Debian Trixie migration for sonic-gnmi

.azure/templates/build-deb.yml

@@ -24,7 +24,7 @@ parameters:
   default: common-lib
 - name: swssCommonArtifact
   type: string
-  default: sonic-swss-common-bookworm
+  default: sonic-swss-common-trixie
 - name: publishArtifact
   type: string
   default: sonic-gnmi

.azure/templates/install-dependencies.yml

@@ -39,7 +39,7 @@ parameters:
   default: common-lib
 - name: swssCommonArtifact
   type: string
-  default: sonic-swss-common-bookworm
+  default: sonic-swss-common-trixie
 
 steps:
 # === Download libyang + libnl debs from common_libs ===
@@ -53,13 +53,17 @@ steps:
     path: $(Build.ArtifactStagingDirectory)/download
     artifact: ${{ parameters.commonLibArtifact }}
     patterns: |
-      target/debs/bookworm/libyang_1.0*.deb
-      target/debs/bookworm/libyang-*_1.0*.deb
-      target/debs/bookworm/libnl-3-200_*.deb
-      target/debs/bookworm/libnl-genl-3-200_*.deb
-      target/debs/bookworm/libnl-route-3-200_*.deb
-      target/debs/bookworm/libnl-nf-3-200_*.deb
-  displayName: "Download libyang and libnl from common_libs (${{ parameters.arch }})"
+      target/debs/trixie/libpcre3_*.deb
+      target/debs/trixie/libpcre16-3_*.deb
+      target/debs/trixie/libpcre32-3_*.deb
+      target/debs/trixie/libpcrecpp0v5_*.deb
+      target/debs/trixie/libyang_1.0*.deb
+      target/debs/trixie/libyang-*_1.0*.deb
+      target/debs/trixie/libnl-3-200_*.deb
+      target/debs/trixie/libnl-genl-3-200_*.deb
+      target/debs/trixie/libnl-route-3-200_*.deb
+      target/debs/trixie/libnl-nf-3-200_*.deb
+  displayName: "Download libyang, libnl, and libpcre3 from common_libs (${{ parameters.arch }})"
 
 # === Install test dependencies (amd64 test jobs only) ===
 - ${{ if and(eq(parameters.arch, 'amd64'), eq(parameters.installTestDeps, true)) }}:
@@ -77,12 +81,21 @@ steps:
       sudo service redis-server start
     displayName: "Install test dependencies (pytest, redis)"
 
-# === Install libyang + libnl debs ===
+# === Install libpcre3 + libyang + libnl debs ===
 - script: |
     set -ex
     sudo apt-get -y purge libnl-3-dev libnl-route-3-dev || true
-    sudo dpkg -i $(find $(Build.ArtifactStagingDirectory)/download -name '*.deb')
-  displayName: "Install libyang and libnl debs"
+
+    # LIBPCRE3 (not in Trixie repos, required by libyang 1.0.73)
+    sudo dpkg -i $(Build.ArtifactStagingDirectory)/download/target/debs/trixie/libpcre3_*.deb \
+                 $(Build.ArtifactStagingDirectory)/download/target/debs/trixie/libpcre16-3_*.deb \
+                 $(Build.ArtifactStagingDirectory)/download/target/debs/trixie/libpcre32-3_*.deb \
+                 $(Build.ArtifactStagingDirectory)/download/target/debs/trixie/libpcrecpp0v5_*.deb
+
+    # LIBYANG + LIBNL
+    sudo dpkg -i $(Build.ArtifactStagingDirectory)/download/target/debs/trixie/libyang*1.0*.deb \
+                 $(Build.ArtifactStagingDirectory)/download/target/debs/trixie/libnl-*.deb
+  displayName: "Install libpcre3, libyang, and libnl debs"
 
 # === Download and install sonic yang models (arch-independent, from pipeline 142) ===
 - task: DownloadPipelineArtifact@2
@@ -94,20 +107,20 @@ steps:
     runVersion: 'latestFromBranch'
     runBranch: 'refs/heads/${{ parameters.buildBranch }}'
     patterns: |
-      target/python-wheels/bookworm/sonic_yang_models*.whl
+      target/python-wheels/trixie/sonic_yang_models*.whl
   displayName: "Download sonic yang models"
 
 - script: |
     set -ex
-    sudo pip3 install ../target/python-wheels/bookworm/sonic_yang_models*.whl
+    sudo pip3 install ../target/python-wheels/trixie/sonic_yang_models*.whl
   displayName: "Install sonic yangs"
 
 # === Install .NET Core (amd64 test jobs only) ===
 - ${{ if and(eq(parameters.arch, 'amd64'), eq(parameters.installTestDeps, true)) }}:
   - script: |
       set -ex
       curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
-      sudo apt-add-repository https://packages.microsoft.com/debian/12/prod
+      sudo apt-add-repository https://packages.microsoft.com/debian/13/prod
       sudo apt-get update
       sudo apt-get install -y dotnet-sdk-8.0
     displayName: "Install .NET CORE"

azure-pipelines.yml

@@ -113,7 +113,7 @@ stages:
       UNIT_TEST_FLAG: 'ENABLE_TRANSLIB_WRITE=y'
 
     container:
-      image: sonicdev-microsoft.azurecr.io:443/sonic-slave-bookworm:latest
+      image: sonicdev-microsoft.azurecr.io:443/sonic-slave-trixie:latest
 
     steps:
     - checkout: self
@@ -172,7 +172,7 @@ stages:
       DIFF_COVER_WORKING_DIRECTORY: $(System.DefaultWorkingDirectory)/sonic-gnmi
 
     container:
-      image: sonicdev-microsoft.azurecr.io:443/sonic-slave-bookworm:latest
+      image: sonicdev-microsoft.azurecr.io:443/sonic-slave-trixie:latest
 
     steps:
     - checkout: self
@@ -286,7 +286,7 @@ stages:
       vmImage: ubuntu-22.04
 
     container:
-      image: sonicdev-microsoft.azurecr.io:443/sonic-slave-bookworm:latest
+      image: sonicdev-microsoft.azurecr.io:443/sonic-slave-trixie:latest
 
     steps:
     - template: .azure/templates/build-deb.yml
@@ -305,13 +305,13 @@ stages:
       name: sonicso1ES-arm64
 
     container:
-      image: sonicdev-microsoft.azurecr.io:443/sonic-slave-bookworm:$(BUILD_BRANCH)-arm64
+      image: sonicdev-microsoft.azurecr.io:443/sonic-slave-trixie:$(BUILD_BRANCH)-arm64
 
     steps:
     - template: .azure/templates/build-deb.yml
       parameters:
         buildBranch: $(BUILD_BRANCH)
         arch: arm64
         commonLibArtifact: common-lib.arm64
-        swssCommonArtifact: sonic-swss-common-bookworm.arm64
+        swssCommonArtifact: sonic-swss-common-trixie.arm64
         publishArtifact: sonic-gnmi.arm64

gnmi_server/clientCertAuth.go

@@ -181,6 +181,7 @@ func TryDownload(url string) bool {
 	return true
 }
 
+//go:noinline
 func GetCrlUrls(cert x509.Certificate) []string {
 	glog.Infof("Get Crl Urls for cert: %v", cert.CRLDistributionPoints)
 	return cert.CRLDistributionPoints

gnmi_server/gnoi_os.go

@@ -264,7 +264,7 @@ func (srv *OSServer) Install(stream ospb.OS_InstallServer) error {
 		if err != nil {
 			log.V(1).Infoln("Error while sending InstallError response: ", err)
 			log.Errorf("InstallResponse: %v", err)
-			return status.Errorf(codes.Aborted, err.Error())
+			return status.Errorf(codes.Aborted, "%s", err.Error())
 		}
 		return status.Errorf(codes.Aborted, "Concurrent Install RPCs are not allowed.")
 	}
@@ -279,7 +279,7 @@ func (srv *OSServer) Install(stream ospb.OS_InstallServer) error {
 	}
 	if err != nil {
 		log.Errorf("Install: Received error %v while receiving TransferRequest!", err)
-		return status.Errorf(codes.Aborted, err.Error())
+		return status.Errorf(codes.Aborted, "%s", err.Error())
 	}
 	transferReq := req.GetTransferRequest()
 	if transferReq == nil {
@@ -298,7 +298,7 @@ func (srv *OSServer) Install(stream ospb.OS_InstallServer) error {
 	if resp != nil {
 		if err := stream.Send(resp); err != nil {
 			log.Errorf("Install: Error %v in sending TransferReady response:", err)
-			return status.Errorf(codes.Aborted, err.Error())
+			return status.Errorf(codes.Aborted, "%s", err.Error())
 		}
 	}
 
@@ -325,7 +325,7 @@ func (srv *OSServer) Install(stream ospb.OS_InstallServer) error {
 		}
 		if err != nil {
 			log.Errorf("Install: Error %v in receiving TransferContent", err)
-			return status.Errorf(codes.Aborted, err.Error())
+			return status.Errorf(codes.Aborted, "%s", err.Error())
 		}
 		if transferReq := req.GetTransferRequest(); transferReq != nil {
 			log.Errorf("Install: Received a TransferReq out-of-sequence.")
@@ -350,7 +350,7 @@ func (srv *OSServer) Install(stream ospb.OS_InstallServer) error {
 			if err := stream.Send(resp); err != nil {
 				log.Errorf("Install: Error %v in sending TransferContent response", err)
 				srv.removeIncompleteTransfer(imgPath)
-				return status.Errorf(codes.Aborted, err.Error())
+				return status.Errorf(codes.Aborted, "%s", err.Error())
 			}
 		}
 		if resp == nil || resp.GetInstallError() != nil {
@@ -375,7 +375,7 @@ func (srv *OSServer) Install(stream ospb.OS_InstallServer) error {
 		if err := stream.Send(resp); err != nil {
 			log.Errorf("Install: Error %v in sending TransferEnd response. Aborting..", err)
 			srv.removeIncompleteTransfer(imgPath)
-			return status.Errorf(codes.Aborted, err.Error())
+			return status.Errorf(codes.Aborted, "%s", err.Error())
 		}
 	}
 	if resp == nil || resp.GetInstallError() != nil {

gnmi_server/gnoi_reset.go

@@ -24,23 +24,23 @@ func (srv *Server) Start(ctx context.Context, req *factory_reset.StartRequest) (
 	// Back end is expected to return the response in JSON format.
 	reqStr, err := json.Marshal(req)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, fmt.Sprintf("Cannot marshal the StartRequest: [%s], err %v", req.String(), err))
+		return nil, status.Errorf(codes.Internal, "%s", fmt.Sprintf("Cannot marshal the StartRequest: [%s], err %v", req.String(), err))
 	}
 
 	sc, err := ssc.NewDbusClient()
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, fmt.Sprintf("Error creating dbus client: [%s]", err.Error()))
+		return nil, status.Errorf(codes.Internal, "%s", fmt.Sprintf("Error creating dbus client: [%s]", err.Error()))
 	}
 
 	respStr, err := sc.FactoryReset(string(reqStr))
 	log.V(1).Infof("gNOI: factory_reset.Start Response %s", respStr)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, fmt.Sprintf("Backend error: %v", err))
+		return nil, status.Errorf(codes.Internal, "%s", fmt.Sprintf("Backend error: %v", err))
 	}
 
 	resp := &factory_reset.StartResponse{}
 	if err := json.Unmarshal([]byte(respStr), resp); err != nil {
-		return nil, status.Errorf(codes.Internal, fmt.Sprintf("Cannot unmarshal backend response: [%s], error: %v", respStr, err))
+		return nil, status.Errorf(codes.Internal, "%s", fmt.Sprintf("Cannot unmarshal backend response: [%s], error: %v", respStr, err))
 	}
 	return resp, nil
 }

gnmi_server/gnoi_system.go

@@ -116,14 +116,14 @@ func processMsgPayload(pload string) (string, string, map[string]string, error)
 func sendRebootReqOnNotifCh(ctx context.Context, req proto.Message, sc *redis.Client, rebootNotifKey string) (resp proto.Message, err error, msgDataStr string) {
 	np, err := common_utils.NewNotificationProducer(rebootReqCh)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error()), msgDataStr
+		return nil, status.Errorf(codes.Internal, "%s", err.Error()), msgDataStr
 	}
 	defer np.Close()
 
 	// Subscribe to the response channel.
 	sub := sc.Subscribe(ctx, rebootRespCh)
 	if _, err = sub.Receive(ctx); err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error()), msgDataStr
+		return nil, status.Errorf(codes.Internal, "%s", err.Error()), msgDataStr
 	}
 	defer sub.Close()
 	channel := sub.Channel()
@@ -142,11 +142,11 @@ func sendRebootReqOnNotifCh(ctx context.Context, req proto.Message, sc *redis.Cl
 
 	reqStr, err := json.Marshal(req)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error()), msgDataStr
+		return nil, status.Errorf(codes.Internal, "%s", err.Error()), msgDataStr
 	}
 	// Publish to notification channel.
 	if err := np.Send(rebootNotifKey, "", map[string]string{dataMsgFld: string(reqStr)}); err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error()), msgDataStr
+		return nil, status.Errorf(codes.Internal, "%s", err.Error()), msgDataStr
 	}
 
 	// Wait for response on Reboot_Response_Channel.
@@ -157,13 +157,13 @@ func sendRebootReqOnNotifCh(ctx context.Context, req proto.Message, sc *redis.Cl
 		case msg := <-channel:
 			op, data, fvs, err := processMsgPayload(msg.Payload)
 			if err != nil {
-				return nil, status.Errorf(codes.Internal, fmt.Sprintf("Error while receiving Response Notification: [%s] for message [%s]", err.Error(), msg)), msgDataStr
+				return nil, status.Errorf(codes.Internal, "%s", fmt.Sprintf("Error while receiving Response Notification: [%s] for message [%s]", err.Error(), msg)), msgDataStr
 			}
 			log.V(1).Infof("[Reboot_Log] Received on the Reboot notification channel: op = [%v], data = [%v], fvs = [%v]", op, data, fvs)
 
 			if op != rebootNotifKey {
 				log.V(1).Infof("[Reboot_Log] Op: %v doesn't match for %v!", op, rebootNotifKey)
-				tErr = status.Errorf(codes.Internal, fmt.Sprintf("Op: %v doesn't match for %v!", op, rebootNotifKey))
+				tErr = status.Errorf(codes.Internal, "%s", fmt.Sprintf("Op: %v doesn't match for %v!", op, rebootNotifKey))
 				continue
 			}
 			if fvs != nil {
@@ -173,8 +173,8 @@ func sendRebootReqOnNotifCh(ctx context.Context, req proto.Message, sc *redis.Cl
 			}
 			if swssCode := SwssToErrorCode(data); swssCode != codes.OK {
 				errStr := fmt.Sprintf("Response Notification returned SWSS Error code: %v, error = %v", swssCode, msgDataStr)
-				log.V(1).Infof(errStr)
-				return nil, status.Errorf(swssCode, errStr), msgDataStr
+				log.V(1).Infof("%s", errStr)
+				return nil, status.Errorf(swssCode, "%s", errStr), msgDataStr
 			}
 			return resp, nil, msgDataStr
 
@@ -197,7 +197,7 @@ func (srv *Server) Reboot(ctx context.Context, req *syspb.RebootRequest) (*syspb
 	}
 	log.V(2).Info("gNOI: Reboot")
 	if err := ValidateRebootRequest(req); err != nil {
-		return nil, status.Errorf(codes.InvalidArgument, err.Error())
+		return nil, status.Errorf(codes.InvalidArgument, "%s", err.Error())
 	}
 
 	// Try the pure handler first (it handles DPU routing internally)
@@ -216,7 +216,7 @@ func (srv *Server) Reboot(ctx context.Context, req *syspb.RebootRequest) (*syspb
 	// Initialize State DB for local reboot.
 	rclient, err := common_utils.GetRedisDBClient()
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Errorf(codes.Internal, "%s", err.Error())
 	}
 	defer rclient.Close()
 
@@ -248,19 +248,19 @@ func (srv *Server) RebootStatus(ctx context.Context, req *syspb.RebootStatusRequ
 	// Initialize State DB.
 	rclient, err := common_utils.GetRedisDBClient()
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Errorf(codes.Internal, "%s", err.Error())
 	}
 	defer rclient.Close()
 
 	respStr, err, msgData := sendRebootReqOnNotifCh(ctx, req, rclient, rebootStatusKey)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Errorf(codes.Internal, "%s", err.Error())
 	}
 	if msgData == "" || respStr == nil {
 		return nil, status.Errorf(codes.Internal, "Received empty RebootStatusResponse")
 	}
 	if err := pjson.Unmarshal([]byte(msgData), resp); err != nil {
-		return nil, status.Errorf(codes.Internal, fmt.Sprintf("Cannot unmarshal the response: [%s]; err: [%s]", msgData, err.Error()))
+		return nil, status.Errorf(codes.Internal, "%s", fmt.Sprintf("Cannot unmarshal the response: [%s]; err: [%s]", msgData, err.Error()))
 	}
 	log.V(1).Infof("gNOI: Returning RebootStatusResponse: resp = [%v]\n, msgData = [%v]", resp, msgData)
 	return resp, nil
@@ -276,13 +276,13 @@ func (srv *Server) CancelReboot(ctx context.Context, req *syspb.CancelRebootRequ
 	// Initialize State DB.
 	rclient, err := common_utils.GetRedisDBClient()
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Errorf(codes.Internal, "%s", err.Error())
 	}
 	defer rclient.Close()
 
 	resp, err, _ := sendRebootReqOnNotifCh(ctx, req, rclient, rebootCancelKey)
 	if err != nil {
-		return nil, status.Errorf(codes.Internal, err.Error())
+		return nil, status.Errorf(codes.Internal, "%s", err.Error())
 	}
 	if resp == nil {
 		log.V(2).Info("CancelReboot request received empty response from Reboot Backend.")

gnmi_server/gnsi_authz.go

@@ -104,7 +104,7 @@ func (srv *GNSIAuthzServer) Rotate(stream authz.Authz_RotateServer) error {
 				log.V(0).Infof("[%v]gnsi: failed to revert authz policy file (%v): %v", session, srv.config.AuthzPolicyFile, err)
 			}
 			srv.revertAuthzFileFreshness()
-			return status.Errorf(codes.Aborted, err.Error())
+			return status.Errorf(codes.Aborted, "%s", err.Error())
 		}
 		if endReq := req.GetFinalizeRotation(); endReq != nil {
 			// This is the last message. All changes are final.
@@ -130,7 +130,7 @@ func (srv *GNSIAuthzServer) Rotate(stream authz.Authz_RotateServer) error {
 				log.V(0).Infof("[%v]gnsi: failed to revert authz policy file (%v): %v", session, srv.config.AuthzPolicyFile, err)
 			}
 			srv.revertAuthzFileFreshness()
-			return status.Errorf(codes.Aborted, err.Error())
+			return status.Errorf(codes.Aborted, "%s", err.Error())
 		}
 	}
 }
@@ -158,13 +158,13 @@ func (srv *GNSIAuthzServer) processRotateRequest(req *authz.RotateAuthzRequest)
 		return nil, status.Errorf(codes.AlreadyExists, "Authz with version `%v` already exists", policyReq.GetVersion())
 	}
 	if err := srv.writeAuthzMetadataToDB(authzVersionFld, policyReq.GetVersion()); err != nil {
-		return nil, status.Errorf(codes.Aborted, err.Error())
+		return nil, status.Errorf(codes.Aborted, "%s", err.Error())
 	}
 	if err := srv.writeAuthzMetadataToDB(authzCreatedOnFld, strconv.FormatUint(policyReq.GetCreatedOn(), 10)); err != nil {
-		return nil, status.Errorf(codes.Aborted, err.Error())
+		return nil, status.Errorf(codes.Aborted, "%s", err.Error())
 	}
 	if err := srv.saveToAuthzFile(policyReq.GetPolicy()); err != nil {
-		return nil, status.Errorf(codes.Aborted, err.Error())
+		return nil, status.Errorf(codes.Aborted, "%s", err.Error())
 	}
 	resp := &authz.RotateAuthzResponse{
 		RotateResponse: &authz.RotateAuthzResponse_UploadResponse{},

gnmi_server/gnsi_certz.go

@@ -530,7 +530,7 @@ func (srv *GNSICertzServer) saveEntities(profileID string, entityMsg *certz.Enti
 		return attemptWrite(expEntity.CertPath, bundle, 0600)
 	case crlType:
 		if err := rotateCRLBundle(entityMsg.GetCertificateRevocationListBundle(), expEntity.CertPath); err != nil {
-			return status.Errorf(codes.Aborted, err.Error())
+			return status.Errorf(codes.Aborted, "%s", err.Error())
 		}
 		return nil
 	case apType: