-
Notifications
You must be signed in to change notification settings - Fork 512
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
packages: add keyutils #2907
packages: add keyutils #2907
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me, assuming the testing results are good.
keyutils is a mechanism used by the kernel to reach into userspace. Typically this is used to fetch security keys, but it is also a mechanism that the kernel uses to resolve domain names.
Force pushed to address feedback from @bcressey |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM ☘️
%make_build \\\ | ||
NO_ARLIB=1 \\\ | ||
ETCDIR=%{_cross_sysconfdir} \\\ | ||
LIBDIR=%{_cross_libdir} \\\ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: it's very unlikely that this will ever matter, but setting PREFIX
will put the right paths in libkeyutils.pc
(which we don't and probably won't use):
LIBDIR=%{_cross_libdir} \\\ | |
PREFIX=%{_cross_prefix} \\\ | |
LIBDIR=%{_cross_libdir} \\\ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added the PREFIX here and compared libkeyutils.pc
before and after the change, but it seems like the paths are already correct?
Before:
libdir=/x86_64-bottlerocket-linux-gnu/sys-root/usr/lib
includedir=/x86_64-bottlerocket-linux-gnu/sys-root/usr/include
Name: libkeyutils
Description: keyutils library
Version: 1.6.1
Cflags: -I${includedir}
Libs: -L${libdir} -lkeyutils
After:
libdir=/x86_64-bottlerocket-linux-gnu/sys-root/usr/lib
includedir=/x86_64-bottlerocket-linux-gnu/sys-root/usr/include
Name: libkeyutils
Description: keyutils library
Version: 1.6.1
Cflags: -I${includedir}
Libs: -L${libdir} -lkeyutils
Issue number:
n/a
Description of changes:
This change is required when mounting some distributed filesystems. The Linux kernel needs the ability to resolve domain names. To do this, it uses an "upcall" procedure to interact with dns resolution in userspace. That "upcall" procedure uses the Linux userspace keyring system -- specifically
/sbin/request-key
.Of note:
I've removed keyring configuration options from
/etc/request-key.conf
other than the DNS resolver. Our userspace utilities don't need them, and we haven't otherwise fielded requests about the missing utilities for the kernel.Testing done:
/etc/request-key.conf
are correctdns_resolver
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.