commit: 630abaf56921f3ab25fb20ce7241eae527a2d7cb
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 1 18:06:55 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jun 1 18:09:07 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=630abaf5
dev-libs/libnl: fix tests w/ network-sandbox
* Backport a patch to cope w/ no permissions for a network namespace
* Always skip/fail iproute2 detection in tests
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../libnl/files/libnl-3.11.0-no-iproute2.patch | 18 +++
dev-libs/libnl/files/libnl-3.11.0-tests-ns.patch | 176 +++++++++++++++++++++
dev-libs/libnl/libnl-3.11.0.ebuild | 6 +-
dev-libs/libnl/libnl-9999.ebuild | 9 +-
4 files changed, 203 insertions(+), 6 deletions(-)
diff --git a/dev-libs/libnl/files/libnl-3.11.0-no-iproute2.patch
b/dev-libs/libnl/files/libnl-3.11.0-no-iproute2.patch
new file mode 100644
index 000000000000..d14ae2ae42ee
--- /dev/null
+++ b/dev-libs/libnl/files/libnl-3.11.0-no-iproute2.patch
@@ -0,0 +1,18 @@
+Avoid the following test failure within network-sandbox:
+ tests/cksuite-all-netns.c:335:F:Core:route_1:0: command(system("ip -d link
set v1 up")) has unexpected positive return code 512
+--- a/tests/nl-test-util.c
++++ b/tests/nl-test-util.c
+@@ -780,12 +780,7 @@ bool _nltst_in_ci(void)
+
+ bool _nltst_has_iproute2(void)
+ {
+- static int has = -1;
+-
+- if (has == -1)
+- has = (system("ip link &>/dev/null") == 0);
+-
+- return has;
++ return false;
+ }
+
+ bool _nltst_skip_no_iproute2(const char *msg)
diff --git a/dev-libs/libnl/files/libnl-3.11.0-tests-ns.patch
b/dev-libs/libnl/files/libnl-3.11.0-tests-ns.patch
new file mode 100644
index 000000000000..5dffea0468f2
--- /dev/null
+++ b/dev-libs/libnl/files/libnl-3.11.0-tests-ns.patch
@@ -0,0 +1,176 @@
+https://github.com/thom311/libnl/commit/b3822aa3b605b2dc5f01f9aee8ee224fc23e23a0
+
+From b3822aa3b605b2dc5f01f9aee8ee224fc23e23a0 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <[email protected]>
+Date: Sun, 12 Jan 2025 10:54:59 +0100
+Subject: [PATCH] test: skip tests when having no private netns
+
+In github CI we seem now unable to create the netns. This worked
+previously, now it no longer does.
+
+Handle that by skipping the tests that require a netns.
+---
+ tests/cksuite-all-netns.c | 13 +++++++++-
+ tests/nl-test-util.c | 50 +++++++++++++++++++++++++++++++++++++--
+ tests/nl-test-util.h | 3 +++
+ 3 files changed, 63 insertions(+), 3 deletions(-)
+
+diff --git a/tests/cksuite-all-netns.c b/tests/cksuite-all-netns.c
+index 1948c3e8..04e0f6df 100644
+--- a/tests/cksuite-all-netns.c
++++ b/tests/cksuite-all-netns.c
+@@ -73,6 +73,9 @@ START_TEST(cache_and_clone)
+ size_t i;
+ int r;
+
++ if (_nltst_skip_no_netns())
++ return;
++
+ for (i = 0; i < _NL_N_ELEMENTS(links); i++) {
+ if (links[i].add)
+ _nltst_add_link(NULL, links[i].ifname, links[i].kind,
+@@ -132,11 +135,16 @@ START_TEST(test_create_iface)
+ _nl_auto_rtnl_link struct rtnl_link *link2 = NULL;
+ _nl_auto_rtnl_link struct rtnl_link *peer = NULL;
+ _nltst_auto_delete_link const char *IFNAME_DUMMY = NULL;
+- _nltst_auto_delete_link const char *IFNAME = "ifname";
++ _nltst_auto_delete_link const char *IFNAME = NULL;
+ int ifindex_dummy;
+ uint32_t u32;
+ int r;
+
++ if (_nltst_skip_no_netns())
++ return;
++
++ IFNAME = "ifname";
++
+ switch (TEST_IDX) {
+ case 0:
+ link = _nltst_assert(rtnl_link_bridge_alloc());
+@@ -317,6 +325,9 @@ START_TEST(route_1)
+ _nl_auto_nl_socket struct nl_sock *sk = NULL;
+ _nl_auto_nl_cache struct nl_cache *cache = NULL;
+
++ if (_nltst_skip_no_netns())
++ return;
++
+ if (_nltst_skip_no_iproute2("route_1"))
+ return;
+
+diff --git a/tests/nl-test-util.c b/tests/nl-test-util.c
+index dc8dc5ad..d1a8f3f1 100644
+--- a/tests/nl-test-util.c
++++ b/tests/nl-test-util.c
+@@ -84,6 +84,7 @@ uint32_t _nltst_rand_u32(void)
+
+ struct nltst_netns {
+ int canary;
++ bool is_unshared;
+ };
+
+
/*****************************************************************************/
+@@ -114,6 +115,23 @@ void nltst_netns_fixture_teardown(void)
+ _nl_clear_pointer(&_netns_fixture_global.nsdata, nltst_netns_leave);
+ }
+
++bool nltst_netns_fixture_is_unshared(void)
++{
++ _assert_nltst_netns(_netns_fixture_global.nsdata);
++ return _netns_fixture_global.nsdata->is_unshared;
++}
++
++/*****************************************************************************/
++
++bool _nltst_skip_no_netns(void)
++{
++ if (nltst_netns_fixture_is_unshared())
++ return false;
++
++ printf("skip test due to having no private netns\n");
++ return true;
++}
++
+
/*****************************************************************************/
+
+ static void unshare_user(void)
+@@ -125,6 +143,10 @@ static void unshare_user(void)
+
+ /* Become a root in new user NS. */
+ r = unshare(CLONE_NEWUSER);
++ if (r != 0 && errno == EPERM) {
++ /* No permissions? Ignore. Will be handled later. */
++ return;
++ }
+ _nltst_assert_errno(r == 0);
+
+ /* Since Linux 3.19 we have to disable setgroups() in order to map
users.
+@@ -149,14 +171,28 @@ static void unshare_user(void)
+ }
+ r = fprintf(f, "0 %d 1", uid);
+ _nltst_assert_errno(r > 0);
+- _nltst_fclose(f);
++ r = fclose(f);
++ if (r != 0 && errno == EPERM) {
++ /* Oddly, it seems close() can fail at this point. Ignore it,
++ * but we probably will be unable to unshare (which we handle
++ * later).
++ */
++ } else
++ _nltst_assert_errno(r == 0);
+
+ /* Map current GID to root in NS to be created. */
+ f = fopen("/proc/self/gid_map", "we");
+ _nltst_assert_errno(f);
+ r = fprintf(f, "0 %d 1", gid);
+ _nltst_assert_errno(r > 0);
+- _nltst_fclose(f);
++ r = fclose(f);
++ if (r != 0 && errno == EPERM) {
++ /* Oddly, it seems close() can fail at this point. Ignore it,
but
++ * we probably will be unable to unshare (which we handle
++ * later).
++ */
++ } else
++ _nltst_assert_errno(r == 0);
+ }
+
+ struct nltst_netns *nltst_netns_enter(void)
+@@ -172,6 +208,15 @@ struct nltst_netns *nltst_netns_enter(void)
+ unshare_user();
+
+ r = unshare(CLONE_NEWNET | CLONE_NEWNS);
++ if (r != 0 && errno == EPERM) {
++ /* The system is probably sandboxed somehow and we are unable
++ * to create a private netns. That seems questionable, because
++ * a point of a private netns is to sandbox an application.
++ * Not having permissions to sandbox sounds bad.
++ *
++ * Anyway. We accept this and will later skip some tests. */
++ return nsdata;
++ }
+ _nltst_assert_errno(r == 0);
+
+ /* We need a read-only /sys so that the platform knows there's no udev.
*/
+@@ -179,6 +224,7 @@ struct nltst_netns *nltst_netns_enter(void)
+ r = mount("sys", "/sys", "sysfs", MS_RDONLY, NULL);
+ _nltst_assert_errno(r == 0);
+
++ nsdata->is_unshared = true;
+ return nsdata;
+ }
+
+diff --git a/tests/nl-test-util.h b/tests/nl-test-util.h
+index 981228b4..d840a4ab 100644
+--- a/tests/nl-test-util.h
++++ b/tests/nl-test-util.h
+@@ -429,6 +429,9 @@ char **_nltst_strtokv(const char *str);
+
+ void nltst_netns_fixture_setup(void);
+ void nltst_netns_fixture_teardown(void);
++bool nltst_netns_fixture_is_unshared(void);
++
++bool _nltst_skip_no_netns(void);
+
+ struct nltst_netns;
+
+
diff --git a/dev-libs/libnl/libnl-3.11.0.ebuild
b/dev-libs/libnl/libnl-3.11.0.ebuild
index dad5eaada213..7087ab65b137 100644
--- a/dev-libs/libnl/libnl-3.11.0.ebuild
+++ b/dev-libs/libnl/libnl-3.11.0.ebuild
@@ -30,9 +30,7 @@ fi
LICENSE="LGPL-2.1 utils? ( GPL-2 )"
SLOT="3"
IUSE="+debug python test utils"
-# Tests fail w/ sandboxes
-# https://github.com/thom311/libnl/issues/361
-RESTRICT="!test? ( test ) test"
+RESTRICT="!test? ( test )"
RDEPEND="python? ( ${PYTHON_DEPS} )"
DEPEND="${RDEPEND}"
@@ -69,6 +67,8 @@ MULTILIB_WRAPPED_HEADERS=(
PATCHES=(
"${FILESDIR}"/0001-Fix-compilation-error-in-GCC-14.patch
+ "${FILESDIR}"/${P}-tests-ns.patch
+ "${FILESDIR}"/${PN}-3.11.0-no-iproute2.patch
)
src_prepare() {
diff --git a/dev-libs/libnl/libnl-9999.ebuild b/dev-libs/libnl/libnl-9999.ebuild
index fa0d4e1efc44..5d4ac2e9b242 100644
--- a/dev-libs/libnl/libnl-9999.ebuild
+++ b/dev-libs/libnl/libnl-9999.ebuild
@@ -30,9 +30,7 @@ fi
LICENSE="LGPL-2.1 utils? ( GPL-2 )"
SLOT="3"
IUSE="+debug python test utils"
-# Tests fail w/ sandboxes
-# https://github.com/thom311/libnl/issues/361
-RESTRICT="!test? ( test ) test"
+RESTRICT="!test? ( test )"
RDEPEND="python? ( ${PYTHON_DEPS} )"
DEPEND="${RDEPEND}"
@@ -67,6 +65,11 @@ MULTILIB_WRAPPED_HEADERS=(
/usr/include/libnl3/netlink/cli/utils.h
)
+PATCHES=(
+ "${FILESDIR}"/0001-Fix-compilation-error-in-GCC-14.patch
+ "${FILESDIR}"/${PN}-3.11.0-no-iproute2.patch
+)
+
src_prepare() {
default
