From 1705c38d81e3118e3e89f7d31d86a9203e58799a Mon Sep 17 00:00:00 2001
From: Stephen Kitt <skitt@redhat.com>
Date: Wed, 11 Dec 2024 08:42:28 +0100
Subject: [PATCH 1/3] Switch to Fedora for nettest and use packaged netperf

netperf currently fails to build with the latest Alpine images, even
with _GNU_SOURCE fixes.

To allow building the nettest image again, this switches to Fedora,
where netperf is available as a package (so we don't need to deal with
building it). The image size is more than doubled, from 24.2MiB with
Alpine to 59.8MiB with Fedora.

This ends up with nmap ncat rather than busybox ncat, so the nettest
scripts are adjusted to suit, and a busybox nc emulation script is
included for other users of nc.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
(cherry picked from commit a00788004b811a4c0d88075a5dc71200e36ea38b)
---
 package/Dockerfile.nettest   | 34 ++++++------------
 scripts/nettest/metricsproxy |  2 +-
 scripts/nettest/nc           | 50 ++++++++++++++++++++++++++
 scripts/nettest/simpleserver |  2 +-
 scripts/shared/dnf_install   | 68 ++++++++++++++++++++++++++++++++++++
 5 files changed, 131 insertions(+), 25 deletions(-)
 create mode 100755 scripts/nettest/nc
 create mode 100755 scripts/shared/dnf_install

diff --git a/package/Dockerfile.nettest b/package/Dockerfile.nettest
index eedb72048..09cac2dee 100644
--- a/package/Dockerfile.nettest
+++ b/package/Dockerfile.nettest
@@ -1,32 +1,20 @@
-FROM alpine
+ARG FEDORA_VERSION=41
 
-WORKDIR /app
+FROM --platform=${BUILDPLATFORM} fedora:${FEDORA_VERSION} AS base
+ARG FEDORA_VERSION
+ARG TARGETPLATFORM
 
-RUN apk add --update --no-cache gcc libc-dev make git automake autoconf
+COPY scripts/shared/dnf_install /
 
-RUN git clone --depth 1 https://github.com/HewlettPackard/netperf \
-    && git -C netperf reset --hard 3bc455b23f901dae377ca0a558e1e32aa56b31c4
-RUN cd netperf \
-    && ./autogen.sh \
-    && ./configure CFLAGS=-fcommon \
-    && make -C src && make -C src install
+RUN /dnf_install -a ${TARGETPLATFORM} -v ${FEDORA_VERSION} -r /output/nettest \
+    glibc bash glibc-minimal-langpack coreutils-single libcurl-minimal \
+    bind-utils curl-minimal iperf3 iputils netperf nmap-ncat tcpdump
 
+FROM scratch
+ARG TARGETPLATFORM
 
-FROM alpine
+COPY --from=base /output/nettest /
 
-WORKDIR /app
-
-ARG VERSION
-
-RUN apk add --no-cache \
-	bash \
-	bind-tools \
-	curl \
-	iputils \
-	iperf3 \
-	tcpdump
-
-COPY --from=0 /usr/local/bin/net* /usr/local/bin/
 COPY scripts/nettest/* /app/
 
 RUN echo ${VERSION} >> /app/version
diff --git a/scripts/nettest/metricsproxy b/scripts/nettest/metricsproxy
index 5f20f72d1..215c01b05 100755
--- a/scripts/nettest/metricsproxy
+++ b/scripts/nettest/metricsproxy
@@ -1,4 +1,4 @@
 #!/bin/sh
 
 # Arguments: source-port target-IP target-port
-exec /usr/bin/nc -v -lk -p "$1" -e nc "$2" "$3"
+exec /usr/bin/ncat -v -lk -p "$1" -c "/usr/bin/ncat $2 $3"
diff --git a/scripts/nettest/nc b/scripts/nettest/nc
new file mode 100755
index 000000000..149a4e41d
--- /dev/null
+++ b/scripts/nettest/nc
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# This wrapper converts Busybox syntax to nmap ncat:
+# * -e becomes -c
+# * -w and -i need a s suffix on their argument
+# * with -l, -p XX and -s YY become YY XX
+
+args=()
+listening=
+sourceport=
+sourceaddress=
+while [ -n "$1" ] && [ "$1" != "-e" ]; do
+    case "$1" in
+        -w|-i)
+            args+=("$1" "$2"s)
+            shift 2;;
+        -l|-lk)
+            listening=1
+            args+=("$1")
+            shift;;
+        -p)
+            sourceport="$2"
+            shift 2;;
+        -s)
+            sourceaddress="$2"
+            shift 2;;
+        *)
+            args+=("$1")
+            shift;;
+    esac
+done
+
+if [ -n "$listening" ]; then
+    args+=(-l ${sourceaddress:+"$sourceaddress"} ${sourceport:+"$sourceport"})
+else
+    if [ -n "$sourceaddress" ]; then
+        args+=(-s "$sourceaddress")
+    fi
+    if [ -n "$sourceport" ]; then
+        args+=(-p "$sourceport")
+    fi
+fi
+
+cmd=""
+if [ "$1" = "-e" ]; then
+    shift
+    cmd="$*"
+fi
+
+exec /usr/bin/ncat "${args[@]}" ${cmd:+"-c $cmd"}
diff --git a/scripts/nettest/simpleserver b/scripts/nettest/simpleserver
index c7aaf43e8..92e094f44 100755
--- a/scripts/nettest/simpleserver
+++ b/scripts/nettest/simpleserver
@@ -3,5 +3,5 @@ set -e
 
 while true
 do
-    echo -e "HTTP/1.1 200 OK\r\n\r\nHello World" | nc -l -p 8080
+    echo -e "HTTP/1.1 200 OK\r\n\r\nHello World" | /usr/bin/ncat -l 8080
 done
diff --git a/scripts/shared/dnf_install b/scripts/shared/dnf_install
new file mode 100755
index 000000000..9a786b2cf
--- /dev/null
+++ b/scripts/shared/dnf_install
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+# Installs packages using dnf to a named root:
+# -a arch - use arch instead of the native arch
+# -k      - keep the package cache
+# -r root - install to the named root instead of /output/base
+# -v ver  - use the given Fedora version (required)
+#
+# %arch in the package references will be replaced with the chosen arch
+
+set -e
+
+INSTALL_ROOT=/output/base
+
+# Limit the number of files so that dnf doesn't spend ages processing fds
+if [[ $(ulimit -n) -gt 1048576 ]]; then
+    ulimit -n 1048576
+fi
+
+while getopts a:kr:v: o
+do
+    case "$o" in
+    a)
+        ARCH="$OPTARG"
+        ;;
+    k)
+        KEEP_CACHE=true
+        ;;
+    r)
+        INSTALL_ROOT="$OPTARG"
+        ;;
+    v)
+        FEDORA_VERSION="$OPTARG"
+        ;;
+    *)
+        echo "$0 doesn't support $o" >&2
+        exit 1
+        ;;
+    esac
+done
+shift $((OPTIND - 1))
+
+arch_args=()
+
+if [[ -n "${ARCH}" ]]; then
+    # Convert container arch to Fedora arch
+    ARCH="${ARCH##*/}"
+    case "${ARCH}" in
+        amd64) ARCH=x86_64;;
+        arm64) ARCH=aarch64;;
+    esac
+    arch_args=(--forcearch "${ARCH}")
+else
+    # This will be used later, but we won't force
+    ARCH="$(rpm -q --qf "%{arch}" rpm)"
+fi
+
+[[ -z "${FEDORA_VERSION}" ]] && echo I need to know which version of Fedora to install, specify it with -v >&2 && exit 1
+
+if [[ "${INSTALL_ROOT}" != /output/base ]] && [[ ! -d "${INSTALL_ROOT}" ]] && [[ -d /output/base ]]; then
+    cp -a /output/base "${INSTALL_ROOT}"
+fi
+
+dnf -y --setopt=install_weak_deps=0 --nodocs --use-host-config "${arch_args[@]}" \
+    --installroot "${INSTALL_ROOT}" --releasever "${FEDORA_VERSION}" \
+    install "${@//\%arch/${ARCH}}"
+
+[[ "${KEEP_CACHE}" == true ]] || dnf -y "${arch_args[@]}" --installroot "${INSTALL_ROOT}" --releasever "${FEDORA_VERSION}" clean all

From c73e15a8db0f3b10f401ba4d81653967531de79c Mon Sep 17 00:00:00 2001
From: Stephen Kitt <skitt@redhat.com>
Date: Mon, 16 Dec 2024 17:03:31 +0100
Subject: [PATCH 2/3] Add /app to the PATH

This ensures that the Busybox compatible nc script is used instead of
ncat.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
(cherry picked from commit 0e27d4db5de34395224dc2d0c1b8193e9b21e36a)
---
 package/Dockerfile.nettest | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/Dockerfile.nettest b/package/Dockerfile.nettest
index 09cac2dee..eede463be 100644
--- a/package/Dockerfile.nettest
+++ b/package/Dockerfile.nettest
@@ -12,6 +12,7 @@ RUN /dnf_install -a ${TARGETPLATFORM} -v ${FEDORA_VERSION} -r /output/nettest \
 
 FROM scratch
 ARG TARGETPLATFORM
+ENV PATH="/app:$PATH"
 
 COPY --from=base /output/nettest /
 

From d87c25874940cb721c0bb165803261e36d429678 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Dec 2024 11:46:18 +0000
Subject: [PATCH 3/3] Bump golang.org/x/crypto from 0.27.0 to 0.31.0 in /tools

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.27.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.27.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 15cca6accd3ff0a9cf7eab4956e9e78f41ddba7e)
---
 tools/go.mod | 10 +++++-----
 tools/go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/tools/go.mod b/tools/go.mod
index 8a4d418e7..e2ae2ae8b 100644
--- a/tools/go.mod
+++ b/tools/go.mod
@@ -340,16 +340,16 @@ require (
 	go.uber.org/automaxprocs v1.5.3 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect
 	golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f // indirect
 	golang.org/x/mod v0.21.0 // indirect
 	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/oauth2 v0.22.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
-	golang.org/x/term v0.24.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/term v0.27.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	golang.org/x/tools v0.24.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
diff --git a/tools/go.sum b/tools/go.sum
index 10caabc64..a0ac2eb46 100644
--- a/tools/go.sum
+++ b/tools/go.sum
@@ -984,8 +984,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
-golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
-golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk=
 golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ=
@@ -1043,8 +1043,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1075,8 +1075,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1085,8 +1085,8 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
-golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -1095,8 +1095,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
-golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
 golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=