unshare seems to want to change the mount propagation for /proc
before it has been mounted. In order to workaround that problem,
we bind-mount /proc to itself before.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 9.16.50 to 9.20.1
- Update of rootfile
- The use of liburcu has replaced isc_qsbr in 9.19.4 and therefore the position of
liburcu in make.sh had to be changed.
- --enable-threads, --with-libtool, --without-python & --disable-linux-caps are no longer
reconised configure options (it looks like not recognised for a while.
--without-python is explicitly mentioned as being removed in version 9.15.7
The others are not mentioned in the changelog notes.
- The lib/bind9 and lib/irs directories in the source tarball have been removed. The
The comtents of lib/bind9 have been moved to lib/isc and lib/isccfg and the contents
of lib/irs have been moved to dns.
- The order of the make instructions had to be changed as lib/isccfg required the results
of lib/dns and the build failed without it. Changing the order solved the build problem.
- A large number of CVE fixes have been applied between the new and old version.
5 9.20.0
2 9.19.21
3 9.19.20
1 9.19.17
1 9.19.14
3 9.19.9
5 9.19.5
1 9.19.1
4 9.19.0
1 9.17.19
1 9.17.17
2 9.17.12
5 9.17.4
4 9.17.2
- Changelog is too long to include here - around 5000 lines. For details see the NEWS file
in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable is no longer been used and has been abused way too much in
the past. May it rest in pieces.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit 8ea702f3f8.
This commit seems to introduce many more regressions when building
packages which I cannot easily reproduce.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable never actually held the kernel version. There were always
suffixes appended and other things changed about it. This makes it a lot
simpler as this variable now holds the actual kernel version.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
unshare(8) seems to fail with kernels older than 6.0.0 when mounting
the /proc filesystem in the inner namespace. This seems to be an bug
where unshare does not even try to mount the /proc filesystem but tries
to make its mount propagation private.
This is now solved in that way that we will use unshare on newer kernels
but will fall back on manually mounting the /proc filesystem once we have
entered the chroot environment.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When we create the outer mount namespace, we still want to receive any
mounts from the host system which is why we set it to slave.
The second mount namespace should be a copy of the outer one but should not
propagate anything back to the outer mount namespace.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will massively improve the build process because we will only strip
the files that we need. The build system will remain as is.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
