-the-whole-np2srv-struct.patch b/patches/netopeer2/2.2.28/0004-UPSTREAM-main-UPDATE-zero-the-whole-np2srv-struct.patch
@@ -0,0 +1,21 @@
+commit d1a99ae9f40e953b8967c83c2812b9d556093a3c
+Author: Michal Vasko <[email protected]>
+Date:   Mon Jul 1 14:01:39 2024 +0200
+
+    main UPDATE zero the whole np2srv struct
+
+diff --git a/src/main.c b/src/main.c
+index a24f3bf..18d9078 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -658,7 +658,9 @@ server_destroy(void)
+
+     /* free dynamic members */
+     free(np2srv.url_protocols);
+-    np2srv.url_protocols = NULL;
++
++    /* zero */
++    memset(&np2srv, sizeof np2srv, 0);
+ }
+
+ /**
diff --git a/patches/netopeer2/2.2.28/0005-UPSTREAM-main-BUGFIX-wrong-param-order.patch b/patches/netopeer2/2.2.28/0005-UPSTREAM-main-BUGFIX-wrong-param-order.patch
@@ -0,0 +1,19 @@
+commit 7ec275a297ad62964b62fb44634da636fa1ac087
+Author: Michal Vasko <[email protected]>
+Date:   Mon Jul 1 14:07:00 2024 +0200
+
+    main BUGFIX wrong param order
+
+diff --git a/src/main.c b/src/main.c
+index 18d9078..9baf76e 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -660,7 +660,7 @@ server_destroy(void)
+     free(np2srv.url_protocols);
+
+     /* zero */
+-    memset(&np2srv, sizeof np2srv, 0);
++    memset(&np2srv, 0, sizeof np2srv);
+ }
+
+ /**
diff --git a/patches/sysrepo/2.10.1/0001-sysrepo-plugind-add-support-for-running-in-foregroun.patch b/patches/sysrepo/2.10.1/0001-sysrepo-plugind-add-support-for-running-in-foregroun.patch
@@ -0,0 +1,71 @@
+From dcd594e7c7e2b47b489243ce823e58e6b674bea3 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <[email protected]>
+Date: Tue, 28 Mar 2023 10:37:53 +0200
+Subject: [PATCH 1/6] sysrepo-plugind: add support for running in foreground
+ with syslog
+Organization: Addiva Elektronik
+
+Signed-off-by: Joachim Wiberg <[email protected]>
+---
+ src/executables/sysrepo-plugind.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/executables/sysrepo-plugind.c b/src/executables/sysrepo-plugind.c
+index a6a817cc..5baebec3 100644
+--- a/src/executables/sysrepo-plugind.c
++++ b/src/executables/sysrepo-plugind.c
+@@ -98,6 +98,7 @@ help_print(void)
+             "                       Change verbosity to a level (none, error, warning, info, debug) or\n"
+             "                       number (0, 1, 2, 3, 4).\n"
+             "  -d, --debug          Debug mode - is not daemonized and logs to stderr instead of syslog.\n"
++            "  -n, --foreground     Run in foreground and log to syslog.\n"
+             "  -P, --plugin-install <path>\n"
+             "                       Install a sysrepo-plugind plugin. The plugin is simply copied\n"
+             "                       to the designated plugin directory.\n"
+@@ -201,6 +202,8 @@ daemon_init(int debug, sr_log_level_t log_level)
+
+     if (debug) {
+         handle_signals();
++        if (debug < 0)
++            goto done;
+         sr_log_stderr(log_level);
+         return;
+     }
+@@ -241,6 +244,7 @@ daemon_init(int debug, sr_log_level_t log_level)
+         close(fd);
+     }
+
++done:
+     /* set verbosity */
+     sr_log_syslog("sysrepo-plugind", log_level);
+ }
+@@ -466,6 +470,7 @@ main(int argc, char **argv)
+         {"version",           no_argument,       NULL, 'V'},
+         {"verbosity",         required_argument, NULL, 'v'},
+         {"debug",             no_argument,       NULL, 'd'},
++        {"foreground",        no_argument,       NULL, 'n'},
+         {"plugin-install",    required_argument, NULL, 'P'},
+         {"pid-file",          required_argument, NULL, 'p'},
+         {"fatal-plugin-fail", no_argument,       NULL, 'f'},
+@@ -474,7 +479,7 @@ main(int argc, char **argv)
+
+     /* process options */
+     opterr = 0;
+-    while ((opt = getopt_long(argc, argv, "hVv:dP:p:f", options, NULL)) != -1) {
++    while ((opt = getopt_long(argc, argv, "hVv:dnP:p:f", options, NULL)) != -1) {
+         switch (opt) {
+         case 'h':
+             version_print();
+@@ -506,6 +511,9 @@ main(int argc, char **argv)
+         case 'd':
+             debug = 1;
+             break;
++        case 'n':
++            debug = -1;
++            break;
+         case 'P':
+             /* plugin-install */
+             if (get_plugins_dir(&plugins_dir)) {
+-- 
+2.34.1
+
diff --git a/patches/sysrepo/2.10.1/0002-Allow-SR_EV_DONE-to-return-any-error-to-sysrepocfg.patch b/patches/sysrepo/2.10.1/0002-Allow-SR_EV_DONE-to-return-any-error-to-sysrepocfg.patch
@@ -0,0 +1,152 @@
+From 2a826d77d83930b32f2bdcf32ef9c57c616ec526 Mon Sep 17 00:00:00 2001
+From: Joachim Wiberg <[email protected]>
+Date: Tue, 7 May 2024 15:41:53 +0200
+Subject: [PATCH 2/6] Allow SR_EV_DONE to return any error to sysrepocfg
+Organization: Addiva Elektronik
+
+Importing a system configuration with sysrepocfg the model callbacks do
+their best to validate the configuration and prepare the transaction in
+SR_EV_CHANGE.  In cases when dealing with a complex system, like adding
+a route, address, or other change using iproute2, we may still get into
+trouble when actually sending off the transaction in SR_EV_DONE.
+
+If something does go wrong we'd like to know this by the exit code of
+sysrepocfg, not by inspecting logs or expected system state.
+
+This patch is a clumsy way of forcing the (first) error to bubble up to
+the surface and cause a non-zero exit code from sysrepocfg.
+
+Signed-off-by: Joachim Wiberg <[email protected]>
+---
+ src/shm_sub.c | 36 ++++++++++++++++++++++++++++--------
+ src/shm_sub.h |  2 +-
+ src/sysrepo.c |  2 +-
+ 3 files changed, 30 insertions(+), 10 deletions(-)
+
+diff --git a/src/shm_sub.c b/src/shm_sub.c
+index 0fbe0f0c..363883ab 100644
+--- a/src/shm_sub.c
++++ b/src/shm_sub.c
+@@ -1718,7 +1718,7 @@ cleanup:
+
+ sr_error_info_t *
+ sr_shmsub_change_notify_change_done(struct sr_mod_info_s *mod_info, const char *orig_name, const void *orig_data,
+-        uint32_t timeout_ms)
++        uint32_t timeout_ms, sr_error_info_t **cb_err_info)
+ {
+     sr_error_info_t *err_info = NULL;
+     struct sr_mod_info_mod_s *mod = NULL;
+@@ -1850,12 +1850,19 @@ sr_shmsub_change_notify_change_done(struct sr_mod_info_s *mod_info, const char *
+             sr_rwunlock(&nsub->sub_shm->lock, 0, SR_LOCK_WRITE, cid, __func__);
+             nsub->lock = SR_LOCK_NONE;
+
+-            /* we do not care about an error */
+-            sr_errinfo_free(&nsub->cb_err_info);
+-
+             SR_LOG_INF("EV ORIGIN: \"%s\" \"%s\" ID %" PRIu32 " priority %" PRIu32 " succeeded.",
+                     nsub->mod->ly_mod->name, sr_ev2str(SR_SUB_EV_DONE), nsub->mod->request_id, nsub->cur_priority);
+
++            /*
++             * unexpected critical error, merge and cleanup, let
++             * sysrepocfg caller handle undefined system state.
++             */
++            if (nsub->cb_err_info) {
++                sr_errinfo_merge(cb_err_info, nsub->cb_err_info);
++                nsub->cb_err_info = NULL;
++                goto cleanup;
++            }
++
+             nsub->pending_event = 0;
+         }
+     } while (1);
+@@ -3330,7 +3337,7 @@ sr_shmsub_change_listen_relock(sr_multi_sub_shm_t *multi_sub_shm, sr_lock_mode_t
+ sr_error_info_t *
+ sr_shmsub_change_listen_process_module_events(struct modsub_change_s *change_subs, sr_conn_ctx_t *conn)
+ {
+-    sr_error_info_t *err_info = NULL;
++    sr_error_info_t *err_info = NULL, *err_tmp;
+     uint32_t i, data_len = 0, valid_subscr_count;
+     char *data = NULL, *shm_data_ptr;
+     int ret = SR_ERR_OK, filter_valid;
+@@ -3458,6 +3465,11 @@ process_event:
+                 }
+                 break;
+             }
++        } else if (sub_info.event == SR_SUB_EV_DONE) {
++            if (ret && err_code == SR_ERR_OK) {
++                /* unexpected, callback actually failed, save for later. */
++                err_code = ret;
++            }
+         }
+
+         /* subscription processed this event */
+@@ -3490,6 +3502,11 @@ process_event:
+         }
+         break;
+     case SR_SUB_EV_DONE:
++        if (err_code) {
++            /* prepare unexepected error from session to be written to SHM */
++            sr_errinfo_new(&err_info, err_code, "Oups, error detected in SR_EV_DONE");
++        }
++        break;
+     case SR_SUB_EV_ABORT:
+         /* nothing to do */
+         break;
+@@ -3509,14 +3526,17 @@ process_event:
+
+     /* SUB WRITE URGE LOCK */
+     if (sr_shmsub_change_listen_relock(multi_sub_shm, SR_LOCK_WRITE_URGE, &sub_info, change_sub, change_subs->module_name,
+-            ret, filter_valid, ev_sess, &err_info)) {
++            ret,  filter_valid, ev_sess, &err_tmp)) {
++        if (err_tmp)
++            err_info = err_tmp;
+         goto cleanup;
+     }
+     sub_lock = SR_LOCK_WRITE_URGE;
+
+     /* finish event */
+-    if ((err_info = sr_shmsub_multi_listen_write_event(multi_sub_shm, valid_subscr_count, err_code, &shm_data_sub, data,
++    if ((err_tmp = sr_shmsub_multi_listen_write_event(multi_sub_shm, valid_subscr_count, err_code, &shm_data_sub, data,
+             data_len, change_subs->module_name, err_code ? "fail" : "success"))) {
++        err_info = err_tmp;
+         goto cleanup;
+     }
+
+@@ -4055,7 +4075,7 @@ finish_iter:
+             sr_errinfo_free(&cb_err_info);
+
+             /* publish "done" event */
+-            if ((err_info = sr_shmsub_change_notify_change_done(&mod_info, NULL, NULL, SR_CHANGE_CB_TIMEOUT))) {
++            if ((err_info = sr_shmsub_change_notify_change_done(&mod_info, NULL, NULL, SR_CHANGE_CB_TIMEOUT, &cb_err_info))) {
+                 goto cleanup_unlock;
+             }
+
+diff --git a/src/shm_sub.h b/src/shm_sub.h
+index 3056e4c5..460ad927 100644
+--- a/src/shm_sub.h
++++ b/src/shm_sub.h
+@@ -144,7 +144,7 @@ sr_error_info_t *sr_shmsub_change_notify_change(struct sr_mod_info_s *mod_info,
+  * @return err_info, NULL on success.
+  */
+ sr_error_info_t *sr_shmsub_change_notify_change_done(struct sr_mod_info_s *mod_info, const char *orig_name,
+-        const void *orig_data, uint32_t timeout_ms);
++        const void *orig_data, uint32_t timeout_ms, sr_error_info_t **cb_err_info);
+
+ /**
+  * @brief Notify about (generate) a change "abort" event.
+diff --git a/src/sysrepo.c b/src/sysrepo.c
+index 8778956b..35a1fd8c 100644
+--- a/src/sysrepo.c
++++ b/src/sysrepo.c
+@@ -3898,7 +3898,7 @@ store:
+     }
+
+     /* publish "done" event, all changes were applied */
+-    if ((err_info = sr_shmsub_change_notify_change_done(mod_info, orig_name, orig_data, timeout_ms))) {
++    if ((err_info = sr_shmsub_change_notify_change_done(mod_info, orig_name, orig_data, timeout_ms, cb_err_info))) {
+         goto cleanup;
+     }
+
+-- 
+2.34.1
+
diff --git a/patches/sysrepo/2.10.1/0003-Allow-to-copy-from-factory-default.patch b/patches/sysrepo/2.10.1/0003-Allow-to-copy-from-factory-default.patch
@@ -0,0 +1,26 @@
+From 89fdf6691229f8f0978ca9bb13fa0143e0e79dbd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Mattias=20Walstr=C3=B6m?= <[email protected]>
+Date: Wed, 8 May 2024 17:00:50 +0200
+Subject: [PATCH 3/6] Allow to copy from factory default
+Organization: Addiva Elektronik
+
+---
+ src/sysrepo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sysrepo.c b/src/sysrepo.c
+index 35a1fd8c..c15855e9 100644
+--- a/src/sysrepo.c
++++ b/src/sysrepo.c
+@@ -4146,7 +4146,7 @@ sr_copy_config(sr_session_ctx_t *session, const char *module_name, sr_datastore_
+     struct sr_mod_info_s mod_info;
+     const struct lys_module *ly_mod = NULL;
+
+-    SR_CHECK_ARG_APIRET(!session || !SR_IS_CONVENTIONAL_DS(src_datastore) || !SR_IS_CONVENTIONAL_DS(session->ds),
++    SR_CHECK_ARG_APIRET(!session || (!SR_IS_CONVENTIONAL_DS(src_datastore) && (src_datastore != SR_DS_FACTORY_DEFAULT)) || !SR_IS_CONVENTIONAL_DS(session->ds),
+             session, err_info);
+
+     if (src_datastore == session->ds) {
+-- 
+2.34.1
+