diff options
author | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
---|---|---|
committer | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/meta-virtualization/recipes-containers | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/meta-virtualization/recipes-containers')
70 files changed, 3994 insertions, 0 deletions
diff --git a/external/meta-virtualization/recipes-containers/cgroup-lite/cgroup-lite_1.15.bb b/external/meta-virtualization/recipes-containers/cgroup-lite/cgroup-lite_1.15.bb new file mode 100644 index 00000000..7b48c3ac --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cgroup-lite/cgroup-lite_1.15.bb @@ -0,0 +1,34 @@ +SECTION = "devel" +SUMMARY = "Light-weight package to set up cgroups at system boot." +DESCRIPTION = "Light-weight package to set up cgroups at system boot." +HOMEPAGE = "http://packages.ubuntu.com/source/artful/cgroup-lite" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=5d5da4e0867cf06014f87102154d0102" +SRC_URI = "https://launchpad.net/ubuntu/+archive/primary/+files/cgroup-lite_1.15.tar.xz" +SRC_URI += "file://cgroups-init" +SRC_URI[md5sum] = "1438c1f4a7227c0dedfce5f86f02591d" +SRC_URI[sha256sum] = "02f44c70ed3cf27b9e89e5266492fddf4b455336ab4e03abc85e92297537201f" + +inherit allarch update-rc.d systemd + +INITSCRIPT_NAME = "cgroups-init" +INITSCRIPT_PARAMS = "start 8 2 3 4 5 . stop 20 0 1 6 ." + +# Keeps the sysvinit scripts out of the image if building +# where systemd is in use. +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE_${PN} = "cgroups-init.service" +SYSTEMD_AUTO_ENABLE_${PN} = "mask" + + +do_install() { + install -d ${D}/bin + install -m 0755 ${S}/scripts/cgroups-mount ${D}/bin + install -m 0755 ${S}/scripts/cgroups-umount ${D}/bin + + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/cgroups-init ${D}${sysconfdir}/init.d/cgroups-init + + install -d ${D}${systemd_unitdir}/system + ln -sf /dev/null ${D}${systemd_unitdir}/system/cgroups-init.service +} diff --git a/external/meta-virtualization/recipes-containers/cgroup-lite/files/cgroups-init b/external/meta-virtualization/recipes-containers/cgroup-lite/files/cgroups-init new file mode 100755 index 00000000..e5040240 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cgroup-lite/files/cgroups-init @@ -0,0 +1,27 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: cgroups mount +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: mount/unmount cgroups +### END INIT INFO + +# must start before libvirtd is run +case "$1" in + start) + echo -n "Mounting cgroups..." + /bin/cgroups-mount + echo "Done" + ;; + stop) + echo -n "Unmounting cgroups..." + /bin/cgroups-umount + echo "Done" + ;; + *) + echo "Usage: /etc/init.d/cgroups-init {start|stop}" + exit 1 + ;; +esac diff --git a/external/meta-virtualization/recipes-containers/containerd/containerd-docker_git.bb b/external/meta-virtualization/recipes-containers/containerd/containerd-docker_git.bb new file mode 100644 index 00000000..b18a9bb2 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/containerd/containerd-docker_git.bb @@ -0,0 +1,14 @@ +SRCREV = "3addd840653146c90a254301d6c3a663c7fd6429" +SRC_URI = "\ + git://github.com/docker/containerd.git;branch=v0.2.x;destsuffix=git/src/github.com/containerd/containerd \ + " + +include containerd.inc + +CONTAINERD_VERSION = "v0.2.x" +S = "${WORKDIR}/git/src/github.com/containerd/containerd" + +PROVIDES += "virtual/containerd" +RPROVIDES_${PN} = "virtual/containerd" + +DEPENDS += "btrfs-tools" diff --git a/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb b/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb new file mode 100644 index 00000000..c6b4f5e4 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb @@ -0,0 +1,11 @@ +SRCREV = "cfd04396dc68220d1cecbe686a6cc3aa5ce3667c" +SRC_URI = "git://github.com/containerd/containerd;nobranch=1 \ + file://0001-build-use-oe-provided-GO-and-flags.patch \ + " + +include containerd.inc + +CONTAINERD_VERSION = "v1.0.2" + +PROVIDES += "virtual/containerd" +RPROVIDES_${PN} = "virtual/containerd" diff --git a/external/meta-virtualization/recipes-containers/containerd/containerd.inc b/external/meta-virtualization/recipes-containers/containerd/containerd.inc new file mode 100644 index 00000000..0eca5a64 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/containerd/containerd.inc @@ -0,0 +1,92 @@ +HOMEPAGE = "https://github.com/docker/containerd" +SUMMARY = "containerd is a daemon to control runC" +DESCRIPTION = "containerd is a daemon to control runC, built for performance and density. \ + containerd leverages runC's advanced features such as seccomp and user namespace \ + support as well as checkpoint and restore for cloning and live migration of containers." + +# Apache-2.0 for containerd +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE.code;md5=aadc30f9c14d876ded7bedc0afd2d3d7" + +SRC_URI += "file://containerd.service" + +S = "${WORKDIR}/git" + +PV = "${CONTAINERD_VERSION}+git${SRCREV}" + +inherit go +inherit goarch + +GO_IMPORT = "import" + +RRECOMMENDS_${PN} = "lxc docker" +CONTAINERD_PKG="github.com/containerd/containerd" + +INSANE_SKIP_${PN} += "ldflags" + +do_configure[noexec] = "1" + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + + # link fixups for compilation + rm -f ${S}/src/import/vendor/src + ln -sf ./ ${S}/src/import/vendor/src + + mkdir -p ${S}/src/import/vendor/src/github.com/containerd/containerd/ + # without this, the stress test parts of the build fail + cp ${S}/src/import/*.go ${S}/src/import/vendor/src/github.com/containerd/containerd + + for c in content errdefs fs images mount snapshots linux api runtimes defaults progress \ + protobuf reference diff platforms runtime remotes version archive dialer gc metadata \ + metrics filters identifiers labels leases plugin server services \ + cmd cio containers namespaces oci events log reaper sys rootfs; do + ln -sfn ${S}/src/import/${c} ${S}/src/import/vendor/github.com/containerd/containerd/${c} + done + + export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export BUILDTAGS="no_btrfs static_build netgo" + export CFLAGS="${CFLAGS}" + export LDFLAGS="${LDFLAGS}" + + cd ${S}/src/import + oe_runmake binaries +} + +# Note: disabled for now, since docker is launching containerd +# inherit systemd +# SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" +# SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','containerd.service','',d)}" + +do_install() { + mkdir -p ${D}/${bindir} + + cp ${S}/src/import/bin/containerd ${D}/${bindir}/containerd + cp ${S}/src/import/bin/containerd-shim ${D}/${bindir}/containerd-shim + cp ${S}/src/import/bin/ctr ${D}/${bindir}/containerd-ctr + + ln -sf containerd ${D}/${bindir}/docker-containerd + ln -sf containerd-shim ${D}/${bindir}/docker-containerd-shim + ln -sf containerd-ctr ${D}/${bindir}/docker-containerd-ctr + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 644 ${WORKDIR}/containerd.service ${D}/${systemd_unitdir}/system + # adjust from /usr/local/bin to /usr/bin/ + sed -e "s:/usr/local/bin/containerd:${bindir}/docker-containerd:g" -i ${D}/${systemd_unitdir}/system/containerd.service + fi +} + +FILES_${PN} += "${systemd_system_unitdir}/*" + +INHIBIT_PACKAGE_STRIP = "1" +INSANE_SKIP_${PN} += "ldflags already-stripped" + +COMPATIBLE_HOST = "^(?!(qemu)?mips).*" diff --git a/external/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch b/external/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch new file mode 100644 index 00000000..75a984be --- /dev/null +++ b/external/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch @@ -0,0 +1,26 @@ +From e31acef290181434efaf47e70db7ad0d92dbe300 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Thu, 19 Apr 2018 17:09:51 -0400 +Subject: [PATCH] build: use oe provided GO and flags + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/import/Makefile b/src/import/Makefile +index 9d8cf8a18fbc..492d033fe2a7 100644 +--- a/src/import/Makefile ++++ b/src/import/Makefile +@@ -134,7 +134,7 @@ bin/%: cmd/% FORCE + + bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) bin/containerd-shim" +- @CGO_ENABLED=0 go build -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim ++ @$(GO) build -o bin/containerd-shim ${SHIM_GO_LDFLAGS} $(GOBUILDFLAGS) ${GO_TAGS} ./cmd/containerd-shim + + binaries: $(BINARIES) ## build binaries + @echo "$(WHALE) $@" +-- +2.4.0.53.g8440f74 + diff --git a/external/meta-virtualization/recipes-containers/containerd/files/containerd.service b/external/meta-virtualization/recipes-containers/containerd/files/containerd.service new file mode 100644 index 00000000..23633b02 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/containerd/files/containerd.service @@ -0,0 +1,11 @@ +[Unit] +Description=containerd +Documentation=https://containerd.tools +After=network.target + +[Service] +ExecStart=/usr/local/bin/containerd +Delegate=yes + +[Install] +WantedBy=multi-user.target diff --git a/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb b/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb new file mode 100644 index 00000000..822c57ff --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb @@ -0,0 +1,135 @@ +HOMEPAGE = "https://github.com/kubernetes-sigs/cri-o" +SUMMARY = "Open Container Initiative-based implementation of Kubernetes Container Runtime Interface" +DESCRIPTION = "cri-o is meant to provide an integration path between OCI conformant \ +runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime \ +Interface (CRI) using OCI conformant runtimes. The scope of cri-o is tied to the scope of the CRI. \ +. \ +At a high level, we expect the scope of cri-o to be restricted to the following functionalities: \ +. \ + - Support multiple image formats including the existing Docker image format \ + - Support for multiple means to download images including trust & image verification \ + - Container image management (managing image layers, overlay filesystems, etc) \ + - Container process lifecycle management \ + - Monitoring and logging required to satisfy the CRI \ + - Resource isolation as required by the CRI \ + " + +SRCREV_cri-o = "774a29ecf6855f2dff266dc2aa2fe81d7d964465" +SRC_URI = "\ + git://github.com/kubernetes-sigs/cri-o.git;nobranch=1;name=cri-o \ + file://0001-Makefile-force-symlinks.patch \ + file://crio.conf \ + " + +# Apache-2.0 for docker +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" + +GO_IMPORT = "import" + +PV = "1.12.0+git${SRCREV_cri-o}" + +DEPENDS = " \ + glib-2.0 \ + btrfs-tools \ + gpgme \ + ostree \ + libdevmapper \ + " +RDEPENDS_${PN} = " \ + cni \ + " + +PACKAGES =+ "${PN}-config" + +RDEPENDS_${PN} += " virtual/containerd virtual/runc" +RDEPENDS_${PN} += " e2fsprogs-mke2fs" + +inherit systemd +inherit go +inherit goarch +inherit pkgconfig + +EXTRA_OEMAKE="BUILDTAGS=''" + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" + export GOPATH="${S}/src/import:${S}/src/import/vendor" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + # link fixups for compilation + rm -f ${S}/src/import/vendor/src + ln -sf ./ ${S}/src/import/vendor/src + + mkdir -p ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o + ln -sf ../../../../cmd ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/cmd + ln -sf ../../../../test ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/test + ln -sf ../../../../oci ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/oci + ln -sf ../../../../server ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/server + ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/pkg + ln -sf ../../../../libpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libpod + ln -sf ../../../../libkpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libkpod + ln -sf ../../../../utils ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/utils + ln -sf ../../../../types ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/types + ln -sf ../../../../version ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/version + ln -sf ../../../../lib ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/lib + + export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + cd ${S}/src/import + + oe_runmake binaries +} + +SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" +SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','crio.service','',d)}" +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +do_install() { + localbindir="/usr/local/bin" + + install -d ${D}${localbindir} + install -d ${D}/${libexecdir}/crio + install -d ${D}/${sysconfdir}/crio + install -d ${D}${systemd_unitdir}/system/ + + install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf + + # sample config files, they'll go in the ${PN}-config below + install -d ${D}/${sysconfdir}/crio/config/ + install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/ + + install ${S}/src/import/bin/crio ${D}/${localbindir} + install ${S}/src/import/bin/crio-config ${D}/${localbindir} + + install ${S}/src/import/bin/conmon ${D}/${localbindir}/crio + install ${S}/src/import/bin/pause ${D}/${localbindir}/crio + + install -m 0644 ${S}/src/import/contrib/systemd/crio.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service ${D}${systemd_unitdir}/system/ +} + +FILES_${PN}-config = "${sysconfdir}/crio/config/*" +FILES_${PN} += "${systemd_unitdir}/system/*" +FILES_${PN} += "/usr/local/bin/*" + +INHIBIT_PACKAGE_STRIP = "1" +INSANE_SKIP_${PN} += "ldflags already-stripped" + +deltask compile_ptest_base + diff --git a/external/meta-virtualization/recipes-containers/cri-o/files/0001-Makefile-force-symlinks.patch b/external/meta-virtualization/recipes-containers/cri-o/files/0001-Makefile-force-symlinks.patch new file mode 100644 index 00000000..0b106e41 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cri-o/files/0001-Makefile-force-symlinks.patch @@ -0,0 +1,26 @@ +From 53371afbf0f20a1651ee6f2406cd2be056a31066 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Thu, 1 Nov 2018 11:17:05 -0400 +Subject: [PATCH] Makefile: force symlinks + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/import/Makefile b/src/import/Makefile +index cf37bec..68c8eeb 100644 +--- a/src/import/Makefile ++++ b/src/import/Makefile +@@ -66,7 +66,7 @@ help: + .gopathok: + ifeq ("$(wildcard $(GOPKGDIR))","") + mkdir -p "$(GOPKGBASEDIR)" +- ln -s "$(CURDIR)" "$(GOPKGDIR)" ++ ln -sf "$(CURDIR)" "$(GOPKGDIR)" + endif + touch "$(GOPATH)/.gopathok" + +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf b/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf new file mode 100644 index 00000000..51d7f404 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf @@ -0,0 +1,147 @@ +# generated via: crio --config="" config --default + +# The "crio" table contains all of the server options. +[crio] + +# root is a path to the "root directory". CRIO stores all of its data, +# including container images, in this directory. +root = "/var/lib/containers/storage" + +# run is a path to the "run directory". CRIO stores all of its state +# in this directory. +runroot = "/var/run/containers/storage" + +# storage_driver select which storage driver is used to manage storage +# of images and containers. +storage_driver = "" + +# storage_option is used to pass an option to the storage driver. +storage_option = [ +] + +# The "crio.api" table contains settings for the kubelet/gRPC +# interface (which is also used by crioctl). +[crio.api] + +# listen is the path to the AF_LOCAL socket on which crio will listen. +listen = "/var/run/crio.sock" + +# stream_address is the IP address on which the stream server will listen +stream_address = "" + +# stream_port is the port on which the stream server will listen +stream_port = "10010" + +# file_locking is whether file-based locking will be used instead of +# in-memory locking +file_locking = true + +# The "crio.runtime" table contains settings pertaining to the OCI +# runtime used and options for how to set up and manage the OCI runtime. +[crio.runtime] + +# runtime is the OCI compatible runtime used for trusted container workloads. +# This is a mandatory setting as this runtime will be the default one +# and will also be used for untrusted container workloads if +# runtime_untrusted_workload is not set. +runtime = "/usr/bin/runc" + +# runtime_untrusted_workload is the OCI compatible runtime used for untrusted +# container workloads. This is an optional setting, except if +# default_container_trust is set to "untrusted". +runtime_untrusted_workload = "" + +# default_workload_trust is the default level of trust crio puts in container +# workloads. It can either be "trusted" or "untrusted", and the default +# is "trusted". +# Containers can be run through different container runtimes, depending on +# the trust hints we receive from kubelet: +# - If kubelet tags a container workload as untrusted, crio will try first to +# run it through the untrusted container workload runtime. If it is not set, +# crio will use the trusted runtime. +# - If kubelet does not provide any information about the container workload trust +# level, the selected runtime will depend on the default_container_trust setting. +# If it is set to "untrusted", then all containers except for the host privileged +# ones, will be run by the runtime_untrusted_workload runtime. Host privileged +# containers are by definition trusted and will always use the trusted container +# runtime. If default_container_trust is set to "trusted", crio will use the trusted +# container runtime for all containers. +default_workload_trust = "trusted" + +# conmon is the path to conmon binary, used for managing the runtime. +conmon = "/usr/libexec/crio/conmon" + +# conmon_env is the environment variable list for conmon process, +# used for passing necessary environment variable to conmon or runtime. +conmon_env = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +] + +# selinux indicates whether or not SELinux will be used for pod +# separation on the host. If you enable this flag, SELinux must be running +# on the host. +selinux = false + +# seccomp_profile is the seccomp json profile path which is used as the +# default for the runtime. +seccomp_profile = "/etc/crio/seccomp.json" + +# apparmor_profile is the apparmor profile name which is used as the +# default for the runtime. +apparmor_profile = "crio-default" + +# cgroup_manager is the cgroup management implementation to be used +# for the runtime. +cgroup_manager = "cgroupfs" + +# hooks_dir_path is the oci hooks directory for automatically executed hooks +hooks_dir_path = "/usr/share/containers/oci/hooks.d" + +# pids_limit is the number of processes allowed in a container +pids_limit = 1024 + +# The "crio.image" table contains settings pertaining to the +# management of OCI images. +[crio.image] + +# default_transport is the prefix we try prepending to an image name if the +# image name as we receive it can't be parsed as a valid source reference +default_transport = "docker://" + +# pause_image is the image which we use to instantiate infra containers. +pause_image = "kubernetes/pause" + +# pause_command is the command to run in a pause_image to have a container just +# sit there. If the image contains the necessary information, this value need +# not be specified. +pause_command = "/pause" + +# signature_policy is the name of the file which decides what sort of policy we +# use when deciding whether or not to trust an image that we've pulled. +# Outside of testing situations, it is strongly advised that this be left +# unspecified so that the default system-wide policy will be used. +signature_policy = "" + +# image_volumes controls how image volumes are handled. +# The valid values are mkdir and ignore. +image_volumes = "mkdir" + +# insecure_registries is used to skip TLS verification when pulling images. +insecure_registries = [ +] + +# registries is used to specify a comma separated list of registries to be used +# when pulling an unqualified image (e.g. fedora:rawhide). +registries = [ +] + +# The "crio.network" table contains settings pertaining to the +# management of CNI plugins. +[crio.network] + +# network_dir is is where CNI network configuration +# files are stored. +network_dir = "/etc/cni/net.d/" + +# plugin_dir is is where CNI plugin binaries are stored. +plugin_dir = "/opt/cni/bin/" diff --git a/external/meta-virtualization/recipes-containers/criu/criu_git.bb b/external/meta-virtualization/recipes-containers/criu/criu_git.bb new file mode 100644 index 00000000..00de417b --- /dev/null +++ b/external/meta-virtualization/recipes-containers/criu/criu_git.bb @@ -0,0 +1,87 @@ +SUMMARY = "CRIU" +DESCRIPTION = "Checkpoint/Restore In Userspace, or CRIU, is a software tool for \ +Linux operating system. Using this tool, you can freeze a running application \ +(or part of it) and checkpoint it to a hard drive as a collection of files. \ +You can then use the files to restore and run the application from the point \ +it was frozen at. The distinctive feature of the CRIU project is that it is \ +mainly implemented in user space" +HOMEPAGE = "http://criu.org" +SECTION = "console/tools" +LICENSE = "GPLv2" + +EXCLUDE_FROM_WORLD = "1" + +LIC_FILES_CHKSUM = "file://COPYING;md5=412de458544c1cb6a2b512cd399286e2" + +SRCREV = "c49eab368a68682475c4e693258246e04232e6d2" +PV = "3.10+git${SRCPV}" + +SRC_URI = "git://github.com/xemul/criu.git;protocol=git \ + file://0001-criu-Fix-toolchain-hardcode.patch \ + file://0002-criu-Skip-documentation-install.patch \ + file://0001-criu-Change-libraries-install-directory.patch \ + file://lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch \ + " + +COMPATIBLE_HOST = "(x86_64|arm|aarch64).*-linux" + +DEPENDS += "libnl libcap protobuf-c-native protobuf-c util-linux-native libbsd libnet" +RDEPENDS_${PN} = "bash" + +S = "${WORKDIR}/git" + +# +# CRIU just can be built on ARMv7 and ARMv6, so the Makefile check +# if the ARCH is ARMv7 or ARMv6. +# ARM BSPs need set CRIU_BUILD_ARCH variable for building CRIU. +# +EXTRA_OEMAKE_arm += "ARCH=arm UNAME-M=${CRIU_BUILD_ARCH} WERROR=0" +EXTRA_OEMAKE_x86-64 += "ARCH=x86 WERROR=0" +EXTRA_OEMAKE_aarch64 += "ARCH=arm64 WERROR=0" + +EXTRA_OEMAKE_append += "SBINDIR=${sbindir} LIBDIR=${libdir} INCLUDEDIR=${includedir} PIEGEN=no" +EXTRA_OEMAKE_append += "LOGROTATEDIR=${sysconfdir} SYSTEMDUNITDIR=${systemd_unitdir}" + +CFLAGS += "-D__USE_GNU -D_GNU_SOURCE " + +CFLAGS += " -I${STAGING_INCDIR} -I${STAGING_INCDIR}/libnl3" +CFLAGS_arm += "-D__WORDSIZE" + +# overide LDFLAGS to allow criu to build without: "x86_64-poky-linux-ld: unrecognized option '-Wl,-O1'" +export LDFLAGS="" +export C_INCLUDE_PATH="${STAGING_INCDIR}/libnl3" + +export BUILD_SYS +export HOST_SYS + +inherit setuptools + +PACKAGECONFIG ??= "" +PACKAGECONFIG[selinux] = ",,libselinux" + +CLEANBROKEN = "1" + +do_compile_prepend() { + rm -rf ${S}/images/google/protobuf/descriptor.proto + ln -s ${PKG_CONFIG_SYSROOT_DIR}/usr/include/google/protobuf/descriptor.proto ${S}/images/google/protobuf/descriptor.proto +} + +do_compile () { + oe_runmake FULL_PYTHON=${PYTHON} PYTHON=python2 +} + +do_install () { + export INSTALL_LIB="${libdir}/${PYTHON_DIR}/site-packages" + oe_runmake PREFIX=${exec_prefix} LIBDIR=${libdir} DESTDIR="${D}" FULL_PYTHON=${PYTHON} PYTHON=python2 install +} + +FILES_${PN} += "${systemd_unitdir}/ \ + ${libdir}/python2.7/site-packages/ \ + ${libdir}/pycriu/ \ + ${libdir}/crit-0.0.1-py2.7.egg-info \ + " + +FILES_${PN}-staticdev += " \ + ${libexecdir}/compel/std.lib.a \ + ${libexecdir}/compel/fds.lib.a \ + " diff --git a/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Change-libraries-install-directory.patch b/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Change-libraries-install-directory.patch new file mode 100644 index 00000000..afb1332d --- /dev/null +++ b/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Change-libraries-install-directory.patch @@ -0,0 +1,38 @@ +From f64fbca70e6049dad3c404d871f2383d97725d2d Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Fri, 8 Sep 2017 15:11:31 -0400 +Subject: [PATCH] criu: Change libraries install directory + +Install the libraries into /usr/lib(or /usr/lib64) + +Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com> +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> + +--- + Makefile.install | 13 ------------- + 1 file changed, 13 deletions(-) + +diff --git a/Makefile.install b/Makefile.install +index 1def3cf..d020eef 100644 +--- a/Makefile.install ++++ b/Makefile.install +@@ -9,19 +9,6 @@ LIBEXECDIR ?= $(PREFIX)/libexec + RUNDIR ?= /run + + # +-# For recent Debian/Ubuntu with multiarch support. +-DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null) +-ifneq "$(DEB_HOST_MULTIARCH)" "" +- LIBDIR ?= $(PREFIX)/lib/$(DEB_HOST_MULTIARCH) +-else +- # +- # For most other systems +- ifeq "$(shell uname -m)" "x86_64" +- LIBDIR ?= $(PREFIX)/lib64 +- endif +-endif +- +-# + # LIBDIR falls back to the standard path. + LIBDIR ?= $(PREFIX)/lib + diff --git a/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch b/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch new file mode 100644 index 00000000..838cbdc9 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch @@ -0,0 +1,100 @@ +From c005b7a4874f55df687ff22bc425551775581421 Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Fri, 8 Sep 2017 15:02:14 -0400 +Subject: [PATCH] criu: Fix toolchain hardcode + +Replace ":=" to "?=" so that the toolchain used by bitbake build system will +be taken. + +Signed-off-by: Yang Shi <yang.shi@windriver.com> +Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com> +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> + +--- + Makefile | 2 +- + scripts/nmk/scripts/include.mk | 2 +- + scripts/nmk/scripts/tools.mk | 40 ++++++++++++++++++++-------------------- + 3 files changed, 22 insertions(+), 22 deletions(-) + +diff --git a/Makefile b/Makefile +index f2583a2..d7f51e5 100644 +--- a/Makefile ++++ b/Makefile +@@ -17,7 +17,7 @@ ifeq ($(origin HOSTCFLAGS), undefined) + HOSTCFLAGS := $(CFLAGS) $(USERCFLAGS) + endif + +-UNAME-M := $(shell uname -m) ++UNAME-M ?= $(shell uname -m) + + # + # Supported Architectures +diff --git a/scripts/nmk/scripts/include.mk b/scripts/nmk/scripts/include.mk +index 04ccb3a..0d63bc7 100644 +--- a/scripts/nmk/scripts/include.mk ++++ b/scripts/nmk/scripts/include.mk +@@ -22,7 +22,7 @@ SUBARCH := $(shell uname -m | sed \ + -e s/aarch64.*/aarch64/) + + ARCH ?= $(SUBARCH) +-SRCARCH := $(ARCH) ++SRCARCH ?= $(ARCH) + + export SUBARCH ARCH SRCARCH + +diff --git a/scripts/nmk/scripts/tools.mk b/scripts/nmk/scripts/tools.mk +index 56dba84..1698821 100644 +--- a/scripts/nmk/scripts/tools.mk ++++ b/scripts/nmk/scripts/tools.mk +@@ -2,31 +2,31 @@ ifndef ____nmk_defined__tools + + # + # System tools shorthands +-RM := rm -f ++RM ?= rm -f + HOSTLD ?= ld +-LD := $(CROSS_COMPILE)$(HOSTLD) ++LD ?= $(CROSS_COMPILE)$(HOSTLD) + HOSTCC ?= gcc +-CC := $(CROSS_COMPILE)$(HOSTCC) +-CPP := $(CC) -E +-AS := $(CROSS_COMPILE)as +-AR := $(CROSS_COMPILE)ar +-STRIP := $(CROSS_COMPILE)strip +-OBJCOPY := $(CROSS_COMPILE)objcopy +-OBJDUMP := $(CROSS_COMPILE)objdump +-NM := $(CROSS_COMPILE)nm +-MAKE := make +-MKDIR := mkdir -p +-AWK := awk +-PERL := perl +-FULL_PYTHON := $(shell which python2 2>/dev/null || which python3 2>/dev/null) ++CC ?= $(CROSS_COMPILE)$(HOSTCC) ++CPP ?= $(CC) -E ++AS ?= $(CROSS_COMPILE)as ++AR ?= $(CROSS_COMPILE)ar ++STRIP ?= $(CROSS_COMPILE)strip ++OBJCOPY ?= $(CROSS_COMPILE)objcopy ++OBJDUMP ?= $(CROSS_COMPILE)objdump ++NM ?= $(CROSS_COMPILE)nm ++MAKE ?= make ++MKDIR ?= mkdir -p ++AWK ?= awk ++PERL ?= perl ++FULL_PYTHON ?= $(shell which python2 2>/dev/null || which python3 2>/dev/null) + PYTHON ?= $(shell basename $(FULL_PYTHON)) +-FIND := find +-SH := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ ++FIND ?= find ++SH ?= $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ + else if [ -x /bin/bash ]; then echo /bin/bash; \ + else echo sh; fi ; fi) +-CSCOPE := cscope +-ETAGS := etags +-CTAGS := ctags ++CSCOPE ?= cscope ++ETAGS ?= etags ++CTAGS ?= ctags + + export RM HOSTLD LD HOSTCC CC CPP AS AR STRIP OBJCOPY OBJDUMP + export NM SH MAKE MKDIR AWK PERL PYTHON SH CSCOPE diff --git a/external/meta-virtualization/recipes-containers/criu/files/0002-criu-Skip-documentation-install.patch b/external/meta-virtualization/recipes-containers/criu/files/0002-criu-Skip-documentation-install.patch new file mode 100644 index 00000000..af45db73 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/criu/files/0002-criu-Skip-documentation-install.patch @@ -0,0 +1,26 @@ +From 45d74ae8a314c481398ba91a3697ffbd074cd98b Mon Sep 17 00:00:00 2001 +From: Jianchuan Wang <jianchuan.wang@windriver.com> +Date: Tue, 16 Aug 2016 09:42:24 +0800 +Subject: [PATCH] criu: Skip documentation install + +asciidoc is needed to generate CRIU documentation, so skip it in install. + +Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com> + +--- + Makefile.install | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.install b/Makefile.install +index 3987bcc..1def3cf 100644 +--- a/Makefile.install ++++ b/Makefile.install +@@ -29,7 +29,7 @@ export PREFIX BINDIR SBINDIR MANDIR RUNDIR + export LIBDIR INCLUDEDIR LIBEXECDIR + + install-man: +- $(Q) $(MAKE) -C Documentation install ++# $(Q) $(MAKE) -C Documentation install + .PHONY: install-man + + install-lib: lib diff --git a/external/meta-virtualization/recipes-containers/criu/files/fix-building-on-newest-glibc-and-kernel.patch b/external/meta-virtualization/recipes-containers/criu/files/fix-building-on-newest-glibc-and-kernel.patch new file mode 100644 index 00000000..9361adc2 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/criu/files/fix-building-on-newest-glibc-and-kernel.patch @@ -0,0 +1,45 @@ +From b59947007362b53e9f41f1e5a33071dedf1c59ac Mon Sep 17 00:00:00 2001 +From: Adrian Reber <areber@redhat.com> +Date: Thu, 28 Sep 2017 09:13:33 +0000 +Subject: [PATCH] fix building on newest glibc and kernel + +On Fedora rawhide with kernel-headers-4.14.0-0.rc2.git0.1.fc28.x86_64 +glibc-devel-2.26.90-15.fc28.x86_64 criu does not build any more: + +In file included from /usr/include/linux/aio_abi.h:31:0, + from criu/cr-check.c:24: +/usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant + MS_RDONLY = 1, /* Mount read-only. */ + ^ +make[2]: *** [/builddir/build/BUILD/criu-3.5/scripts/nmk/scripts/build.mk:111: criu/cr-check.o] Error 1 +make[1]: *** [criu/Makefile:73: criu/built-in.o] Error 2 +make: *** [Makefile:233: criu] Error 2 + +This simple re-ordering of includes fixes it for me. + +Signed-off-by: Adrian Reber <areber@redhat.com> +Signed-off-by: Andrei Vagin <avagin@virtuozzo.com> + +Upstream-Status: Backport +[https://github.com/checkpoint-restore/criu/commit/f41e386d4d40e3e26b0cfdc85a812b7edb337f1d#diff-cc847b1cc975358c6582595be92d48db] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> + +--- + criu/cr-check.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/criu/cr-check.c b/criu/cr-check.c +index 1dd887a..93df2ab 100644 +--- a/criu/cr-check.c ++++ b/criu/cr-check.c +@@ -21,8 +21,8 @@ + #include <netinet/in.h> + #include <sys/prctl.h> + #include <sched.h> +-#include <linux/aio_abi.h> + #include <sys/mount.h> ++#include <linux/aio_abi.h> + + #include "../soccr/soccr.h" + diff --git a/external/meta-virtualization/recipes-containers/criu/files/lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch b/external/meta-virtualization/recipes-containers/criu/files/lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch new file mode 100644 index 00000000..70ccb287 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/criu/files/lib-Makefile-overwrite-install-lib-to-allow-multiarc.patch @@ -0,0 +1,28 @@ +From 6caf90592d61c8c45b32cb7ff76709f9326030e2 Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Fri, 8 Sep 2017 15:40:49 -0400 +Subject: [PATCH] lib/Makefile: overwrite install-lib, to allow multiarch + +I am not sure why Yocto installs python modules in arch specific +/usr/libXX directories but it does. Allow the recipe to pass this via +INSTALL_LIB. + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> + +--- + lib/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Makefile b/lib/Makefile +index b1bb057..06f5c5d 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -53,7 +53,7 @@ install: lib-c lib-py crit/crit lib/c/criu.pc.in + $(Q) sed -e 's,@version@,$(CRIU_VERSION),' -e 's,@libdir@,$(LIBDIR),' -e 's,@includedir@,$(dir $(INCLUDEDIR)/criu/),' lib/c/criu.pc.in > lib/c/criu.pc + $(Q) install -m 644 lib/c/criu.pc $(DESTDIR)$(LIBDIR)/pkgconfig + $(E) " INSTALL " crit +- $(Q) $(PYTHON) scripts/crit-setup.py install --prefix=$(DESTDIR)$(PREFIX) --record $(CRIT_SETUP_FILES) ++ $(Q) $(PYTHON) scripts/crit-setup.py install --prefix=$(DESTDIR)$(PREFIX) --record $(CRIT_SETUP_FILES) --install-lib=$(DESTDIR)$(INSTALL_LIB) + .PHONY: install + + uninstall: diff --git a/external/meta-virtualization/recipes-containers/docker-compose/files/0001-Allow-newer-versions-of-requests.patch b/external/meta-virtualization/recipes-containers/docker-compose/files/0001-Allow-newer-versions-of-requests.patch new file mode 100644 index 00000000..6fc7bb4c --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker-compose/files/0001-Allow-newer-versions-of-requests.patch @@ -0,0 +1,32 @@ +From 15cf1a31f5af8f09531bb837b92bd6ea49bd1744 Mon Sep 17 00:00:00 2001 +From: Pascal Bach <pascal.bach@siemens.com> +Date: Wed, 13 Sep 2017 08:41:21 +0200 +Subject: [PATCH] Allow newer versions of requests + +docker compose has strict requirements to use requests < 2.12 + +However it works without issues with newer versions, so this patch removes the check. + +Upstream-Status: Pending + +Signed-off-by: Pascal Bach <pascal.bach@siemens.com> +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 192a0f6..f444757 100644 +--- a/setup.py ++++ b/setup.py +@@ -33,7 +33,7 @@ install_requires = [ + 'cached-property >= 1.2.0, < 2', + 'docopt >= 0.6.1, < 0.7', + 'PyYAML >= 3.10, < 4', +- 'requests >= 2.6.1, != 2.11.0, < 2.12', ++ 'requests >= 2.6.1, != 2.11.0', + 'texttable >= 0.9.0, < 0.10', + 'websocket-client >= 0.32.0, < 1.0', + 'docker >= 2.5.1, < 3.0', +-- +2.1.4 + diff --git a/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb b/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb new file mode 100644 index 00000000..851c2510 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb @@ -0,0 +1,31 @@ +SUMMARY = "Multi-container orchestration for Docker" +HOMEPAGE = "https://www.docker.com/" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=435b266b3899aa8a959f17d41c56def8" + +SRC_URI += "file://0001-Allow-newer-versions-of-requests.patch" + +inherit pypi setuptools3 + +SRC_URI[md5sum] = "8dcadf09143600fcb573b43f446c8f9a" +SRC_URI[sha256sum] = "fb46a6a2c4d193a3ff1e4d7208eea920b629c81dc92257c87f3f93095cfb0bdf" + +RDEPENDS_${PN} = "\ + ${PYTHON_PN}-cached-property \ + ${PYTHON_PN}-certifi \ + ${PYTHON_PN}-chardet \ + ${PYTHON_PN}-colorama \ + ${PYTHON_PN}-docker \ + ${PYTHON_PN}-docker-pycreds \ + ${PYTHON_PN}-dockerpty \ + ${PYTHON_PN}-docopt \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-jsonschema \ + ${PYTHON_PN}-pyyaml \ + ${PYTHON_PN}-requests \ + ${PYTHON_PN}-six \ + ${PYTHON_PN}-terminal \ + ${PYTHON_PN}-texttable \ + ${PYTHON_PN}-urllib3 \ + ${PYTHON_PN}-websocket-client \ + " diff --git a/external/meta-virtualization/recipes-containers/docker-distribution/docker-distribution_git.bb b/external/meta-virtualization/recipes-containers/docker-distribution/docker-distribution_git.bb new file mode 100644 index 00000000..2892556a --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker-distribution/docker-distribution_git.bb @@ -0,0 +1,68 @@ +HOMEPAGE = "http://github.com/docker/distribution" +SUMMARY = "The Docker toolset to pack, ship, store, and deliver content" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d2794c0df5b907fdace235a619d80314" + +SRCREV_distribution="48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89" +SRC_URI = "git://github.com/docker/distribution.git;branch=release/2.6;name=distribution;destsuffix=git/src/github.com/docker/distribution \ + file://docker-registry.service \ + " + +PACKAGES =+ "docker-registry" + +PV = "v2.6.2" +S = "${WORKDIR}/git/src/github.com/docker/distribution" + +GO_IMPORT = "import" + +inherit goarch +inherit go + +# This disables seccomp and apparmor, which are on by default in the +# go package. +EXTRA_OEMAKE="BUILDTAGS=''" + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + export GOPATH="${WORKDIR}/git/" + export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export GO_GCFLAGS="" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + cd ${S} + + oe_runmake binaries +} + +do_install() { + install -d ${D}/${sbindir} + install ${S}/bin/registry ${D}/${sbindir} + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 644 ${WORKDIR}/docker-registry.service ${D}/${systemd_unitdir}/system + fi + + install -d ${D}/${sysconfdir}/docker-distribution/registry/ + install ${S}/cmd/registry/config-example.yml ${D}/${sysconfdir}/docker-distribution/registry/config.yml + + # storage for the registry containers + install -d ${D}/${localstatedir}/lib/registry/ +} + +INSANE_SKIP_${PN} += "ldflags already-stripped" +INSANE_SKIP_${MLPREFIX}docker-registry += "ldflags already-stripped textrel" + +FILES_docker-registry = "${sbindir}/*" +FILES_docker-registry += "${systemd_unitdir}/system/docker-registry.service" +FILES_docker-registry += "${sysconfdir}/docker-distribution/*" +FILES_docker-registry += "${localstatedir}/lib/registry/" + +SYSTEMD_SERVICE_docker-registry = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker-registry.service','',d)}" +SYSTEMD_AUTO_ENABLE_docker-registry = "enable" diff --git a/external/meta-virtualization/recipes-containers/docker-distribution/files/docker-registry.service b/external/meta-virtualization/recipes-containers/docker-distribution/files/docker-registry.service new file mode 100644 index 00000000..15460c7a --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker-distribution/files/docker-registry.service @@ -0,0 +1,10 @@ +[Unit] +Description=v2 Registry server for Docker + +[Service] +Type=simple +ExecStart=/usr/sbin/registry serve /etc/docker-distribution/registry/config.yml +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/external/meta-virtualization/recipes-containers/docker/docker-ce_git.bb b/external/meta-virtualization/recipes-containers/docker/docker-ce_git.bb new file mode 100644 index 00000000..caf6d704 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker/docker-ce_git.bb @@ -0,0 +1,167 @@ +HOMEPAGE = "http://www.docker.com" +SUMMARY = "Linux container runtime" +DESCRIPTION = "Linux container runtime \ + Docker complements kernel namespacing with a high-level API which \ + operates at the process level. It runs unix processes with strong \ + guarantees of isolation and repeatability across servers. \ + . \ + Docker is a great building block for automating distributed systems: \ + large-scale web deployments, database clusters, continuous deployment \ + systems, private PaaS, service-oriented architectures, etc. \ + . \ + This package contains the daemon and client. Using docker.io is \ + officially supported on x86_64 and arm (32-bit) hosts. \ + Other architectures are considered experimental. \ + . \ + Also, note that kernel version 3.10 or above is required for proper \ + operation of the daemon process, and that any lower versions may have \ + subtle and/or glaring issues. \ + " + +SRCREV_docker = "6e632f7fc395d15bce46f426086e91c01598cf59" +SRCREV_libnetwork = "6da50d1978302f04c3e2089e29112ea24812f05b" +SRC_URI = "\ + git://github.com/docker/docker-ce.git;branch=18.09;name=docker \ + git://github.com/docker/libnetwork.git;branch=bump_18.09;name=libnetwork;destsuffix=git/libnetwork \ + file://docker.init \ + " + +# Apache-2.0 for docker +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/components/engine/LICENSE;md5=9740d093a080530b5c5c6573df9af45a" + +GO_IMPORT = "import" + +S = "${WORKDIR}/git" + +DOCKER_VERSION = "18.09.0-ce" +PV = "${DOCKER_VERSION}+git${SRCREV_docker}" + +DEPENDS = " \ + go-cli \ + go-pty \ + go-context \ + go-mux \ + go-patricia \ + go-logrus \ + go-fsnotify \ + go-dbus \ + go-capability \ + go-systemd \ + btrfs-tools \ + sqlite3 \ + go-distribution \ + compose-file \ + go-connections \ + notary \ + grpc-go \ + libtool-native \ + libtool \ + " + +PACKAGES =+ "${PN}-contrib" + +DEPENDS_append_class-target = " lvm2" +RDEPENDS_${PN} = "util-linux util-linux-unshare iptables \ + ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \ + " +RDEPENDS_${PN} += "virtual/containerd virtual/runc" + +RRECOMMENDS_${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat" +RSUGGESTS_${PN} = "lxc rt-tests" +DOCKER_PKG="github.com/docker/docker" + +inherit systemd update-rc.d +inherit go +inherit goarch +inherit pkgconfig + +do_configure[noexec] = "1" + +do_compile() { + # Set GOPATH. See 'PACKAGERS.md'. Don't rely on + # docker to download its dependencies but rather + # use dependencies packaged independently. + cd ${S}/src/import + rm -rf .gopath + mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")" + ln -sf ../../../../components/engine/ .gopath/src/"${DOCKER_PKG}" + + mkdir -p .gopath/src/github.com/docker + ln -sf ${WORKDIR}/git/libnetwork .gopath/src/github.com/docker/libnetwork + ln -sf ${S}/src/import/components/cli .gopath/src/github.com/docker/cli + + export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export GOARCH=${TARGET_GOARCH} + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + # in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056 + export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper' + + export DISABLE_WARN_OUTSIDE_CONTAINER=1 + + cd ${S}/src/import/components/engine + + # this is the unsupported build structure + # that doesn't rely on an existing docker + # to build this: + VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" ./hack/make.sh dynbinary + + # build the proxy + cd ${S}/src/import/.gopath/src/github.com/docker/libnetwork + oe_runmake cross-local + + # build the cli + cd ${S}/src/import/components/cli + export CFLAGS="" + export LDFLAGS="" + export DOCKER_VERSION=${DOCKER_VERSION} + VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" make dynbinary +} + +SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" +SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker.service','',d)}" +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +INITSCRIPT_PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','${PN}','',d)}" +INITSCRIPT_NAME_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','docker.init','',d)}" +INITSCRIPT_PARAMS_${PN} = "defaults" + +do_install() { + mkdir -p ${D}/${bindir} + cp ${S}/src/import/components/cli/build/docker ${D}/${bindir}/docker + cp ${S}/src/import/components/engine/bundles/latest/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd + cp ${WORKDIR}/git/libnetwork/bin/docker-proxy* ${D}/${bindir}/docker-proxy + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 644 ${S}/src/import/components/engine/contrib/init/systemd/docker.* ${D}/${systemd_unitdir}/system + # replaces one copied from above with one that uses the local registry for a mirror + install -m 644 ${S}/src/import/components/engine/contrib/init/systemd/docker.service ${D}/${systemd_unitdir}/system + else + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/docker.init ${D}${sysconfdir}/init.d/docker.init + fi + + mkdir -p ${D}${datadir}/docker/ + install -m 0755 ${S}/src/import/components/engine/contrib/check-config.sh ${D}${datadir}/docker/ +} + +inherit useradd +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "-r docker" + +FILES_${PN} += "${systemd_unitdir}/system/*" + +FILES_${PN}-contrib += "${datadir}/docker/check-config.sh" +RDEPENDS_${PN}-contrib += "bash" + +# DO NOT STRIP docker +INHIBIT_PACKAGE_STRIP = "1" +INSANE_SKIP_${PN} += "ldflags" diff --git a/external/meta-virtualization/recipes-containers/docker/docker_git.bb b/external/meta-virtualization/recipes-containers/docker/docker_git.bb new file mode 100644 index 00000000..79578083 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker/docker_git.bb @@ -0,0 +1,173 @@ +HOMEPAGE = "http://www.docker.com" +SUMMARY = "Linux container runtime" +DESCRIPTION = "Linux container runtime \ + Docker complements kernel namespacing with a high-level API which \ + operates at the process level. It runs unix processes with strong \ + guarantees of isolation and repeatability across servers. \ + . \ + Docker is a great building block for automating distributed systems: \ + large-scale web deployments, database clusters, continuous deployment \ + systems, private PaaS, service-oriented architectures, etc. \ + . \ + This package contains the daemon and client. Using docker.io is \ + officially supported on x86_64 and arm (32-bit) hosts. \ + Other architectures are considered experimental. \ + . \ + Also, note that kernel version 3.10 or above is required for proper \ + operation of the daemon process, and that any lower versions may have \ + subtle and/or glaring issues. \ + " + +SRCREV_docker = "489b8eda6674523df8b82a210399b7d2954427d0" +SRCREV_libnetwork = "6da50d1978302f04c3e2089e29112ea24812f05b" +SRCREV_cli = "51668a30f26250ccfce31bcc13d9334eaafabe36" +SRC_URI = "\ + git://github.com/moby/moby.git;nobranch=1;name=docker \ + git://github.com/docker/libnetwork.git;branch=bump_18.09;name=libnetwork;destsuffix=git/libnetwork \ + git://github.com/docker/cli;branch=18.09;name=cli;destsuffix=git/cli \ + file://docker.init \ + file://0001-libnetwork-use-GO-instead-of-go.patch \ + " + +# Apache-2.0 for docker +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=4859e97a9c7780e77972d989f0823f28" + +GO_IMPORT = "import" + +S = "${WORKDIR}/git" + +DOCKER_VERSION = "18.09.0" +PV = "${DOCKER_VERSION}+git${SRCREV_docker}" + +DEPENDS = " \ + go-cli \ + go-pty \ + go-context \ + go-mux \ + go-patricia \ + go-logrus \ + go-fsnotify \ + go-dbus \ + go-capability \ + go-systemd \ + btrfs-tools \ + sqlite3 \ + go-distribution \ + compose-file \ + go-connections \ + notary \ + grpc-go \ + libtool \ + " + +PACKAGECONFIG ??= "" +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" + +PACKAGES =+ "${PN}-contrib" + +DEPENDS_append_class-target = " lvm2" +RDEPENDS_${PN} = "util-linux util-linux-unshare iptables \ + ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \ + " +RDEPENDS_${PN} += "virtual/containerd virtual/runc" + +RRECOMMENDS_${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat docker-init" +RSUGGESTS_${PN} = "lxc rt-tests" +DOCKER_PKG="github.com/docker/docker" + +inherit systemd update-rc.d +inherit go +inherit goarch +inherit pkgconfig + +do_configure[noexec] = "1" + +do_compile() { + # Set GOPATH. See 'PACKAGERS.md'. Don't rely on + # docker to download its dependencies but rather + # use dependencies packaged independently. + cd ${S}/src/import + rm -rf .gopath + mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")" + ln -sf ../../../.. .gopath/src/"${DOCKER_PKG}" + + mkdir -p .gopath/src/github.com/docker + ln -sf ${WORKDIR}/git/libnetwork .gopath/src/github.com/docker/libnetwork + ln -sf ${WORKDIR}/git/cli .gopath/src/github.com/docker/cli + + export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export GOARCH=${TARGET_GOARCH} + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + # in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056 + export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper ${PACKAGECONFIG_CONFARGS}' + + export DISABLE_WARN_OUTSIDE_CONTAINER=1 + + cd ${S}/src/import/ + + # this is the unsupported built structure + # that doesn't rely on an existing docker + # to build this: + VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" ./hack/make.sh dynbinary + + # build the cli + cd ${S}/src/import/.gopath/src/github.com/docker/cli + export CFLAGS="" + export LDFLAGS="" + export DOCKER_VERSION=${DOCKER_VERSION} + VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" make dynbinary + + # build the proxy + cd ${S}/src/import/.gopath/src/github.com/docker/libnetwork + oe_runmake cross-local +} + +SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" +SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker.service','',d)}" + +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +INITSCRIPT_PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','${PN}','',d)}" +INITSCRIPT_NAME_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','docker.init','',d)}" +INITSCRIPT_PARAMS_${PN} = "defaults" + +do_install() { + mkdir -p ${D}/${bindir} + cp ${WORKDIR}/git/cli/build/docker ${D}/${bindir}/docker + cp ${S}/src/import/bundles/latest/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd + cp ${WORKDIR}/git/libnetwork/bin/docker-proxy* ${D}/${bindir}/docker-proxy + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 644 ${S}/src/import/contrib/init/systemd/docker.* ${D}/${systemd_unitdir}/system + # replaces one copied from above with one that uses the local registry for a mirror + install -m 644 ${S}/src/import/contrib/init/systemd/docker.service ${D}/${systemd_unitdir}/system + else + install -d ${D}${sysconfdir}/init.d + install -m 0755 ${WORKDIR}/docker.init ${D}${sysconfdir}/init.d/docker.init + fi + + mkdir -p ${D}${datadir}/docker/ + install -m 0755 ${S}/src/import/contrib/check-config.sh ${D}${datadir}/docker/ +} + +inherit useradd +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "-r docker" + +FILES_${PN} += "${systemd_unitdir}/system/*" + +FILES_${PN}-contrib += "${datadir}/docker/check-config.sh" +RDEPENDS_${PN}-contrib += "bash" + +# DO NOT STRIP docker +INHIBIT_PACKAGE_STRIP = "1" +INSANE_SKIP_${PN} += "ldflags textrel" diff --git a/external/meta-virtualization/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch b/external/meta-virtualization/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch new file mode 100644 index 00000000..c623b260 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker/files/0001-libnetwork-use-GO-instead-of-go.patch @@ -0,0 +1,59 @@ +From 04c07804930faad708218a3134c81de06a9c742a Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Fri, 6 Apr 2018 23:58:22 -0400 +Subject: [PATCH] libnetwork: use $(GO) instead of go + +Ensure that the libnetwork makefile uses the go cross flags and +utilities. + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + Makefile | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +Index: git/libnetwork/Makefile +=================================================================== +--- git.orig/libnetwork/Makefile ++++ git/libnetwork/Makefile +@@ -45,9 +45,9 @@ + build-local: + @echo "🐳 $@" + @mkdir -p "bin" +- go build -tags experimental -o "bin/dnet" ./cmd/dnet +- go build -o "bin/docker-proxy" ./cmd/proxy +- CGO_ENABLED=0 go build -o "bin/diagnosticClient" ./cmd/diagnostic ++ $(GO) build -tags experimental -o "bin/dnet" ./cmd/dnet ++ $(GO) build -o "bin/proxy" ./cmd/proxy ++ CGO_ENABLED=0 $(GO) build -o "bin/diagnosticClient" ./cmd/diagnostic + CGO_ENABLED=0 go build -o "bin/testMain" ./cmd/networkdb-test/testMain.go + + build-images: +@@ -82,8 +82,8 @@ + + cross-local: + @echo "🐳 $@" +- go build -o "bin/dnet-$$GOOS-$$GOARCH" ./cmd/dnet +- go build -o "bin/docker-proxy-$$GOOS-$$GOARCH" ./cmd/proxy ++ @$(GO) build -linkshared $(GOBUILDFLAGS) -o "bin/docker-proxy-$$GOOS-$$GOARCH" ./cmd/proxy ++ @$(GO) build -linkshared $(GOBUILDFLAGS) -o "bin/dnet-$$GOOS-$$GOARCH" ./cmd/dnet + + # Rebuild protocol buffers. + # These may need to be rebuilt after vendoring updates, so .proto files are declared .PHONY so they are always rebuilt. +@@ -130,7 +130,7 @@ + if ls $$dir/*.go &> /dev/null; then \ + pushd . &> /dev/null ; \ + cd $$dir ; \ +- go test ${INSIDECONTAINER} -test.parallel 5 -test.v -covermode=count -coverprofile=./profile.tmp ; \ ++ $(GO) test ${INSIDECONTAINER} -test.parallel 5 -test.v -covermode=count -coverprofile=./profile.tmp ; \ + ret=$$? ;\ + if [ $$ret -ne 0 ]; then exit $$ret; fi ;\ + popd &> /dev/null; \ +@@ -145,7 +145,7 @@ + # Depends on binaries because vet will silently fail if it can not load compiled imports + vet: ## run go vet + @echo "🐳 $@" +- @test -z "$$(go vet ${PACKAGES} 2>&1 | grep -v 'constant [0-9]* not a string in call to Errorf' | egrep -v '(timestamp_test.go|duration_test.go|exit status 1)' | tee /dev/stderr)" ++ @test -z "$$($(GO) vet ${PACKAGES} 2>&1 | grep -v 'constant [0-9]* not a string in call to Errorf' | egrep -v '(timestamp_test.go|duration_test.go|exit status 1)' | tee /dev/stderr)" + + misspell: + @echo "🐳 $@" diff --git a/external/meta-virtualization/recipes-containers/docker/files/docker-registry.service b/external/meta-virtualization/recipes-containers/docker/files/docker-registry.service new file mode 100644 index 00000000..7b4bc468 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker/files/docker-registry.service @@ -0,0 +1,19 @@ +[Unit] +Description=docker private registry service +After=docker.service + +[Service] +ExecStartPre=-/usr/bin/docker kill registry +ExecStartPre=-/usr/bin/docker rm registry +ExecStart=/usr/bin/docker run --name registry -v /mirror/registry:/tmp/ -p 5000:5000 \ + -e "STANDALONE=true" \ + -e "MIRROR_SOURCE=https://registry-1.docker.io" \ + -e "MIRROR_SOURCE_INDEX=https://index.docker.io" \ + -e "SETTINGS_FLAVOR=local" \ + registry +ExecStop=-/usr/bin/docker stop registry +Restart=always +RestartSec=10s + +[Install] +WantedBy=multi-user.target diff --git a/external/meta-virtualization/recipes-containers/docker/files/docker.init b/external/meta-virtualization/recipes-containers/docker/files/docker.init new file mode 100644 index 00000000..0aea8d01 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker/files/docker.init @@ -0,0 +1,131 @@ +#!/bin/sh +# +# /etc/rc.d/init.d/docker +# +# Daemon for docker.com +# +# chkconfig: 2345 95 95 +# description: Daemon for docker.com + +### BEGIN INIT INFO +# Provides: docker +# Required-Start: $network cgconfig +# Required-Stop: +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop docker +# Description: Daemon for docker.com +### END INIT INFO + +# Source function library. +. /etc/init.d/functions + +prog="dockerd" +unshare=/usr/bin/unshare +exec="/usr/bin/$prog" +pidfile="/var/run/$prog.pid" +lockfile="/var/lock/subsys/$prog" +logfile="/var/log/$prog" +other_args="--registry-mirror=http://localhost:5000 --insecure-registry=http://localhost:5000 --raw-logs" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +start() { + [ -x $exec ] || exit 5 + + check_for_cleanup + + if ! [ -f $pidfile ]; then + printf "Starting $prog:\t" + echo -e "\n$(date)\n" >> $logfile + "$unshare" -m -- $exec $other_args &>> $logfile & + pid=$! + touch $lockfile + # wait up to 10 seconds for the pidfile to exist. see + # https://github.com/docker/docker/issues/5359 + tries=0 + while [ ! -f $pidfile -a $tries -lt 10 ]; do + sleep 1 + tries=$((tries + 1)) + done + success + echo + else + failure + echo + printf "$pidfile still exists...\n" + exit 7 + fi +} + +stop() { + echo -n $"Stopping $prog: " + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + + +check_for_cleanup() { + if [ -f ${pidfile} ]; then + /bin/ps -fp $(cat ${pidfile}) > /dev/null || rm ${pidfile} + fi +} + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac + +exit $? diff --git a/external/meta-virtualization/recipes-containers/go-digest/go-digest_git.bb b/external/meta-virtualization/recipes-containers/go-digest/go-digest_git.bb new file mode 100644 index 00000000..a2f8cd69 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/go-digest/go-digest_git.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "Common digest package used across the container ecosystem." +HOMEPAGE = "https://github.com/opencontainers/go-digest.git" +SECTION = "devel/go" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/${PKG_NAME}/LICENSE.code;md5=9cd86830b557232ce55e2a6b47387471" + +SRCNAME = "go-digest" + +PKG_NAME = "github.com/opencontainers/${SRCNAME}" +SRC_URI = "git://${PKG_NAME}.git;destsuffix=git/src/${PKG_NAME}" + +SRCREV = "b6234c321f263c503268e3b205f3d9755f9d14ed" +PV = "v1.0.0-rc0+git${SRCPV}" + +S = "${WORKDIR}/git" + +# NO-OP the do compile rule because this recipe is source only. +do_compile() { +} + +do_install() { + install -d ${D}${prefix}/local/go/src/${PKG_NAME} + for j in $(cd ${S} && find src/${PKG_NAME} -name "*.go"); do + if [ ! -d ${D}${prefix}/local/go/$(dirname $j) ]; then + mkdir -p ${D}${prefix}/local/go/$(dirname $j) + fi + cp $j ${D}${prefix}/local/go/$j + done + cp -r ${S}/src/${PKG_NAME}/LICENSE.code ${D}${prefix}/local/go/src/${PKG_NAME}/ +} + +SYSROOT_PREPROCESS_FUNCS += "go_digest_file_sysroot_preprocess" + +go_digest_file_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${prefix}/local/go/src/${PKG_NAME} + cp -r ${D}${prefix}/local/go/src/${PKG_NAME} ${SYSROOT_DESTDIR}${prefix}/local/go/src/$(dirname ${PKG_NAME}) +} + +FILES_${PN} += "${prefix}/local/go/src/${PKG_NAME}/*" + +CLEANBROKEN = "1"
\ No newline at end of file diff --git a/external/meta-virtualization/recipes-containers/go-errors/go-errors_git.bb b/external/meta-virtualization/recipes-containers/go-errors/go-errors_git.bb new file mode 100644 index 00000000..3bb74a7c --- /dev/null +++ b/external/meta-virtualization/recipes-containers/go-errors/go-errors_git.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "Simple error handling primitives" +HOMEPAGE = "https://github.com/pkg/errors" +SECTION = "devel/go" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://src/${PKG_NAME}/LICENSE;md5=6fe682a02df52c6653f33bd0f7126b5a" + +SRCNAME = "errors" + +PKG_NAME = "github.com/pkg/${SRCNAME}" +SRC_URI = "git://${PKG_NAME}.git;destsuffix=git/src/${PKG_NAME}" + +SRCREV = "248dadf4e9068a0b3e79f02ed0a610d935de5302" +PV = "v0.8.0+git${SRCPV}" + +S = "${WORKDIR}/git" + +# NO-OP the do compile rule because this recipe is source only. +do_compile() { +} + +do_install() { + install -d ${D}${prefix}/local/go/src/${PKG_NAME} + for j in $(cd ${S} && find src/${PKG_NAME} -name "*.go" -not -path "*/.tool/*"); do + if [ ! -d ${D}${prefix}/local/go/$(dirname $j) ]; then + mkdir -p ${D}${prefix}/local/go/$(dirname $j) + fi + cp $j ${D}${prefix}/local/go/$j + done + cp -r ${S}/src/${PKG_NAME}/LICENSE ${D}${prefix}/local/go/src/${PKG_NAME}/ +} + +SYSROOT_PREPROCESS_FUNCS += "go_errors_file_sysroot_preprocess" + +go_errors_file_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${prefix}/local/go/src/${PKG_NAME} + cp -r ${D}${prefix}/local/go/src/${PKG_NAME} ${SYSROOT_DESTDIR}${prefix}/local/go/src/$(dirname ${PKG_NAME}) +} + +FILES_${PN} += "${prefix}/local/go/src/${PKG_NAME}/*" + +CLEANBROKEN = "1"
\ No newline at end of file diff --git a/external/meta-virtualization/recipes-containers/go-spf13-cobra/spf13-cobra_git.bb b/external/meta-virtualization/recipes-containers/go-spf13-cobra/spf13-cobra_git.bb new file mode 100644 index 00000000..e942e4e3 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/go-spf13-cobra/spf13-cobra_git.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "A Commander for modern Go CLI interactions" +HOMEPAGE = "https://github.com/spf13/cobra" +SECTION = "devel/go" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/${PKG_NAME}/LICENSE.txt;md5=920d76114a32b0fb75b3f2718c5a91be" + +SRCNAME = "cobra" + +PKG_NAME = "github.com/spf13/${SRCNAME}" +SRC_URI = "git://${PKG_NAME}.git;destsuffix=git/src/${PKG_NAME}" + +SRCREV = "b5d8e8f46a2f829f755b6e33b454e25c61c935e1" +PV = "v0.0.1+git${SRCPV}" + +S = "${WORKDIR}/git" + +# NO-OP the do compile rule because this recipe is source only. +do_compile() { +} + +do_install() { + install -d ${D}${prefix}/local/go/src/${PKG_NAME} + for j in $(cd ${S} && find src/${PKG_NAME} -name "*.go" -not -path "*/.tool/*"); do + if [ ! -d ${D}${prefix}/local/go/$(dirname $j) ]; then + mkdir -p ${D}${prefix}/local/go/$(dirname $j) + fi + cp $j ${D}${prefix}/local/go/$j + done + cp -r ${S}/src/${PKG_NAME}/LICENSE.txt ${D}${prefix}/local/go/src/${PKG_NAME}/ +} + +SYSROOT_PREPROCESS_FUNCS += "cobra_file_sysroot_preprocess" + +cobra_file_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${prefix}/local/go/src/${PKG_NAME} + cp -r ${D}${prefix}/local/go/src/${PKG_NAME} ${SYSROOT_DESTDIR}${prefix}/local/go/src/$(dirname ${PKG_NAME}) +} + +FILES_${PN} += "${prefix}/local/go/src/${PKG_NAME}/*" + +CLEANBROKEN = "1"
\ No newline at end of file diff --git a/external/meta-virtualization/recipes-containers/go-spf13-pflag/spf13-pflag_git.bb b/external/meta-virtualization/recipes-containers/go-spf13-pflag/spf13-pflag_git.bb new file mode 100644 index 00000000..2fbcb439 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/go-spf13-pflag/spf13-pflag_git.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "Drop-in replacement for Go's flag package, implementing POSIX/GNU-style --flags." +HOMEPAGE = "https://github.com/spf13/pflag" +SECTION = "devel/go" +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://src/${PKG_NAME}/LICENSE;md5=1e8b7dc8b906737639131047a590f21d" + +SRCNAME = "pflag" + +PKG_NAME = "github.com/spf13/${SRCNAME}" +SRC_URI = "git://${PKG_NAME}.git;destsuffix=git/src/${PKG_NAME}" + +SRCREV = "9ff6c6923cfffbcd502984b8e0c80539a94968b7" +PV = "v1.0.0-rc4+git${SRCPV}" + +S = "${WORKDIR}/git" + +# NO-OP the do compile rule because this recipe is source only. +do_compile() { +} + +do_install() { + install -d ${D}${prefix}/local/go/src/${PKG_NAME} + for j in $(cd ${S} && find src/${PKG_NAME} -name "*.go" -not -path "*/.tool/*"); do + if [ ! -d ${D}${prefix}/local/go/$(dirname $j) ]; then + mkdir -p ${D}${prefix}/local/go/$(dirname $j) + fi + cp $j ${D}${prefix}/local/go/$j + done + cp -r ${S}/src/${PKG_NAME}/LICENSE ${D}${prefix}/local/go/src/${PKG_NAME}/ +} + +SYSROOT_PREPROCESS_FUNCS += "pflag_file_sysroot_preprocess" + +pflag_file_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${prefix}/local/go/src/${PKG_NAME} + cp -r ${D}${prefix}/local/go/src/${PKG_NAME} ${SYSROOT_DESTDIR}${prefix}/local/go/src/$(dirname ${PKG_NAME}) +} + +FILES_${PN} += "${prefix}/local/go/src/${PKG_NAME}/*" + +CLEANBROKEN = "1"
\ No newline at end of file diff --git a/external/meta-virtualization/recipes-containers/kubernetes/kubernetes/0001-cross-don-t-build-tests-by-default.patch b/external/meta-virtualization/recipes-containers/kubernetes/kubernetes/0001-cross-don-t-build-tests-by-default.patch new file mode 100644 index 00000000..659e3013 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/kubernetes/kubernetes/0001-cross-don-t-build-tests-by-default.patch @@ -0,0 +1,33 @@ +From fa912b53186a047d787c8c456156b9dbdcdf040d Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Thu, 1 Nov 2018 10:21:10 -0400 +Subject: [PATCH] cross: don't build tests by default + +The hack/* build infrastructure doesn't respect the WHAT= commands +that the make infrastructure provides to limit what is built. + +In our case, we are cross building and can't build the server test +components without error. As such, we patch the targets out of the +script to allow a successful build. + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + hack/make-rules/cross.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/import/hack/make-rules/cross.sh b/hack/make-rules/cross.sh +index 8e1e938..0898c5c 100755 +--- a/src/import/hack/make-rules/cross.sh ++++ b/src/import/hack/make-rules/cross.sh +@@ -33,6 +33,6 @@ make all WHAT="${KUBE_NODE_TARGETS[*]}" KUBE_BUILD_PLATFORMS="${KUBE_NODE_PLATFO + + make all WHAT="${KUBE_CLIENT_TARGETS[*]}" KUBE_BUILD_PLATFORMS="${KUBE_CLIENT_PLATFORMS[*]}" + +-make all WHAT="${KUBE_TEST_TARGETS[*]}" KUBE_BUILD_PLATFORMS="${KUBE_TEST_PLATFORMS[*]}" ++#make all WHAT="${KUBE_TEST_TARGETS[*]}" KUBE_BUILD_PLATFORMS="${KUBE_TEST_PLATFORMS[*]}" + +-make all WHAT="${KUBE_TEST_SERVER_TARGETS[*]}" KUBE_BUILD_PLATFORMS="${KUBE_TEST_SERVER_PLATFORMS[*]}" ++#make all WHAT="${KUBE_TEST_SERVER_TARGETS[*]}" KUBE_BUILD_PLATFORMS="${KUBE_TEST_SERVER_PLATFORMS[*]}" +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/kubernetes/kubernetes/0001-hack-lib-golang.sh-use-CC-from-environment.patch b/external/meta-virtualization/recipes-containers/kubernetes/kubernetes/0001-hack-lib-golang.sh-use-CC-from-environment.patch new file mode 100644 index 00000000..62d05210 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/kubernetes/kubernetes/0001-hack-lib-golang.sh-use-CC-from-environment.patch @@ -0,0 +1,40 @@ +From 9cbb2d523d481053d405ebac830c2074b00d3417 Mon Sep 17 00:00:00 2001 +From: Koen Kooi <koen.kooi@linaro.org> +Date: Mon, 23 Jul 2018 15:28:02 +0200 +Subject: [PATCH] hack/lib/golang.sh: use CC from environment + +Toolchain tupples differs, especially when using vendor provides ones. + +Upstream-status: Inappropriate [embedded specific] +Signed-off-by: Koen Kooi <koen.kooi@linaro.org> +--- + hack/lib/golang.sh | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh +index c5d4634..563e2b4b 100755 +--- a/src/import/hack/lib/golang.sh ++++ b/src/import/hack/lib/golang.sh +@@ -278,19 +278,15 @@ kube::golang::set_platform_envs() { + case "${platform}" in + "linux/arm") + export CGO_ENABLED=1 +- export CC=arm-linux-gnueabihf-gcc + ;; + "linux/arm64") + export CGO_ENABLED=1 +- export CC=aarch64-linux-gnu-gcc + ;; + "linux/ppc64le") + export CGO_ENABLED=1 +- export CC=powerpc64le-linux-gnu-gcc + ;; + "linux/s390x") + export CGO_ENABLED=1 +- export CC=s390x-linux-gnu-gcc + ;; + esac + fi +-- +2.9.5 + diff --git a/external/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb b/external/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb new file mode 100644 index 00000000..c3810b0d --- /dev/null +++ b/external/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb @@ -0,0 +1,111 @@ +HOMEPAGE = "git://github.com/kubernetes/kubernetes" +SUMMARY = "Production-Grade Container Scheduling and Management" +DESCRIPTION = "Kubernetes is an open source system for managing containerized \ +applications across multiple hosts, providing basic mechanisms for deployment, \ +maintenance, and scaling of applications. \ +" + +# Note: 1.11+ requires go 1.10.2+, so the following must be set +# in your configuration: GOVERSION = "1.10%" +PV = "1.12.0+git${SRCREV_kubernetes}" +SRCREV_kubernetes = "d93ba8b6d1e2afcb30da3e354928ed00e6682223" + +SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.12;name=kubernetes \ + file://0001-hack-lib-golang.sh-use-CC-from-environment.patch \ + file://0001-cross-don-t-build-tests-by-default.patch \ + " + +DEPENDS += "rsync-native \ + coreutils-native \ + " + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" + +GO_IMPORT = "import" + +inherit systemd +inherit go +inherit goarch + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + export GOOS="${TARGET_GOOS}" + export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" + export GOPATH="${S}/src/import:${S}/src/import/vendor" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + # link fixups for compilation + rm -f ${S}/src/import/vendor/src + ln -sf ./ ${S}/src/import/vendor/src + + export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + cd ${S}/src/import + # Build the host tools first, using the host compiler + export GOARCH="${BUILD_GOARCH}" + make generated_files KUBE_BUILD_PLATFORMS="${HOST_GOOS}/${BUILD_GOARCH}" + + # Reset GOARCH to the target one + export GOARCH="${TARGET_GOARCH}" + # to limit what is built, use 'WHAT', i.e. make WHAT=cmd/kubelet + make cross KUBE_BUILD_PLATFORMS=${GOOS}/${GOARCH} +} + +do_install() { + install -d ${D}${bindir} + install -d ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_unitdir}/system/kubelet.service.d/ + + install -d ${D}${sysconfdir}/kubernetes/manifests/ + + install -m 755 -D ${S}/src/import/_output/local/bin/${TARGET_GOOS}/${TARGET_GOARCH}/* ${D}/${bindir} + + install -m 0644 ${S}/src/import/build/debs/kubelet.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${S}/src/import/build/debs/10-kubeadm.conf ${D}${systemd_unitdir}/system/kubelet.service.d/ +} + +PACKAGES =+ "kubeadm kubectl kubelet kube-proxy ${PN}-misc" + +ALLOW_EMPTY_${PN} = "1" +INSANE_SKIP_${PN} += "ldflags already-stripped" +INSANE_SKIP_${PN}-misc += "ldflags already-stripped" + +# Note: we are explicitly *not* adding docker to the rdepends, since we allow +# backends like cri-o to be used. +RDEPENDS_${PN} += "kubeadm \ + kubectl \ + kubelet \ + cni" + +RDEPENDS_kubeadm = "kubelet kubectl" +FILES_kubeadm = "${bindir}/kubeadm ${systemd_unitdir}/system/kubelet.service.d/*" + +RDEPENDS_kubelet = "iptables socat util-linux ethtool iproute2 ebtables iproute2-tc" +FILES_kubelet = "${bindir}/kubelet ${systemd_unitdir}/system/kubelet.service ${sysconfdir}/kubernetes/manifests/" + +SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','kubelet','',d)}" +SYSTEMD_SERVICE_kubelet = "${@bb.utils.contains('DISTRO_FEATURES','systemd','kubelet.service','',d)}" +SYSTEMD_AUTO_ENABLE_kubelet = "enable" + +FILES_kubectl = "${bindir}/kubectl" +FILES_kube-proxy = "${bindir}/kube-proxy" +FILES_${PN}-misc = "${bindir}" + +INHIBIT_PACKAGE_STRIP = "1" + +deltask compile_ptest_base diff --git a/external/meta-virtualization/recipes-containers/lxc/files/dnsmasq.conf b/external/meta-virtualization/recipes-containers/lxc/files/dnsmasq.conf new file mode 100644 index 00000000..124f7ebe --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/dnsmasq.conf @@ -0,0 +1,2 @@ +bind-interfaces +except-interface=lxcbr0 diff --git a/external/meta-virtualization/recipes-containers/lxc/files/logs-optionally-use-base-filenames-to-report-src-fil.patch b/external/meta-virtualization/recipes-containers/lxc/files/logs-optionally-use-base-filenames-to-report-src-fil.patch new file mode 100644 index 00000000..648193b4 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/logs-optionally-use-base-filenames-to-report-src-fil.patch @@ -0,0 +1,69 @@ +From c50ddb2b2cf22a29e4c671b1efbd338eeba694aa Mon Sep 17 00:00:00 2001 +From: Jim Somerville <Jim.Somerville@windriver.com> +Date: Fri, 25 Sep 2015 15:08:17 -0400 +Subject: [PATCH] logs: optionally use base filenames to report src files + +Message-Id: <4729d0f4c4d1dacd150ddfd7061dda875eb94e34.1443216870.git.Jim.Somerville@windriver.com> + +Problem: Logs are nice in that they report the source file, +routine, and line number where an issue occurs. But the +file is printed as the absolute filename. Users do not +need to see a long spew of path directory names where the package +was built. It just confuses things. + +Solution: Optionally chop off all leading directories so that just +the source filename ie. basename is printed. This is done by +setting a #ifdef LXC_LOG_USE_BASENAME check in the code. That +define is done via the optional --enable-log-src-basename provided +at configure time. + +Using __BASE_FILE__ instead of __FILE__ did not work. It +refers to the file name as presented to the compile +machinery, and that may still be the absolute pathname to +the file. + +Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> + +--- + configure.ac | 9 +++++++++ + src/lxc/log.h | 5 +++++ + 2 files changed, 14 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 74b976a..9c561f7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -356,6 +356,15 @@ AC_ARG_ENABLE([examples], + [], [enable_examples=yes]) + AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"]) + ++# Enable basenames in the logs for source files ++AC_ARG_ENABLE([log-src-basename], ++ [AC_HELP_STRING([--enable-log-src-basename], [Use the shorter source file basename in the logs [default=no]])], ++ [], [enable_log_src_basename=no]) ++ ++if test "x$enable_log_src_basename" = "xyes"; then ++ AC_DEFINE([LXC_LOG_USE_BASENAME], 1, [Enabling shorter src filenames in the logs]) ++fi ++ + # Enable dumping stack traces + AC_ARG_ENABLE([mutex-debugging], + [AC_HELP_STRING([--enable-mutex-debugging], [Makes mutexes to report error and provide stack trace [default=no]])], +diff --git a/src/lxc/log.h b/src/lxc/log.h +index 4654fd9..6885d78 100644 +--- a/src/lxc/log.h ++++ b/src/lxc/log.h +@@ -77,8 +77,13 @@ struct lxc_log_locinfo { + int line; + }; + ++#ifdef LXC_LOG_USE_BASENAME ++#define LXC_LOG_LOCINFO_INIT \ ++ { .file = (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__), .func = __func__, .line = __LINE__ } ++#else + #define LXC_LOG_LOCINFO_INIT \ + { .file = __FILE__, .func = __func__, .line = __LINE__ } ++#endif + + /* brief logging event object */ + struct lxc_log_event { diff --git a/external/meta-virtualization/recipes-containers/lxc/files/lxc-1.0.0-disable-udhcp-from-busybox-template.patch b/external/meta-virtualization/recipes-containers/lxc/files/lxc-1.0.0-disable-udhcp-from-busybox-template.patch new file mode 100644 index 00000000..85177c8f --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/lxc-1.0.0-disable-udhcp-from-busybox-template.patch @@ -0,0 +1,21 @@ +From 74efbe7f47379375c51948dd0f86248fb9429a1b Mon Sep 17 00:00:00 2001 +From: Bogdan Purcareata <bogdan.purcareata@freescale.com> +Date: Mon, 8 Apr 2013 18:30:19 +0300 +Subject: [PATCH] lxc-0.9.0-disable-udhcp-from-busybox-template + +--- + templates/lxc-busybox.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in +index 7243b36..9637a71 100644 +--- a/templates/lxc-busybox.in ++++ b/templates/lxc-busybox.in +@@ -111,7 +111,6 @@ EOF + #!/bin/sh + /bin/syslogd + /bin/mount -a +-/bin/udhcpc + EOF + + # executable diff --git a/external/meta-virtualization/recipes-containers/lxc/files/lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch b/external/meta-virtualization/recipes-containers/lxc/files/lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch new file mode 100644 index 00000000..085ffe80 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch @@ -0,0 +1,29 @@ +From 5190dce1a675dfcdf88e3b94bd48070ac180bacc Mon Sep 17 00:00:00 2001 +From: Jim Somerville <Jim.Somerville@windriver.com> +Date: Tue, 11 Aug 2015 14:05:00 -0400 +Subject: [PATCH] lxc: doc: upgrade to use docbook 3.1 DTD + +docbook2man fails to build the man pages in poky +due to missing the ancient Davenport 3.0 DTD. +Poky meta has the Oasis 3.1 version so upgrade +to use that instead. + +Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> + +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 1acc461..74b976a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -213,7 +213,7 @@ AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"]) + AM_CONDITIONAL([USE_DOCBOOK2X], [test "x$db2xman" != "xdocbook2man"]) + + if test "x$db2xman" = "xdocbook2man"; then +- docdtd="\"-//Davenport//DTD DocBook V3.0//EN\"" ++ docdtd="\"-//OASIS//DTD DocBook V3.1//EN\"" + else + docdtd="\"-//OASIS//DTD DocBook XML\" \"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd\"" + fi diff --git a/external/meta-virtualization/recipes-containers/lxc/files/lxc-fix-B-S.patch b/external/meta-virtualization/recipes-containers/lxc/files/lxc-fix-B-S.patch new file mode 100644 index 00000000..6b09193a --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/lxc-fix-B-S.patch @@ -0,0 +1,24 @@ +From 2fa77a1803939de2d155a14cf680b53140b92f06 Mon Sep 17 00:00:00 2001 +From: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com> +Date: Thu, 9 Apr 2015 23:01:48 +0300 + +--- + config/init/upstart/Makefile.am | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/config/init/upstart/Makefile.am b/config/init/upstart/Makefile.am +index 5552d32..186ae3d 100644 +--- a/config/init/upstart/Makefile.am ++++ b/config/init/upstart/Makefile.am +@@ -3,9 +3,9 @@ EXTRA_DIST = lxc.conf lxc-instance.conf lxc-net.conf.in + if INIT_SCRIPT_UPSTART + install-upstart: lxc.conf lxc-instance.conf lxc-net.conf + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/ +- $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/ ++ $(INSTALL_DATA) $(srcdir)/lxc.conf $(DESTDIR)$(sysconfdir)/init/ + $(INSTALL_DATA) $(srcdir)/lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/ +- $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/ ++ $(INSTALL_DATA) $(srcdir)/lxc-net.conf $(DESTDIR)$(sysconfdir)/init/ + + uninstall-upstart: + rm -f $(DESTDIR)$(sysconfdir)/init/lxc.conf diff --git a/external/meta-virtualization/recipes-containers/lxc/files/lxc-net b/external/meta-virtualization/recipes-containers/lxc/files/lxc-net new file mode 100644 index 00000000..1c59b705 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/lxc-net @@ -0,0 +1,9 @@ +USE_LXC_BRIDGE="true" +LXC_BRIDGE="lxcbr0" +LXC_ADDR="10.0.3.1" +LXC_NETMASK="255.255.255.0" +LXC_NETWORK="10.0.3.0/24" +LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" +LXC_DHCP_MAX="253" +LXC_DHCP_CONFILE="" +LXC_DOMAIN="" diff --git a/external/meta-virtualization/recipes-containers/lxc/files/run-ptest b/external/meta-virtualization/recipes-containers/lxc/files/run-ptest new file mode 100644 index 00000000..3f3a75f2 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/run-ptest @@ -0,0 +1,57 @@ +#!/bin/bash + +# Network interfaces come up and down and can be quite noisy +# and since we are often on the console when running ptests +# let's just quiet things some +dmesg -n 1 + +# Blacklisted test will be skipped +blacklist="" +# Not applicable +blacklist="$blacklist lxc-test-apparmor" +# These currently hang so skip them until someone fixes them up +blacklist="$blacklist lxc-test-shutdowntest" +blacklist="$blacklist lxc-test-state-server" + +passed=0 +failed=0 +skipped=0 + +# Create logs dir and clear old logs if any +mkdir logs 2> /dev/null +rm -f logs/* + +echo "### Starting LXC ptest ###" + +for test in ./tests/* +do + if [[ ! $blacklist = *$(basename $test)* ]] + then + $test >logs/$(basename $test).log 2>&1 + else + echo "SKIPPED: $(basename $test)" + skipped=$((skipped+1)) + continue + fi + + if [ $? -eq 0 ] + then + echo "PASS: $(basename $test)" + passed=$((passed+1)) + else + echo "FAIL: $(basename $test)" + failed=$((failed+1)) + fi +done + +echo "" +echo "Results:" +echo " PASSED = $passed" +echo " FAILED = $failed" +echo " SKIPPED = $skipped" +echo "(for details check individual test log in ./logs directory)" +echo "" +echo "### LXC ptest complete ###" + +# restore dmesg to console +dmesg -n 6 diff --git a/external/meta-virtualization/recipes-containers/lxc/files/template-make-busybox-template-compatible-with-core-.patch b/external/meta-virtualization/recipes-containers/lxc/files/template-make-busybox-template-compatible-with-core-.patch new file mode 100644 index 00000000..e4bb72a0 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/template-make-busybox-template-compatible-with-core-.patch @@ -0,0 +1,58 @@ +From 3a7112a38d2c44b6fa49e0da1dc4765defd88dbb Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Thu, 31 May 2018 11:44:44 -0400 +Subject: [PATCH] template: make busybox template compatible with + + core-image-minimal + +The busybox template makes a lot of assumptions about how the busybox +binary found on the host was configured. Building core-image-minimal +"out of the box" does not configure busybox's 'passwd' or 'init' +applets so we need to work around this. + +Chances are if you attempt to use the busybox template with a host +which is note core-image-minimal it will fail but we are making these +changes here to at least have the template work with +core-image-minimal to be able to demonstrate that it can work as well +as to have it available for the ptests. + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> + +--- + templates/lxc-busybox.in | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in +index 9637a71..45b386f 100644 +--- a/templates/lxc-busybox.in ++++ b/templates/lxc-busybox.in +@@ -181,6 +181,19 @@ configure_busybox() + return 1 + fi + ++ # copy host passwd ++ if ! cp "$(which passwd)" "${rootfs}/bin"; then ++ echo "ERROR: Failed to copy passwd binary" ++ return 1 ++ fi ++ ++ # copy bash binary as the container init ++ if ! cp "$(which bash)" "${rootfs}/sbin/init"; then ++ echo "ERROR: Failed to copy bash binary" ++ return 1 ++ fi ++ ++ + # symlink busybox for the commands it supports + # it would be nice to just use "chroot $rootfs busybox --install -s /bin" + # but that only works right in a chroot with busybox >= 1.19.0 +@@ -189,9 +202,6 @@ configure_busybox() + ./busybox --list | grep -v busybox | xargs -n1 ln -s busybox + ) + +- # relink /sbin/init +- ln "${rootfs}/bin/busybox" "${rootfs}/sbin/init" +- + # /etc/fstab must exist for "mount -a" + touch "${rootfs}/etc/fstab" + diff --git a/external/meta-virtualization/recipes-containers/lxc/files/templates-actually-create-DOWNLOAD_TEMP-directory.patch b/external/meta-virtualization/recipes-containers/lxc/files/templates-actually-create-DOWNLOAD_TEMP-directory.patch new file mode 100644 index 00000000..756cddc3 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/templates-actually-create-DOWNLOAD_TEMP-directory.patch @@ -0,0 +1,37 @@ +From 68b0dd97130ffc5776de9219a42188b4a140d446 Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Thu, 31 May 2018 16:21:45 -0400 +Subject: [PATCH] templates: actually create DOWNLOAD_TEMP directory + +The way 'mktemp' is currently used you will get a temp directory in +$TMPDIR or '/tmp' and DOWNLOAD_TEMP will not be pointing to an actual +directory. This will result in the wget operations failing and the +container will fail to create: + + ERROR: Failed to download http://.... + +Instead we want to use the '-p' option for mktemp to set the base path +and this will ensure that the temp directory is created in the correct +location and DOWNLOAD_TEMP will be consistent with this location. + +Upstream-Status: Pending + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> + +--- + templates/lxc-download.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/templates/lxc-download.in b/templates/lxc-download.in +index 973783b..015a679 100644 +--- a/templates/lxc-download.in ++++ b/templates/lxc-download.in +@@ -323,7 +323,7 @@ elif [ -n "${DOWNLOAD_TEMP}" ]; then + mkdir -p "${DOWNLOAD_TEMP}" + DOWNLOAD_TEMP="$(mktemp -p ${DOWNLOAD_TEMP} -d)" + else +- DOWNLOAD_TEMP="${DOWNLOAD_TEMP}$(mktemp -d)" ++ DOWNLOAD_TEMP="$(mktemp -p ${DOWNLOAD_TEMP} -d)" + fi + + # Simply list images diff --git a/external/meta-virtualization/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/external/meta-virtualization/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch new file mode 100644 index 00000000..abddef6e --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch @@ -0,0 +1,85 @@ +From 1b334bdaf598600314a678509a702728721001a2 Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Thu, 31 May 2018 15:14:26 -0400 +Subject: [PATCH] tests: add '--no-validate' when using download template + +We are usually running the ptests with core-image-minimal which has no +mechanism to validate the downloads. Validation isn't really of +interest to this test at any rate so simply add '--no-validate' to +avoid failing due to no GPG validation. + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> + +--- + src/tests/lxc-test-apparmor-mount | 2 +- + src/tests/lxc-test-autostart | 2 +- + src/tests/lxc-test-no-new-privs | 2 +- + src/tests/lxc-test-unpriv | 2 +- + src/tests/lxc-test-usernic.in | 2 +- + 5 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/tests/lxc-test-apparmor-mount b/src/tests/lxc-test-apparmor-mount +index 56d598f..573cff8 100755 +--- a/src/tests/lxc-test-apparmor-mount ++++ b/src/tests/lxc-test-apparmor-mount +@@ -169,7 +169,7 @@ if [ -f /etc/lsb-release ]; then + done + fi + +-run_cmd lxc-create -t download -n $cname -- -d ubuntu -r $release -a $ARCH ++run_cmd lxc-create -t download -n $cname -- --no-validate -d ubuntu -r $release -a $ARCH + + echo "test default confined container" + run_cmd lxc-start -n $cname -d -lDEBUG -o "$logfile" +diff --git a/src/tests/lxc-test-autostart b/src/tests/lxc-test-autostart +index e5b651b..d15b79b 100755 +--- a/src/tests/lxc-test-autostart ++++ b/src/tests/lxc-test-autostart +@@ -55,7 +55,7 @@ if [ -f /etc/lsb-release ]; then + done + fi + +-lxc-create -t download -n $CONTAINER_NAME -B dir -- -d ubuntu -r $release -a $ARCH ++lxc-create -t download -n $CONTAINER_NAME -B dir -- --no-validate -d ubuntu -r $release -a $ARCH + CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://') + cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak + +diff --git a/src/tests/lxc-test-no-new-privs b/src/tests/lxc-test-no-new-privs +index 8642992..e72bdf0 100755 +--- a/src/tests/lxc-test-no-new-privs ++++ b/src/tests/lxc-test-no-new-privs +@@ -47,7 +47,7 @@ if type dpkg >/dev/null 2>&1; then + ARCH=$(dpkg --print-architecture) + fi + +-lxc-create -t download -n c1 -- -d ubuntu -r xenial -a $ARCH ++lxc-create -t download -n c1 -- --no-validate -d ubuntu -r xenial -a $ARCH + echo "lxc.no_new_privs = 1" >> /var/lib/lxc/c1/config + + lxc-start -n c1 +diff --git a/src/tests/lxc-test-unpriv b/src/tests/lxc-test-unpriv +index 16ff12d..0958d48 100755 +--- a/src/tests/lxc-test-unpriv ++++ b/src/tests/lxc-test-unpriv +@@ -173,7 +173,7 @@ run_cmd mkdir -p $HDIR/.cache/lxc + cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \ + chown -R $TUSER: $HDIR/.cache/lxc + +-run_cmd lxc-create -t download -n c1 -- -d ubuntu -r $release -a $ARCH ++run_cmd lxc-create -t download -n c1 -- --no-validate -d ubuntu -r $release -a $ARCH + + # Make sure we can start it - twice + +diff --git a/src/tests/lxc-test-usernic.in b/src/tests/lxc-test-usernic.in +index 3e35008..f489286 100755 +--- a/src/tests/lxc-test-usernic.in ++++ b/src/tests/lxc-test-usernic.in +@@ -146,7 +146,7 @@ if [ -f /etc/lsb-release ]; then + fi + + # Create three containers +-run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH" ++run_cmd "lxc-create -t download -n b1 -- --no-validate -d ubuntu -r $release -a $ARCH" + run_cmd "lxc-start -n b1 -d" + p1=$(run_cmd "lxc-info -n b1 -p -H") + diff --git a/external/meta-virtualization/recipes-containers/lxc/files/tests-our-init-is-not-busybox.patch b/external/meta-virtualization/recipes-containers/lxc/files/tests-our-init-is-not-busybox.patch new file mode 100644 index 00000000..e6c71d3d --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/tests-our-init-is-not-busybox.patch @@ -0,0 +1,29 @@ +From 51d88d9741c30ff4a798698514cac831ae61680b Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Thu, 31 May 2018 15:00:34 -0400 +Subject: [PATCH] tests: our init is not busybox + +Since we are using 'bash' as the init (see our updates to the busybox +template) we can't compare '/sbin/init' and 'busybox'. Actually we are +really only interested in the fact 'cmp' is being run and not the +result, so simplify by comparing '/sbin/init' to itself. + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> + +--- + src/tests/attach.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tests/attach.c b/src/tests/attach.c +index 07e641d..aac609f 100644 +--- a/src/tests/attach.c ++++ b/src/tests/attach.c +@@ -248,7 +248,7 @@ static int test_attach_cmd(struct lxc_container *ct) + { + int ret; + pid_t pid; +- char *argv[] = {"cmp", "-s", "/sbin/init", "/bin/busybox", NULL}; ++ char *argv[] = {"cmp", "-s", "/sbin/init", "/sbin/init", NULL}; + lxc_attach_command_t command = {"cmp", argv}; + lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT; + diff --git a/external/meta-virtualization/recipes-containers/lxc/lxc_3.1.0.bb b/external/meta-virtualization/recipes-containers/lxc/lxc_3.1.0.bb new file mode 100644 index 00000000..977583f2 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/lxc_3.1.0.bb @@ -0,0 +1,196 @@ +DESCRIPTION = "lxc aims to use these new functionnalities to provide an userspace container object" +SECTION = "console/utils" +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" +DEPENDS = "libxml2 libcap" +RDEPENDS_${PN} = " \ + rsync \ + gzip \ + xz \ + tar \ + wget \ + libcap-bin \ + bridge-utils \ + dnsmasq \ + perl-module-strict \ + perl-module-getopt-long \ + perl-module-vars \ + perl-module-exporter \ + perl-module-constant \ + perl-module-overload \ + perl-module-exporter-heavy \ + gmp \ + libidn \ + gnutls \ + nettle \ + util-linux-mountpoint \ + util-linux-getopt \ +" + +RDEPENDS_${PN}_append_libc-glibc = " glibc-utils" + +RDEPENDS_${PN}-ptest += "file make gmp nettle gnutls bash libgcc" + +RDEPENDS_${PN}-networking += "iptables" + +SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \ + file://lxc-1.0.0-disable-udhcp-from-busybox-template.patch \ + file://run-ptest \ + file://lxc-fix-B-S.patch \ + file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \ + file://logs-optionally-use-base-filenames-to-report-src-fil.patch \ + file://templates-actually-create-DOWNLOAD_TEMP-directory.patch \ + file://template-make-busybox-template-compatible-with-core-.patch \ + file://tests-our-init-is-not-busybox.patch \ + file://tests-add-no-validate-when-using-download-template.patch \ + file://dnsmasq.conf \ + file://lxc-net \ + " + +SRC_URI[md5sum] = "e83e302a801494276f3772e687a3b8b0" +SRC_URI[sha256sum] = "4d8772c25baeaea2c37a954902b88c05d1454c91c887cb6a0997258cfac3fdc5" + +S = "${WORKDIR}/${BPN}-${PV}" + +# Let's not configure for the host distro. +# +PTEST_CONF = "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '--enable-tests', '', d)}" +EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}" + +EXTRA_OECONF += "--with-init-script=\ +${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'sysvinit,', '', d)}\ +${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" + +EXTRA_OECONF += "--enable-log-src-basename" + +CFLAGS_append = " -Wno-error=deprecated-declarations" + +PACKAGECONFIG ??= "templates \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \ +" +PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,," +PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,," +PACKAGECONFIG[apparmor] = "--enable-apparmor,--disable-apparmor,apparmor,apparmor" +PACKAGECONFIG[templates] = ",,, ${PN}-templates" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux,libselinux" +PACKAGECONFIG[seccomp] ="--enable-seccomp,--disable-seccomp,libseccomp,libseccomp" +PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--without-systemdsystemunitdir,systemd," + +# required by python3 to run setup.py +export BUILD_SYS +export HOST_SYS +export STAGING_INCDIR +export STAGING_LIBDIR + +inherit autotools pkgconfig ptest update-rc.d systemd python3native + +SYSTEMD_PACKAGES = "${PN} ${PN}-networking" +SYSTEMD_SERVICE_${PN} = "lxc.service" +SYSTEMD_AUTO_ENABLE_${PN} = "disable" +SYSTEMD_SERVICE_${PN}-networking = "lxc-net.service" +SYSTEMD_AUTO_ENABLE_${PN}-networking = "enable" + +INITSCRIPT_PACKAGES = "${PN} ${PN}-networking" +INITSCRIPT_NAME_${PN} = "lxc-containers" +INITSCRIPT_PARAMS_${PN} = "defaults" +INITSCRIPT_NAME_${PN}-networking = "lxc-net" +INITSCRIPT_PARAMS_${PN}-networking = "defaults" + +FILES_${PN}-doc = "${mandir} ${infodir}" +# For LXC the docdir only contains example configuration files and should be included in the lxc package +FILES_${PN} += "${docdir}" +FILES_${PN} += "${libdir}/python3*" +FILES_${PN} += "${datadir}/bash-completion" +FILES_${PN}-dbg += "${libexecdir}/lxc/.debug" +FILES_${PN}-dbg += "${libexecdir}/lxc/hooks/.debug" +PACKAGES =+ "${PN}-templates ${PN}-networking ${PN}-lua" +FILES_lua-${PN} = "${datadir}/lua ${libdir}/lua" +FILES_lua-${PN}-dbg += "${libdir}/lua/lxc/.debug" +FILES_${PN}-templates += "${datadir}/lxc/templates" +RDEPENDS_${PN}-templates += "bash" + +FILES_${PN}-networking += " \ + ${sysconfdir}/init.d/lxc-net \ + ${sysconfdir}/default/lxc-net \ +" + +CACHED_CONFIGUREVARS += " \ + ac_cv_path_PYTHON='${STAGING_BINDIR_NATIVE}/python3-native/python3' \ + am_cv_python_pyexecdir='${exec_prefix}/${libdir}/python3.5/site-packages' \ + am_cv_python_pythondir='${prefix}/${libdir}/python3.5/site-packages' \ +" + +do_install_append() { + # The /var/cache/lxc directory created by the Makefile + # is wiped out in volatile, we need to create this at boot. + rm -rf ${D}${localstatedir}/cache + install -d ${D}${sysconfdir}/default/volatiles + echo "d root root 0755 ${localstatedir}/cache/lxc none" \ + > ${D}${sysconfdir}/default/volatiles/99_lxc + + for i in `grep -l "#! */bin/bash" ${D}${datadir}/lxc/hooks/*`; do \ + sed -e 's|#! */bin/bash|#!/bin/sh|' -i $i; done + + install -d ${D}${sysconfdir}/init.d + install -m 755 config/init/sysvinit/lxc* ${D}${sysconfdir}/init.d + + # since python3-native is used for install location this will not be + # suitable for the target and we will have to correct the package install + if ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then + if [ -d ${D}${exec_prefix}/lib/python* ]; then mv ${D}${exec_prefix}/lib/python* ${D}${libdir}/; fi + rmdir --ignore-fail-on-non-empty ${D}${exec_prefix}/lib + fi + + # /etc/default/lxc sources lxc-net, this allows lxc bridge when lxc-networking + # is not installed this results in no lxcbr0, but when lxc-networking is installed + # lxcbr0 will be fully configured. + install -m 644 ${WORKDIR}/lxc-net ${D}${sysconfdir}/default/ + + # Force the main dnsmasq instance to bind only to specified interfaces and + # to not bind to virbr0. Libvirt will run its own instance on this interface. + install -d ${D}/${sysconfdir}/dnsmasq.d + install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/lxc +} + +EXTRA_OEMAKE += "TEST_DIR=${D}${PTEST_PATH}/src/tests" + +do_install_ptest() { + # Move tests to the "ptest directory" + install -d ${D}/${PTEST_PATH}/tests + mv ${D}/usr/bin/lxc-test-* ${D}/${PTEST_PATH}/tests/. +} + +pkg_postinst_${PN}() { + if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then + /etc/init.d/populate-volatile.sh update + fi +} + +pkg_postinst_ontarget_${PN}-networking() { +if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then +cat >> /etc/network/interfaces << EOF + +auto lxcbr0 +iface lxcbr0 inet dhcp + bridge_ports eth0 + bridge_fd 0 + bridge_maxwait 0 +EOF + +cat<<EOF>/etc/network/if-pre-up.d/lxcbr0 +#! /bin/sh + +if test "x\$IFACE" = xlxcbr0 ; then + brctl show |grep lxcbr0 > /dev/null 2>/dev/null + if [ \$? != 0 ] ; then + brctl addbr lxcbr0 + brctl addif lxcbr0 eth0 + ip addr flush eth0 + ifconfig eth0 up + fi +fi +EOF +chmod 755 /etc/network/if-pre-up.d/lxcbr0 +fi +} diff --git a/external/meta-virtualization/recipes-containers/lxcfs/files/systemd-allow-for-distinct-build-directory.patch b/external/meta-virtualization/recipes-containers/lxcfs/files/systemd-allow-for-distinct-build-directory.patch new file mode 100644 index 00000000..14228d65 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxcfs/files/systemd-allow-for-distinct-build-directory.patch @@ -0,0 +1,47 @@ +From 66a71fbf94020651880f1dbb6e4663d93391b47c Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Mon, 10 Sep 2018 13:14:07 -0400 +Subject: [PATCH] systemd: allow for distinct build directory + +The Makefile.am is currently written in a way that doesn't allow for a +distinct build directory. As such we get the error: + + install: cannot stat 'lxcfs.service': No such file or directory + +Make use of $(srcdir) to correct this. + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> +--- + config/init/systemd/Makefile.am | 2 +- + config/init/systemd/Makefile.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am +index 79e96f5..d6933f9 100644 +--- a/config/init/systemd/Makefile.am ++++ b/config/init/systemd/Makefile.am +@@ -5,7 +5,7 @@ SYSTEMD_UNIT_DIR = /lib/systemd/system + + install-systemd: lxcfs.service + $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) +- $(INSTALL_DATA) lxcfs.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ ++ $(INSTALL_DATA) $(srcdir)/lxcfs.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ + + uninstall-systemd: + rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxcfs.service +diff --git a/config/init/systemd/Makefile.in b/config/init/systemd/Makefile.in +index d433e8a..430190c 100644 +--- a/config/init/systemd/Makefile.in ++++ b/config/init/systemd/Makefile.in +@@ -450,7 +450,7 @@ uninstall-am: uninstall-local + + @INIT_SCRIPT_SYSTEMD_TRUE@install-systemd: lxcfs.service + @INIT_SCRIPT_SYSTEMD_TRUE@ $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) +-@INIT_SCRIPT_SYSTEMD_TRUE@ $(INSTALL_DATA) lxcfs.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ ++@INIT_SCRIPT_SYSTEMD_TRUE@ $(INSTALL_DATA) $(srcdir)/lxcfs.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ + + @INIT_SCRIPT_SYSTEMD_TRUE@uninstall-systemd: + @INIT_SCRIPT_SYSTEMD_TRUE@ rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxcfs.service +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/lxcfs/files/systemd-ensure-var-lib-lxcfs-exists.patch b/external/meta-virtualization/recipes-containers/lxcfs/files/systemd-ensure-var-lib-lxcfs-exists.patch new file mode 100644 index 00000000..5e5673ac --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxcfs/files/systemd-ensure-var-lib-lxcfs-exists.patch @@ -0,0 +1,27 @@ +From 89bf4b64e810e174068e7861490e6d6ab2d14854 Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Mon, 10 Sep 2018 15:01:54 -0400 +Subject: [PATCH] systemd: ensure /var/lib/lxcfs exists + +If the directory doesn't exist the service will fail to start. + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> +--- + config/init/systemd/lxcfs.service | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/config/init/systemd/lxcfs.service b/config/init/systemd/lxcfs.service +index 95e3ee9..d887203 100644 +--- a/config/init/systemd/lxcfs.service ++++ b/config/init/systemd/lxcfs.service +@@ -5,6 +5,7 @@ Before=lxc.service + Documentation=man:lxcfs(1) + + [Service] ++ExecStartPre=-/bin/mkdir /var/lib/lxcfs + ExecStart=/usr/bin/lxcfs /var/lib/lxcfs/ + KillMode=process + Restart=on-failure +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/lxcfs/lxcfs_3.0.1.bb b/external/meta-virtualization/recipes-containers/lxcfs/lxcfs_3.0.1.bb new file mode 100644 index 00000000..576027fd --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxcfs/lxcfs_3.0.1.bb @@ -0,0 +1,25 @@ +SUMMARY = "LXCFS is a userspace filesystem created to avoid kernel limitations" +LICENSE = "Apache-2.0" + +inherit autotools pkgconfig systemd + +SRC_URI = " \ + https://linuxcontainers.org/downloads/lxcfs/lxcfs-${PV}.tar.gz \ + file://systemd-allow-for-distinct-build-directory.patch \ + file://systemd-ensure-var-lib-lxcfs-exists.patch \ +" + +LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" +SRC_URI[md5sum] = "fa49872fc45846125455199a2cce18f1" +SRC_URI[sha256sum] = "016c317f13392bebccba338511f537332fb2fdbaf62a5f6d77307b38a348f41f" + +DEPENDS += "fuse" +RDEPENDS_${PN} += "fuse" + +FILES_${PN} += "${datadir}/lxc/config/common.conf.d/*" + +CACHED_CONFIGUREVARS += "ac_cv_path_HELP2MAN='false // No help2man //'" +EXTRA_OECONF += "--with-distro=unknown --with-init-script=${VIRTUAL-RUNTIME_init_manager}" + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE_${PN} = "lxcfs.service" diff --git a/external/meta-virtualization/recipes-containers/oci-image-spec/oci-image-spec_git.bb b/external/meta-virtualization/recipes-containers/oci-image-spec/oci-image-spec_git.bb new file mode 100644 index 00000000..92a83998 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-image-spec/oci-image-spec_git.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "The OCI Image Format project creates and maintains the software shipping container image format spec" +HOMEPAGE = "https://github.com/opencontainers/image-spec" +SECTION = "devel/go" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/${PKG_NAME}/LICENSE;md5=27ef03aa2da6e424307f102e8b42621d" + +SRCNAME = "image-spec" + +PKG_NAME = "github.com/opencontainers/${SRCNAME}" +SRC_URI = "git://${PKG_NAME}.git;destsuffix=git/src/${PKG_NAME}" + +SRCREV = "91d3eaabebcdc329edd9b4ff0f28f8f90022201f" +PV = "v1.0.0-rc4+git${SRCPV}" + +S = "${WORKDIR}/git" + +# NO-OP the do compile rule because this recipe is source only. +do_compile() { +} + +do_install() { + install -d ${D}${prefix}/local/go/src/${PKG_NAME} + for j in $(cd ${S} && find src/${PKG_NAME} -name "*.go"); do + if [ ! -d ${D}${prefix}/local/go/$(dirname $j) ]; then + mkdir -p ${D}${prefix}/local/go/$(dirname $j) + fi + cp $j ${D}${prefix}/local/go/$j + done + cp -r ${S}/src/${PKG_NAME}/LICENSE ${D}${prefix}/local/go/src/${PKG_NAME}/ +} + +SYSROOT_PREPROCESS_FUNCS += "image_spec_file_sysroot_preprocess" + +image_spec_file_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${prefix}/local/go/src/${PKG_NAME} + cp -r ${D}${prefix}/local/go/src/${PKG_NAME} ${SYSROOT_DESTDIR}${prefix}/local/go/src/$(dirname ${PKG_NAME}) +} + +FILES_${PN} += "${prefix}/local/go/src/${PKG_NAME}/*" + +CLEANBROKEN = "1"
\ No newline at end of file diff --git a/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-config-make-Config.User-mapping-errors-a-warning.patch b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-config-make-Config.User-mapping-errors-a-warning.patch new file mode 100644 index 00000000..78d2b9d0 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-config-make-Config.User-mapping-errors-a-warning.patch @@ -0,0 +1,30 @@ +From fbd62eff9ff2f447c2eb4634398110609fbf9d59 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Thu, 16 Nov 2017 23:40:17 -0500 +Subject: [PATCH] config: make Config.User mapping errors a warning + +Rather than throwing an error if we can't map a user to a uid, +output a warning. We aren't actually running the code, but are +just extracting it .. so the user not existing isn't an issue. + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + image/config.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/import/image/config.go b/src/import/image/config.go +index d28b1bc4fe5f..37dfd1f14ef7 100644 +--- a/src/import/image/config.go ++++ b/src/import/image/config.go +@@ -106,7 +106,7 @@ func (c *config) runtimeSpec(rootfs string) (*specs.Spec, error) { + s.Process.User.UID = uint32(uid) + s.Process.User.GID = uint32(gid) + } else if c.Config.User != "" { +- return nil, errors.New("config.User: unsupported format") ++ fmt.Println("Warning: could not map UID for user:", c.Config.User) + } + + s.Linux = &specs.Linux{} +-- +2.4.0.53.g8440f74 + diff --git a/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-image-manifest-Recursively-remove-pre-existing-entri.patch b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-image-manifest-Recursively-remove-pre-existing-entri.patch new file mode 100644 index 00000000..5594f976 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-image-manifest-Recursively-remove-pre-existing-entri.patch @@ -0,0 +1,78 @@ +From 1f205c0aec5ea9e983d61a64e7ce871ae416bebd Mon Sep 17 00:00:00 2001 +From: "W. Trevor King" <wking@tremily.us> +Date: Tue, 18 Oct 2016 02:16:46 -0700 +Subject: [PATCH 1/2] image/manifest: Recursively remove pre-existing entries + when unpacking + +Implementing the logic that is in-flight with [1], but using recursive +removal [2]. GNU tar has a --recursive-unlink option that's not +enabled by default, with the motivation being something like "folks +would be mad if we blew away a full tree and replaced it with a broken +symlink" [3]. That makes sense for working filesystems, but we're +building the rootfs from scratch here so losing information is not a +concern. This commit always uses recursive removal to get that old +thing off the filesystem (whatever it takes ;). + +The exception to the removal is if both the tar entry and existing +path occupant are directories. In this case we want to use GNU tar's +default --overwrite-dir behavior, but unpackLayer's metadata handling +is currently very weak so I've left it at "don't delete the old +directory". + +The reworked directory case also fixes a minor bug from 44210d05 +(cmd/oci-image-tool: fix unpacking..., 2016-07-22, #177) where the: + + if fi, err := os.Lstat(path); !(err == nil && fi.IsDir()) { + +block would not error out if the Lstat failed for a reason besides the +acceptable IsNotExist. Instead, it would attempt to call MkdirAll, +which would probably fail for the same reason that Lstat failed +(e.g. ENOTDIR). But it's better to handle the Lstat errors directly. + +[1]: https://github.com/opencontainers/image-spec/pull/317 +[2]: https://github.com/opencontainers/image-spec/pull/317/files#r79214718 +[3]: https://www.gnu.org/software/tar/manual/html_node/Dealing-with-Old-Files.html + +Signed-off-by: W. Trevor King <wking@tremily.us> +--- + image/manifest.go | 22 +++++++++++++++++++--- + 1 file changed, 19 insertions(+), 3 deletions(-) + +diff --git a/image/manifest.go b/image/manifest.go +index 8834c1e5f2f0..144bd4f62219 100644 +--- a/src/import/image/manifest.go ++++ b/src/import/image/manifest.go +@@ -253,11 +253,27 @@ loop: + continue loop + } + ++ if hdr.Typeflag != tar.TypeDir { ++ err = os.RemoveAll(path) ++ if err != nil && !os.IsNotExist(err) { ++ return err ++ } ++ } ++ + switch hdr.Typeflag { + case tar.TypeDir: +- if fi, err := os.Lstat(path); !(err == nil && fi.IsDir()) { +- if err2 := os.MkdirAll(path, info.Mode()); err2 != nil { +- return errors.Wrap(err2, "error creating directory") ++ fi, err := os.Lstat(path) ++ if err != nil && !os.IsNotExist(err) { ++ return err ++ } ++ if os.IsNotExist(err) || !fi.IsDir() { ++ err = os.RemoveAll(path) ++ if err != nil && !os.IsNotExist(err) { ++ return err ++ } ++ err = os.MkdirAll(path, info.Mode()) ++ if err != nil { ++ return err + } + } + +-- +2.4.0.53.g8440f74 + diff --git a/external/meta-virtualization/recipes-containers/oci-image-tools/files/0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch new file mode 100644 index 00000000..69bdcdb5 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch @@ -0,0 +1,242 @@ +From 1e55f2a83b1f644803b640b72171b4ae0d95217b Mon Sep 17 00:00:00 2001 +From: "W. Trevor King" <wking@tremily.us> +Date: Thu, 20 Oct 2016 23:30:22 -0700 +Subject: [PATCH 2/2] image/manifest: Split unpackLayerEntry into its own + function + +To help address: + + $ make lint + checking lint + image/manifest.go:140::warning: cyclomatic complexity 39 of function unpackLayer() is high (> 35) (gocyclo) + ... + +Signed-off-by: W. Trevor King <wking@tremily.us> +--- + image/manifest.go | 185 +++++++++++++++++++++++++++++------------------------- + 1 file changed, 100 insertions(+), 85 deletions(-) + +diff --git a/image/manifest.go b/image/manifest.go +index 144bd4f62219..dfd5a83f70e4 100644 +--- a/src/import/image/manifest.go ++++ b/src/import/image/manifest.go +@@ -218,116 +218,131 @@ loop: + return errors.Wrapf(err, "error advancing tar stream") + } + +- hdr.Name = filepath.Clean(hdr.Name) +- if !strings.HasSuffix(hdr.Name, string(os.PathSeparator)) { +- // Not the root directory, ensure that the parent directory exists +- parent := filepath.Dir(hdr.Name) +- parentPath := filepath.Join(dest, parent) +- if _, err2 := os.Lstat(parentPath); err2 != nil && os.IsNotExist(err2) { +- if err3 := os.MkdirAll(parentPath, 0755); err3 != nil { +- return err3 +- } +- } +- } +- path := filepath.Join(dest, hdr.Name) +- if entries[path] { +- return fmt.Errorf("duplicate entry for %s", path) +- } +- entries[path] = true +- rel, err := filepath.Rel(dest, path) ++ var whiteout bool ++ whiteout, err = unpackLayerEntry(dest, hdr, tr, &entries) + if err != nil { + return err + } +- info := hdr.FileInfo() +- if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { +- return fmt.Errorf("%q is outside of %q", hdr.Name, dest) ++ if whiteout { ++ continue loop + } + +- if strings.HasPrefix(info.Name(), ".wh.") { +- path = strings.Replace(path, ".wh.", "", 1) ++ // Directory mtimes must be handled at the end to avoid further ++ // file creation in them to modify the directory mtime ++ if hdr.Typeflag == tar.TypeDir { ++ dirs = append(dirs, hdr) ++ } ++ } ++ for _, hdr := range dirs { ++ path := filepath.Join(dest, hdr.Name) + +- if err := os.RemoveAll(path); err != nil { +- return errors.Wrap(err, "unable to delete whiteout path") ++ finfo := hdr.FileInfo() ++ // I believe the old version was using time.Now().UTC() to overcome an ++ // invalid error from chtimes.....but here we lose hdr.AccessTime like this... ++ if err := os.Chtimes(path, time.Now().UTC(), finfo.ModTime()); err != nil { ++ return errors.Wrap(err, "error changing time") ++ } ++ } ++ return nil ++} ++ ++// unpackLayerEntry unpacks a single entry from a layer. ++func unpackLayerEntry(dest string, header *tar.Header, reader io.Reader, entries *map[string]bool) (whiteout bool, err error) { ++ header.Name = filepath.Clean(header.Name) ++ if !strings.HasSuffix(header.Name, string(os.PathSeparator)) { ++ // Not the root directory, ensure that the parent directory exists ++ parent := filepath.Dir(header.Name) ++ parentPath := filepath.Join(dest, parent) ++ if _, err2 := os.Lstat(parentPath); err2 != nil && os.IsNotExist(err2) { ++ if err3 := os.MkdirAll(parentPath, 0755); err3 != nil { ++ return false, err3 + } ++ } ++ } ++ path := filepath.Join(dest, header.Name) ++ if (*entries)[path] { ++ return false, fmt.Errorf("duplicate entry for %s", path) ++ } ++ (*entries)[path] = true ++ rel, err := filepath.Rel(dest, path) ++ if err != nil { ++ return false, err ++ } ++ info := header.FileInfo() ++ if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { ++ return false, fmt.Errorf("%q is outside of %q", header.Name, dest) ++ } + +- continue loop ++ if strings.HasPrefix(info.Name(), ".wh.") { ++ path = strings.Replace(path, ".wh.", "", 1) ++ ++ if err = os.RemoveAll(path); err != nil { ++ return true, errors.Wrap(err, "unable to delete whiteout path") + } + +- if hdr.Typeflag != tar.TypeDir { +- err = os.RemoveAll(path) +- if err != nil && !os.IsNotExist(err) { +- return err +- } ++ return true, nil ++ } ++ ++ if header.Typeflag != tar.TypeDir { ++ err = os.RemoveAll(path) ++ if err != nil && !os.IsNotExist(err) { ++ return false, err + } ++ } + +- switch hdr.Typeflag { +- case tar.TypeDir: +- fi, err := os.Lstat(path) ++ switch header.Typeflag { ++ case tar.TypeDir: ++ fi, err := os.Lstat(path) ++ if err != nil && !os.IsNotExist(err) { ++ return false, err ++ } ++ if os.IsNotExist(err) || !fi.IsDir() { ++ err = os.RemoveAll(path) + if err != nil && !os.IsNotExist(err) { +- return err +- } +- if os.IsNotExist(err) || !fi.IsDir() { +- err = os.RemoveAll(path) +- if err != nil && !os.IsNotExist(err) { +- return err +- } +- err = os.MkdirAll(path, info.Mode()) +- if err != nil { +- return err +- } ++ return false, err + } +- +- case tar.TypeReg, tar.TypeRegA: +- f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, info.Mode()) ++ err = os.MkdirAll(path, info.Mode()) + if err != nil { +- return errors.Wrap(err, "unable to open file") ++ return false, err + } ++ } + +- if _, err := io.Copy(f, tr); err != nil { +- f.Close() +- return errors.Wrap(err, "unable to copy") +- } +- f.Close() ++ case tar.TypeReg, tar.TypeRegA: ++ f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, info.Mode()) ++ if err != nil { ++ return false, errors.Wrap(err, "unable to open file") ++ } + +- case tar.TypeLink: +- target := filepath.Join(dest, hdr.Linkname) ++ if _, err := io.Copy(f, reader); err != nil { ++ f.Close() ++ return false, errors.Wrap(err, "unable to copy") ++ } ++ f.Close() + +- if !strings.HasPrefix(target, dest) { +- return fmt.Errorf("invalid hardlink %q -> %q", target, hdr.Linkname) +- } ++ case tar.TypeLink: ++ target := filepath.Join(dest, header.Linkname) + +- if err := os.Link(target, path); err != nil { +- return err +- } ++ if !strings.HasPrefix(target, dest) { ++ return false, fmt.Errorf("invalid hardlink %q -> %q", target, header.Linkname) ++ } + +- case tar.TypeSymlink: +- target := filepath.Join(filepath.Dir(path), hdr.Linkname) ++ if err := os.Link(target, path); err != nil { ++ return false, err ++ } + +- if !strings.HasPrefix(target, dest) { +- return fmt.Errorf("invalid symlink %q -> %q", path, hdr.Linkname) +- } ++ case tar.TypeSymlink: ++ target := filepath.Join(filepath.Dir(path), header.Linkname) + +- if err := os.Symlink(hdr.Linkname, path); err != nil { +- return err +- } +- case tar.TypeXGlobalHeader: +- return nil ++ if !strings.HasPrefix(target, dest) { ++ return false, fmt.Errorf("invalid symlink %q -> %q", path, header.Linkname) + } +- // Directory mtimes must be handled at the end to avoid further +- // file creation in them to modify the directory mtime +- if hdr.Typeflag == tar.TypeDir { +- dirs = append(dirs, hdr) +- } +- } +- for _, hdr := range dirs { +- path := filepath.Join(dest, hdr.Name) + +- finfo := hdr.FileInfo() +- // I believe the old version was using time.Now().UTC() to overcome an +- // invalid error from chtimes.....but here we lose hdr.AccessTime like this... +- if err := os.Chtimes(path, time.Now().UTC(), finfo.ModTime()); err != nil { +- return errors.Wrap(err, "error changing time") ++ if err := os.Symlink(header.Linkname, path); err != nil { ++ return false, err + } ++ case tar.TypeXGlobalHeader: ++ return false, nil + } +- return nil ++ ++ return false, nil + } +-- +2.4.0.53.g8440f74 + diff --git a/external/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb b/external/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb new file mode 100644 index 00000000..8c41b6e0 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb @@ -0,0 +1,64 @@ +HOMEPAGE = "https://github.com/opencontainers/image-tools" +SUMMARY = "A collection of tools for working with the OCI image format specification" +LICENSE = "Apache-2" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" + +DEPENDS = "\ + oci-image-spec \ + oci-runtime-spec \ + go-digest \ + go-errors \ + spf13-cobra \ + spf13-pflag \ + " + +SRC_URI = "git://github.com/opencontainers/image-tools.git \ + file://0001-image-manifest-Recursively-remove-pre-existing-entri.patch \ + file://0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch \ + file://0001-config-make-Config.User-mapping-errors-a-warning.patch" + +SRCREV = "4abe1a166f9be97e8e71b1bb4d7599cc29323011" +PV = "0.2.0-dev+git${SRCPV}" +GO_IMPORT = "import" + +inherit goarch +inherit go + +# This disables seccomp and apparmor, which are on by default in the +# go package. +EXTRA_OEMAKE="BUILDTAGS=''" + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" + # Setup vendor directory so that it can be used in GOPATH. + # + # Go looks in a src directory under any directory in GOPATH but riddler + # uses 'vendor' instead of 'vendor/src'. We can fix this with a symlink. + # + # We also need to link in the ipallocator directory as that is not under + # a src directory. + ln -sfn . "${S}/src/import/vendor/src" + mkdir -p "${S}/src/import/vendor/src/github.com/opencontainers/image-tools/" + ln -sfn "${S}/src/import/image" "${S}/src/import/vendor/src/github.com/opencontainers/image-tools/image" + ln -sfn "${S}/src/import/version" "${S}/src/import/vendor/src/github.com/opencontainers/image-tools/version" + export GOPATH="${S}/src/import/vendor" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + cd ${S}/src/import + + oe_runmake tool +} + +do_install() { + install -d ${D}/${sbindir} + install ${S}/src/import/oci-image-tool ${D}/${sbindir}/ +} + +INSANE_SKIP_${PN} += "ldflags textrel" diff --git a/external/meta-virtualization/recipes-containers/oci-runtime-spec/oci-runtime-spec_git.bb b/external/meta-virtualization/recipes-containers/oci-runtime-spec/oci-runtime-spec_git.bb new file mode 100644 index 00000000..deba7b3e --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-runtime-spec/oci-runtime-spec_git.bb @@ -0,0 +1,41 @@ +DESCRIPTION = "The Open Container Initiative develops specifications for standards on Operating System process and application containers" +HOMEPAGE = "https://github.com/opencontainers/runtime-spec" +SECTION = "devel/go" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/${PKG_NAME}/LICENSE;md5=b355a61a394a504dacde901c958f662c" + +SRCNAME = "runtime-spec" + +PKG_NAME = "github.com/opencontainers/${SRCNAME}" +SRC_URI = "git://${PKG_NAME}.git;destsuffix=git/src/${PKG_NAME}" + +SRCREV = "a39b1cd4fdf7743ab721cc9da58abbee2f8624d1" +PV = "v1.0.0-rc6+git${SRCPV}" + +S = "${WORKDIR}/git" + +# NO-OP the do compile rule because this recipe is source only. +do_compile() { +} + +do_install() { + install -d ${D}${prefix}/local/go/src/${PKG_NAME} + for j in $(cd ${S} && find src/${PKG_NAME} -name "*.go" -not -path "*/.tool/*"); do + if [ ! -d ${D}${prefix}/local/go/$(dirname $j) ]; then + mkdir -p ${D}${prefix}/local/go/$(dirname $j) + fi + cp $j ${D}${prefix}/local/go/$j + done + cp -r ${S}/src/${PKG_NAME}/LICENSE ${D}${prefix}/local/go/src/${PKG_NAME}/ +} + +SYSROOT_PREPROCESS_FUNCS += "runtime_spec_file_sysroot_preprocess" + +runtime_spec_file_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${prefix}/local/go/src/${PKG_NAME} + cp -r ${D}${prefix}/local/go/src/${PKG_NAME} ${SYSROOT_DESTDIR}${prefix}/local/go/src/$(dirname ${PKG_NAME}) +} + +FILES_${PN} += "${prefix}/local/go/src/${PKG_NAME}/*" + +CLEANBROKEN = "1" diff --git a/external/meta-virtualization/recipes-containers/oci-runtime-tools/files/0001-Revert-implement-add-set-function-for-hooks-items.patch b/external/meta-virtualization/recipes-containers/oci-runtime-tools/files/0001-Revert-implement-add-set-function-for-hooks-items.patch new file mode 100644 index 00000000..99a9310b --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-runtime-tools/files/0001-Revert-implement-add-set-function-for-hooks-items.patch @@ -0,0 +1,202 @@ +From 2911eaabab92ec2cdea2b173c3429db4a52bee2f Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Wed, 20 Sep 2017 23:28:52 -0400 +Subject: [PATCH] Revert "implement add/set function for hooks items" + +This reverts commit df3a46feb971386f922c7c2c2822b88301f87cb0. +--- + cmd/oci-runtime-tool/generate.go | 12 ++++++------ + generate/generate.go | 42 ++++++---------------------------------- + 2 files changed, 12 insertions(+), 42 deletions(-) + +diff --git a/src/import/cmd/oci-runtime-tool/generate.go b/src/import/cmd/oci-runtime-tool/generate.go +index ed11fe8f3729..7121ce5fe07e 100644 +--- a/src/import/cmd/oci-runtime-tool/generate.go ++++ b/src/import/cmd/oci-runtime-tool/generate.go +@@ -354,7 +354,7 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { + for _, postStartEnv := range postStartEnvs { + path, env, err := parseHookEnv(postStartEnv) + if err != nil { +- return err ++ return nil + } + g.AddPostStartHookEnv(path, env) + } +@@ -387,7 +387,7 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { + for _, postStopEnv := range postStopEnvs { + path, env, err := parseHookEnv(postStopEnv) + if err != nil { +- return err ++ return nil + } + g.AddPostStopHookEnv(path, env) + } +@@ -398,7 +398,7 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { + for _, postStopTimeout := range postStopTimeouts { + path, timeout, err := parseHookTimeout(postStopTimeout) + if err != nil { +- return err ++ return nil + } + g.AddPostStopHookTimeout(path, timeout) + } +@@ -409,7 +409,7 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { + for _, hook := range preStartHooks { + path, args, err := parseHook(hook) + if err != nil { +- return err ++ return nil + } + g.AddPreStartHook(path, args) + } +@@ -420,7 +420,7 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { + for _, preStartEnv := range preStartEnvs { + path, env, err := parseHookEnv(preStartEnv) + if err != nil { +- return err ++ return nil + } + g.AddPreStartHookEnv(path, env) + } +@@ -431,7 +431,7 @@ func setupSpec(g *generate.Generator, context *cli.Context) error { + for _, preStartTimeout := range preStartTimeouts { + path, timeout, err := parseHookTimeout(preStartTimeout) + if err != nil { +- return err ++ return nil + } + g.AddPreStartHookTimeout(path, timeout) + } +diff --git a/src/import/generate/generate.go b/src/import/generate/generate.go +index 84762c3cbd05..ef5d2cc95b3c 100644 +--- a/src/import/generate/generate.go ++++ b/src/import/generate/generate.go +@@ -744,39 +744,29 @@ func (g *Generator) ClearPreStartHooks() { + func (g *Generator) AddPreStartHook(path string, args []string) { + g.initSpecHooks() + hook := rspec.Hook{Path: path, Args: args} +- for i, hook := range g.spec.Hooks.Prestart { +- if hook.Path == path { +- g.spec.Hooks.Prestart[i] = hook +- return +- } +- } + g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook) + } + + // AddPreStartHookEnv adds envs of a prestart hook into g.spec.Hooks.Prestart. + func (g *Generator) AddPreStartHookEnv(path string, envs []string) { +- g.initSpecHooks() ++ g.initSpec() + for i, hook := range g.spec.Hooks.Prestart { + if hook.Path == path { + g.spec.Hooks.Prestart[i].Env = envs + return + } + } +- hook := rspec.Hook{Path: path, Env: envs} +- g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook) + } + + // AddPreStartHookTimeout adds timeout of a prestart hook into g.spec.Hooks.Prestart. + func (g *Generator) AddPreStartHookTimeout(path string, timeout int) { +- g.initSpecHooks() ++ g.initSpec() + for i, hook := range g.spec.Hooks.Prestart { + if hook.Path == path { + g.spec.Hooks.Prestart[i].Timeout = &timeout + return + } + } +- hook := rspec.Hook{Path: path, Timeout: &timeout} +- g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook) + } + + // ClearPostStopHooks clear g.spec.Hooks.Poststop. +@@ -794,39 +784,29 @@ func (g *Generator) ClearPostStopHooks() { + func (g *Generator) AddPostStopHook(path string, args []string) { + g.initSpecHooks() + hook := rspec.Hook{Path: path, Args: args} +- for i, hook := range g.spec.Hooks.Poststop { +- if hook.Path == path { +- g.spec.Hooks.Poststop[i] = hook +- return +- } +- } + g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook) + } + + // AddPostStopHookEnv adds envs of a poststop hook into g.spec.Hooks.Poststop. + func (g *Generator) AddPostStopHookEnv(path string, envs []string) { +- g.initSpecHooks() ++ g.initSpec() + for i, hook := range g.spec.Hooks.Poststop { + if hook.Path == path { + g.spec.Hooks.Poststop[i].Env = envs + return + } + } +- hook := rspec.Hook{Path: path, Env: envs} +- g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook) + } + + // AddPostStopHookTimeout adds timeout of a poststop hook into g.spec.Hooks.Poststop. + func (g *Generator) AddPostStopHookTimeout(path string, timeout int) { +- g.initSpecHooks() ++ g.initSpec() + for i, hook := range g.spec.Hooks.Poststop { + if hook.Path == path { + g.spec.Hooks.Poststop[i].Timeout = &timeout + return + } + } +- hook := rspec.Hook{Path: path, Timeout: &timeout} +- g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook) + } + + // ClearPostStartHooks clear g.spec.Hooks.Poststart. +@@ -844,39 +824,29 @@ func (g *Generator) ClearPostStartHooks() { + func (g *Generator) AddPostStartHook(path string, args []string) { + g.initSpecHooks() + hook := rspec.Hook{Path: path, Args: args} +- for i, hook := range g.spec.Hooks.Poststart { +- if hook.Path == path { +- g.spec.Hooks.Poststart[i] = hook +- return +- } +- } + g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook) + } + + // AddPostStartHookEnv adds envs of a poststart hook into g.spec.Hooks.Poststart. + func (g *Generator) AddPostStartHookEnv(path string, envs []string) { +- g.initSpecHooks() ++ g.initSpec() + for i, hook := range g.spec.Hooks.Poststart { + if hook.Path == path { + g.spec.Hooks.Poststart[i].Env = envs + return + } + } +- hook := rspec.Hook{Path: path, Env: envs} +- g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook) + } + + // AddPostStartHookTimeout adds timeout of a poststart hook into g.spec.Hooks.Poststart. + func (g *Generator) AddPostStartHookTimeout(path string, timeout int) { +- g.initSpecHooks() ++ g.initSpec() + for i, hook := range g.spec.Hooks.Poststart { + if hook.Path == path { + g.spec.Hooks.Poststart[i].Timeout = &timeout + return + } + } +- hook := rspec.Hook{Path: path, Timeout: &timeout} +- g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook) + } + + // AddTmpfsMount adds a tmpfs mount into g.spec.Mounts. +-- +2.4.0.53.g8440f74 + diff --git a/external/meta-virtualization/recipes-containers/oci-runtime-tools/oci-runtime-tools_git.bb b/external/meta-virtualization/recipes-containers/oci-runtime-tools/oci-runtime-tools_git.bb new file mode 100644 index 00000000..adbfc1ef --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-runtime-tools/oci-runtime-tools_git.bb @@ -0,0 +1,52 @@ +HOMEPAGE = "https://github.com/opencontainers/runtime-tools" +SUMMARY = "oci-runtime-tool is a collection of tools for working with the OCI runtime specification" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=b355a61a394a504dacde901c958f662c" + +SRC_URI = "git://github.com/opencontainers/runtime-tools.git \ + file://0001-Revert-implement-add-set-function-for-hooks-items.patch \ + " + +SRCREV = "6e7da8148f4de2c9e9c9d3b345576898d4f412cb" +PV = "0.1.0+git${SRCPV}" +GO_IMPORT = "import" + +INSANE_SKIP_${PN} += "ldflags textrel" + +inherit goarch +inherit go + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" + export GOPATH="${S}/src/import:${S}/src/import/vendor" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + # link fixups for compilation + rm -f ${S}/src/import/vendor/src + ln -sf ./ ${S}/src/import/vendor/src + mkdir -p ${S}/src/import/vendor/github.com/opencontainers/runtime-tools + ln -sf ../../../../generate ${S}/src/import/vendor/github.com/opencontainers/runtime-tools/generate + ln -sf ../../../../validate ${S}/src/import/vendor/github.com/opencontainers/runtime-tools/validate + ln -sf ../../../../cmd ${S}/src/import/vendor/github.com/opencontainers/runtime-tools/cmd + ln -sf ../../../../error ${S}/src/import/vendor/github.com/opencontainers/runtime-tools/error + ln -sf ../../../../specerror ${S}/src/import/vendor/github.com/opencontainers/runtime-tools/specerror + cd ${S}/src/import + + oe_runmake +} + +do_install() { + install -d ${D}/${sbindir} + install ${S}/src/import/oci-runtime-tool ${D}/${sbindir}/oci-runtime-tool +} + +deltask compile_ptest_base + diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch new file mode 100644 index 00000000..753a77d1 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch @@ -0,0 +1,76 @@ +From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001 +From: Jason Wessel <jason.wessel@windriver.com> +Date: Tue, 14 Nov 2017 07:41:41 -0800 +Subject: [PATCH] Add additional cgroup mounts from root NS automatically + +Signed-off-by: Jason Wessel <jason.wessel@windriver.com> +--- + src/systemdhook.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 45 insertions(+) + +diff --git a/src/systemdhook.c b/src/systemdhook.c +index 78575ef..f735484 100644 +--- a/src/systemdhook.c ++++ b/src/systemdhook.c +@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) { + static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path) + { + _cleanup_free_ char *cgroup_path = NULL; ++ char *spath, *dpath; ++ DIR *dir; ++ struct dirent *d; ++ char link[80]; ++ int got; + + if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) { + pr_perror("Failed to create path for %s", CGROUP_ROOT); +@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p + pr_perror("Failed to mkdir new dest: %s", systemd_path); + return -1; + } ++ /* Create all additional cgroup mounts which are in the root namespace */ ++ dir = opendir(CGROUP_ROOT); ++ if (!dir) { ++ pr_perror("Failed to open %s", CGROUP_ROOT); ++ return -1; ++ } ++ /* Skip "." and ".." */ ++ readdir(dir); ++ readdir(dir); ++ while ((d = readdir(dir))) { ++ /* Systemd is already handled above */ ++ if (strcmp(d->d_name, "systemd") == 0) { ++ continue; ++ } ++ if (asprintf(&spath, "%s/%s", CGROUP_ROOT, d->d_name) < 0) { ++ pr_perror("Failed to create path for %s", d->d_name); ++ return -1; ++ } ++ if (asprintf(&dpath, "%s%s/%s", rootfs, CGROUP_ROOT, d->d_name) < 0) { ++ pr_perror("Failed to create path for %s", d->d_name); ++ return -1; ++ } ++ got = readlink(spath, link, sizeof(link) - 1); ++ if (got > 0) { ++ link[got] = '\0'; ++ symlink(link, dpath); ++ } else { ++ if ((makepath(dpath, 0755) == -1) && (errno != EEXIST)) { ++ pr_perror("Failed to mkdir new dest: %s", dpath); ++ return -1; ++ } ++ if (bind_mount(spath, dpath, false)) { ++ pr_perror("Failed to bind mount %s on %s", spath, dpath); ++ return -1; ++ } ++ } ++ free(spath); ++ free(dpath); ++ } ++ closedir(dir); + if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) { + pr_perror("Failed to remount %s readonly", cgroup_path); + return -1; +-- +2.11.0 + diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-configure-drop-selinux-support.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-configure-drop-selinux-support.patch new file mode 100644 index 00000000..510126e4 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-configure-drop-selinux-support.patch @@ -0,0 +1,25 @@ +From 12c263703a0b0ae92566de7e5440fce7b59cd9be Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Tue, 8 Nov 2016 13:16:19 -0500 +Subject: [PATCH] configure: drop selinux support + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + configure.ac | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index c1275acb253d..eaba7fbb57e2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -8,7 +8,6 @@ AC_USE_SYSTEM_EXTENSIONS + AC_SYS_LARGEFILE + + PKG_CHECK_MODULES([YAJL], [yajl >= 2.0.0]) +-PKG_CHECK_MODULES([SELINUX], [libselinux >= 2.0.0]) + PKG_CHECK_MODULES([LIBMOUNT], [mount >= 2.23.0]) + + AC_MSG_CHECKING([whether to disable argument checking]) +-- +2.4.0.53.g8440f74 + diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch new file mode 100644 index 00000000..5016f6e7 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch @@ -0,0 +1,45 @@ +From 9b66394c712ec0d0fcb2052baa7f590621a53461 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Tue, 8 Nov 2016 13:15:46 -0500 +Subject: [PATCH] selinux: drop selinux support + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + src/systemdhook.c | 12 ------------ + 1 file changed, 12 deletions(-) + +--- a/src/systemdhook.c ++++ b/src/systemdhook.c +@@ -16,7 +16,6 @@ + #include <errno.h> + #include <inttypes.h> + #include <linux/limits.h> +-#include <selinux/selinux.h> + #include <yajl/yajl_tree.h> + #include <stdbool.h> + +@@ -129,9 +128,6 @@ static int chperm(const char *path, cons + closedir(dir); + return -1; + } +- if (setfilecon (full_path, label) < 0) { +- pr_perror("Failed to set context %s on %s", label, full_path); +- } + + if (doChown) { + /* Change uid and gid to something the container can handle */ +@@ -496,14 +492,6 @@ static int prestart(const char *rootfs, + return -1; + } + } +- +- if (strcmp("", mount_label)) { +- rc = setfilecon(journal_dir, (security_context_t)mount_label); +- if (rc < 0) { +- pr_perror("Failed to set journal dir selinux context"); +- return -1; +- } +- } + + /* Attempt to creare /var/log/journal inside of rootfs, + if successful, or directory exists, mount tmpfs on top of diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb new file mode 100644 index 00000000..e07b7410 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb @@ -0,0 +1,36 @@ +DESCRIPTION = "OCI systemd hook enables users to run systemd in docker and OCI" +SECTION = "console/utils" +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d32239bcb673463ab874e80d47fae504" +PRIORITY = "optional" + +DEPENDS = "yajl util-linux" + +SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3" +SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \ + file://0001-selinux-drop-selinux-support.patch \ + file://0001-configure-drop-selinux-support.patch \ + file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \ +" + +PV = "0.0.1+git${SRCPV}" +S = "${WORKDIR}/git" + +inherit autotools pkgconfig + +PACKAGECONFIG ??= "" +PACKAGECONFIG[selinux] = ",,libselinux" + +EXTRA_OECONF += "--libexecdir=${libexecdir}/oci/hooks.d" + +# nothing to compile, we do it all in the install task +do_compile[noexec] = "1" + +do_install() { + # Avoid building docs, and other artifacts by surgically calling the + # semi-internal target of "install-exec-am" + oe_runmake 'DESTDIR=${D}' install-exec-am +} + +FILES_${PN} += "${libexecdir}/oci/hooks.d/" + diff --git a/external/meta-virtualization/recipes-containers/riddler/riddler_git.bb b/external/meta-virtualization/recipes-containers/riddler/riddler_git.bb new file mode 100644 index 00000000..9f7fe6b4 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/riddler/riddler_git.bb @@ -0,0 +1,50 @@ +HOMEPAGE = "https://github.com/jfrazelle/riddler" +SUMMARY = "Convert `docker inspect` to opencontainers (OCI compatible) runc spec." +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=20ce4c6a4f32d6ee4a68e3a7506db3f1" + +SRC_URI = "git://github.com/jfrazelle/riddler;branch=master" +SRCREV = "23befa0b232877b5b502b828e24161d801bd67f6" +PV = "0.1.0+git${SRCPV}" +GO_IMPORT = "import" + +S = "${WORKDIR}/git" + +inherit goarch +inherit go + +# This disables seccomp and apparmor, which are on by default in the +# go package. +EXTRA_OEMAKE="BUILDTAGS=''" + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" + # Setup vendor directory so that it can be used in GOPATH. + # + # Go looks in a src directory under any directory in GOPATH but riddler + # uses 'vendor' instead of 'vendor/src'. We can fix this with a symlink. + # + # We also need to link in the ipallocator directory as that is not under + # a src directory. + ln -sfn . "${S}/src/import/vendor/src" + mkdir -p "${S}/src/import/vendor/src/github.com/jessfraz/riddler" + ln -sfn "${S}/src/import/parse" "${S}/src/import/vendor/src/github.com/jessfraz/riddler/parse" + export GOPATH="${S}/src/import/vendor" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + cd ${S}/src/import + + oe_runmake static +} + +do_install() { + install -d ${D}/${sbindir} + install ${S}/src/import/riddler ${D}/${sbindir}/riddler +} diff --git a/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch new file mode 100644 index 00000000..faeac46f --- /dev/null +++ b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch @@ -0,0 +1,22 @@ +From a9a2b9e72027d0b2357f6dfe8b154762aaa8dd02 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@windriver.com> +Date: Thu, 19 Apr 2018 16:39:41 -0400 +Subject: [PATCH] build: drop recvtty and use GOBUILDFLAGS + +Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +--- + Makefile | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +Index: git/src/import/Makefile +=================================================================== +--- git.orig/src/import/Makefile ++++ git/src/import/Makefile +@@ -41,7 +41,6 @@ + + static: $(SOURCES) + CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo cgo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc . +- CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo cgo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty + + release: + script/release.sh -r release/$(VERSION) -v $(VERSION) diff --git a/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch new file mode 100644 index 00000000..48c1250d --- /dev/null +++ b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-Add-console-socket-dev-null.patch @@ -0,0 +1,33 @@ +From 3fff2a3505fba1d1ff0074edff15708a77f6cfa9 Mon Sep 17 00:00:00 2001 +From: Jason Wessel <jason.wessel@windriver.com> +Date: Wed, 12 Jul 2017 13:35:03 -0700 +Subject: [PATCH] runc: Add --console-socket=/dev/null + +This allows for setting up a detached session where you do not want to +set the terminal to false in the config.json. More or less this is a +runtime override. + +Signed-off-by: Jason Wessel <jason.wessel@windriver.com> +--- + utils_linux.go | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/utils_linux.go b/utils_linux.go +index 8085f7fe..e6d31b35 100644 +--- a/src/import/utils_linux.go ++++ b/src/import/utils_linux.go +@@ -227,6 +227,11 @@ type runner struct { + } + + func (r *runner) run(config *specs.Process) (int, error) { ++ if (r.consoleSocket == "/dev/null") { ++ r.detach = false ++ r.consoleSocket = "" ++ config.Terminal = false ++ } + if err := r.checkTerminal(config); err != nil { + r.destroy() + return -1, err +-- +2.11.0 + diff --git a/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch new file mode 100644 index 00000000..9ccbccb2 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch @@ -0,0 +1,129 @@ +From cd7d76a6d1ecb1856f6ed666fb5c30dc105aa94e Mon Sep 17 00:00:00 2001 +From: Jason Wessel <jason.wessel@windriver.com> +Date: Tue, 5 Dec 2017 18:28:28 -0800 +Subject: [PATCH] runc-docker: Allow "run start ..." to daemonize with $SIGUSR1_PARENT_PID + +The runc-docker has all the code in it to properly run a stop hook if +you use it in the foreground. It doesn't work in the back ground +because there is no way for a golang application to fork a child exit +out of the parent process because all the golang threads stay with the +parent. + +This patch has three parts that happen ONLY when $SIGUSR1_PARENT_PID +is set. + +1) The code was copied which performs the normal the signal handling + block which is used for the foreground operation of runc. + +2) At the point where runc start would normally exit, it closes + stdin/stdout/stderr so it would be possible to daemonize "runc start ...". + +3) The code to send a SIGUSR1 to the parent process was added. The + idea being that a parent process would simply exit at that point + because it was blocking until runc performed everything it was + required to perform. + +Signed-off-by: Jason Wessel <jason.wessel@windriver.com> +--- + signals.go | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++---- + utils_linux.go | 2 +- + 2 files changed, 51 insertions(+), 5 deletions(-) + +Index: git/src/import/signals.go +=================================================================== +--- git.orig/src/import/signals.go ++++ git/src/import/signals.go +@@ -6,6 +6,7 @@ + "os" + "os/signal" + "syscall" // only for Signal ++ "strconv" + + "github.com/opencontainers/runc/libcontainer" + "github.com/opencontainers/runc/libcontainer/system" +@@ -56,9 +57,6 @@ + func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach bool) (int, error) { + // make sure we know the pid of our main process so that we can return + // after it dies. +- if detach && h.notifySocket == nil { +- return 0, nil +- } + + pid1, err := process.Pid() + if err != nil { +@@ -68,12 +66,61 @@ + if h.notifySocket != nil { + if detach { + h.notifySocket.run(pid1) +- return 0, nil + } else { + go h.notifySocket.run(0) + } + } + ++ if (detach) { ++ // This allows the parent process to daemonize this process ++ // so long as stdin/stderr/stdout are closed ++ if envVal := os.Getenv("SIGUSR1_PARENT_PID"); envVal != "" { ++ // Close stdin/stdout/stderr ++ os.Stdin.Close() ++ os.Stdout.Close() ++ os.Stderr.Close() ++ // Notify parent to detach ++ i, err := strconv.Atoi(envVal) ++ if (err != nil) { ++ return 0, nil ++ } ++ unix.Kill(i, unix.SIGUSR1) ++ // Loop waiting on the child to signal or exit, ++ // after which all stop hooks will be run ++ for s := range h.signals { ++ switch s { ++ case unix.SIGCHLD: ++ exits, err := h.reap() ++ if err != nil { ++ logrus.Error(err) ++ } ++ for _, e := range exits { ++ logrus.WithFields(logrus.Fields{ ++ "pid": e.pid, ++ "status": e.status, ++ }).Debug("process exited") ++ if e.pid == pid1 { ++ // call Wait() on the process even though we already have the exit ++ // status because we must ensure that any of the go specific process ++ // fun such as flushing pipes are complete before we return. ++ process.Wait() ++ if h.notifySocket != nil { ++ h.notifySocket.Close() ++ } ++ return e.status, nil ++ } ++ } ++ default: ++ logrus.Debugf("sending signal to process %s", s) ++ if err := unix.Kill(pid1, s.(syscall.Signal)); err != nil { ++ logrus.Error(err) ++ } ++ } ++ } ++ } ++ return 0, nil ++ } ++ + // Perform the initial tty resize. Always ignore errors resizing because + // stdout might have disappeared (due to races with when SIGHUP is sent). + _ = tty.resize() +Index: git/src/import/utils_linux.go +=================================================================== +--- git.orig/src/import/utils_linux.go ++++ git/src/import/utils_linux.go +@@ -338,7 +338,7 @@ + if err != nil { + r.terminate(process) + } +- if detach { ++ if (detach && os.Getenv("SIGUSR1_PARENT_PID") == "") { + return 0, nil + } + r.destroy() diff --git a/external/meta-virtualization/recipes-containers/runc/runc-docker_git.bb b/external/meta-virtualization/recipes-containers/runc/runc-docker_git.bb new file mode 100644 index 00000000..02bda318 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/runc/runc-docker_git.bb @@ -0,0 +1,12 @@ +include runc.inc + +# Note: this rev is before the required protocol field, update when all components +# have been updated to match. +SRCREV_runc-docker = "6a2c15596845f6ff5182e2022f38a65e5dfa88eb" +SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \ + file://0001-runc-Add-console-socket-dev-null.patch \ + file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \ + file://0001-runc-docker-SIGUSR1-daemonize.patch \ + " + +RUNC_VERSION = "1.0.0-rc5" diff --git a/external/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb b/external/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb new file mode 100644 index 00000000..eaee8efa --- /dev/null +++ b/external/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb @@ -0,0 +1,7 @@ +include runc.inc + +SRCREV = "6a2c15596845f6ff5182e2022f38a65e5dfa88eb" +SRC_URI = " \ + git://github.com/opencontainers/runc;branch=master \ + " +RUNC_VERSION = "1.0.0-rc5" diff --git a/external/meta-virtualization/recipes-containers/runc/runc.inc b/external/meta-virtualization/recipes-containers/runc/runc.inc new file mode 100644 index 00000000..6d11a6ef --- /dev/null +++ b/external/meta-virtualization/recipes-containers/runc/runc.inc @@ -0,0 +1,68 @@ +HOMEPAGE = "https://github.com/opencontainers/runc" +SUMMARY = "runc container cli tools" +DESCRIPTION = "runc is a CLI tool for spawning and running containers according to the OCI specification." + +# Apache-2.0 for containerd +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=435b266b3899aa8a959f17d41c56def8" + +S = "${WORKDIR}/git" + +PV = "${RUNC_VERSION}+git${SRCPV}" + +inherit go +inherit goarch +inherit pkgconfig + +PACKAGECONFIG ??= "" +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" + +RRECOMMENDS_${PN} = "lxc docker" +PROVIDES += "virtual/runc" +RPROVIDES_${PN} = "virtual/runc" + +GO_IMPORT = "import" + +LIBCONTAINER_PACKAGE="github.com/opencontainers/runc/libcontainer" + +do_configure[noexec] = "1" +EXTRA_OEMAKE="BUILDTAGS='${PACKAGECONFIG_CONFARGS}' GO=${GO}" + +do_compile() { + # Set GOPATH. See 'PACKAGERS.md'. Don't rely on + # docker to download its dependencies but rather + # use dependencies packaged independently. + cd ${S}/src/import + rm -rf .gopath + dname=`dirname "${LIBCONTAINER_PACKAGE}"` + bname=`basename "${LIBCONTAINER_PACKAGE}"` + mkdir -p .gopath/src/${dname} + + (cd .gopath/src/${dname}; ln -sf ../../../../../${bname} ${bname}) + export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" + + # Fix up symlink for go-cross compiler + rm -f ${S}/src/import/vendor/src + ln -sf ./ ${S}/src/import/vendor/src + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export GO=${GO} + + export CFLAGS="" + export LDFLAGS="" + + oe_runmake static +} + +do_install() { + mkdir -p ${D}/${bindir} + + cp ${S}/src/import/runc ${D}/${bindir}/runc + ln -sf runc ${D}/${bindir}/docker-runc +} + +INHIBIT_PACKAGE_STRIP = "1" diff --git a/external/meta-virtualization/recipes-containers/singularity/README b/external/meta-virtualization/recipes-containers/singularity/README new file mode 100644 index 00000000..582480f8 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/singularity/README @@ -0,0 +1,46 @@ +Singularity is a container platform based on the principle of mobility of +compute, and it is designed for use within HPC clusters. For more info see +singularity.lbl.gov. + +To test whether the software functions correctly, you can use `singularity +selftest`. This is what you would expect to see: + +~# singularity selftest + + sh -c test -f /etc/singularity/singularity.conf (retval=0) OK + + test -u /usr/libexec/singularity/bin/action-suid (retval=0) OK + + test -u /usr/libexec/singularity/bin/create-suid (retval=0) OK + + test -u /usr/libexec/singularity/bin/expand-suid (retval=0) OK + + test -u /usr/libexec/singularity/bin/export-suid (retval=0) OK + + test -u /usr/libexec/singularity/bin/import-suid (retval=0) OK + + test -u /usr/libexec/singularity/bin/mount-suid (retval=0) OK + +You can also pull a container from Docker Hub to prove full functionality +(Test was performed on a Raspberry Pi 3, hence the arm32v7 part of the Docker +link. Make sure you pull an image which is compatible with your hardware.) +For instance: + +~# singularity pull docker://arm32v7/debian:latest +Initializing Singularity image subsystem +Opening image file: debian-latest.img +Creating 200MiB image +Binding image to loop +Creating file system within image +Image is done: debian-latest.img +Docker image path: index.docker.io/arm32v7/debian:latest +Cache folder set to /home/root/.singularity/docker +[1/1] |===================================| 100.0% +Importing: base Singularity environment +Importing: /home/root/.singularity/docker/sha256:ed4f1f0d0a0457e7f76ffb25a8d6a193007709dd312b7647cb44fc6979ec4a53.tar.gz +Importing: /home/root/.singularity/metadata/sha256:89997b2c16b29c5a3a316e314172ef21b36f67cc3200b1c4d95927f716dbee83.tar.gz +Done. Container is at: debian-latest.img +~# singularity shell debian-latest.img +Singularity: Invoking an interactive shell within container... + +Singularity debian-latest.img:~> echo "Hello from within the container!" +Hello from within the container! +Singularity debian-latest.img:~> ls / +bin dev home lost+found mnt proc run singularity sys usr +boot etc lib media opt root sbin srv tmp var +Singularity debian-latest.img:~> exit +exit +~# diff --git a/external/meta-virtualization/recipes-containers/singularity/singularity_git.bb b/external/meta-virtualization/recipes-containers/singularity/singularity_git.bb new file mode 100644 index 00000000..6fee8f35 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/singularity/singularity_git.bb @@ -0,0 +1,35 @@ +# Skip QA check for library symbolic links (core issue is a packaging problem within +# Singularity build / config: read up on the dev-so test for more info) +INSANE_SKIP_${PN} += "dev-so" + +RDEPENDS_${PN} += "glibc python3 ca-certificates openssl bash e2fsprogs-mke2fs" +# Singularity expects to find python3 under the name python, therefore both +# cannot be installed at the same time. +RCONFLICTS_${PN} = "python" + +LICENSE = "BSD" +LIC_FILES_CHKSUM = "file://COPYRIGHT.md;md5=be78c34e483dd7d8439358b1e024b294 \ + file://LICENSE-LBNL.md;md5=45a007b527e1a9507aa7fa869f8d7ede \ + file://LICENSE.md;md5=df4326b473db6424033f1d98a5645e30 \ + file://debian/copyright;md5=ed267cf386d9b75ab1f27f407e935b10" + +SRC_URI = "git://github.com/singularityware/singularity.git;protocol=https" +PV = "2.3.1+git${SRCPV}" +SRCREV = "e214d4ebf0a1274b1c63b095fd55ae61c7e92947" + +S = "${WORKDIR}/git" + +inherit pythonnative autotools-brokensep +EXTRA_OECONF = "--prefix=/usr/local" + +pkg_postinst_${PN}() { + # Singularity requires "python" to resolve to "python3" within the commandline. + # This creates a symbolic link from python3 to python. A side-effect of this is + # that scripts which expect Python 2 may fail to run correctly. + ln -sr $D${bindir}/python3 $D${bindir}/python + + # python3 expects CA certificates to be installed in a different place to where + # they are actually installed. These lines link the two locations. + rm -r $D${libdir}/ssl-1.1/certs + ln -sr $D${sysconfdir}/ssl/certs $D${libdir}/ssl-1.1 +} diff --git a/external/meta-virtualization/recipes-containers/tini/tini/0001-Do-not-strip-the-output-binary-allow-yocto-to-do-thi.patch b/external/meta-virtualization/recipes-containers/tini/tini/0001-Do-not-strip-the-output-binary-allow-yocto-to-do-thi.patch new file mode 100644 index 00000000..6797720c --- /dev/null +++ b/external/meta-virtualization/recipes-containers/tini/tini/0001-Do-not-strip-the-output-binary-allow-yocto-to-do-thi.patch @@ -0,0 +1,28 @@ +From b99ef9954a34cffd85a5cc09922b201ae11b494d Mon Sep 17 00:00:00 2001 +From: Theodor Gherzan <theodor@resin.io> +Date: Mon, 5 Jun 2017 18:16:56 +0200 +Subject: [PATCH] Do not strip the output binary, allow yocto to do this + +Upstream-Status: Inappropriate [configuration specific] + +Signed-off-by: Theodor Gherzan <theodor@resin.io> +--- + CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index b5b93ba..c2907e2 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -54,7 +54,7 @@ if(NOT HAS_BUILTIN_FORTIFY) + endif() + + set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu99 -Werror -Wextra -Wall -pedantic-errors -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat") +-set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-s") ++set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-Bsymbolic-functions -Wl,-z,relro") + + # Build + +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/tini/tini_0.18.0.bb b/external/meta-virtualization/recipes-containers/tini/tini_0.18.0.bb new file mode 100644 index 00000000..373d886a --- /dev/null +++ b/external/meta-virtualization/recipes-containers/tini/tini_0.18.0.bb @@ -0,0 +1,32 @@ +HOMEPAGE = "http://github.com/krallin/tini" +SUMMARY = "Minimal init for containers" +DESCRIPTION = "Tini is the simplest init you could think of. All Tini does is \ +spawn a single child (Tini is meant to be run in a container), and wait for \ +it to exit all the while reaping zombies and performing signal forwarding. " + +SRCREV = "fec3683b971d9c3ef73f284f176672c44b448662" +SRC_URI = " \ + git://github.com/krallin/tini.git \ + file://0001-Do-not-strip-the-output-binary-allow-yocto-to-do-thi.patch \ + " + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ffc9091894702bc5dcf4cc0085561ef5" + +S = "${WORKDIR}/git" + +BBCLASSEXTEND = "native" + +# tini links with -static, so no PIE for us +SECURITY_CFLAGS_pn-${PN} = "${SECURITY_NO_PIE_CFLAGS}" + +inherit cmake + +do_install() { + mkdir -p ${D}/${bindir} + install -m 0755 ${B}/tini-static ${D}/${bindir}/docker-init +} + +# Tini is the currently the provider for docker-init +PROVIDES += "docker-init" +RPROVIDES_${PN} = "docker-init" |