From cc0e9f2e5c7d479a6f1a4c9d1d6bdaa2ca5ff04634249bd35b15576299d06859 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Fri, 31 Jan 2020 03:08:54 +0000
Subject: [PATCH 1/3] Accepting request 768954 from home:cyphar:lxc

- Update to LXD 3.20. The full upstream changelog is available from:
  https://discuss.linuxcontainers.org/t/lxd-3-20-has-been-released/6673
  boo#1162299
  + Server side support of API collections
  + New unix-hotplug device type
  + Support for standby cluster members
- Update packaging to use GOPATH="_dist" rather than trying to move everything
  to vendor/. This is the recommended approach by upstream (and makes our
  specfile marginally less horrific).

OBS-URL: https://build.opensuse.org/request/show/768954
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=37
---
 lxd-3.19.tar.gz     |  3 ---
 lxd-3.19.tar.gz.asc | 16 ----------------
 lxd-3.20.tar.gz     |  3 +++
 lxd-3.20.tar.gz.asc | 16 ++++++++++++++++
 lxd.changes         | 13 +++++++++++++
 lxd.spec            | 26 ++++++--------------------
 6 files changed, 38 insertions(+), 39 deletions(-)
 delete mode 100644 lxd-3.19.tar.gz
 delete mode 100644 lxd-3.19.tar.gz.asc
 create mode 100644 lxd-3.20.tar.gz
 create mode 100644 lxd-3.20.tar.gz.asc

diff --git a/lxd-3.19.tar.gz b/lxd-3.19.tar.gz
deleted file mode 100644
index ca0b2fa..0000000
--- a/lxd-3.19.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:afc0b0912e5fa977007cfd97805849a3a47564eaaaa1638948081665ad7224c8
-size 24468419
diff --git a/lxd-3.19.tar.gz.asc b/lxd-3.19.tar.gz.asc
deleted file mode 100644
index 3f2e9c4..0000000
--- a/lxd-3.19.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEYC9WdmPlk7y9FPM4xjiXTWR5LWcFAl4fh4MACgkQxjiXTWR5
-LWddlQ/+PD9UFJYmDCWuEIvLb5tGoKdrwOxTFItLvoL1+MpHtphRWFS8UArm6sS/
-ev7r8QTM9HMUCd+PbEEVYJ+tLbiEC4SJzG1en4Cfprl27BeSra9SQGzt/WdzGtZ7
-S2h3CvJrjHxOg0aBqBIIRPuvpETnpWFAXyALicf4KtuPimqPdFsDcOYAxtOQN2s/
-fVaZ8ibMNFcCGFn6PmXa0f3qiJfzKC1FsOEmVc4WpfU42g4tMZWJnFWsF5zRw+WC
-gIA3CD5xHwrLfN0gg6tMbM/Aa1FWjBXcDHxP4uf2V6i8OxcIPzdfqf8auXbOkOwC
-dtO3KZKFo1tJ2kwlhT7WaIOeHifFfRa3dybtyFGzpw50ZFjyGCjDK6T+i+FCZsOX
-N9ergkzUqDw5GeYuxnjsSWT8bREZYw9RMpUfbM3d+UWQ2NFbNevCRMRcXDTlstO+
-4Jst6Yice7ohmfzOaeGgB+RTMnrBUZLp/5qpNiEKjOH+qDh8fE/IbcW+vNdco481
-jv0GJPJKg0XdWr0NkzMsuI6cjGkntWDwKQbtAOvRWJI3Q3Xg7PFZBu9Q7Q/oz6Q7
-G6WQvmQY4urFARLvjQgb3ZpsFwlJNMgeChzI2CQkfC8/Bl8Zvr/wVtaMx98yrVni
-kjvJkp/G9eOOlEkB1IvCdJpwpz5vPdJhndJUcn/bv7ggTJlqlu4=
-=XqkK
------END PGP SIGNATURE-----
diff --git a/lxd-3.20.tar.gz b/lxd-3.20.tar.gz
new file mode 100644
index 0000000..1a45fef
--- /dev/null
+++ b/lxd-3.20.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fb0189ff417a55fef551c749e60993977421e4788cbb9f57a08f037d8b8b4b3f
+size 24549158
diff --git a/lxd-3.20.tar.gz.asc b/lxd-3.20.tar.gz.asc
new file mode 100644
index 0000000..ce727ca
--- /dev/null
+++ b/lxd-3.20.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEYC9WdmPlk7y9FPM4xjiXTWR5LWcFAl4zMqEACgkQxjiXTWR5
+LWf3XhAA2MgOeb5f7oF3/mHaIow0HvOtBUEQpZW9/j18zsfO0vhrxuXtQf5iOcnO
+oS/o5HH0erghn0sdPmn5r+MyDoqEP2sTpNlCIiyVjx7BgtMkE/pwyhRpdXS9Si+w
+dC9zotL7qXDYEXOGfpqlZGbOk0DXEmRPmWQ7NMSINOIBkjA/fYCPy4iFoKwdqjRV
+ODSM35WMIdY1noi//d2PYOZyuK38yN3b5uyDrWi2DUc1xXH+MHzaFCkr7tWalDcf
+9plMlzFgOpXRU13VvxBDgCeAT4CimDvP2zf7gaAPWFsBr7E4AOXazuvDfvIclZvA
+DdZdQy0F8RRh3ULY+qCfkK01IsxO32mjh7/oj2mrBx6l+HVyXKE6hzT/xEkqxd5k
+j0dqkilIbVFeuWIGBCdh5JfvbbHLKvzYt75BSdBrC1t8EasfbN2w5hmVBkYMZV6+
+9MSTjfyl+4WgiynmG0Ihidd5ouAtJ+ijEqEfCk0nHgZjslEZ720giRFbwCqh3wNc
+D8QpmDaN7qc4r64aHwP4J4ii6P312363lWom3/SzQj795az5MYHRBHTeLSBM7hQO
+Y6nn+k99tc2z7/bmHT1RA7vJYEsXb36AtWPLzsrB6GJR8vMhSz6C5n9H3bR+fQd1
+fWLVadXl9ULEiiYaWU/ypvjYv9YEp8sRbbSvMCuHKyVw/5Zl/Ko=
+=se38
+-----END PGP SIGNATURE-----
diff --git a/lxd.changes b/lxd.changes
index 151864d..3d8776a 100644
--- a/lxd.changes
+++ b/lxd.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Jan 31 00:33:47 UTC 2020 - Aleksa Sarai <asarai@suse.com>
+
+- Update to LXD 3.20. The full upstream changelog is available from:
+  https://discuss.linuxcontainers.org/t/lxd-3-20-has-been-released/6673
+  boo#1162299
+  + Server side support of API collections
+  + New unix-hotplug device type
+  + Support for standby cluster members
+- Update packaging to use GOPATH="_dist" rather than trying to move everything
+  to vendor/. This is the recommended approach by upstream (and makes our
+  specfile marginally less horrific).
+
 -------------------------------------------------------------------
 Fri Jan 17 05:17:53 UTC 2020 - Aleksa Sarai <asarai@suse.com>
 
diff --git a/lxd.spec b/lxd.spec
index 3812b38..a37267e 100644
--- a/lxd.spec
+++ b/lxd.spec
@@ -23,7 +23,7 @@
 %define import_path github.com/lxc/lxd
 
 Name:           lxd
-Version:        3.19
+Version:        3.20
 Release:        0
 Summary:        Container hypervisor based on LXC
 License:        Apache-2.0
@@ -42,6 +42,7 @@ BuildRequires:  fdupes
 BuildRequires:  golang-packaging
 BuildRequires:  libacl-devel
 BuildRequires:  libcap-devel
+BuildRequires:  libudev-devel
 BuildRequires:  patchelf
 BuildRequires:  pkg-config
 BuildRequires:  rsync
@@ -88,28 +89,10 @@ Bash command line completion support for %{name}.
 %prep
 %setup -q
 
-# If there is a vendor/ move it to _dist/src/.
-if [ -d vendor ]
-then
-	cp -at _dist/src vendor/*
-	rm -rf vendor/
-fi
-# Move _dist/src (which is LXD's variant of vendoring) to vendor/.
-mv -v _dist/src vendor
-
-# For some reason, some vendored packages have stored their vendored sources
-# within their source tree inside the vendor tree (?!). So we need to
-# workaround this, even though it's probably a bug in LXD packaging.
-for vendor in $(find vendor/* -type d -name vendor)
-do
-	rsync -a "$vendor/" vendor/
-	rm -rf "$vendor/"
-done
-
 # Create fake "go mod"-like import paths. This is going to be really fun to
 # maintain but it's unfortunately necessary because openSUSE doesn't have nice
 # "go mod" support in OBS...
-ln -s . vendor/github.com/cpuguy83/go-md2man/v2
+ln -s . _dist/src/github.com/cpuguy83/go-md2man/v2
 
 %build
 # Make sure any leftover go build caches are gone.
@@ -188,6 +171,9 @@ readarray -t mainpkgs \
 	      awk -F: '$1 == "main" { print $2 }' | \
 	      grep -Ev '^github.com/lxc/lxd/(test|shared)')"
 
+# We don't use
+export GOPATH="$GOPATH:$PKGDIR/_dist"
+
 # And now we can finally build LXD and all of the related binaries.
 mkdir bin
 for mainpkg in "${mainpkgs[@]}"

From be143eb303e66a232b96ec1d11b7786b765957adf5f6b73eae3c47c7776035f7 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Fri, 31 Jan 2020 03:11:46 +0000
Subject: [PATCH 2/3] Accepting request 768960 from home:cyphar:lxc

Clean up half-written comment.

OBS-URL: https://build.opensuse.org/request/show/768960
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=38
---
 lxd.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd.spec b/lxd.spec
index a37267e..39bb185 100644
--- a/lxd.spec
+++ b/lxd.spec
@@ -171,7 +171,7 @@ readarray -t mainpkgs \
 	      awk -F: '$1 == "main" { print $2 }' | \
 	      grep -Ev '^github.com/lxc/lxd/(test|shared)')"
 
-# We don't use
+# _dist/src is effectively an old-school "vendor/" tree, so add it to GOPATH.
 export GOPATH="$GOPATH:$PKGDIR/_dist"
 
 # And now we can finally build LXD and all of the related binaries.

From b9055f3969c35b79a0f5315698b539d00573bb4547c9949fe568dcb3977cc64e Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Fri, 31 Jan 2020 10:41:15 +0000
Subject: [PATCH 3/3] Accepting request 769023 from home:cyphar:lxc

- Backport https://github.com/canonical/dqlite/pull/207 to fix boo#1156336.
  + boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch

OBS-URL: https://build.opensuse.org/request/show/769023
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/lxd?expand=0&rev=39
---
 ...lete-fix-double-unlock-of-root-mutex.patch | 47 +++++++++++++++++++
 lxd.changes                                   |  6 +++
 lxd.spec                                      |  4 ++
 3 files changed, 57 insertions(+)
 create mode 100644 boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch

diff --git a/boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch b/boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch
new file mode 100644
index 0000000..082da12
--- /dev/null
+++ b/boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch
@@ -0,0 +1,47 @@
+From 13548f8bdb309d18801de9febb8f5829b6b9ae55 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <cyphar@cyphar.com>
+Date: Fri, 31 Jan 2020 20:57:47 +1100
+Subject: [PATCH] vfs: vfs__delete: fix double-unlock of &root->mutex
+
+vfs__delete_contents would unlock the passed &root->mutex, but all of
+its callers would then also unlock the passed &root->mutex. It turns out
+that this works on most architectures without issue, but apparently on
+some Intel CPUs with TSX enabled this will trigger a general protection
+fault[1,2].
+
+This was the cause of a very frustrating bug where LXD would segfault on
+start-up[3].
+
+[1]: https://lwn.net/Articles/534758/
+[2]: https://software.intel.com/en-us/forums/intel-isa-extensions/topic/675036
+[3]: https://bugzilla.opensuse.org/show_bug.cgi?id=1156336
+
+Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
+---
+ src/vfs.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/vfs.c b/src/vfs.c
+index 3a4c205a1d4a..443a6ad3b980 100644
+--- a/src/vfs.c
++++ b/src/vfs.c
+@@ -619,7 +619,6 @@ static int vfs__delete_content(struct root *root, const char *filename)
+ 	/* Check that there are no consumers of this file. */
+ 	if (content->refcount > 0) {
+ 		root->error = EBUSY;
+-		pthread_mutex_unlock(&root->mutex);
+ 		rc = SQLITE_IOERR_DELETE;
+ 		goto err;
+ 	}
+@@ -630,8 +629,6 @@ static int vfs__delete_content(struct root *root, const char *filename)
+ 	/* Reset the file content slot. */
+ 	*(root->contents + content_index) = NULL;
+ 
+-	pthread_mutex_unlock(&root->mutex);
+-
+ 	return SQLITE_OK;
+ 
+ err:
+-- 
+2.25.0
+
diff --git a/lxd.changes b/lxd.changes
index 3d8776a..7e55caa 100644
--- a/lxd.changes
+++ b/lxd.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jan 31 10:16:27 UTC 2020 - Aleksa Sarai <asarai@suse.com>
+
+- Backport https://github.com/canonical/dqlite/pull/207 to fix boo#1156336.
+  + boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch
+
 -------------------------------------------------------------------
 Fri Jan 31 00:33:47 UTC 2020 - Aleksa Sarai <asarai@suse.com>
 
diff --git a/lxd.spec b/lxd.spec
index 39bb185..a1c4899 100644
--- a/lxd.spec
+++ b/lxd.spec
@@ -38,6 +38,8 @@ Source100:      %{name}.service
 # Additional runtime configuration.
 Source200:      %{name}.sysctl
 Source201:      %{name}.dnsmasq
+# FIX-UPSTREAM: Backport of https://github.com/canonical/dqlite/pull/207. boo#1156336
+Patch100:       boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch
 BuildRequires:  fdupes
 BuildRequires:  golang-packaging
 BuildRequires:  libacl-devel
@@ -88,6 +90,8 @@ Bash command line completion support for %{name}.
 
 %prep
 %setup -q
+# boo#1156336
+%patch100 -d _dist/deps/dqlite -p1
 
 # Create fake "go mod"-like import paths. This is going to be really fun to
 # maintain but it's unfortunately necessary because openSUSE doesn't have nice