build tag v1.31.1+k3s1

Makefile

@@ -1,6 +1,21 @@
 TARGETS := $(shell ls scripts | grep -v \\.sh)
 GO_FILES ?= $$(find . -name '*.go' | grep -v generated)
+GO_VERSION ?= 1.22.6
+USE_DAPPER ?= 1
+UNAME := $(shell uname -m)
+SHELL = /bin/bash
+WD := $(shell pwd)
+export TOOLPATH := $(WD)
+export GOROOT := $(TOOLPATH)/bin/go
+export PATH := $(TOOLPATH)/bin:$(GOROOT)/bin:$(PATH)
 
+ifeq ($(UNAME),x86_64)
+	ARCH = amd64
+else
+        ifeq ($(UNAME),aarch64)
+	        ARCH = arm64
+        endif
+endif
 
 .dapper:
 	@echo Downloading dapper
@@ -9,8 +24,47 @@ GO_FILES ?= $$(find . -name '*.go' | grep -v generated)
 	@./.dapper.tmp -v
 	@mv .dapper.tmp .dapper
 
+.nodapper:
+	$(info Checking essential build tools.)
+	@if [ ! -d $(WD)/bin ] ; then \
+		mkdir $(WD)/bin ; \
+	fi
+	$(info Checking go version for compatibility.)
+	@if [ ! -d $(GOROOT) ] ; then \
+		echo "No go found, fetching compatible version." ; curl -sL https://go.dev/dl/go$(GO_VERSION).linux-$(ARCH).tar.gz | tar -C $$PWD/bin -zxf - ; \
+	else \
+		case "$$(go version)" in \
+			*$(GO_VERSION)* ) echo "Compatible go version found." ;; \
+			* ) echo "Go appears to be " $$(go version) ; echo "Incompatible or non-functional go found, fetching compatible version." ; curl -sL https://go.dev/dl/go$(GO_VERSION).linux-$(ARCH).tar.gz | tar -C $$PWD/bin -zxf - ;; \
+		esac \
+	fi
+	@if ! type yq 2>/dev/null ; then \
+		echo "yq not found, fetching."; \
+		curl -sL --output $$PWD/bin/yq https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_$(ARCH) ; \
+		chmod +x $$PWD/bin/yq ; \
+	fi
+
+ifeq ($(strip $(USE_DAPPER)),1)
 $(TARGETS): .dapper
 	./.dapper $@
+else
+
+# We call clean ourselves in a separate target and we are reproducing the ci
+# call here in our 'build' case.
+$(filter-out clean ci, $(TARGETS)): .nodapper
+	env ; \
+	case $@ in \
+		build ) ./scripts/download ; ./scripts/validate ; ./scripts/build ;; \
+		* ) ./scripts/$@ ;; \
+	esac
+
+ci: build
+	$(info No additional ci steps required.)
+
+clean:
+	./scripts/clean
+
+endif
 
 .PHONY: deps
 deps:
@@ -42,4 +96,4 @@ format:
 local:
 	DOCKER_BUILDKIT=1 docker build \
 		--build-arg="REPO TAG GITHUB_TOKEN GOLANG GOCOVER DEBUG" \
-		-t k3s-local -f Dockerfile.local --output=. .
+		-t k3s-local -f Dockerfile.local --output=. .

debian/.gitignore

@@ -0,0 +1,3 @@
+debhelper-build-stamp
+files
+k3s*

debian/README.source

@@ -0,0 +1,3 @@
+This package source is managed by quilt.  Please refer to
+/usr/share/doc/quilt/README.source for details on working
+with the quilt patch management system.

debian/changelog

@@ -0,0 +1,31 @@
+k3s (1.31.1+k3s1+ind1) UNRELEASED; urgency=medium
+
+  * upgrade k3s
+
+ -- Industrial OS Team <[email protected]>  Tue, 10 Dec 2024 13:46:00 +0200
+
+k3s (1.27.2+k3s1+mel4) UNRELEASED; urgency=medium
+
+  * set HOME in rules to allow successful go builds
+
+ -- Industrial OS Team <[email protected]>  Fri, 14 Jul 2023 16:06:00 -0400
+
+k3s (1.27.2+k3s1+mel3) UNRELEASED; urgency=medium
+
+  * Add git to Build-Depends since debian/source/format requires it
+
+ -- Industrial OS Team <[email protected]>  Tue, 11 Jul 2023 07:30:00 +0100
+
+k3s (1.27.2+k3s1+mel2) UNRELEASED; urgency=medium
+
+  * local package
+  * Correct service file exec locations
+
+ -- Industrial OS Team <[email protected]>  Tue, 04 Jul 2023 07:47:19 -0400
+
+k3s (1.27.2+k3s1+mel1) UNRELEASED; urgency=medium
+
+  * local package
+  * Packaging k3s from meta-virtualization for Sokol Linux
+
+ -- Industrial OS Team <[email protected]>  Thu, 20 Apr 2023 16:14:13 -0400

debian/compat

@@ -0,0 +1 @@
+11

debian/control

@@ -0,0 +1,23 @@
+Source: k3s
+Section: admin
+Priority: optional
+Maintainer: Mentor Embedded <[email protected]>
+Build-Depends: debhelper (>= 11), chrpath, cpio, curl, diffstat, docker.io | docker-ce, gawk, libseccomp-dev, lz4, pkg-config, wget, zstd, git
+Standards-Version: 4.5.1
+Homepage: https://k3s.io/
+Rules-Requires-Root: no
+
+Package: k3s
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ca-certificates, conntrack, iproute2, ipset, iptables, libc6 (>= 2.36), runc, libipset13, containerd
+Description: Lightweight Kubernetes client binary (k3s)
+ K3s - Lightweight Kubernetes - is a portable, extensible, open-source
+ platform for managing containerized workloads and services, that
+ facilitates both declarative configuration and automation. It has a
+ large, rapidly growing ecosystem.
+ .
+ K3s is fully compliant with Kubernetes distribution that is packaged as a
+ single binary, providing all dependencies with approximately half the
+ memory footprint of a full Kubernetes implementation and a binary of
+ approximately 100MB in size.
+

debian/copyright

@@ -0,0 +1,24 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: k3s
+Upstream-Contact: Derek Nola <[email protected]>
+
+Files: *
+Copyright: 2021 K3s Project Authors
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache version 2.0 license
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
+Files: debian/*
+Copyright: 2024, Siemens

debian/k3s-killall

@@ -0,0 +1,78 @@
+#!/bin/bash
+[ $(id -u) -eq 0 ] || exec sudo $0 $@
+
+for bin in /var/lib/rancher/k3s/data/**/bin/; do
+    [ -d $bin ] && export PATH=$PATH:$bin:$bin/aux
+done
+
+set -x
+
+for service in /etc/systemd/system/k3s*.service; do
+    [ -s $service ] && systemctl stop $(basename $service)
+done
+
+for service in /etc/init.d/k3s*; do
+    [ -x $service ] && $service stop
+done
+
+pschildren() {
+    ps -e -o ppid= -o pid= | \
+    sed -e 's/^\s*//g; s/\s\s*/\t/g;' | \
+    grep -w "^$1" | \
+    cut -f2
+}
+
+pstree() {
+    for pid in $@; do
+        echo $pid
+        for child in $(pschildren $pid); do
+            pstree $child
+        done
+    done
+}
+
+killtree() {
+    kill -9 $(
+        { set +x; } 2>/dev/null;
+        pstree $@;
+        set -x;
+    ) 2>/dev/null
+}
+
+getshims() {
+    ps -e -o pid= -o args= | sed -e 's/^ *//; s/\s\s*/\t/;' | grep -w 'k3s/data/[^/]*/bin/containerd-shim' | cut -f1
+}
+
+killtree $({ set +x; } 2>/dev/null; getshims; set -x)
+
+do_unmount_and_remove() {
+    set +x
+    while read -r _ path _; do
+        case "$path" in $1*) echo "$path" ;; esac
+    done < /proc/self/mounts | sort -r | xargs -r -t -n 1 sh -c 'umount "$0" && rm -rf "$0"'
+    set -x
+}
+
+do_unmount_and_remove '/run/k3s'
+do_unmount_and_remove '/var/lib/rancher/k3s'
+do_unmount_and_remove '/var/lib/kubelet/pods'
+do_unmount_and_remove '/var/lib/kubelet/plugins'
+do_unmount_and_remove '/run/netns/cni-'
+
+# Remove CNI namespaces
+ip netns show 2>/dev/null | grep cni- | xargs -r -t -n 1 ip netns delete
+
+# Delete network interface(s) that match 'master cni0'
+ip link show 2>/dev/null | grep 'master cni0' | while read ignore iface ignore; do
+    iface=${iface%%@*}
+    [ -z "$iface" ] || ip link delete $iface
+done
+ip link delete cni0
+ip link delete flannel.1
+ip link delete flannel-v6.1
+ip link delete kube-ipvs0
+ip link delete flannel-wg
+ip link delete flannel-wg-v6
+rm -rf /var/lib/cni/
+iptables-save | grep -v KUBE- | grep -v CNI- | grep -iv flannel | iptables-restore
+ip6tables-save | grep -v KUBE- | grep -v CNI- | grep -iv flannel | ip6tables-restore

debian/k3s.links

@@ -0,0 +1,3 @@
+usr/sbin/k3s usr/sbin/kubectl
+usr/sbin/k3s usr/sbin/crictl
+usr/sbin/k3s usr/sbin/ctr

debian/k3s.lintian-overrides

@@ -0,0 +1,18 @@
+# The purpose of the k3s package is to provide a static binary.  This static
+# linking is intentional, since no dynamic link version is possible.
+k3s: statically-linked-binary usr/sbin/k3s
+# k3s intentionally does not provide manpages for these.
+k3s: no-manual-page usr/sbin/containerd
+k3s: no-manual-page usr/sbin/crictl
+k3s: no-manual-page usr/sbin/ctr
+k3s: no-manual-page usr/sbin/k3s
+k3s: no-manual-page usr/sbin/k3s-agent
+k3s: no-manual-page usr/sbin/k3s-certificate
+k3s: no-manual-page usr/sbin/k3s-completion
+k3s: no-manual-page usr/sbin/k3s-etcd-snapshot
+k3s: no-manual-page usr/sbin/k3s-secrets-encrypt
+k3s: no-manual-page usr/sbin/k3s-server
+k3s: no-manual-page usr/sbin/k3s-token
+k3s: no-manual-page usr/sbin/kubectl
+# We want to build without PIE, this is intentional
+k3s: hardening-no-pie usr/sbin/k3s

debian/rules

@@ -0,0 +1,51 @@
+#!/usr/bin/make -f
+
+# output every command that modifies files on the build system.
+# export DH_VERBOSE = 1
+# make debhelper commands more verbose
+# export DH_OPTIONS = -v
+export USE_DAPPER ?= 0
+# set HOME since go requires GOCACHE be set and the default ($HOME/.go-cache)
+# will cause a build failure with sbuild.  Setting $HOME to $(CURDIR) is a
+# default solution to this problem for some packages:
+# 	https://lists.debian.org/debian-mentors/2018/08/msg00003.html
+export HOME = $(CURDIR)
+# DRONE_TAG is used by dapper, which gets the version from the git tag, 
+# but because dapper is not used in the build process will initialize it
+# here based on the git tag
+DRONE_TAG=v1.31.1+k3s1
+
+%:
+	dh $@
+
+ifeq ($(strip $(USE_DAPPER)),1)
+# Dapper builds require this, regular builds don't
+override_dh_auto_configure:
+	mkdir -p build/data
+	make download
+	make generate
+endif
+
+override_dh_auto_build:
+	dh_auto_build -- DRONE_TAG=$(DRONE_TAG)
+
+override_dh_auto_test:
+	@echo Skipping tests
+
+override_dh_auto_install:
+	mkdir -p debian/k3s/usr/sbin/
+	mkdir -p debian/k3s/etc/rancher/k3s/ 
+	mkdir -p debian/k3s/lib/systemd/system/ 
+	install -m 0755 bin/k3s debian/k3s/usr/sbin/ 
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/containerd
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/crictl 
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/ctr 
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-agent
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-certificate
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-completion
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-etcd-snapshot
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-secrets-encrypt
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-server
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/k3s-token
+	ln -sf debian/k3s/usr/sbin/k3s debian/k3s/usr/sbin/kubectl 
+	install -m 0644 k3s.service debian/k3s/lib/systemd/system/ 

debian/source/format

@@ -0,0 +1 @@
+3.0 (git)

debian/source/lintian-overrides

@@ -0,0 +1,41 @@
+# dapper is a build environment used by k3s. It isn't necessary to build the
+# source but the makefile provided by the project assumes it will be used and
+# will download it as part of the preparation step
+source-is-missing .dapper
+# These are tools used by dapper to build k3s within docker containers
+source-is-missing bin/aux/ebtables-legacy
+source-is-missing bin/aux/ebtablesd
+source-is-missing bin/aux/ebtablesu
+source-is-missing bin/aux/xtables-legacy-multi
+source-is-missing bin/aux/xtables-nft-multi
+source-is-missing bin/blkid
+source-is-missing bin/busybox
+source-is-missing bin/cni
+source-is-missing bin/conntrack
+source-is-missing bin/containerd-shim-runc-v2
+source-is-missing bin/coreutils
+source-is-missing bin/ethtool
+source-is-missing bin/find
+source-is-missing bin/fuse-overlayfs
+source-is-missing bin/ip
+source-is-missing bin/ipset
+source-is-missing bin/k3s
+source-is-missing bin/losetup
+source-is-missing bin/nsenter
+source-is-missing bin/pigz
+source-is-missing bin/runc
+source-is-missing bin/slirp4netns
+# this is the output of the full build process, lintian is unable to determine
+# this correctly
+source-is-missing dist/artifacts/k3s
+# the k3s package intentionally provides only a statically linked binary
+package-depends-on-hardcoded-libc k3s Depends
+package-needs-versioned-debhelper-build-depends 11
+# k3s has no Debian maintainer, this is a vendor packaging
+no-nmu-in-changelog
+# we are using the git source format
+unsupported-source-format
+# upstream sources aren't part of the git source format
+empty-upstream-sources
+# this is the formatting used by the k3s.io project for their releases
+malformed-debian-changelog-version 1.31.1+k3s1+mel5 (for non-native)

go.mod

@@ -1,6 +1,6 @@
 module github.com/k3s-io/k3s
 
-go 1.22.5
+go 1.22.6
 
 replace (
 	github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.7

k3s-rootless.service

@@ -26,7 +26,7 @@ Description=k3s (Rootless)
 Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 # NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation.
 # If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope.
-ExecStart=/usr/local/bin/k3s server --rootless --snapshotter=fuse-overlayfs
+ExecStart=/usr/sbin/k3s server --rootless --snapshotter=fuse-overlayfs
 ExecReload=/bin/kill -s HUP $MAINPID
 TimeoutSec=0
 RestartSec=2

k3s.service

@@ -9,8 +9,8 @@ Type=notify
 EnvironmentFile=-/etc/default/%N
 EnvironmentFile=-/etc/sysconfig/%N
 EnvironmentFile=-/etc/systemd/system/k3s.service.env
-ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service 2>/dev/null'
-ExecStart=/usr/local/bin/k3s server
+ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
+ExecStart=/usr/sbin/k3s server
 KillMode=process
 Delegate=yes
 # Having non-zero Limit*s causes performance problems due to accounting overhead