diff options
Diffstat (limited to 'external/meta-virtualization/recipes-containers')
61 files changed, 1647 insertions, 760 deletions
diff --git a/external/meta-virtualization/recipes-containers/cgroup-lite/cgroup-lite_1.15.bb b/external/meta-virtualization/recipes-containers/cgroup-lite/cgroup-lite_1.15.bb index 7b48c3ac..45cc287c 100644 --- a/external/meta-virtualization/recipes-containers/cgroup-lite/cgroup-lite_1.15.bb +++ b/external/meta-virtualization/recipes-containers/cgroup-lite/cgroup-lite_1.15.bb @@ -22,9 +22,9 @@ SYSTEMD_AUTO_ENABLE_${PN} = "mask" do_install() { - install -d ${D}/bin - install -m 0755 ${S}/scripts/cgroups-mount ${D}/bin - install -m 0755 ${S}/scripts/cgroups-umount ${D}/bin + install -d ${D}/${base_bindir} + install -m 0755 ${S}/scripts/cgroups-mount ${D}/${base_bindir} + install -m 0755 ${S}/scripts/cgroups-umount ${D}/${base_bindir} install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/cgroups-init ${D}${sysconfdir}/init.d/cgroups-init diff --git a/external/meta-virtualization/recipes-containers/conmon/conmon_2.0.11.bb b/external/meta-virtualization/recipes-containers/conmon/conmon_2.0.11.bb new file mode 100644 index 00000000..a5bd5271 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/conmon/conmon_2.0.11.bb @@ -0,0 +1,32 @@ +SUMMARY = "An OCI container runtime monitor" +SECTION = "console/utils" +HOMEPAGE = "https://github.com/containers/conmon" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=61af0b6932ea7b12fb9142721043bc77" + +DEPENDS = "glib-2.0" + +SRCREV = "ff9d97a08d7a4b58267ac03719786e4e7258cecf" +SRC_URI = "\ + git://github.com/containers/conmon.git \ +" + +SRC_URI[md5sum] = "5c711911d766d76813333c3812277574" +SRC_URI[sha256sum] = "4c31278b2c03e5be5a696c3088bc86cf2557a70e00f697799c163aba18e3c40e" + +S = "${WORKDIR}/git" + +inherit pkgconfig + +EXTRA_OEMAKE = "PREFIX=${prefix} BINDIR=${bindir} LIBEXECDIR=${libexecdir}" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" +PACKAGECONFIG[systemd] = ",,systemd" + +do_install() { + oe_runmake 'DESTDIR=${D}' install +} + +FILES_${PN} += " \ + ${bindir}/conmon \ +" diff --git a/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers/0001-Add-build-option-GODEBUG-1.patch b/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers/0001-Add-build-option-GODEBUG-1.patch new file mode 100644 index 00000000..05c4f153 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers/0001-Add-build-option-GODEBUG-1.patch @@ -0,0 +1,42 @@ +From 84874e47aa2025b8e73df0286c44f3b8a1d9fdb2 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Mon, 2 Sep 2019 16:20:07 +0800 +Subject: [PATCH] Add build option "GODEBUG=1" + +Make will generate GDB friendly binary with this build option. + +Signed-off-by: Hui Zhu <teawater@hyper.sh> + +Upstream-Status: Backport [c5a0c7f491b435e4eb45972903b00e2d8ed46495] + +Partly backport and refresh to v1.2.7 +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + src/import/Makefile | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/import/Makefile b/src/import/Makefile +index 4355395..4fb5d3b 100644 +--- a/src/import/Makefile ++++ b/src/import/Makefile +@@ -75,11 +75,15 @@ TEST_REQUIRES_ROOT_PACKAGES=$(filter \ + COMMANDS=ctr containerd containerd-stress + MANPAGES=ctr.1 containerd.1 containerd-config.1 containerd-config.toml.5 + ++ifndef GODEBUG ++ EXTRA_LDFLAGS += -s -w ++endif ++ + # Build tags seccomp and apparmor are needed by CRI plugin. + BUILDTAGS ?= seccomp apparmor + GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) +-GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)' +-SHIM_GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static"' ++GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)' ++SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)' + + #Replaces ":" (*nix), ";" (windows) with newline for easy parsing + GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb b/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb index c6b4f5e4..347eae5d 100644 --- a/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb +++ b/external/meta-virtualization/recipes-containers/containerd/containerd-opencontainers_git.bb @@ -1,11 +1,16 @@ -SRCREV = "cfd04396dc68220d1cecbe686a6cc3aa5ce3667c" -SRC_URI = "git://github.com/containerd/containerd;nobranch=1 \ +SRCREV = "fd103cb716352c7e19768e4fed057f71d68902a0" +SRC_URI = "git://github.com/containerd/containerd;branch=release/1.2 \ file://0001-build-use-oe-provided-GO-and-flags.patch \ + file://0001-Add-build-option-GODEBUG-1.patch \ " include containerd.inc -CONTAINERD_VERSION = "v1.0.2" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=1269f40c0d099c21a871163984590d89" + +CONTAINERD_VERSION = "v1.2.7" + +EXTRA_OEMAKE += "GODEBUG=1" PROVIDES += "virtual/containerd" RPROVIDES_${PN} = "virtual/containerd" diff --git a/external/meta-virtualization/recipes-containers/containerd/containerd.inc b/external/meta-virtualization/recipes-containers/containerd/containerd.inc index 0eca5a64..e226edf1 100644 --- a/external/meta-virtualization/recipes-containers/containerd/containerd.inc +++ b/external/meta-virtualization/recipes-containers/containerd/containerd.inc @@ -12,14 +12,13 @@ SRC_URI += "file://containerd.service" S = "${WORKDIR}/git" -PV = "${CONTAINERD_VERSION}+git${SRCREV}" +PV = "${CONTAINERD_VERSION}+git${SRCPV}" inherit go inherit goarch GO_IMPORT = "import" -RRECOMMENDS_${PN} = "lxc docker" CONTAINERD_PKG="github.com/containerd/containerd" INSANE_SKIP_${PN} += "ldflags" @@ -34,14 +33,24 @@ do_compile() { ln -sf ./ ${S}/src/import/vendor/src mkdir -p ${S}/src/import/vendor/src/github.com/containerd/containerd/ + mkdir -p ${S}/src/import/vendor/src/github.com/containerd/containerd/pkg/ + mkdir -p ${S}/src/import/vendor/src/github.com/containerd/containerd/contrib/ # without this, the stress test parts of the build fail cp ${S}/src/import/*.go ${S}/src/import/vendor/src/github.com/containerd/containerd for c in content errdefs fs images mount snapshots linux api runtimes defaults progress \ protobuf reference diff platforms runtime remotes version archive dialer gc metadata \ metrics filters identifiers labels leases plugin server services \ - cmd cio containers namespaces oci events log reaper sys rootfs; do - ln -sfn ${S}/src/import/${c} ${S}/src/import/vendor/github.com/containerd/containerd/${c} + cmd cio containers namespaces oci events log reaper sys rootfs nvidia seed apparmor seccomp; do + if [ -d ${S}/src/import/${c} ]; then + ln -sfn ${S}/src/import/${c} ${S}/src/import/vendor/github.com/containerd/containerd/${c} + fi + if [ -d ${S}/src/import/pkg/${c} ]; then + ln -sfn ${S}/src/import/pkg/${c} ${S}/src/import/vendor/github.com/containerd/containerd/pkg/${c} + fi + if [ -d ${S}/src/import/contrib/${c} ]; then + ln -sfn ${S}/src/import/contrib/${c} ${S}/src/import/vendor/github.com/containerd/containerd/contrib/${c} + fi done export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" @@ -86,7 +95,6 @@ do_install() { FILES_${PN} += "${systemd_system_unitdir}/*" -INHIBIT_PACKAGE_STRIP = "1" INSANE_SKIP_${PN} += "ldflags already-stripped" COMPATIBLE_HOST = "^(?!(qemu)?mips).*" diff --git a/external/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch b/external/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch index 75a984be..d4d5973e 100644 --- a/external/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch +++ b/external/meta-virtualization/recipes-containers/containerd/files/0001-build-use-oe-provided-GO-and-flags.patch @@ -1,26 +1,42 @@ -From e31acef290181434efaf47e70db7ad0d92dbe300 Mon Sep 17 00:00:00 2001 -From: Bruce Ashfield <bruce.ashfield@windriver.com> -Date: Thu, 19 Apr 2018 17:09:51 -0400 +From 408e8b526d490af817a64b7220e8e2c3789de58f Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@gmail.com> +Date: Sun, 10 Feb 2019 23:46:06 +0000 Subject: [PATCH] build: use oe provided GO and flags -Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> +We want to use the go compiler as defined in the oe-enviroment, not the +generic call to 'go'. Without changing this, we'll get things like cgo +errors and invalid flag combos. + +Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> --- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + Makefile | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) -diff --git a/src/import/Makefile b/src/import/Makefile -index 9d8cf8a18fbc..492d033fe2a7 100644 ---- a/src/import/Makefile -+++ b/src/import/Makefile -@@ -134,7 +134,7 @@ bin/%: cmd/% FORCE +Index: git/src/import/Makefile +=================================================================== +--- git.orig/src/import/Makefile ++++ git/src/import/Makefile +@@ -166,19 +166,19 @@ + # Build a binary from a cmd. + bin/%: cmd/% FORCE + @echo "$(WHALE) $@${BINARY_SUFFIX}" +- @go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< ++ @$(GO) build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 @echo "$(WHALE) bin/containerd-shim" -- @CGO_ENABLED=0 go build -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim -+ @$(GO) build -o bin/containerd-shim ${SHIM_GO_LDFLAGS} $(GOBUILDFLAGS) ${GO_TAGS} ./cmd/containerd-shim +- @CGO_ENABLED=0 go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim ++ @$(GO) build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim + + bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) bin/containerd-shim-runc-v1" +- @CGO_ENABLED=0 go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v1 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1 ++ @$(GO) build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v1 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1 + + bin/containerd-shim-runhcs-v1: cmd/containerd-shim-runhcs-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) bin/containerd-shim-runhcs-v1${BINARY_SUFFIX}" +- @CGO_ENABLED=0 go build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runhcs-v1${BINARY_SUFFIX} ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runhcs-v1 ++ @$(GO) build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runhcs-v1${BINARY_SUFFIX} ${SHIM_GO_LDFLAGS} $(GOBUILDFLAGS) ${GO_TAGS} ./cmd/containerd-shim-runhcs-v1 binaries: $(BINARIES) ## build binaries @echo "$(WHALE) $@" --- -2.4.0.53.g8440f74 - diff --git a/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb b/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb index 822c57ff..ebf5bab3 100644 --- a/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb +++ b/external/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb @@ -14,9 +14,9 @@ At a high level, we expect the scope of cri-o to be restricted to the following - Resource isolation as required by the CRI \ " -SRCREV_cri-o = "774a29ecf6855f2dff266dc2aa2fe81d7d964465" +SRCREV_cri-o = "6d0ffae63b9b7d8f07e7f9cf50736a67fb31faf3" SRC_URI = "\ - git://github.com/kubernetes-sigs/cri-o.git;nobranch=1;name=cri-o \ + git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.17;name=cri-o \ file://0001-Makefile-force-symlinks.patch \ file://crio.conf \ " @@ -27,7 +27,7 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c2 GO_IMPORT = "import" -PV = "1.12.0+git${SRCREV_cri-o}" +PV = "1.17.0+git${SRCREV_cri-o}" DEPENDS = " \ glib-2.0 \ @@ -35,15 +35,34 @@ DEPENDS = " \ gpgme \ ostree \ libdevmapper \ + libseccomp \ + libselinux \ " RDEPENDS_${PN} = " \ cni \ + libdevmapper \ " +python __anonymous() { + msg = "" + # ERROR: Nothing PROVIDES 'libseccomp' (but /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb DEPENDS on or otherwise requires it). + # ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. + # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'cri-o', 'libseccomp'] + if 'security' not in d.getVar('BBFILE_COLLECTIONS').split(): + msg += "Make sure meta-security should be present as it provides 'libseccomp'" + raise bb.parse.SkipRecipe(msg) + # ERROR: Nothing PROVIDES 'libselinux' (but /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb DEPENDS on or otherwise requires it). + # ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. + # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'cri-o', 'libselinux'] + elif 'selinux' not in d.getVar('BBFILE_COLLECTIONS').split(): + msg += "Make sure meta-selinux should be present as it provides 'libselinux'" + raise bb.parse.SkipRecipe(msg) +} + PACKAGES =+ "${PN}-config" RDEPENDS_${PN} += " virtual/containerd virtual/runc" -RDEPENDS_${PN} += " e2fsprogs-mke2fs" +RDEPENDS_${PN} += " e2fsprogs-mke2fs conmon util-linux iptables conntrack-tools" inherit systemd inherit go @@ -53,46 +72,11 @@ inherit pkgconfig EXTRA_OEMAKE="BUILDTAGS=''" do_compile() { - export GOARCH="${TARGET_GOARCH}" - export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" - export GOPATH="${S}/src/import:${S}/src/import/vendor" - - # Pass the needed cflags/ldflags so that cgo - # can find the needed headers files and libraries - export CGO_ENABLED="1" - export CFLAGS="" - export LDFLAGS="" - export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" - - # link fixups for compilation - rm -f ${S}/src/import/vendor/src - ln -sf ./ ${S}/src/import/vendor/src - - mkdir -p ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o - ln -sf ../../../../cmd ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/cmd - ln -sf ../../../../test ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/test - ln -sf ../../../../oci ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/oci - ln -sf ../../../../server ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/server - ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/pkg - ln -sf ../../../../libpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libpod - ln -sf ../../../../libkpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libkpod - ln -sf ../../../../utils ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/utils - ln -sf ../../../../types ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/types - ln -sf ../../../../version ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/version - ln -sf ../../../../lib ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/lib - - export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" - export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" - - # Pass the needed cflags/ldflags so that cgo - # can find the needed headers files and libraries - export CGO_ENABLED="1" - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + set +e cd ${S}/src/import + oe_runmake local-cross oe_runmake binaries } @@ -101,12 +85,14 @@ SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','crio. SYSTEMD_AUTO_ENABLE_${PN} = "enable" do_install() { + set +e localbindir="/usr/local/bin" install -d ${D}${localbindir} install -d ${D}/${libexecdir}/crio install -d ${D}/${sysconfdir}/crio install -d ${D}${systemd_unitdir}/system/ + install -d ${D}/usr/share/containers/oci/hooks.d install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf @@ -114,22 +100,25 @@ do_install() { install -d ${D}/${sysconfdir}/crio/config/ install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/ - install ${S}/src/import/bin/crio ${D}/${localbindir} - install ${S}/src/import/bin/crio-config ${D}/${localbindir} - - install ${S}/src/import/bin/conmon ${D}/${localbindir}/crio - install ${S}/src/import/bin/pause ${D}/${localbindir}/crio + install ${S}/src/import/bin/crio.cross.linux* ${D}/${localbindir}/crio + install ${S}/src/import/bin/crio-status ${D}/${localbindir}/ + install ${S}/src/import/bin/pinns ${D}/${localbindir}/ install -m 0644 ${S}/src/import/contrib/systemd/crio.service ${D}${systemd_unitdir}/system/ install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${S}/src/import/contrib/systemd/crio-wipe.service ${D}${systemd_unitdir}/system/ } FILES_${PN}-config = "${sysconfdir}/crio/config/*" FILES_${PN} += "${systemd_unitdir}/system/*" FILES_${PN} += "/usr/local/bin/*" +FILES_${PN} += "/usr/share/containers/oci/hooks.d" + +# don't clobber hooks.d +ALLOW_EMPTY_${PN} = "1" -INHIBIT_PACKAGE_STRIP = "1" INSANE_SKIP_${PN} += "ldflags already-stripped" deltask compile_ptest_base +COMPATIBLE_HOST = "^(?!(qemu)?mips).*" diff --git a/external/meta-virtualization/recipes-containers/cri-o/files/Makefile-skip-install-when-generating-the-config.h.patch b/external/meta-virtualization/recipes-containers/cri-o/files/Makefile-skip-install-when-generating-the-config.h.patch new file mode 100644 index 00000000..24c7e9d7 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/cri-o/files/Makefile-skip-install-when-generating-the-config.h.patch @@ -0,0 +1,43 @@ +From 3822e834d2dbd87a4dc8cdd36e7fe3b0e9020c4f Mon Sep 17 00:00:00 2001 +From: Mark Asselstine <mark.asselstine@windriver.com> +Date: Tue, 9 Apr 2019 13:52:59 -0400 +Subject: [PATCH] Makefile: skip install when generating the config.h + +When running 'go build' "The -i flag installs the packages that are +dependencies of the target." The Makefile makes use of this since many +of the dependencies needed to complete this rule will be used to by +other rules in the Makefile, thus speeding the overall build time +(avoiding redoing work). + +In our case the crio-config tool and its dependencies are not being +cross-compiled as they have to run locally to produce the +conmon/config.h file and thus installing them is not useful. In this +case there are no savings and can actually result in errors during the +build or if the build ARCH and target ARCH are the same, a potential +for host contamination. + +So we drop the use of '-i'. + +Upstream-Status: Inappropriate [cross compile issue] + +Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/import/Makefile b/src/import/Makefile +index b9fa97f..8336a5b 100644 +--- a/src/import/Makefile ++++ b/src/import/Makefile +@@ -109,7 +109,7 @@ release-note: + @$(GOPATH)/bin/release-tool -n $(release) + + conmon/config.h: cmd/crio-config/config.go oci/oci.go +- $(GO) build -i $(LDFLAGS) -o bin/crio-config $(PROJECT)/cmd/crio-config ++ $(GO) build $(LDFLAGS) -o bin/crio-config $(PROJECT)/cmd/crio-config + ( cd conmon && $(CURDIR)/bin/crio-config ) + + clean: +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf b/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf index 51d7f404..899d255b 100644 --- a/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf +++ b/external/meta-virtualization/recipes-containers/cri-o/files/crio.conf @@ -24,7 +24,7 @@ storage_option = [ [crio.api] # listen is the path to the AF_LOCAL socket on which crio will listen. -listen = "/var/run/crio.sock" +listen = "/var/run/crio/crio.sock" # stream_address is the IP address on which the stream server will listen stream_address = "" @@ -69,7 +69,7 @@ runtime_untrusted_workload = "" default_workload_trust = "trusted" # conmon is the path to conmon binary, used for managing the runtime. -conmon = "/usr/libexec/crio/conmon" +conmon = "/usr/bin/conmon" # conmon_env is the environment variable list for conmon process, # used for passing necessary environment variable to conmon or runtime. @@ -132,8 +132,7 @@ insecure_registries = [ # registries is used to specify a comma separated list of registries to be used # when pulling an unqualified image (e.g. fedora:rawhide). -registries = [ -] +registries = ['docker.io', 'registry.fedoraproject.org', 'registry.access.redhat.com'] # The "crio.network" table contains settings pertaining to the # management of CNI plugins. @@ -144,4 +143,4 @@ registries = [ network_dir = "/etc/cni/net.d/" # plugin_dir is is where CNI plugin binaries are stored. -plugin_dir = "/opt/cni/bin/" +plugin_dir = "/opt/cni/bin" diff --git a/external/meta-virtualization/recipes-containers/criu/criu_git.bb b/external/meta-virtualization/recipes-containers/criu/criu_git.bb index 00de417b..704a0f9e 100644 --- a/external/meta-virtualization/recipes-containers/criu/criu_git.bb +++ b/external/meta-virtualization/recipes-containers/criu/criu_git.bb @@ -13,10 +13,10 @@ EXCLUDE_FROM_WORLD = "1" LIC_FILES_CHKSUM = "file://COPYING;md5=412de458544c1cb6a2b512cd399286e2" -SRCREV = "c49eab368a68682475c4e693258246e04232e6d2" -PV = "3.10+git${SRCPV}" +SRCREV = "c703e3fd8404e506cc6156719b953ea0580d59a4" +PV = "3.13+git${SRCPV}" -SRC_URI = "git://github.com/xemul/criu.git;protocol=git \ +SRC_URI = "git://github.com/checkpoint-restore/criu.git \ file://0001-criu-Fix-toolchain-hardcode.patch \ file://0002-criu-Skip-documentation-install.patch \ file://0001-criu-Change-libraries-install-directory.patch \ @@ -37,7 +37,7 @@ S = "${WORKDIR}/git" # EXTRA_OEMAKE_arm += "ARCH=arm UNAME-M=${CRIU_BUILD_ARCH} WERROR=0" EXTRA_OEMAKE_x86-64 += "ARCH=x86 WERROR=0" -EXTRA_OEMAKE_aarch64 += "ARCH=arm64 WERROR=0" +EXTRA_OEMAKE_aarch64 += "ARCH=aarch64 WERROR=0" EXTRA_OEMAKE_append += "SBINDIR=${sbindir} LIBDIR=${libdir} INCLUDEDIR=${includedir} PIEGEN=no" EXTRA_OEMAKE_append += "LOGROTATEDIR=${sysconfdir} SYSTEMDUNITDIR=${systemd_unitdir}" @@ -53,8 +53,11 @@ export C_INCLUDE_PATH="${STAGING_INCDIR}/libnl3" export BUILD_SYS export HOST_SYS +export HOSTCFLAGS = "${BUILD_CFLAGS}" -inherit setuptools +inherit setuptools3 + +B = "${S}" PACKAGECONFIG ??= "" PACKAGECONFIG[selinux] = ",,libselinux" @@ -67,18 +70,24 @@ do_compile_prepend() { } do_compile () { - oe_runmake FULL_PYTHON=${PYTHON} PYTHON=python2 + oe_runmake FULL_PYTHON=${PYTHON} PYTHON=python3 } do_install () { export INSTALL_LIB="${libdir}/${PYTHON_DIR}/site-packages" - oe_runmake PREFIX=${exec_prefix} LIBDIR=${libdir} DESTDIR="${D}" FULL_PYTHON=${PYTHON} PYTHON=python2 install + oe_runmake PREFIX=${exec_prefix} LIBDIR=${libdir} DESTDIR="${D}" FULL_PYTHON=${PYTHON} PYTHON=python3 install + + # python3's distutils has a feature of rewriting the interpeter on setup installed + # scripts. 'crit' is one of those scripts. The "executable" or "e" option to the + # setup call should fix it, but it is being ignored. So to avoid getting our native + # intepreter replaced in the script, we'll do an explicit update ourselves. + sed -i 's%^\#\!.*%\#\!/usr/bin/env python3%g' ${D}/usr/bin/crit } FILES_${PN} += "${systemd_unitdir}/ \ - ${libdir}/python2.7/site-packages/ \ + ${libdir}/python3*/site-packages/ \ ${libdir}/pycriu/ \ - ${libdir}/crit-0.0.1-py2.7.egg-info \ + ${libdir}/crit-0.0.1-py3*.egg-info \ " FILES_${PN}-staticdev += " \ diff --git a/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch b/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch index 838cbdc9..bd7a6c57 100644 --- a/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch +++ b/external/meta-virtualization/recipes-containers/criu/files/0001-criu-Fix-toolchain-hardcode.patch @@ -46,17 +46,20 @@ diff --git a/scripts/nmk/scripts/tools.mk b/scripts/nmk/scripts/tools.mk index 56dba84..1698821 100644 --- a/scripts/nmk/scripts/tools.mk +++ b/scripts/nmk/scripts/tools.mk -@@ -2,31 +2,31 @@ ifndef ____nmk_defined__tools +@@ -2,35 +2,35 @@ ifndef ____nmk_defined__tools # # System tools shorthands -RM := rm -f +RM ?= rm -f HOSTLD ?= ld --LD := $(CROSS_COMPILE)$(HOSTLD) -+LD ?= $(CROSS_COMPILE)$(HOSTLD) + ifeq ($(origin LD), default) + LD := $(CROSS_COMPILE)$(HOSTLD) + endif HOSTCC ?= gcc --CC := $(CROSS_COMPILE)$(HOSTCC) + ifeq ($(origin CC), default) + CC := $(CROSS_COMPILE)$(HOSTCC) + endif -CPP := $(CC) -E -AS := $(CROSS_COMPILE)as -AR := $(CROSS_COMPILE)ar @@ -69,7 +72,6 @@ index 56dba84..1698821 100644 -AWK := awk -PERL := perl -FULL_PYTHON := $(shell which python2 2>/dev/null || which python3 2>/dev/null) -+CC ?= $(CROSS_COMPILE)$(HOSTCC) +CPP ?= $(CC) -E +AS ?= $(CROSS_COMPILE)as +AR ?= $(CROSS_COMPILE)ar diff --git a/external/meta-virtualization/recipes-containers/crun/crun_git.bb b/external/meta-virtualization/recipes-containers/crun/crun_git.bb new file mode 100644 index 00000000..7781e110 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/crun/crun_git.bb @@ -0,0 +1,32 @@ +DESCRIPTION = "A fast and low-memory footprint OCI Container Runtime fully written in C." +LICENSE = "GPLv3" +LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" +PRIORITY = "optional" + +SRCREV_crun = "a43f72196f7aaf713dc997eaddd0f08612f60ac0" +SRCREV_libocispec = "01c8f977ff5ed1e8010f40c2572343be1a70a51b" +SRCREV_ispec = "775207bd45b6cb8153ce218cc59351799217451f" +SRCREV_rspec = "19e92ca817772b4466f2ed2b8d808dfb7a8ab4be" + +SRCREV_FORMAT = "crun_rspec" +SRC_URI = "git://github.com/containers/crun.git;branch=master;name=crun \ + git://github.com/containers/libocispec.git;branch=master;name=libocispec;destsuffix=git/libocispec \ + git://github.com/opencontainers/runtime-spec.git;branch=master;name=rspec;destsuffix=git/libocispec/runtime-spec \ + git://github.com/opencontainers/image-spec.git;branch=master;name=ispec;destsuffix=git/libocispec/image-spec \ + " + +PV = "0.10.2+git${SRCREV_crun}" +S = "${WORKDIR}/git" + +inherit autotools-brokensep pkgconfig + +PACKAGECONFIG ??= "" + +DEPENDS = "yajl libcap go-md2man-native" +# TODO: is there a packageconfig to turn this off ? +DEPENDS += "libseccomp" +DEPENDS += "oci-image-spec oci-runtime-spec" + +do_install() { + oe_runmake 'DESTDIR=${D}' install +} diff --git a/external/meta-virtualization/recipes-containers/docker-compose/files/0001-Allow-newer-versions-of-requests.patch b/external/meta-virtualization/recipes-containers/docker-compose/files/0001-Allow-newer-versions-of-requests.patch deleted file mode 100644 index 6fc7bb4c..00000000 --- a/external/meta-virtualization/recipes-containers/docker-compose/files/0001-Allow-newer-versions-of-requests.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 15cf1a31f5af8f09531bb837b92bd6ea49bd1744 Mon Sep 17 00:00:00 2001 -From: Pascal Bach <pascal.bach@siemens.com> -Date: Wed, 13 Sep 2017 08:41:21 +0200 -Subject: [PATCH] Allow newer versions of requests - -docker compose has strict requirements to use requests < 2.12 - -However it works without issues with newer versions, so this patch removes the check. - -Upstream-Status: Pending - -Signed-off-by: Pascal Bach <pascal.bach@siemens.com> ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index 192a0f6..f444757 100644 ---- a/setup.py -+++ b/setup.py -@@ -33,7 +33,7 @@ install_requires = [ - 'cached-property >= 1.2.0, < 2', - 'docopt >= 0.6.1, < 0.7', - 'PyYAML >= 3.10, < 4', -- 'requests >= 2.6.1, != 2.11.0, < 2.12', -+ 'requests >= 2.6.1, != 2.11.0', - 'texttable >= 0.9.0, < 0.10', - 'websocket-client >= 0.32.0, < 1.0', - 'docker >= 2.5.1, < 3.0', --- -2.1.4 - diff --git a/external/meta-virtualization/recipes-containers/docker-compose/files/0001-setup.py-import-fastentrypoints.patch b/external/meta-virtualization/recipes-containers/docker-compose/files/0001-setup.py-import-fastentrypoints.patch new file mode 100644 index 00000000..df613e84 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker-compose/files/0001-setup.py-import-fastentrypoints.patch @@ -0,0 +1,28 @@ +From f3a22f0f14a4b3313e6405dfb6c97df949493a34 Mon Sep 17 00:00:00 2001 +From: Ming Liu <liu.ming50@gmail.com> +Date: Thu, 30 Jan 2020 17:22:19 +0100 +Subject: [PATCH] setup.py: import fastentrypoints + +Upstream-Status: Inappropriate [OE specific configuration] + +Signed-off-by: Ming Liu <liu.ming50@gmail.com> +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index ad57969..3cccffc 100644 +--- a/setup.py ++++ b/setup.py +@@ -12,7 +12,7 @@ import sys + import pkg_resources + from setuptools import find_packages + from setuptools import setup +- ++import fastentrypoints + + def read(*parts): + path = os.path.join(os.path.dirname(__file__), *parts) +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-containers/docker-compose/files/0001-setup.py-remove-maximum-version-requirements.patch b/external/meta-virtualization/recipes-containers/docker-compose/files/0001-setup.py-remove-maximum-version-requirements.patch new file mode 100644 index 00000000..6e5ca3d6 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker-compose/files/0001-setup.py-remove-maximum-version-requirements.patch @@ -0,0 +1,59 @@ +From 1d358acd46c9ca71d848fca8c2d677414257f247 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Fri, 22 Nov 2019 09:24:58 +0800 +Subject: [PATCH] setup.py: remove maximum version requirements + +Remove maximum version requirements so that docker-compose will not +require old version recipes. + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +Signed-off-by: Ming Liu <liu.ming50@gmail.com> +--- + setup.py | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/setup.py b/setup.py +index 110441dc..eef28254 100644 +--- a/setup.py ++++ b/setup.py +@@ -30,16 +30,16 @@ def find_version(*file_paths): + + + install_requires = [ +- 'cached-property >= 1.2.0, < 2', +- 'docopt >= 0.6.1, < 1', +- 'PyYAML >= 3.10, < 6', +- 'requests >= 2.20.0, < 3', +- 'texttable >= 0.9.0, < 2', +- 'websocket-client >= 0.32.0, < 1', +- 'docker[ssh] >= 3.7.0, < 5', +- 'dockerpty >= 0.4.1, < 1', +- 'six >= 1.3.0, < 2', +- 'jsonschema >= 2.5.1, < 4', ++ 'cached-property >= 1.2.0', ++ 'docopt >= 0.6.1', ++ 'PyYAML >= 3.10', ++ 'requests >= 2.20.0', ++ 'texttable >= 0.9.0', ++ 'websocket-client >= 0.32.0', ++ 'docker[ssh] >= 3.7.0', ++ 'dockerpty >= 0.4.1', ++ 'six >= 1.3.0', ++ 'jsonschema >= 2.5.1', + ] + + +@@ -58,7 +58,7 @@ extras_require = { + ':python_version < "3.3"': ['backports.shutil_get_terminal_size == 1.0.0', + 'ipaddress >= 1.0.16, < 2'], + ':sys_platform == "win32"': ['colorama >= 0.4, < 1'], +- 'socks': ['PySocks >= 1.5.6, != 1.5.7, < 2'], ++ 'socks': ['PySocks >= 1.5.6, != 1.5.7'], + } + + +-- +2.25.0 + diff --git a/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb b/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb deleted file mode 100644 index 851c2510..00000000 --- a/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.16.1.bb +++ /dev/null @@ -1,31 +0,0 @@ -SUMMARY = "Multi-container orchestration for Docker" -HOMEPAGE = "https://www.docker.com/" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=435b266b3899aa8a959f17d41c56def8" - -SRC_URI += "file://0001-Allow-newer-versions-of-requests.patch" - -inherit pypi setuptools3 - -SRC_URI[md5sum] = "8dcadf09143600fcb573b43f446c8f9a" -SRC_URI[sha256sum] = "fb46a6a2c4d193a3ff1e4d7208eea920b629c81dc92257c87f3f93095cfb0bdf" - -RDEPENDS_${PN} = "\ - ${PYTHON_PN}-cached-property \ - ${PYTHON_PN}-certifi \ - ${PYTHON_PN}-chardet \ - ${PYTHON_PN}-colorama \ - ${PYTHON_PN}-docker \ - ${PYTHON_PN}-docker-pycreds \ - ${PYTHON_PN}-dockerpty \ - ${PYTHON_PN}-docopt \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-jsonschema \ - ${PYTHON_PN}-pyyaml \ - ${PYTHON_PN}-requests \ - ${PYTHON_PN}-six \ - ${PYTHON_PN}-terminal \ - ${PYTHON_PN}-texttable \ - ${PYTHON_PN}-urllib3 \ - ${PYTHON_PN}-websocket-client \ - " diff --git a/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.25.4.bb b/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.25.4.bb new file mode 100644 index 00000000..2dcad1e3 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker-compose/python3-docker-compose_1.25.4.bb @@ -0,0 +1,38 @@ +SUMMARY = "Multi-container orchestration for Docker" +HOMEPAGE = "https://www.docker.com/" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=435b266b3899aa8a959f17d41c56def8" + +inherit pypi setuptools3 + +SRC_URI[md5sum] = "893fbb804a9057d6c470b5312407e0d1" +SRC_URI[sha256sum] = "fabae2bee4abfa7bdd09125b6bbdcdda81f946c7b16e3ccc6bb2d821ef6488f3" + +SRC_URI += "file://0001-setup.py-remove-maximum-version-requirements.patch \ + file://0001-setup.py-import-fastentrypoints.patch \ + " + +DEPENDS += "${PYTHON_PN}-fastentrypoints-native" + +RDEPENDS_${PN} = "\ + ${PYTHON_PN}-cached-property \ + ${PYTHON_PN}-certifi \ + ${PYTHON_PN}-chardet \ + ${PYTHON_PN}-colorama \ + ${PYTHON_PN}-docker \ + ${PYTHON_PN}-docker-pycreds \ + ${PYTHON_PN}-dockerpty \ + ${PYTHON_PN}-docopt \ + ${PYTHON_PN}-fcntl \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-jsonschema \ + ${PYTHON_PN}-misc \ + ${PYTHON_PN}-paramiko \ + ${PYTHON_PN}-pyyaml \ + ${PYTHON_PN}-requests \ + ${PYTHON_PN}-six \ + ${PYTHON_PN}-terminal \ + ${PYTHON_PN}-texttable \ + ${PYTHON_PN}-urllib3 \ + ${PYTHON_PN}-websocket-client \ +" diff --git a/external/meta-virtualization/recipes-containers/docker-distribution/docker-distribution_git.bb b/external/meta-virtualization/recipes-containers/docker-distribution/docker-distribution_git.bb index 2892556a..4bf3c6e5 100644 --- a/external/meta-virtualization/recipes-containers/docker-distribution/docker-distribution_git.bb +++ b/external/meta-virtualization/recipes-containers/docker-distribution/docker-distribution_git.bb @@ -3,14 +3,14 @@ SUMMARY = "The Docker toolset to pack, ship, store, and deliver content" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=d2794c0df5b907fdace235a619d80314" -SRCREV_distribution="48294d928ced5dd9b378f7fd7c6f5da3ff3f2c89" -SRC_URI = "git://github.com/docker/distribution.git;branch=release/2.6;name=distribution;destsuffix=git/src/github.com/docker/distribution \ +SRCREV_distribution="2461543d988979529609e8cb6fca9ca190dc48da" +SRC_URI = "git://github.com/docker/distribution.git;branch=release/2.7;name=distribution;destsuffix=git/src/github.com/docker/distribution \ file://docker-registry.service \ " PACKAGES =+ "docker-registry" -PV = "v2.6.2" +PV = "v2.7.1" S = "${WORKDIR}/git/src/github.com/docker/distribution" GO_IMPORT = "import" @@ -66,3 +66,5 @@ FILES_docker-registry += "${localstatedir}/lib/registry/" SYSTEMD_SERVICE_docker-registry = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker-registry.service','',d)}" SYSTEMD_AUTO_ENABLE_docker-registry = "enable" + +RDEPENDS_${PN}-ptest_remove = "${PN}" diff --git a/external/meta-virtualization/recipes-containers/docker/docker-ce_git.bb b/external/meta-virtualization/recipes-containers/docker/docker-ce_git.bb index caf6d704..14182d12 100644 --- a/external/meta-virtualization/recipes-containers/docker/docker-ce_git.bb +++ b/external/meta-virtualization/recipes-containers/docker/docker-ce_git.bb @@ -9,8 +9,8 @@ DESCRIPTION = "Linux container runtime \ large-scale web deployments, database clusters, continuous deployment \ systems, private PaaS, service-oriented architectures, etc. \ . \ - This package contains the daemon and client. Using docker.io is \ - officially supported on x86_64 and arm (32-bit) hosts. \ + This package contains the daemon and client, which are \ + officially supported on x86_64 and arm hosts. \ Other architectures are considered experimental. \ . \ Also, note that kernel version 3.10 or above is required for proper \ @@ -18,61 +18,35 @@ DESCRIPTION = "Linux container runtime \ subtle and/or glaring issues. \ " -SRCREV_docker = "6e632f7fc395d15bce46f426086e91c01598cf59" -SRCREV_libnetwork = "6da50d1978302f04c3e2089e29112ea24812f05b" +SRCREV_docker = "afacb8b7f0d8d4f9d2a8e8736e9c993e672b41f3" +SRCREV_libnetwork = "c7bae399e46fd620b8a006174b7327e4e6e647fd" SRC_URI = "\ - git://github.com/docker/docker-ce.git;branch=18.09;name=docker \ - git://github.com/docker/libnetwork.git;branch=bump_18.09;name=libnetwork;destsuffix=git/libnetwork \ + git://github.com/docker/docker-ce.git;branch=19.03;name=docker \ + git://github.com/docker/libnetwork.git;branch=bump_19.03;name=libnetwork;destsuffix=git/libnetwork \ + file://0001-libnetwork-use-GO-instead-of-go.patch \ file://docker.init \ + file://0001-imporve-hardcoded-CC-on-cross-compile-docker-ce.patch \ " +require docker.inc + # Apache-2.0 for docker LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://src/import/components/engine/LICENSE;md5=9740d093a080530b5c5c6573df9af45a" +LIC_FILES_CHKSUM = "file://src/import/components/engine/LICENSE;md5=4859e97a9c7780e77972d989f0823f28" GO_IMPORT = "import" S = "${WORKDIR}/git" -DOCKER_VERSION = "18.09.0-ce" +DOCKER_VERSION = "19.03.8-ce" PV = "${DOCKER_VERSION}+git${SRCREV_docker}" -DEPENDS = " \ - go-cli \ - go-pty \ - go-context \ - go-mux \ - go-patricia \ - go-logrus \ - go-fsnotify \ - go-dbus \ - go-capability \ - go-systemd \ - btrfs-tools \ - sqlite3 \ - go-distribution \ - compose-file \ - go-connections \ - notary \ - grpc-go \ - libtool-native \ - libtool \ - " - PACKAGES =+ "${PN}-contrib" -DEPENDS_append_class-target = " lvm2" -RDEPENDS_${PN} = "util-linux util-linux-unshare iptables \ - ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \ - " -RDEPENDS_${PN} += "virtual/containerd virtual/runc" - -RRECOMMENDS_${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat" -RSUGGESTS_${PN} = "lxc rt-tests" DOCKER_PKG="github.com/docker/docker" +# in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056 +BUILD_TAGS = "exclude_graphdriver_btrfs exclude_graphdriver_devicemapper" -inherit systemd update-rc.d inherit go inherit goarch inherit pkgconfig @@ -88,8 +62,6 @@ do_compile() { mkdir -p .gopath/src/"$(dirname "${DOCKER_PKG}")" ln -sf ../../../../components/engine/ .gopath/src/"${DOCKER_PKG}" - mkdir -p .gopath/src/github.com/docker - ln -sf ${WORKDIR}/git/libnetwork .gopath/src/github.com/docker/libnetwork ln -sf ${S}/src/import/components/cli .gopath/src/github.com/docker/cli export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" @@ -101,19 +73,19 @@ do_compile() { export CGO_ENABLED="1" export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" - # in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056 - export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper' + export DOCKER_BUILDTAGS='${BUILD_TAGS} ${PACKAGECONFIG_CONFARGS}' export DISABLE_WARN_OUTSIDE_CONTAINER=1 cd ${S}/src/import/components/engine - # this is the unsupported build structure - # that doesn't rely on an existing docker - # to build this: + # this is the unsupported build structure that doesn't rely on an + # existing docker to build this: VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" ./hack/make.sh dynbinary # build the proxy + cd ${S}/src/import + ln -sf ${WORKDIR}/git/libnetwork .gopath/src/github.com/docker/libnetwork cd ${S}/src/import/.gopath/src/github.com/docker/libnetwork oe_runmake cross-local @@ -125,18 +97,10 @@ do_compile() { VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" make dynbinary } -SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker.service','',d)}" -SYSTEMD_AUTO_ENABLE_${PN} = "enable" - -INITSCRIPT_PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','${PN}','',d)}" -INITSCRIPT_NAME_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','docker.init','',d)}" -INITSCRIPT_PARAMS_${PN} = "defaults" - do_install() { mkdir -p ${D}/${bindir} cp ${S}/src/import/components/cli/build/docker ${D}/${bindir}/docker - cp ${S}/src/import/components/engine/bundles/latest/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd + cp ${S}/src/import/components/engine/bundles/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd cp ${WORKDIR}/git/libnetwork/bin/docker-proxy* ${D}/${bindir}/docker-proxy if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then @@ -144,24 +108,24 @@ do_install() { install -m 644 ${S}/src/import/components/engine/contrib/init/systemd/docker.* ${D}/${systemd_unitdir}/system # replaces one copied from above with one that uses the local registry for a mirror install -m 644 ${S}/src/import/components/engine/contrib/init/systemd/docker.service ${D}/${systemd_unitdir}/system + rm -f ${D}/${systemd_unitdir}/system/docker.service.rpm else install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/docker.init ${D}${sysconfdir}/init.d/docker.init fi + # TLS key that docker creates at run-time if not found is what resides here + if ${@bb.utils.contains('PACKAGECONFIG','transient-config','true','false',d)}; then + install -d ${D}${sysconfdir} + ln -s ..${localstatedir}/run/docker ${D}${sysconfdir}/docker + else + install -d ${D}${sysconfdir}/docker + fi mkdir -p ${D}${datadir}/docker/ install -m 0755 ${S}/src/import/components/engine/contrib/check-config.sh ${D}${datadir}/docker/ } -inherit useradd -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "-r docker" - -FILES_${PN} += "${systemd_unitdir}/system/*" +FILES_${PN} += "${systemd_unitdir}/system/* ${sysconfdir}/docker" FILES_${PN}-contrib += "${datadir}/docker/check-config.sh" RDEPENDS_${PN}-contrib += "bash" - -# DO NOT STRIP docker -INHIBIT_PACKAGE_STRIP = "1" -INSANE_SKIP_${PN} += "ldflags" diff --git a/external/meta-virtualization/recipes-containers/docker/docker_git.bb b/external/meta-virtualization/recipes-containers/docker/docker-moby.bb index 79578083..074ef08f 100644 --- a/external/meta-virtualization/recipes-containers/docker/docker_git.bb +++ b/external/meta-virtualization/recipes-containers/docker/docker-moby.bb @@ -9,8 +9,8 @@ DESCRIPTION = "Linux container runtime \ large-scale web deployments, database clusters, continuous deployment \ systems, private PaaS, service-oriented architectures, etc. \ . \ - This package contains the daemon and client. Using docker.io is \ - officially supported on x86_64 and arm (32-bit) hosts. \ + This package contains the daemon and client, which are \ + officially supported on x86_64 and arm hosts. \ Other architectures are considered experimental. \ . \ Also, note that kernel version 3.10 or above is required for proper \ @@ -18,17 +18,37 @@ DESCRIPTION = "Linux container runtime \ subtle and/or glaring issues. \ " -SRCREV_docker = "489b8eda6674523df8b82a210399b7d2954427d0" -SRCREV_libnetwork = "6da50d1978302f04c3e2089e29112ea24812f05b" -SRCREV_cli = "51668a30f26250ccfce31bcc13d9334eaafabe36" +# Notes: +# - This docker variant uses moby and the other individually maintained +# upstream variants for SRCREVs +# - It is a true community / upstream tracking build, and is not a +# docker curated set of commits or additions +# - The version number on this package tracks the versions assigned to +# the curated docker-ce repository. This allows compatibility and +# functional equivalence, while allowing new features to be more +# easily added. +# - This could be called "docker-moby" or just "moby" in the future, but +# that would require the creation of a virtual/docker dependency, which +# is possible, but overkill at the moment (while we wait for the upstream +# to stop changing). +# - The common components of this recipe and docker-ce do need to be moved +# to a docker.inc recipe + +# moby commit matches the docker-engine bump on the 19.03 branch' +SRCREV_moby = "aa6a9891b09cce3d9004121294301a30d45d998d" +SRCREV_libnetwork = "c7bae399e46fd620b8a006174b7327e4e6e647fd" +SRCREV_cli = "eb310fca49568dccd87c6136f774ef6fff2a1b51" SRC_URI = "\ - git://github.com/moby/moby.git;nobranch=1;name=docker \ - git://github.com/docker/libnetwork.git;branch=bump_18.09;name=libnetwork;destsuffix=git/libnetwork \ - git://github.com/docker/cli;branch=18.09;name=cli;destsuffix=git/cli \ + git://github.com/moby/moby.git;branch=19.03;name=moby \ + git://github.com/docker/libnetwork.git;branch=bump_19.03;name=libnetwork;destsuffix=git/libnetwork \ + git://github.com/docker/cli;branch=19.03;name=cli;destsuffix=git/cli \ file://docker.init \ - file://0001-libnetwork-use-GO-instead-of-go.patch \ + file://0001-libnetwork-use-GO-instead-of-go.patch \ + file://0001-imporve-hardcoded-CC-on-cross-compile-docker-ce.patch \ " +require docker.inc + # Apache-2.0 for docker LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=4859e97a9c7780e77972d989f0823f28" @@ -37,50 +57,17 @@ GO_IMPORT = "import" S = "${WORKDIR}/git" -DOCKER_VERSION = "18.09.0" -PV = "${DOCKER_VERSION}+git${SRCREV_docker}" - -DEPENDS = " \ - go-cli \ - go-pty \ - go-context \ - go-mux \ - go-patricia \ - go-logrus \ - go-fsnotify \ - go-dbus \ - go-capability \ - go-systemd \ - btrfs-tools \ - sqlite3 \ - go-distribution \ - compose-file \ - go-connections \ - notary \ - grpc-go \ - libtool \ - " - -PACKAGECONFIG ??= "" -PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" +DOCKER_VERSION = "19.03.8" +PV = "${DOCKER_VERSION}+git${SRCREV_moby}" PACKAGES =+ "${PN}-contrib" -DEPENDS_append_class-target = " lvm2" -RDEPENDS_${PN} = "util-linux util-linux-unshare iptables \ - ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \ - " -RDEPENDS_${PN} += "virtual/containerd virtual/runc" - -RRECOMMENDS_${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat docker-init" -RSUGGESTS_${PN} = "lxc rt-tests" DOCKER_PKG="github.com/docker/docker" +# in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056 +BUILD_TAGS = "exclude_graphdriver_btrfs exclude_graphdriver_devicemapper" -inherit systemd update-rc.d inherit go inherit goarch -inherit pkgconfig do_configure[noexec] = "1" @@ -106,8 +93,7 @@ do_compile() { export CGO_ENABLED="1" export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" - # in order to exclude devicemapper and btrfs - https://github.com/docker/docker/issues/14056 - export DOCKER_BUILDTAGS='exclude_graphdriver_btrfs exclude_graphdriver_devicemapper ${PACKAGECONFIG_CONFARGS}' + export DOCKER_BUILDTAGS='${BUILD_TAGS} ${PACKAGECONFIG_CONFARGS}' export DISABLE_WARN_OUTSIDE_CONTAINER=1 @@ -116,33 +102,24 @@ do_compile() { # this is the unsupported built structure # that doesn't rely on an existing docker # to build this: - VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" ./hack/make.sh dynbinary + VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_moby}" ./hack/make.sh dynbinary # build the cli cd ${S}/src/import/.gopath/src/github.com/docker/cli export CFLAGS="" export LDFLAGS="" export DOCKER_VERSION=${DOCKER_VERSION} - VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_docker}" make dynbinary + VERSION="${DOCKER_VERSION}" DOCKER_GITCOMMIT="${SRCREV_moby}" make dynbinary # build the proxy cd ${S}/src/import/.gopath/src/github.com/docker/libnetwork oe_runmake cross-local } -SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" -SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker.service','',d)}" - -SYSTEMD_AUTO_ENABLE_${PN} = "enable" - -INITSCRIPT_PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','${PN}','',d)}" -INITSCRIPT_NAME_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','docker.init','',d)}" -INITSCRIPT_PARAMS_${PN} = "defaults" - do_install() { mkdir -p ${D}/${bindir} cp ${WORKDIR}/git/cli/build/docker ${D}/${bindir}/docker - cp ${S}/src/import/bundles/latest/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd + cp ${S}/src/import/bundles/dynbinary-daemon/dockerd ${D}/${bindir}/dockerd cp ${WORKDIR}/git/libnetwork/bin/docker-proxy* ${D}/${bindir}/docker-proxy if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then @@ -150,24 +127,24 @@ do_install() { install -m 644 ${S}/src/import/contrib/init/systemd/docker.* ${D}/${systemd_unitdir}/system # replaces one copied from above with one that uses the local registry for a mirror install -m 644 ${S}/src/import/contrib/init/systemd/docker.service ${D}/${systemd_unitdir}/system + rm -f ${D}/${systemd_unitdir}/system/docker.service.rpm else install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/docker.init ${D}${sysconfdir}/init.d/docker.init fi + # TLS key that docker creates at run-time if not found is what resides here + if ${@bb.utils.contains('PACKAGECONFIG','transient-config','true','false',d)}; then + install -d ${D}${sysconfdir} + ln -s ..${localstatedir}/run/docker ${D}${sysconfdir}/docker + else + install -d ${D}${sysconfdir}/docker + fi mkdir -p ${D}${datadir}/docker/ install -m 0755 ${S}/src/import/contrib/check-config.sh ${D}${datadir}/docker/ } -inherit useradd -USERADD_PACKAGES = "${PN}" -GROUPADD_PARAM_${PN} = "-r docker" - -FILES_${PN} += "${systemd_unitdir}/system/*" +FILES_${PN} += "${systemd_unitdir}/system/* ${sysconfdir}/docker" FILES_${PN}-contrib += "${datadir}/docker/check-config.sh" RDEPENDS_${PN}-contrib += "bash" - -# DO NOT STRIP docker -INHIBIT_PACKAGE_STRIP = "1" -INSANE_SKIP_${PN} += "ldflags textrel" diff --git a/external/meta-virtualization/recipes-containers/docker/docker-moby/0001-imporve-hardcoded-CC-on-cross-compile-docker-ce.patch b/external/meta-virtualization/recipes-containers/docker/docker-moby/0001-imporve-hardcoded-CC-on-cross-compile-docker-ce.patch new file mode 100644 index 00000000..766425a8 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker/docker-moby/0001-imporve-hardcoded-CC-on-cross-compile-docker-ce.patch @@ -0,0 +1,61 @@ +From 1263fdb50a540e9db742694b7cee08284ad986d0 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Wed, 17 Jul 2019 17:34:04 +0800 +Subject: [PATCH] imporve hardcoded CC on cross compile + +Since commit applied in moby [61a3285 Support cross-compile for arm] +it hardcoded var-CC to support cross-compile for arm + +Correct it with "${parameter:-word}" format, it is helpful for user +define toolchains + +(Use Default Values. If parameter is unset or null, the expansion of +word is substituted. Otherwise, the value of parameter is substituted.) + +Upstream-Status: Submitted [https://github.com/moby/moby/pull/39546] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + components/engine/hack/make/.binary | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/import/hack/make/.binary b/src/import/hack/make/.binary +index 53de6749e5..66f4ca05f3 100644 +--- a/src/import/hack/make/.binary ++++ b/src/import/hack/make/.binary +@@ -44,27 +44,27 @@ if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARC + # must be cross-compiling! + case "$(go env GOOS)/$(go env GOARCH)" in + windows/amd64) +- export CC=x86_64-w64-mingw32-gcc ++ export CC="${CC:-x86_64-w64-mingw32-gcc}" + export CGO_ENABLED=1 + ;; + linux/arm) + case "${GOARM}" in + 5|"") +- export CC=arm-linux-gnueabi-gcc ++ export CC="${CC:-arm-linux-gnueabi-gcc}" + export CGO_ENABLED=1 + ;; + 7) +- export CC=arm-linux-gnueabihf-gcc ++ export CC="${CC:-arm-linux-gnueabihf-gcc}" + export CGO_ENABLED=1 + ;; + esac + ;; + linux/arm64) +- export CC=aarch64-linux-gnu-gcc ++ export CC="${CC:-aarch64-linux-gnu-gcc}" + export CGO_ENABLED=1 + ;; + linux/amd64) +- export CC=x86_64-linux-gnu-gcc ++ export CC="${CC:-x86_64-linux-gnu-gcc}" + export CGO_ENABLED=1 + ;; + esac +-- +2.23.0 + diff --git a/external/meta-virtualization/recipes-containers/docker/docker.inc b/external/meta-virtualization/recipes-containers/docker/docker.inc new file mode 100644 index 00000000..32d4a2e4 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker/docker.inc @@ -0,0 +1,65 @@ +DEPENDS = " \ + go-cli \ + go-pty \ + go-context \ + go-mux \ + go-patricia \ + go-logrus \ + go-fsnotify \ + go-dbus \ + go-capability \ + go-systemd \ + btrfs-tools \ + sqlite3 \ + go-distribution \ + compose-file \ + go-connections \ + notary \ + grpc-go \ + libtool-native \ + libtool \ + " + +DEPENDS_append_class-target = " lvm2" +RDEPENDS_${PN} = "util-linux util-linux-unshare iptables \ + ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \ + bridge-utils \ + ca-certificates \ + " +RDEPENDS_${PN} += "virtual/containerd virtual/runc" + +RRECOMMENDS_${PN} = "kernel-module-dm-thin-pool kernel-module-nf-nat kernel-module-xt-addrtype" + +PROVIDES += "virtual/docker" + +# we want all the docker variant recpes to be installable via "docker" +PACKAGE_NAME = "docker" +RPROVIDES_${PN} += "docker" +RPROVIDES_${PN}-dbg += "docker-dbg" +RPROVIDES_${PN}-dev += "docker-dev" +RPROVIDES_${PN}-contrip += "docker-dev" + +inherit pkgconfig +PACKAGECONFIG ??= "docker-init" +PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" +PACKAGECONFIG[docker-init] = ",,,docker-init" +PACKAGECONFIG[transient-config] = "transient-config" + +inherit systemd update-rc.d + +SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}" +SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','docker.service','',d)}" +SYSTEMD_AUTO_ENABLE_${PN} = "enable" + +INITSCRIPT_PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','${PN}','',d)}" +INITSCRIPT_NAME_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','docker.init','',d)}" +INITSCRIPT_PARAMS_${PN} = "defaults" + +inherit useradd +USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = "-r docker" + +COMPATIBLE_HOST = "^(?!(qemu)?mips).*" + +INSANE_SKIP_${PN} += "ldflags textrel" diff --git a/external/meta-virtualization/recipes-containers/docker/files/0001-imporve-hardcoded-CC-on-cross-compile-docker-ce.patch b/external/meta-virtualization/recipes-containers/docker/files/0001-imporve-hardcoded-CC-on-cross-compile-docker-ce.patch new file mode 100644 index 00000000..70fdaf83 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/docker/files/0001-imporve-hardcoded-CC-on-cross-compile-docker-ce.patch @@ -0,0 +1,61 @@ +From 1263fdb50a540e9db742694b7cee08284ad986d0 Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Wed, 17 Jul 2019 17:34:04 +0800 +Subject: [PATCH] imporve hardcoded CC on cross compile + +Since commit applied in moby [61a3285 Support cross-compile for arm] +it hardcoded var-CC to support cross-compile for arm + +Correct it with "${parameter:-word}" format, it is helpful for user +define toolchains + +(Use Default Values. If parameter is unset or null, the expansion of +word is substituted. Otherwise, the value of parameter is substituted.) + +Upstream-Status: Submitted [https://github.com/moby/moby/pull/39546] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> +--- + components/engine/hack/make/.binary | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/import/components/engine/hack/make/.binary b/src/import/components/engine/hack/make/.binary +index 53de6749e5..66f4ca05f3 100644 +--- a/src/import/components/engine/hack/make/.binary ++++ b/src/import/components/engine/hack/make/.binary +@@ -44,27 +44,27 @@ if [ "$(go env GOOS)/$(go env GOARCH)" != "$(go env GOHOSTOS)/$(go env GOHOSTARC + # must be cross-compiling! + case "$(go env GOOS)/$(go env GOARCH)" in + windows/amd64) +- export CC=x86_64-w64-mingw32-gcc ++ export CC="${CC:-x86_64-w64-mingw32-gcc}" + export CGO_ENABLED=1 + ;; + linux/arm) + case "${GOARM}" in + 5|"") +- export CC=arm-linux-gnueabi-gcc ++ export CC="${CC:-arm-linux-gnueabi-gcc}" + export CGO_ENABLED=1 + ;; + 7) +- export CC=arm-linux-gnueabihf-gcc ++ export CC="${CC:-arm-linux-gnueabihf-gcc}" + export CGO_ENABLED=1 + ;; + esac + ;; + linux/arm64) +- export CC=aarch64-linux-gnu-gcc ++ export CC="${CC:-aarch64-linux-gnu-gcc}" + export CGO_ENABLED=1 + ;; + linux/amd64) +- export CC=x86_64-linux-gnu-gcc ++ export CC="${CC:-x86_64-linux-gnu-gcc}" + export CGO_ENABLED=1 + ;; + esac +-- +2.23.0 + diff --git a/external/meta-virtualization/recipes-containers/docker/files/docker.init b/external/meta-virtualization/recipes-containers/docker/files/docker.init index 0aea8d01..24f8fea6 100644 --- a/external/meta-virtualization/recipes-containers/docker/files/docker.init +++ b/external/meta-virtualization/recipes-containers/docker/files/docker.init @@ -28,7 +28,7 @@ exec="/usr/bin/$prog" pidfile="/var/run/$prog.pid" lockfile="/var/lock/subsys/$prog" logfile="/var/log/$prog" -other_args="--registry-mirror=http://localhost:5000 --insecure-registry=http://localhost:5000 --raw-logs" +other_args="--pidfile $pidfile --registry-mirror=http://localhost:5000 --insecure-registry=http://localhost:5000 --raw-logs" [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog @@ -40,7 +40,7 @@ start() { if ! [ -f $pidfile ]; then printf "Starting $prog:\t" echo -e "\n$(date)\n" >> $logfile - "$unshare" -m -- $exec $other_args &>> $logfile & + "$unshare" -m -- $exec $other_args >> $logfile 2>&1 & pid=$! touch $lockfile # wait up to 10 seconds for the pidfile to exist. see diff --git a/external/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb b/external/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb index c3810b0d..76107afe 100644 --- a/external/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb +++ b/external/meta-virtualization/recipes-containers/kubernetes/kubernetes_git.bb @@ -5,12 +5,10 @@ applications across multiple hosts, providing basic mechanisms for deployment, \ maintenance, and scaling of applications. \ " -# Note: 1.11+ requires go 1.10.2+, so the following must be set -# in your configuration: GOVERSION = "1.10%" -PV = "1.12.0+git${SRCREV_kubernetes}" -SRCREV_kubernetes = "d93ba8b6d1e2afcb30da3e354928ed00e6682223" +PV = "v1.17.1-beta+git${SRCREV_kubernetes}" +SRCREV_kubernetes = "f45fc1861acab22eb6a4697e3fb831e85ef5ff9c" -SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.12;name=kubernetes \ +SRC_URI = "git://github.com/kubernetes/kubernetes.git;branch=release-1.17;name=kubernetes \ file://0001-hack-lib-golang.sh-use-CC-from-environment.patch \ file://0001-cross-don-t-build-tests-by-default.patch \ " @@ -28,42 +26,34 @@ inherit systemd inherit go inherit goarch -do_compile() { - export GOARCH="${TARGET_GOARCH}" - export GOOS="${TARGET_GOOS}" - export GOROOT="${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/go" - export GOPATH="${S}/src/import:${S}/src/import/vendor" - - # Pass the needed cflags/ldflags so that cgo - # can find the needed headers files and libraries - export CGO_ENABLED="1" - export CFLAGS="" - export LDFLAGS="" - export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" +COMPATIBLE_HOST = '(x86_64.*|arm.*|aarch64.*)-linux' +do_compile() { # link fixups for compilation rm -f ${S}/src/import/vendor/src ln -sf ./ ${S}/src/import/vendor/src export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go" - export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" - - # Pass the needed cflags/ldflags so that cgo - # can find the needed headers files and libraries - export CGO_ENABLED="1" - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" - cd ${S}/src/import + # Build the host tools first, using the host compiler export GOARCH="${BUILD_GOARCH}" + # Pass the needed cflags/ldflags so that cgo can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" make generated_files KUBE_BUILD_PLATFORMS="${HOST_GOOS}/${BUILD_GOARCH}" - # Reset GOARCH to the target one + # Build the target binaries export GOARCH="${TARGET_GOARCH}" + # Pass the needed cflags/ldflags so that cgo can find the needed headers files and libraries + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" # to limit what is built, use 'WHAT', i.e. make WHAT=cmd/kubelet - make cross KUBE_BUILD_PLATFORMS=${GOOS}/${GOARCH} + make cross KUBE_BUILD_PLATFORMS=${GOOS}/${GOARCH} GOLDFLAGS="" } do_install() { @@ -106,6 +96,5 @@ FILES_kubectl = "${bindir}/kubectl" FILES_kube-proxy = "${bindir}/kube-proxy" FILES_${PN}-misc = "${bindir}" -INHIBIT_PACKAGE_STRIP = "1" deltask compile_ptest_base diff --git a/external/meta-virtualization/recipes-containers/lxc/files/logs-optionally-use-base-filenames-to-report-src-fil.patch b/external/meta-virtualization/recipes-containers/lxc/files/logs-optionally-use-base-filenames-to-report-src-fil.patch index 648193b4..a8c76bc8 100644 --- a/external/meta-virtualization/recipes-containers/lxc/files/logs-optionally-use-base-filenames-to-report-src-fil.patch +++ b/external/meta-virtualization/recipes-containers/lxc/files/logs-optionally-use-base-filenames-to-report-src-fil.patch @@ -1,4 +1,4 @@ -From c50ddb2b2cf22a29e4c671b1efbd338eeba694aa Mon Sep 17 00:00:00 2001 +From 0cfa202f5d96a35692f063f35bf4706f310b17e4 Mon Sep 17 00:00:00 2001 From: Jim Somerville <Jim.Somerville@windriver.com> Date: Fri, 25 Sep 2015 15:08:17 -0400 Subject: [PATCH] logs: optionally use base filenames to report src files @@ -30,11 +30,11 @@ Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> 2 files changed, 14 insertions(+) diff --git a/configure.ac b/configure.ac -index 74b976a..9c561f7 100644 +index a3272e9..a2d4c29 100644 --- a/configure.ac +++ b/configure.ac -@@ -356,6 +356,15 @@ AC_ARG_ENABLE([examples], - [], [enable_examples=yes]) +@@ -378,6 +378,15 @@ AC_ARG_ENABLE([examples], + [enable_examples=$enableval], [enable_examples=yes]) AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"]) +# Enable basenames in the logs for source files @@ -48,12 +48,12 @@ index 74b976a..9c561f7 100644 + # Enable dumping stack traces AC_ARG_ENABLE([mutex-debugging], - [AC_HELP_STRING([--enable-mutex-debugging], [Makes mutexes to report error and provide stack trace [default=no]])], + [AS_HELP_STRING([--enable-mutex-debugging], [Makes mutexes to report error and provide stack trace [default=no]])], diff --git a/src/lxc/log.h b/src/lxc/log.h -index 4654fd9..6885d78 100644 +index d280656..62cbf4f 100644 --- a/src/lxc/log.h +++ b/src/lxc/log.h -@@ -77,8 +77,13 @@ struct lxc_log_locinfo { +@@ -47,8 +47,13 @@ struct lxc_log_locinfo { int line; }; diff --git a/external/meta-virtualization/recipes-containers/lxc/files/lxc-1.0.0-disable-udhcp-from-busybox-template.patch b/external/meta-virtualization/recipes-containers/lxc/files/lxc-1.0.0-disable-udhcp-from-busybox-template.patch index 85177c8f..6702b69e 100644 --- a/external/meta-virtualization/recipes-containers/lxc/files/lxc-1.0.0-disable-udhcp-from-busybox-template.patch +++ b/external/meta-virtualization/recipes-containers/lxc/files/lxc-1.0.0-disable-udhcp-from-busybox-template.patch @@ -1,4 +1,4 @@ -From 74efbe7f47379375c51948dd0f86248fb9429a1b Mon Sep 17 00:00:00 2001 +From 8227e720438ff0bdfe45d7307de85f660e491d49 Mon Sep 17 00:00:00 2001 From: Bogdan Purcareata <bogdan.purcareata@freescale.com> Date: Mon, 8 Apr 2013 18:30:19 +0300 Subject: [PATCH] lxc-0.9.0-disable-udhcp-from-busybox-template @@ -8,10 +8,10 @@ Subject: [PATCH] lxc-0.9.0-disable-udhcp-from-busybox-template 1 file changed, 1 deletion(-) diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in -index 7243b36..9637a71 100644 +index 1a8618b..8ba7cfe 100644 --- a/templates/lxc-busybox.in +++ b/templates/lxc-busybox.in -@@ -111,7 +111,6 @@ EOF +@@ -120,7 +120,6 @@ EOF #!/bin/sh /bin/syslogd /bin/mount -a diff --git a/external/meta-virtualization/recipes-containers/lxc/files/lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch b/external/meta-virtualization/recipes-containers/lxc/files/lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch index 085ffe80..be5dddf1 100644 --- a/external/meta-virtualization/recipes-containers/lxc/files/lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch +++ b/external/meta-virtualization/recipes-containers/lxc/files/lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch @@ -1,4 +1,4 @@ -From 5190dce1a675dfcdf88e3b94bd48070ac180bacc Mon Sep 17 00:00:00 2001 +From 85d1e77acbfde2aa1045cfda877a91a9e57c405d Mon Sep 17 00:00:00 2001 From: Jim Somerville <Jim.Somerville@windriver.com> Date: Tue, 11 Aug 2015 14:05:00 -0400 Subject: [PATCH] lxc: doc: upgrade to use docbook 3.1 DTD @@ -15,10 +15,10 @@ Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index 1acc461..74b976a 100644 +index 90a4bd4..a3272e9 100644 --- a/configure.ac +++ b/configure.ac -@@ -213,7 +213,7 @@ AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"]) +@@ -227,7 +227,7 @@ AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"]) AM_CONDITIONAL([USE_DOCBOOK2X], [test "x$db2xman" != "xdocbook2man"]) if test "x$db2xman" = "xdocbook2man"; then diff --git a/external/meta-virtualization/recipes-containers/lxc/files/lxc-fix-B-S.patch b/external/meta-virtualization/recipes-containers/lxc/files/lxc-fix-B-S.patch index 6b09193a..cd8f81d0 100644 --- a/external/meta-virtualization/recipes-containers/lxc/files/lxc-fix-B-S.patch +++ b/external/meta-virtualization/recipes-containers/lxc/files/lxc-fix-B-S.patch @@ -1,4 +1,4 @@ -From 2fa77a1803939de2d155a14cf680b53140b92f06 Mon Sep 17 00:00:00 2001 +From 1cdadc8d6f7ccaf398a95af920b7c49514ee62ef Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com> Date: Thu, 9 Apr 2015 23:01:48 +0300 diff --git a/external/meta-virtualization/recipes-containers/lxc/files/template-make-busybox-template-compatible-with-core-.patch b/external/meta-virtualization/recipes-containers/lxc/files/template-make-busybox-template-compatible-with-core-.patch index e4bb72a0..56ff2f07 100644 --- a/external/meta-virtualization/recipes-containers/lxc/files/template-make-busybox-template-compatible-with-core-.patch +++ b/external/meta-virtualization/recipes-containers/lxc/files/template-make-busybox-template-compatible-with-core-.patch @@ -1,4 +1,4 @@ -From 3a7112a38d2c44b6fa49e0da1dc4765defd88dbb Mon Sep 17 00:00:00 2001 +From 96bf043ec0ed93613036c324174c149655cf52be Mon Sep 17 00:00:00 2001 From: Mark Asselstine <mark.asselstine@windriver.com> Date: Thu, 31 May 2018 11:44:44 -0400 Subject: [PATCH] template: make busybox template compatible with @@ -23,10 +23,10 @@ Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/templates/lxc-busybox.in b/templates/lxc-busybox.in -index 9637a71..45b386f 100644 +index 8ba7cfe..effdb73 100644 --- a/templates/lxc-busybox.in +++ b/templates/lxc-busybox.in -@@ -181,6 +181,19 @@ configure_busybox() +@@ -194,6 +194,19 @@ configure_busybox() return 1 fi @@ -46,7 +46,7 @@ index 9637a71..45b386f 100644 # symlink busybox for the commands it supports # it would be nice to just use "chroot $rootfs busybox --install -s /bin" # but that only works right in a chroot with busybox >= 1.19.0 -@@ -189,9 +202,6 @@ configure_busybox() +@@ -202,9 +215,6 @@ configure_busybox() ./busybox --list | grep -v busybox | xargs -n1 ln -s busybox ) diff --git a/external/meta-virtualization/recipes-containers/lxc/files/templates-actually-create-DOWNLOAD_TEMP-directory.patch b/external/meta-virtualization/recipes-containers/lxc/files/templates-actually-create-DOWNLOAD_TEMP-directory.patch index 756cddc3..522aab7c 100644 --- a/external/meta-virtualization/recipes-containers/lxc/files/templates-actually-create-DOWNLOAD_TEMP-directory.patch +++ b/external/meta-virtualization/recipes-containers/lxc/files/templates-actually-create-DOWNLOAD_TEMP-directory.patch @@ -1,4 +1,4 @@ -From 68b0dd97130ffc5776de9219a42188b4a140d446 Mon Sep 17 00:00:00 2001 +From 7c1c597592694d1f3e652657b1cc642a8990f8a0 Mon Sep 17 00:00:00 2001 From: Mark Asselstine <mark.asselstine@windriver.com> Date: Thu, 31 May 2018 16:21:45 -0400 Subject: [PATCH] templates: actually create DOWNLOAD_TEMP directory @@ -23,10 +23,10 @@ Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/lxc-download.in b/templates/lxc-download.in -index 973783b..015a679 100644 +index 58d063f..d7e6128 100644 --- a/templates/lxc-download.in +++ b/templates/lxc-download.in -@@ -323,7 +323,7 @@ elif [ -n "${DOWNLOAD_TEMP}" ]; then +@@ -329,7 +329,7 @@ elif [ -n "${DOWNLOAD_TEMP}" ]; then mkdir -p "${DOWNLOAD_TEMP}" DOWNLOAD_TEMP="$(mktemp -p ${DOWNLOAD_TEMP} -d)" else diff --git a/external/meta-virtualization/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch b/external/meta-virtualization/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch new file mode 100644 index 00000000..156df82f --- /dev/null +++ b/external/meta-virtualization/recipes-containers/lxc/files/templates-use-curl-instead-of-wget.patch @@ -0,0 +1,50 @@ +From 07890dd8ffdcd08b7be1ddbd9f56ac55482c76bb Mon Sep 17 00:00:00 2001 +From: Joakim Roubert <joakimr@axis.com> +Date: Fri, 16 Aug 2019 07:52:48 +0200 +Subject: [PATCH] Use curl instead of wget + +When curl's MIT license is preferable to wget's GPLv3. + +Change-Id: I4684ae7569704514fdcc63e0655c556efcaf44f8 +Signed-off-by: Joakim Roubert <joakimr@axis.com> + +--- + templates/lxc-download.in | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/templates/lxc-download.in b/templates/lxc-download.in +index d7e6128..8a4b567 100644 +--- a/templates/lxc-download.in ++++ b/templates/lxc-download.in +@@ -74,9 +74,9 @@ cleanup() { + fi + } + +-wget_wrapper() { ++curl_wrapper() { + for _ in $(seq 3); do +- if wget "$@"; then ++ if curl "$@"; then + return 0 + fi + done +@@ -85,8 +85,8 @@ wget_wrapper() { + } + + download_file() { +- if ! wget_wrapper -T 30 -q "https://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then +- if ! wget_wrapper -T 30 -q "http://${DOWNLOAD_SERVER}/$1" -O "$2" >/dev/null 2>&1; then ++ if ! curl_wrapper -m 30 -s "https://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then ++ if ! curl_wrapper -m 30 -s "http://${DOWNLOAD_SERVER}/$1" -o "$2" >/dev/null 2>&1; then + if [ "$3" = "noexit" ]; then + return 1 + else +@@ -271,7 +271,7 @@ while :; do + done + + # Check for required binaries +-for bin in tar xz wget; do ++for bin in tar xz curl; do + if ! command -V "${bin}" >/dev/null 2>&1; then + echo "ERROR: Missing required tool: ${bin}" 1>&2 + exit 1 diff --git a/external/meta-virtualization/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch b/external/meta-virtualization/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch index abddef6e..8caeb2ba 100644 --- a/external/meta-virtualization/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch +++ b/external/meta-virtualization/recipes-containers/lxc/files/tests-add-no-validate-when-using-download-template.patch @@ -1,4 +1,4 @@ -From 1b334bdaf598600314a678509a702728721001a2 Mon Sep 17 00:00:00 2001 +From 1c2506434e744d8c6a86e42c9d8bae4cde7553f6 Mon Sep 17 00:00:00 2001 From: Mark Asselstine <mark.asselstine@windriver.com> Date: Thu, 31 May 2018 15:14:26 -0400 Subject: [PATCH] tests: add '--no-validate' when using download template @@ -19,7 +19,7 @@ Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/tests/lxc-test-apparmor-mount b/src/tests/lxc-test-apparmor-mount -index 56d598f..573cff8 100755 +index d21c948..9e1969b 100755 --- a/src/tests/lxc-test-apparmor-mount +++ b/src/tests/lxc-test-apparmor-mount @@ -169,7 +169,7 @@ if [ -f /etc/lsb-release ]; then diff --git a/external/meta-virtualization/recipes-containers/lxc/files/tests-our-init-is-not-busybox.patch b/external/meta-virtualization/recipes-containers/lxc/files/tests-our-init-is-not-busybox.patch index e6c71d3d..e5a8011e 100644 --- a/external/meta-virtualization/recipes-containers/lxc/files/tests-our-init-is-not-busybox.patch +++ b/external/meta-virtualization/recipes-containers/lxc/files/tests-our-init-is-not-busybox.patch @@ -1,4 +1,4 @@ -From 51d88d9741c30ff4a798698514cac831ae61680b Mon Sep 17 00:00:00 2001 +From 06b2a3054b9526c89d5abc314c7d7cda35ddb6a5 Mon Sep 17 00:00:00 2001 From: Mark Asselstine <mark.asselstine@windriver.com> Date: Thu, 31 May 2018 15:00:34 -0400 Subject: [PATCH] tests: our init is not busybox diff --git a/external/meta-virtualization/recipes-containers/lxc/lxc_3.1.0.bb b/external/meta-virtualization/recipes-containers/lxc/lxc_4.0.1.bb index 977583f2..bfe003ca 100644 --- a/external/meta-virtualization/recipes-containers/lxc/lxc_3.1.0.bb +++ b/external/meta-virtualization/recipes-containers/lxc/lxc_4.0.1.bb @@ -1,14 +1,17 @@ DESCRIPTION = "lxc aims to use these new functionnalities to provide an userspace container object" SECTION = "console/utils" -LICENSE = "LGPLv2.1" -LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" +LICENSE = "LGPLv2.1 & GPLv2" +LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c \ + file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ +" + DEPENDS = "libxml2 libcap" RDEPENDS_${PN} = " \ rsync \ + curl \ gzip \ xz \ tar \ - wget \ libcap-bin \ bridge-utils \ dnsmasq \ @@ -41,14 +44,15 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \ file://logs-optionally-use-base-filenames-to-report-src-fil.patch \ file://templates-actually-create-DOWNLOAD_TEMP-directory.patch \ file://template-make-busybox-template-compatible-with-core-.patch \ + file://templates-use-curl-instead-of-wget.patch \ file://tests-our-init-is-not-busybox.patch \ file://tests-add-no-validate-when-using-download-template.patch \ file://dnsmasq.conf \ file://lxc-net \ " -SRC_URI[md5sum] = "e83e302a801494276f3772e687a3b8b0" -SRC_URI[sha256sum] = "4d8772c25baeaea2c37a954902b88c05d1454c91c887cb6a0997258cfac3fdc5" +SRC_URI[md5sum] = "5f19f13eafdde24c75ba459fc6c28156" +SRC_URI[sha256sum] = "70bbaac1df097f32ee5493a5e67a52365f7cdda28529f40197d6160bbec4139d" S = "${WORKDIR}/${BPN}-${PV}" diff --git a/external/meta-virtualization/recipes-containers/lxcfs/lxcfs_3.0.1.bb b/external/meta-virtualization/recipes-containers/lxcfs/lxcfs_3.0.3.bb index 576027fd..b6b6ac6b 100644 --- a/external/meta-virtualization/recipes-containers/lxcfs/lxcfs_3.0.1.bb +++ b/external/meta-virtualization/recipes-containers/lxcfs/lxcfs_3.0.3.bb @@ -10,8 +10,8 @@ SRC_URI = " \ " LIC_FILES_CHKSUM = "file://COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRC_URI[md5sum] = "fa49872fc45846125455199a2cce18f1" -SRC_URI[sha256sum] = "016c317f13392bebccba338511f537332fb2fdbaf62a5f6d77307b38a348f41f" +SRC_URI[md5sum] = "bfc41f949caeabd0468189480222f25e" +SRC_URI[sha256sum] = "890aa30d960d9b1e53b0c0712bf645c1f1924f750e32cd090f368c1338bd462f" DEPENDS += "fuse" RDEPENDS_${PN} += "fuse" diff --git a/external/meta-virtualization/recipes-containers/oci-image-spec/oci-image-spec_git.bb b/external/meta-virtualization/recipes-containers/oci-image-spec/oci-image-spec_git.bb index 92a83998..58057408 100644 --- a/external/meta-virtualization/recipes-containers/oci-image-spec/oci-image-spec_git.bb +++ b/external/meta-virtualization/recipes-containers/oci-image-spec/oci-image-spec_git.bb @@ -9,8 +9,8 @@ SRCNAME = "image-spec" PKG_NAME = "github.com/opencontainers/${SRCNAME}" SRC_URI = "git://${PKG_NAME}.git;destsuffix=git/src/${PKG_NAME}" -SRCREV = "91d3eaabebcdc329edd9b4ff0f28f8f90022201f" -PV = "v1.0.0-rc4+git${SRCPV}" +SRCREV = "bd4f8fcb0979a663d8b97a1d4d9b030b3d2ca1fa" +PV = "v1.0.1+git${SRCPV}" S = "${WORKDIR}/git" @@ -21,11 +21,11 @@ do_compile() { do_install() { install -d ${D}${prefix}/local/go/src/${PKG_NAME} for j in $(cd ${S} && find src/${PKG_NAME} -name "*.go"); do - if [ ! -d ${D}${prefix}/local/go/$(dirname $j) ]; then - mkdir -p ${D}${prefix}/local/go/$(dirname $j) - fi - cp $j ${D}${prefix}/local/go/$j + cp --parents $j ${D}${prefix}/local/go/ done + # .tool isn't useful, so remote it. + rm -rf ${D}${prefix}/local/go/src/${PKG_NAME}/.tool/ + cp -r ${S}/src/${PKG_NAME}/LICENSE ${D}${prefix}/local/go/src/${PKG_NAME}/ } @@ -38,4 +38,4 @@ image_spec_file_sysroot_preprocess () { FILES_${PN} += "${prefix}/local/go/src/${PKG_NAME}/*" -CLEANBROKEN = "1"
\ No newline at end of file +CLEANBROKEN = "1" diff --git a/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-image-manifest-Recursively-remove-pre-existing-entri.patch b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-image-manifest-Recursively-remove-pre-existing-entri.patch deleted file mode 100644 index 5594f976..00000000 --- a/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-image-manifest-Recursively-remove-pre-existing-entri.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 1f205c0aec5ea9e983d61a64e7ce871ae416bebd Mon Sep 17 00:00:00 2001 -From: "W. Trevor King" <wking@tremily.us> -Date: Tue, 18 Oct 2016 02:16:46 -0700 -Subject: [PATCH 1/2] image/manifest: Recursively remove pre-existing entries - when unpacking - -Implementing the logic that is in-flight with [1], but using recursive -removal [2]. GNU tar has a --recursive-unlink option that's not -enabled by default, with the motivation being something like "folks -would be mad if we blew away a full tree and replaced it with a broken -symlink" [3]. That makes sense for working filesystems, but we're -building the rootfs from scratch here so losing information is not a -concern. This commit always uses recursive removal to get that old -thing off the filesystem (whatever it takes ;). - -The exception to the removal is if both the tar entry and existing -path occupant are directories. In this case we want to use GNU tar's -default --overwrite-dir behavior, but unpackLayer's metadata handling -is currently very weak so I've left it at "don't delete the old -directory". - -The reworked directory case also fixes a minor bug from 44210d05 -(cmd/oci-image-tool: fix unpacking..., 2016-07-22, #177) where the: - - if fi, err := os.Lstat(path); !(err == nil && fi.IsDir()) { - -block would not error out if the Lstat failed for a reason besides the -acceptable IsNotExist. Instead, it would attempt to call MkdirAll, -which would probably fail for the same reason that Lstat failed -(e.g. ENOTDIR). But it's better to handle the Lstat errors directly. - -[1]: https://github.com/opencontainers/image-spec/pull/317 -[2]: https://github.com/opencontainers/image-spec/pull/317/files#r79214718 -[3]: https://www.gnu.org/software/tar/manual/html_node/Dealing-with-Old-Files.html - -Signed-off-by: W. Trevor King <wking@tremily.us> ---- - image/manifest.go | 22 +++++++++++++++++++--- - 1 file changed, 19 insertions(+), 3 deletions(-) - -diff --git a/image/manifest.go b/image/manifest.go -index 8834c1e5f2f0..144bd4f62219 100644 ---- a/src/import/image/manifest.go -+++ b/src/import/image/manifest.go -@@ -253,11 +253,27 @@ loop: - continue loop - } - -+ if hdr.Typeflag != tar.TypeDir { -+ err = os.RemoveAll(path) -+ if err != nil && !os.IsNotExist(err) { -+ return err -+ } -+ } -+ - switch hdr.Typeflag { - case tar.TypeDir: -- if fi, err := os.Lstat(path); !(err == nil && fi.IsDir()) { -- if err2 := os.MkdirAll(path, info.Mode()); err2 != nil { -- return errors.Wrap(err2, "error creating directory") -+ fi, err := os.Lstat(path) -+ if err != nil && !os.IsNotExist(err) { -+ return err -+ } -+ if os.IsNotExist(err) || !fi.IsDir() { -+ err = os.RemoveAll(path) -+ if err != nil && !os.IsNotExist(err) { -+ return err -+ } -+ err = os.MkdirAll(path, info.Mode()) -+ if err != nil { -+ return err - } - } - --- -2.4.0.53.g8440f74 - diff --git a/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-tool-respect-GO-and-GOBUILDFLAGS-when-building.patch b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-tool-respect-GO-and-GOBUILDFLAGS-when-building.patch new file mode 100644 index 00000000..7e0b2a11 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0001-tool-respect-GO-and-GOBUILDFLAGS-when-building.patch @@ -0,0 +1,31 @@ +From 7e6bfc9657f9fd83c170d5bf3721d54bf9e88074 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@gmail.com> +Date: Sun, 13 Oct 2019 15:35:08 -0400 +Subject: [PATCH] tool: respect GO and GOBUILDFLAGS when building + +Ensure that the building of the tools respect the go compiler and +build flags from our environemnt. Otherwise, we'll use the host +settings for each and end up with a binary that cannot be run on +the target. + +Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/import/Makefile b/src/import/Makefile +index bacb341..1bfe021 100644 +--- a/src/import/Makefile ++++ b/src/import/Makefile +@@ -27,7 +27,7 @@ check-license: + + .PHONY: tool + tool: +- go build -ldflags "-X main.gitCommit=${COMMIT}" -o oci-image-tool ./cmd/oci-image-tool ++ $(GO) build $(GOBUILDFLAGS) $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT}" -o oci-image-tool ./cmd/oci-image-tool + + + all: tool man +-- +2.19.1 + diff --git a/external/meta-virtualization/recipes-containers/oci-image-tools/files/0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch b/external/meta-virtualization/recipes-containers/oci-image-tools/files/0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch deleted file mode 100644 index 69bdcdb5..00000000 --- a/external/meta-virtualization/recipes-containers/oci-image-tools/files/0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch +++ /dev/null @@ -1,242 +0,0 @@ -From 1e55f2a83b1f644803b640b72171b4ae0d95217b Mon Sep 17 00:00:00 2001 -From: "W. Trevor King" <wking@tremily.us> -Date: Thu, 20 Oct 2016 23:30:22 -0700 -Subject: [PATCH 2/2] image/manifest: Split unpackLayerEntry into its own - function - -To help address: - - $ make lint - checking lint - image/manifest.go:140::warning: cyclomatic complexity 39 of function unpackLayer() is high (> 35) (gocyclo) - ... - -Signed-off-by: W. Trevor King <wking@tremily.us> ---- - image/manifest.go | 185 +++++++++++++++++++++++++++++------------------------- - 1 file changed, 100 insertions(+), 85 deletions(-) - -diff --git a/image/manifest.go b/image/manifest.go -index 144bd4f62219..dfd5a83f70e4 100644 ---- a/src/import/image/manifest.go -+++ b/src/import/image/manifest.go -@@ -218,116 +218,131 @@ loop: - return errors.Wrapf(err, "error advancing tar stream") - } - -- hdr.Name = filepath.Clean(hdr.Name) -- if !strings.HasSuffix(hdr.Name, string(os.PathSeparator)) { -- // Not the root directory, ensure that the parent directory exists -- parent := filepath.Dir(hdr.Name) -- parentPath := filepath.Join(dest, parent) -- if _, err2 := os.Lstat(parentPath); err2 != nil && os.IsNotExist(err2) { -- if err3 := os.MkdirAll(parentPath, 0755); err3 != nil { -- return err3 -- } -- } -- } -- path := filepath.Join(dest, hdr.Name) -- if entries[path] { -- return fmt.Errorf("duplicate entry for %s", path) -- } -- entries[path] = true -- rel, err := filepath.Rel(dest, path) -+ var whiteout bool -+ whiteout, err = unpackLayerEntry(dest, hdr, tr, &entries) - if err != nil { - return err - } -- info := hdr.FileInfo() -- if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { -- return fmt.Errorf("%q is outside of %q", hdr.Name, dest) -+ if whiteout { -+ continue loop - } - -- if strings.HasPrefix(info.Name(), ".wh.") { -- path = strings.Replace(path, ".wh.", "", 1) -+ // Directory mtimes must be handled at the end to avoid further -+ // file creation in them to modify the directory mtime -+ if hdr.Typeflag == tar.TypeDir { -+ dirs = append(dirs, hdr) -+ } -+ } -+ for _, hdr := range dirs { -+ path := filepath.Join(dest, hdr.Name) - -- if err := os.RemoveAll(path); err != nil { -- return errors.Wrap(err, "unable to delete whiteout path") -+ finfo := hdr.FileInfo() -+ // I believe the old version was using time.Now().UTC() to overcome an -+ // invalid error from chtimes.....but here we lose hdr.AccessTime like this... -+ if err := os.Chtimes(path, time.Now().UTC(), finfo.ModTime()); err != nil { -+ return errors.Wrap(err, "error changing time") -+ } -+ } -+ return nil -+} -+ -+// unpackLayerEntry unpacks a single entry from a layer. -+func unpackLayerEntry(dest string, header *tar.Header, reader io.Reader, entries *map[string]bool) (whiteout bool, err error) { -+ header.Name = filepath.Clean(header.Name) -+ if !strings.HasSuffix(header.Name, string(os.PathSeparator)) { -+ // Not the root directory, ensure that the parent directory exists -+ parent := filepath.Dir(header.Name) -+ parentPath := filepath.Join(dest, parent) -+ if _, err2 := os.Lstat(parentPath); err2 != nil && os.IsNotExist(err2) { -+ if err3 := os.MkdirAll(parentPath, 0755); err3 != nil { -+ return false, err3 - } -+ } -+ } -+ path := filepath.Join(dest, header.Name) -+ if (*entries)[path] { -+ return false, fmt.Errorf("duplicate entry for %s", path) -+ } -+ (*entries)[path] = true -+ rel, err := filepath.Rel(dest, path) -+ if err != nil { -+ return false, err -+ } -+ info := header.FileInfo() -+ if strings.HasPrefix(rel, ".."+string(os.PathSeparator)) { -+ return false, fmt.Errorf("%q is outside of %q", header.Name, dest) -+ } - -- continue loop -+ if strings.HasPrefix(info.Name(), ".wh.") { -+ path = strings.Replace(path, ".wh.", "", 1) -+ -+ if err = os.RemoveAll(path); err != nil { -+ return true, errors.Wrap(err, "unable to delete whiteout path") - } - -- if hdr.Typeflag != tar.TypeDir { -- err = os.RemoveAll(path) -- if err != nil && !os.IsNotExist(err) { -- return err -- } -+ return true, nil -+ } -+ -+ if header.Typeflag != tar.TypeDir { -+ err = os.RemoveAll(path) -+ if err != nil && !os.IsNotExist(err) { -+ return false, err - } -+ } - -- switch hdr.Typeflag { -- case tar.TypeDir: -- fi, err := os.Lstat(path) -+ switch header.Typeflag { -+ case tar.TypeDir: -+ fi, err := os.Lstat(path) -+ if err != nil && !os.IsNotExist(err) { -+ return false, err -+ } -+ if os.IsNotExist(err) || !fi.IsDir() { -+ err = os.RemoveAll(path) - if err != nil && !os.IsNotExist(err) { -- return err -- } -- if os.IsNotExist(err) || !fi.IsDir() { -- err = os.RemoveAll(path) -- if err != nil && !os.IsNotExist(err) { -- return err -- } -- err = os.MkdirAll(path, info.Mode()) -- if err != nil { -- return err -- } -+ return false, err - } -- -- case tar.TypeReg, tar.TypeRegA: -- f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, info.Mode()) -+ err = os.MkdirAll(path, info.Mode()) - if err != nil { -- return errors.Wrap(err, "unable to open file") -+ return false, err - } -+ } - -- if _, err := io.Copy(f, tr); err != nil { -- f.Close() -- return errors.Wrap(err, "unable to copy") -- } -- f.Close() -+ case tar.TypeReg, tar.TypeRegA: -+ f, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY, info.Mode()) -+ if err != nil { -+ return false, errors.Wrap(err, "unable to open file") -+ } - -- case tar.TypeLink: -- target := filepath.Join(dest, hdr.Linkname) -+ if _, err := io.Copy(f, reader); err != nil { -+ f.Close() -+ return false, errors.Wrap(err, "unable to copy") -+ } -+ f.Close() - -- if !strings.HasPrefix(target, dest) { -- return fmt.Errorf("invalid hardlink %q -> %q", target, hdr.Linkname) -- } -+ case tar.TypeLink: -+ target := filepath.Join(dest, header.Linkname) - -- if err := os.Link(target, path); err != nil { -- return err -- } -+ if !strings.HasPrefix(target, dest) { -+ return false, fmt.Errorf("invalid hardlink %q -> %q", target, header.Linkname) -+ } - -- case tar.TypeSymlink: -- target := filepath.Join(filepath.Dir(path), hdr.Linkname) -+ if err := os.Link(target, path); err != nil { -+ return false, err -+ } - -- if !strings.HasPrefix(target, dest) { -- return fmt.Errorf("invalid symlink %q -> %q", path, hdr.Linkname) -- } -+ case tar.TypeSymlink: -+ target := filepath.Join(filepath.Dir(path), header.Linkname) - -- if err := os.Symlink(hdr.Linkname, path); err != nil { -- return err -- } -- case tar.TypeXGlobalHeader: -- return nil -+ if !strings.HasPrefix(target, dest) { -+ return false, fmt.Errorf("invalid symlink %q -> %q", path, header.Linkname) - } -- // Directory mtimes must be handled at the end to avoid further -- // file creation in them to modify the directory mtime -- if hdr.Typeflag == tar.TypeDir { -- dirs = append(dirs, hdr) -- } -- } -- for _, hdr := range dirs { -- path := filepath.Join(dest, hdr.Name) - -- finfo := hdr.FileInfo() -- // I believe the old version was using time.Now().UTC() to overcome an -- // invalid error from chtimes.....but here we lose hdr.AccessTime like this... -- if err := os.Chtimes(path, time.Now().UTC(), finfo.ModTime()); err != nil { -- return errors.Wrap(err, "error changing time") -+ if err := os.Symlink(header.Linkname, path); err != nil { -+ return false, err - } -+ case tar.TypeXGlobalHeader: -+ return false, nil - } -- return nil -+ -+ return false, nil - } --- -2.4.0.53.g8440f74 - diff --git a/external/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb b/external/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb index 8c41b6e0..676f3cc4 100644 --- a/external/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb +++ b/external/meta-virtualization/recipes-containers/oci-image-tools/oci-image-tools_git.bb @@ -13,11 +13,10 @@ DEPENDS = "\ " SRC_URI = "git://github.com/opencontainers/image-tools.git \ - file://0001-image-manifest-Recursively-remove-pre-existing-entri.patch \ - file://0002-image-manifest-Split-unpackLayerEntry-into-its-own-f.patch \ - file://0001-config-make-Config.User-mapping-errors-a-warning.patch" + file://0001-config-make-Config.User-mapping-errors-a-warning.patch \ + file://0001-tool-respect-GO-and-GOBUILDFLAGS-when-building.patch" -SRCREV = "4abe1a166f9be97e8e71b1bb4d7599cc29323011" +SRCREV = "93db3b16e6738bf9b8bee47d86ac93be5340838b" PV = "0.2.0-dev+git${SRCPV}" GO_IMPORT = "import" diff --git a/external/meta-virtualization/recipes-containers/oci-runtime-spec/oci-runtime-spec_git.bb b/external/meta-virtualization/recipes-containers/oci-runtime-spec/oci-runtime-spec_git.bb index deba7b3e..c4083c09 100644 --- a/external/meta-virtualization/recipes-containers/oci-runtime-spec/oci-runtime-spec_git.bb +++ b/external/meta-virtualization/recipes-containers/oci-runtime-spec/oci-runtime-spec_git.bb @@ -9,8 +9,8 @@ SRCNAME = "runtime-spec" PKG_NAME = "github.com/opencontainers/${SRCNAME}" SRC_URI = "git://${PKG_NAME}.git;destsuffix=git/src/${PKG_NAME}" -SRCREV = "a39b1cd4fdf7743ab721cc9da58abbee2f8624d1" -PV = "v1.0.0-rc6+git${SRCPV}" +SRCREV = "78ab98c0761136f84e6e21b24b4dcd0be68ab782" +PV = "v1.0.1+git${SRCPV}" S = "${WORKDIR}/git" diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch index 753a77d1..34f0c09e 100644 --- a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch @@ -1,6 +1,6 @@ -From f59cddcedd6535e0b809ec9b4e95672d34b41a16 Mon Sep 17 00:00:00 2001 +From 12d92162c449d51f4ffa482f7daaeb42c4135937 Mon Sep 17 00:00:00 2001 From: Jason Wessel <jason.wessel@windriver.com> -Date: Tue, 14 Nov 2017 07:41:41 -0800 +Date: Tue, 2 Jul 2019 20:51:08 +0000 Subject: [PATCH] Add additional cgroup mounts from root NS automatically Signed-off-by: Jason Wessel <jason.wessel@windriver.com> @@ -9,11 +9,11 @@ Signed-off-by: Jason Wessel <jason.wessel@windriver.com> 1 file changed, 45 insertions(+) diff --git a/src/systemdhook.c b/src/systemdhook.c -index 78575ef..f735484 100644 +index c2cb2b9..f9ec9f2 100644 --- a/src/systemdhook.c +++ b/src/systemdhook.c -@@ -238,6 +238,11 @@ static char *get_process_cgroup_subsystem_path(int pid, const char *subsystem) { - static int mount_cgroup(const char *rootfs, const char *options, char *systemd_path) +@@ -274,6 +274,11 @@ static char *get_process_cgroup_subsystem_path(const char *id, int pid, const ch + static int mount_cgroup(const char *id, const char *rootfs, const char *options, char *systemd_path) { _cleanup_free_ char *cgroup_path = NULL; + char *spath, *dpath; @@ -23,9 +23,9 @@ index 78575ef..f735484 100644 + int got; if (asprintf(&cgroup_path, "%s/%s", rootfs, CGROUP_ROOT) < 0) { - pr_perror("Failed to create path for %s", CGROUP_ROOT); -@@ -256,6 +261,46 @@ static int mount_cgroup(const char *rootfs, const char *options, char *systemd_p - pr_perror("Failed to mkdir new dest: %s", systemd_path); + pr_perror("%s: Failed to create path for %s", id, CGROUP_ROOT); +@@ -292,6 +297,46 @@ static int mount_cgroup(const char *id, const char *rootfs, const char *options, + pr_perror("%s: Failed to mkdir new dest: %s", id, systemd_path); return -1; } + /* Create all additional cgroup mounts which are in the root namespace */ @@ -59,7 +59,7 @@ index 78575ef..f735484 100644 + pr_perror("Failed to mkdir new dest: %s", dpath); + return -1; + } -+ if (bind_mount(spath, dpath, false)) { ++ if (bind_mount(id, spath, dpath, false)) { + pr_perror("Failed to bind mount %s on %s", spath, dpath); + return -1; + } @@ -68,9 +68,9 @@ index 78575ef..f735484 100644 + free(dpath); + } + closedir(dir); - if (mount(cgroup_path, cgroup_path, "bind", MS_REMOUNT|MS_BIND|MS_RDONLY, "") == -1) { - pr_perror("Failed to remount %s readonly", cgroup_path); + if (remount_readonly(id, cgroup_path, cgroup_path) < 0) { return -1; + } -- -2.11.0 +2.7.4 diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch index 5016f6e7..a3ec57df 100644 --- a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook/0001-selinux-drop-selinux-support.patch @@ -8,9 +8,11 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> src/systemdhook.c | 12 ------------ 1 file changed, 12 deletions(-) ---- a/src/systemdhook.c -+++ b/src/systemdhook.c -@@ -16,7 +16,6 @@ +Index: git/src/systemdhook.c +=================================================================== +--- git.orig/src/systemdhook.c ++++ git/src/systemdhook.c +@@ -17,7 +17,6 @@ #include <errno.h> #include <inttypes.h> #include <linux/limits.h> @@ -18,25 +20,28 @@ Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> #include <yajl/yajl_tree.h> #include <stdbool.h> -@@ -129,9 +128,6 @@ static int chperm(const char *path, cons +@@ -166,12 +165,6 @@ closedir(dir); return -1; } -- if (setfilecon (full_path, label) < 0) { -- pr_perror("Failed to set context %s on %s", label, full_path); +- if (label != NULL && (strcmp("", label))) { +- if ((is_selinux_enabled() > 0) && (setfilecon (full_path, label) < 0)) { +- pr_perror("%s: Failed to set context %s on %s", id, label, full_path); +- } - } - +- if (doChown) { /* Change uid and gid to something the container can handle */ -@@ -496,14 +492,6 @@ static int prestart(const char *rootfs, + if (chown(full_path, uid, gid) < 0 ) { +@@ -557,14 +550,6 @@ return -1; } } - - if (strcmp("", mount_label)) { -- rc = setfilecon(journal_dir, (security_context_t)mount_label); -- if (rc < 0) { -- pr_perror("Failed to set journal dir selinux context"); +- if ((is_selinux_enabled() > 0) && +- (setfilecon(journal_dir, (security_context_t)mount_label) < 0)) { +- pr_perror("%s: Failed to set journal dir selinux context", id); - return -1; - } - } diff --git a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb index e07b7410..6734bffe 100644 --- a/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb +++ b/external/meta-virtualization/recipes-containers/oci-systemd-hook/oci-systemd-hook_git.bb @@ -6,14 +6,14 @@ PRIORITY = "optional" DEPENDS = "yajl util-linux" -SRCREV = "1ac958a4197a9ea52174812fc7d7d036af8140d3" +SRCREV = "05e692346ca73e022754332a7da641230dae2ffe" SRC_URI = "git://github.com/projectatomic/oci-systemd-hook \ file://0001-selinux-drop-selinux-support.patch \ file://0001-configure-drop-selinux-support.patch \ file://0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch \ " -PV = "0.0.1+git${SRCPV}" +PV = "0.2.0+git${SRCPV}" S = "${WORKDIR}/git" inherit autotools pkgconfig diff --git a/external/meta-virtualization/recipes-containers/podman-compose/podman-compose_0.1.5.bb b/external/meta-virtualization/recipes-containers/podman-compose/podman-compose_0.1.5.bb new file mode 100644 index 00000000..4015069a --- /dev/null +++ b/external/meta-virtualization/recipes-containers/podman-compose/podman-compose_0.1.5.bb @@ -0,0 +1,15 @@ +DESCRIPTION = "An implementation of docker-compose with podman backend" +LICENSE = "GPLv2" +LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" + +inherit setuptools3 pypi + +SRC_URI = "git://github.com/containers/podman-compose.git" + +SRCREV = "f008986633879acf3f54848dabbf07cef8e9c68f" + +S = "${WORKDIR}/git" + +DEPENDS += "${PYTHON_PN}-pyyaml-native" + +RDEPENDS_${PN} += "${PYTHON_PN}-pyyaml" diff --git a/external/meta-virtualization/recipes-containers/podman/podman_git.bb b/external/meta-virtualization/recipes-containers/podman/podman_git.bb new file mode 100644 index 00000000..aa6b25b3 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/podman/podman_git.bb @@ -0,0 +1,119 @@ +HOMEPAGE = "https://podman.io/" +SUMMARY = "A daemonless container engine" +DESCRIPTION = "Podman is a daemonless container engine for developing, \ + managing, and running OCI Containers on your Linux System. Containers can \ + either be run as root or in rootless mode. Simply put: \ + `alias docker=podman`. \ + " + +DEPENDS = " \ + go-metalinter-native \ + go-md2man-native \ + gpgme \ + libseccomp \ + ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \ +" + +python __anonymous() { + msg = "" + # ERROR: Nothing PROVIDES 'libseccomp' (but meta-virtualization/recipes-containers/podman/ DEPENDS on or otherwise requires it). + # ERROR: Required build target 'meta-world-pkgdata' has no buildable providers. + # Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'podman', 'libseccomp'] + if 'security' not in d.getVar('BBFILE_COLLECTIONS').split(): + msg += "Make sure meta-security should be present as it provides 'libseccomp'" + raise bb.parse.SkipRecipe(msg) +} + +SRCREV = "444a19cdd2e6108c75f6c1aadc1a2a9138a8bd73" +SRC_URI = " \ + git://github.com/containers/libpod.git;branch=master \ +" + +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e" + +GO_IMPORT = "import" + +S = "${WORKDIR}/git" + +PV = "1.8.1+git${SRCREV}" + +PACKAGES =+ "${PN}-contrib" + +PODMAN_PKG = "github.com/containers/libpod" +BUILDTAGS ?= "seccomp varlink \ +${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \ +exclude_graphdriver_btrfs exclude_graphdriver_devicemapper" + +# overide LDFLAGS to allow podman to build without: "flag provided but not # defined: -Wl,-O1 +export LDFLAGS="" + +inherit go goarch +inherit systemd pkgconfig + +do_configure[noexec] = "1" + +EXTRA_OEMAKE = " \ + PREFIX=${prefix} BINDIR=${bindir} LIBEXECDIR=${libexecdir} \ + ETCDIR=${sysconfdir} TMPFILESDIR=${nonarch_libdir}/tmpfiles.d \ + SYSTEMDDIR=${systemd_unitdir}/system USERSYSTEMDDIR=${systemd_unitdir}/user \ +" + +# remove 'docker' from the packageconfig if you don't want podman to +# build and install the docker wrapper. If docker is enabled in the +# packageconfig, the podman package will rconfict with docker. +PACKAGECONFIG ?= "docker" + +do_compile() { + cd ${S}/src + rm -rf .gopath + mkdir -p .gopath/src/"$(dirname "${PODMAN_PKG}")" + ln -sf ../../../../import/ .gopath/src/"${PODMAN_PKG}" + + ln -sf "../../../import/vendor/github.com/varlink/" ".gopath/src/github.com/varlink" + + export GOARCH="${BUILD_GOARCH}" + export GOPATH="${S}/src/.gopath" + export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go" + + cd ${S}/src/.gopath/src/"${PODMAN_PKG}" + + oe_runmake cmd/podman/varlink/iopodman.go GO=go + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export GOARCH=${TARGET_GOARCH} + export CGO_ENABLED="1" + export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + + oe_runmake BUILDTAGS="${BUILDTAGS}" +} + +do_install() { + cd ${S}/src/.gopath/src/"${PODMAN_PKG}" + + oe_runmake install DESTDIR="${D}" + if ${@bb.utils.contains('PACKAGECONFIG', 'docker', 'true', 'false', d)}; then + oe_runmake install.docker DESTDIR="${D}" + fi + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + install -d ${D}${systemd_unitdir}/system + install -m 644 ${S}/src/import/contrib/systemd/system/podman.service ${D}/${systemd_unitdir}/system + install -m 644 ${S}/src/import/contrib/systemd/system/podman.socket ${D}/${systemd_unitdir}/system + rm -f ${D}/${systemd_unitdir}/system/docker.service.rpm + fi +} + +FILES_${PN} += " \ + ${systemd_unitdir}/system/* \ + ${systemd_unitdir}/user/* \ + ${nonarch_libdir}/tmpfiles.d/* \ + ${sysconfdir}/cni \ +" + +SYSTEMD_SERVICE_${PN} = "podman.service podman.socket" + +RDEPENDS_${PN} += "conmon virtual/runc iptables cni skopeo" +RRECOMMENDS_${PN} += "slirp4netns" +RCONFLICTS_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'docker', 'docker', '', d)}" diff --git a/external/meta-virtualization/recipes-containers/riddler/riddler_git.bb b/external/meta-virtualization/recipes-containers/riddler/riddler_git.bb index 9f7fe6b4..08976060 100644 --- a/external/meta-virtualization/recipes-containers/riddler/riddler_git.bb +++ b/external/meta-virtualization/recipes-containers/riddler/riddler_git.bb @@ -13,6 +13,10 @@ S = "${WORKDIR}/git" inherit goarch inherit go +# In addition to hosts go does not like, we do not build for mips. +# +COMPATIBLE_HOST_mipsarch = "null" + # This disables seccomp and apparmor, which are on by default in the # go package. EXTRA_OEMAKE="BUILDTAGS=''" diff --git a/external/meta-virtualization/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch b/external/meta-virtualization/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch new file mode 100644 index 00000000..94cbb4cb --- /dev/null +++ b/external/meta-virtualization/recipes-containers/runc/files/0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch @@ -0,0 +1,35 @@ +From d2c47a973f354ffd505bb4e809c59e57b543726d Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Tue, 6 Aug 2019 19:01:45 +0800 +Subject: [PATCH] Makefile: respect GOBUILDFLAGS for runc and remove recvtty + from static + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + Makefile | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index 0f26a1c8..a0c6b40b 100644 +--- a/src/import/Makefile ++++ b/src/import/Makefile +@@ -30,7 +30,7 @@ SHELL := $(shell command -v bash 2>/dev/null) + .DEFAULT: runc + + runc: $(SOURCES) +- $(GO) build -buildmode=pie $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc . ++ $(GO) build $(GOBUILDFLAGS) $(EXTRA_FLAGS) -ldflags "-X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -tags "$(BUILDTAGS)" -o runc . + + all: runc recvtty + +@@ -41,7 +41,6 @@ contrib/cmd/recvtty/recvtty: $(SOURCES) + + static: $(SOURCES) + CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc . +- CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty + + release: + script/release.sh -r release/$(VERSION) -v $(VERSION) +-- +2.17.1 + diff --git a/external/meta-virtualization/recipes-containers/runc/files/0001-Only-allow-proc-mount-if-it-is-procfs.patch b/external/meta-virtualization/recipes-containers/runc/files/0001-Only-allow-proc-mount-if-it-is-procfs.patch new file mode 100644 index 00000000..5aca99e2 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/runc/files/0001-Only-allow-proc-mount-if-it-is-procfs.patch @@ -0,0 +1,201 @@ +From d75b05441772417a0828465a9483f16287937724 Mon Sep 17 00:00:00 2001 +From: Michael Crosby <crosbymichael@gmail.com> +Date: Mon, 23 Sep 2019 16:45:45 -0400 +Subject: [PATCH] Only allow proc mount if it is procfs + +Fixes #2128 + +This allows proc to be bind mounted for host and rootless namespace usecases but +it removes the ability to mount over the top of proc with a directory. + +```bash +> sudo docker run --rm apparmor +docker: Error response from daemon: OCI runtime create failed: +container_linux.go:346: starting container process caused "process_linux.go:449: +container init caused \"rootfs_linux.go:58: mounting +\\\"/var/lib/docker/volumes/aae28ea068c33d60e64d1a75916cf3ec2dc3634f97571854c9ed30c8401460c1/_data\\\" +to rootfs +\\\"/var/lib/docker/overlay2/a6be5ae911bf19f8eecb23a295dec85be9a8ee8da66e9fb55b47c841d1e381b7/merged\\\" +at \\\"/proc\\\" caused +\\\"\\\\\\\"/var/lib/docker/overlay2/a6be5ae911bf19f8eecb23a295dec85be9a8ee8da66e9fb55b47c841d1e381b7/merged/proc\\\\\\\" +cannot be mounted because it is not of type proc\\\"\"": unknown. + +> sudo docker run --rm -v /proc:/proc apparmor + +docker-default (enforce) root 18989 0.9 0.0 1288 4 ? +Ss 16:47 0:00 sleep 20 +``` + +Signed-off-by: Michael Crosby <crosbymichael@gmail.com> + +Upstream-Status: Backport [https://github.com/opencontainers/runc/pull/2129/commits/331692baa7afdf6c186f8667cb0e6362ea0802b3] + +CVE: CVE-2019-16884 + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> +--- + libcontainer/container_linux.go | 4 +-- + libcontainer/rootfs_linux.go | 50 +++++++++++++++++++++++-------- + libcontainer/rootfs_linux_test.go | 8 ++--- + 3 files changed, 43 insertions(+), 19 deletions(-) + +diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go +index 7e58e5e0..d51e35df 100644 +--- a/src/import/libcontainer/container_linux.go ++++ b/src/import/libcontainer/container_linux.go +@@ -19,7 +19,7 @@ import ( + "syscall" // only for SysProcAttr and Signal + "time" + +- "github.com/cyphar/filepath-securejoin" ++ securejoin "github.com/cyphar/filepath-securejoin" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" + "github.com/opencontainers/runc/libcontainer/intelrdt" +@@ -1160,7 +1160,7 @@ func (c *linuxContainer) makeCriuRestoreMountpoints(m *configs.Mount) error { + if err != nil { + return err + } +- if err := checkMountDestination(c.config.Rootfs, dest); err != nil { ++ if err := checkProcMount(c.config.Rootfs, dest, ""); err != nil { + return err + } + m.Destination = dest +diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go +index f13b226e..5650b0ac 100644 +--- a/src/import/libcontainer/rootfs_linux.go ++++ b/src/import/libcontainer/rootfs_linux.go +@@ -13,7 +13,7 @@ import ( + "strings" + "time" + +- "github.com/cyphar/filepath-securejoin" ++ securejoin "github.com/cyphar/filepath-securejoin" + "github.com/mrunalp/fileutils" + "github.com/opencontainers/runc/libcontainer/cgroups" + "github.com/opencontainers/runc/libcontainer/configs" +@@ -197,7 +197,7 @@ func prepareBindMount(m *configs.Mount, rootfs string) error { + if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil { + return err + } +- if err := checkMountDestination(rootfs, dest); err != nil { ++ if err := checkProcMount(rootfs, dest, m.Source); err != nil { + return err + } + // update the mount with the correct dest after symlinks are resolved. +@@ -388,7 +388,7 @@ func mountToRootfs(m *configs.Mount, rootfs, mountLabel string, enableCgroupns b + if dest, err = securejoin.SecureJoin(rootfs, m.Destination); err != nil { + return err + } +- if err := checkMountDestination(rootfs, dest); err != nil { ++ if err := checkProcMount(rootfs, dest, m.Source); err != nil { + return err + } + // update the mount with the correct dest after symlinks are resolved. +@@ -435,12 +435,12 @@ func getCgroupMounts(m *configs.Mount) ([]*configs.Mount, error) { + return binds, nil + } + +-// checkMountDestination checks to ensure that the mount destination is not over the top of /proc. ++// checkProcMount checks to ensure that the mount destination is not over the top of /proc. + // dest is required to be an abs path and have any symlinks resolved before calling this function. +-func checkMountDestination(rootfs, dest string) error { +- invalidDestinations := []string{ +- "/proc", +- } ++// ++// if source is nil, don't stat the filesystem. This is used for restore of a checkpoint. ++func checkProcMount(rootfs, dest, source string) error { ++ const procPath = "/proc" + // White list, it should be sub directories of invalid destinations + validDestinations := []string{ + // These entries can be bind mounted by files emulated by fuse, +@@ -463,16 +463,40 @@ func checkMountDestination(rootfs, dest string) error { + return nil + } + } +- for _, invalid := range invalidDestinations { +- path, err := filepath.Rel(filepath.Join(rootfs, invalid), dest) ++ path, err := filepath.Rel(filepath.Join(rootfs, procPath), dest) ++ if err != nil { ++ return err ++ } ++ // pass if the mount path is located outside of /proc ++ if strings.HasPrefix(path, "..") { ++ return nil ++ } ++ if path == "." { ++ // an empty source is pasted on restore ++ if source == "" { ++ return nil ++ } ++ // only allow a mount on-top of proc if it's source is "proc" ++ isproc, err := isProc(source) + if err != nil { + return err + } +- if path != "." && !strings.HasPrefix(path, "..") { +- return fmt.Errorf("%q cannot be mounted because it is located inside %q", dest, invalid) ++ // pass if the mount is happening on top of /proc and the source of ++ // the mount is a proc filesystem ++ if isproc { ++ return nil + } ++ return fmt.Errorf("%q cannot be mounted because it is not of type proc", dest) + } +- return nil ++ return fmt.Errorf("%q cannot be mounted because it is inside /proc", dest) ++} ++ ++func isProc(path string) (bool, error) { ++ var s unix.Statfs_t ++ if err := unix.Statfs(path, &s); err != nil { ++ return false, err ++ } ++ return s.Type == unix.PROC_SUPER_MAGIC, nil + } + + func setupDevSymlinks(rootfs string) error { +diff --git a/libcontainer/rootfs_linux_test.go b/libcontainer/rootfs_linux_test.go +index d755984b..1bfe7c66 100644 +--- a/src/import/libcontainer/rootfs_linux_test.go ++++ b/src/import/libcontainer/rootfs_linux_test.go +@@ -10,7 +10,7 @@ import ( + + func TestCheckMountDestOnProc(t *testing.T) { + dest := "/rootfs/proc/sys" +- err := checkMountDestination("/rootfs", dest) ++ err := checkProcMount("/rootfs", dest, "") + if err == nil { + t.Fatal("destination inside proc should return an error") + } +@@ -18,7 +18,7 @@ func TestCheckMountDestOnProc(t *testing.T) { + + func TestCheckMountDestOnProcChroot(t *testing.T) { + dest := "/rootfs/proc/" +- err := checkMountDestination("/rootfs", dest) ++ err := checkProcMount("/rootfs", dest, "/proc") + if err != nil { + t.Fatal("destination inside proc when using chroot should not return an error") + } +@@ -26,7 +26,7 @@ func TestCheckMountDestOnProcChroot(t *testing.T) { + + func TestCheckMountDestInSys(t *testing.T) { + dest := "/rootfs//sys/fs/cgroup" +- err := checkMountDestination("/rootfs", dest) ++ err := checkProcMount("/rootfs", dest, "") + if err != nil { + t.Fatal("destination inside /sys should not return an error") + } +@@ -34,7 +34,7 @@ func TestCheckMountDestInSys(t *testing.T) { + + func TestCheckMountDestFalsePositive(t *testing.T) { + dest := "/rootfs/sysfiles/fs/cgroup" +- err := checkMountDestination("/rootfs", dest) ++ err := checkProcMount("/rootfs", dest, "") + if err != nil { + t.Fatal(err) + } +-- +2.17.1 + diff --git a/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch deleted file mode 100644 index faeac46f..00000000 --- a/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch +++ /dev/null @@ -1,22 +0,0 @@ -From a9a2b9e72027d0b2357f6dfe8b154762aaa8dd02 Mon Sep 17 00:00:00 2001 -From: Bruce Ashfield <bruce.ashfield@windriver.com> -Date: Thu, 19 Apr 2018 16:39:41 -0400 -Subject: [PATCH] build: drop recvtty and use GOBUILDFLAGS - -Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> ---- - Makefile | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -Index: git/src/import/Makefile -=================================================================== ---- git.orig/src/import/Makefile -+++ git/src/import/Makefile -@@ -41,7 +41,6 @@ - - static: $(SOURCES) - CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo cgo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o runc . -- CGO_ENABLED=1 $(GO) build $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo cgo static_build" -installsuffix netgo -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION} $(EXTRA_LDFLAGS)" -o contrib/cmd/recvtty/recvtty ./contrib/cmd/recvtty - - release: - script/release.sh -r release/$(VERSION) -v $(VERSION) diff --git a/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch index 9ccbccb2..0af74952 100644 --- a/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch +++ b/external/meta-virtualization/recipes-containers/runc/runc-docker/0001-runc-docker-SIGUSR1-daemonize.patch @@ -51,14 +51,13 @@ Index: git/src/import/signals.go pid1, err := process.Pid() if err != nil { -@@ -68,12 +66,61 @@ +@@ -68,11 +66,60 @@ if h.notifySocket != nil { if detach { h.notifySocket.run(pid1) - return 0, nil - } else { - go h.notifySocket.run(0) } + go h.notifySocket.run(0) } + if (detach) { @@ -118,7 +117,7 @@ Index: git/src/import/utils_linux.go =================================================================== --- git.orig/src/import/utils_linux.go +++ git/src/import/utils_linux.go -@@ -338,7 +338,7 @@ +@@ -347,7 +347,7 @@ if err != nil { r.terminate(process) } diff --git a/external/meta-virtualization/recipes-containers/runc/runc-docker_git.bb b/external/meta-virtualization/recipes-containers/runc/runc-docker_git.bb index 02bda318..8d810d01 100644 --- a/external/meta-virtualization/recipes-containers/runc/runc-docker_git.bb +++ b/external/meta-virtualization/recipes-containers/runc/runc-docker_git.bb @@ -2,11 +2,12 @@ include runc.inc # Note: this rev is before the required protocol field, update when all components # have been updated to match. -SRCREV_runc-docker = "6a2c15596845f6ff5182e2022f38a65e5dfa88eb" +SRCREV_runc-docker = "425e105d5a03fabd737a126ad93d62a9eeede87f" SRC_URI = "git://github.com/opencontainers/runc;nobranch=1;name=runc-docker \ file://0001-runc-Add-console-socket-dev-null.patch \ - file://0001-build-drop-recvtty-and-use-GOBUILDFLAGS.patch \ + file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \ file://0001-runc-docker-SIGUSR1-daemonize.patch \ + file://0001-Only-allow-proc-mount-if-it-is-procfs.patch \ " -RUNC_VERSION = "1.0.0-rc5" +RUNC_VERSION = "1.0.0-rc8" diff --git a/external/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb b/external/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb index eaee8efa..3a7e7aaf 100644 --- a/external/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb +++ b/external/meta-virtualization/recipes-containers/runc/runc-opencontainers_git.bb @@ -1,7 +1,9 @@ include runc.inc -SRCREV = "6a2c15596845f6ff5182e2022f38a65e5dfa88eb" +SRCREV = "652297c7c7e6c94e8d064ad5916c32891a6fd388" SRC_URI = " \ git://github.com/opencontainers/runc;branch=master \ + file://0001-Makefile-respect-GOBUILDFLAGS-for-runc-and-remove-re.patch \ + file://0001-Only-allow-proc-mount-if-it-is-procfs.patch \ " -RUNC_VERSION = "1.0.0-rc5" +RUNC_VERSION = "1.0.0-rc8" diff --git a/external/meta-virtualization/recipes-containers/runc/runc.inc b/external/meta-virtualization/recipes-containers/runc/runc.inc index 6d11a6ef..41ea41be 100644 --- a/external/meta-virtualization/recipes-containers/runc/runc.inc +++ b/external/meta-virtualization/recipes-containers/runc/runc.inc @@ -14,10 +14,11 @@ inherit go inherit goarch inherit pkgconfig -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "static" PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" +# This PACKAGECONFIG serves the purpose of whether building runc as static or not +PACKAGECONFIG[static] = "" -RRECOMMENDS_${PN} = "lxc docker" PROVIDES += "virtual/runc" RPROVIDES_${PN} = "virtual/runc" @@ -55,7 +56,11 @@ do_compile() { export CFLAGS="" export LDFLAGS="" - oe_runmake static + if ${@bb.utils.contains('PACKAGECONFIG', 'static', 'true', 'false', d)}; then + oe_runmake static + else + oe_runmake runc + fi } do_install() { @@ -65,4 +70,3 @@ do_install() { ln -sf runc ${D}/${bindir}/docker-runc } -INHIBIT_PACKAGE_STRIP = "1" diff --git a/external/meta-virtualization/recipes-containers/singularity/singularity/0001-Use-python3.patch b/external/meta-virtualization/recipes-containers/singularity/singularity/0001-Use-python3.patch new file mode 100644 index 00000000..dbfe06e4 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/singularity/singularity/0001-Use-python3.patch @@ -0,0 +1,148 @@ +From 758c1edc7bf3d2a023954f4fcc9ddf46fd370272 Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Thu, 21 May 2020 14:14:56 +0200 +Subject: [PATCH] Use python3 + +* without /usr/bin/python this just fails to configure with: + | checking for python... no + | configure: error: Please install python before installing. + | WARNING: exit code 1 from a shell command. + +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + configure.ac | 6 +++--- + etc/configure_transform.py | 2 +- + libexec/python/helpers/json/add.py | 2 +- + libexec/python/helpers/json/delete.py | 2 +- + libexec/python/helpers/json/dump.py | 2 +- + libexec/python/helpers/json/get.py | 2 +- + libexec/python/helpers/json/inspect.py | 2 +- + libexec/python/import.py | 2 +- + libexec/python/pull.py | 2 +- + libexec/python/shub/api.py | 2 +- + libexec/python/size.py | 2 +- + 11 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 8ffa5ab32..71a1605b2 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -251,15 +251,15 @@ fi + # PYTHON + # --------------------------------------------------------------------- + +-AC_CHECK_PROG(PYTHON_CHECK,python,yes) ++AC_CHECK_PROG(PYTHON_CHECK,python3,yes) + if test x"$PYTHON_CHECK" != x"yes" ; then +- AC_MSG_ERROR([Please install python before installing.]) ++ AC_MSG_ERROR([Please install python3 before installing.]) + else + + PYTHON_MODULES="base64 datetime glob hashlib io itertools json math multiprocessing pickle pwd re shutil signal subprocess stat sys tarfile tempfile time" + for PYTHON_MODULE in $PYTHON_MODULES; do + AC_MSG_CHECKING([for the $PYTHON_MODULE python module]) +- python_module_result=`python -c "import $PYTHON_MODULE" 2>&1` ++ python_module_result=`python3 -c "import $PYTHON_MODULE" 2>&1` + if test -z "$python_module_result"; then + AC_MSG_RESULT([yes]) + else +diff --git a/etc/configure_transform.py b/etc/configure_transform.py +index a1ff5c427..9ec445d21 100755 +--- a/etc/configure_transform.py ++++ b/etc/configure_transform.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + # + # Copyright (c) 2017, SingularityWare, LLC. All rights reserved. + # +diff --git a/libexec/python/helpers/json/add.py b/libexec/python/helpers/json/add.py +index b24aec75a..22abbbeb9 100644 +--- a/libexec/python/helpers/json/add.py ++++ b/libexec/python/helpers/json/add.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + +diff --git a/libexec/python/helpers/json/delete.py b/libexec/python/helpers/json/delete.py +index 0975e4e60..07e255228 100644 +--- a/libexec/python/helpers/json/delete.py ++++ b/libexec/python/helpers/json/delete.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + +diff --git a/libexec/python/helpers/json/dump.py b/libexec/python/helpers/json/dump.py +index ddba06e4a..37a8edf70 100644 +--- a/libexec/python/helpers/json/dump.py ++++ b/libexec/python/helpers/json/dump.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + +diff --git a/libexec/python/helpers/json/get.py b/libexec/python/helpers/json/get.py +index 355be9040..d1d822aea 100644 +--- a/libexec/python/helpers/json/get.py ++++ b/libexec/python/helpers/json/get.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + +diff --git a/libexec/python/helpers/json/inspect.py b/libexec/python/helpers/json/inspect.py +index 65772a4ef..61c723495 100644 +--- a/libexec/python/helpers/json/inspect.py ++++ b/libexec/python/helpers/json/inspect.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + +diff --git a/libexec/python/import.py b/libexec/python/import.py +index 2ec208417..1c58eda5c 100644 +--- a/libexec/python/import.py ++++ b/libexec/python/import.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + +diff --git a/libexec/python/pull.py b/libexec/python/pull.py +index 1cd705c90..4431023f3 100644 +--- a/libexec/python/pull.py ++++ b/libexec/python/pull.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + +diff --git a/libexec/python/shub/api.py b/libexec/python/shub/api.py +index 850d167e7..3c8313ad5 100644 +--- a/libexec/python/shub/api.py ++++ b/libexec/python/shub/api.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + +diff --git a/libexec/python/size.py b/libexec/python/size.py +index 34331fd27..99581ce52 100644 +--- a/libexec/python/size.py ++++ b/libexec/python/size.py +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + + ''' + diff --git a/external/meta-virtualization/recipes-containers/singularity/singularity_git.bb b/external/meta-virtualization/recipes-containers/singularity/singularity_git.bb index 6fee8f35..103270dd 100644 --- a/external/meta-virtualization/recipes-containers/singularity/singularity_git.bb +++ b/external/meta-virtualization/recipes-containers/singularity/singularity_git.bb @@ -3,9 +3,6 @@ INSANE_SKIP_${PN} += "dev-so" RDEPENDS_${PN} += "glibc python3 ca-certificates openssl bash e2fsprogs-mke2fs" -# Singularity expects to find python3 under the name python, therefore both -# cannot be installed at the same time. -RCONFLICTS_${PN} = "python" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://COPYRIGHT.md;md5=be78c34e483dd7d8439358b1e024b294 \ @@ -13,23 +10,20 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT.md;md5=be78c34e483dd7d8439358b1e024b294 \ file://LICENSE.md;md5=df4326b473db6424033f1d98a5645e30 \ file://debian/copyright;md5=ed267cf386d9b75ab1f27f407e935b10" -SRC_URI = "git://github.com/singularityware/singularity.git;protocol=https" +SRC_URI = "git://github.com/singularityware/singularity.git;protocol=https \ + file://0001-Use-python3.patch \ +" PV = "2.3.1+git${SRCPV}" SRCREV = "e214d4ebf0a1274b1c63b095fd55ae61c7e92947" S = "${WORKDIR}/git" -inherit pythonnative autotools-brokensep +inherit python3native autotools-brokensep EXTRA_OECONF = "--prefix=/usr/local" pkg_postinst_${PN}() { - # Singularity requires "python" to resolve to "python3" within the commandline. - # This creates a symbolic link from python3 to python. A side-effect of this is - # that scripts which expect Python 2 may fail to run correctly. - ln -sr $D${bindir}/python3 $D${bindir}/python - # python3 expects CA certificates to be installed in a different place to where # they are actually installed. These lines link the two locations. - rm -r $D${libdir}/ssl-1.1/certs - ln -sr $D${sysconfdir}/ssl/certs $D${libdir}/ssl-1.1 + rm -r $D${libdir}/ssl/certs + ln -sr $D${sysconfdir}/ssl/certs $D${libdir}/ssl } diff --git a/external/meta-virtualization/recipes-containers/skopeo/files/registries.conf b/external/meta-virtualization/recipes-containers/skopeo/files/registries.conf new file mode 100644 index 00000000..ba6c3f6e --- /dev/null +++ b/external/meta-virtualization/recipes-containers/skopeo/files/registries.conf @@ -0,0 +1,25 @@ +# This is a system-wide configuration file used to +# keep track of registries for various container backends. +# It adheres to TOML format and does not support recursive +# lists of registries. + +# The default location for this configuration file is /etc/containers/registries.conf. + +# The only valid categories are: 'registries.search', 'registries.insecure', +# and 'registries.block'. + +[registries.search] +registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] + +# If you need to access insecure registries, add the registry's fully-qualified name. +# An insecure registry is one that does not have a valid SSL certificate or only does HTTP. +[registries.insecure] +registries = [] + + +# If you need to block pull access from a registry, uncomment the section below +# and add the registries fully-qualified name. +# +# Docker only +[registries.block] +registries = [] diff --git a/external/meta-virtualization/recipes-containers/skopeo/files/storage.conf b/external/meta-virtualization/recipes-containers/skopeo/files/storage.conf new file mode 100644 index 00000000..818cfe8f --- /dev/null +++ b/external/meta-virtualization/recipes-containers/skopeo/files/storage.conf @@ -0,0 +1,133 @@ +# This file is is the configuration file for all tools +# that use the containers/storage library. +# See man 5 containers-storage.conf for more information +# The "container storage" table contains all of the server options. +[storage] + +# Default Storage Driver +driver = "overlay" + +# Temporary storage location +runroot = "/var/run/containers/storage" + +# Primary Read/Write location of container storage +graphroot = "/var/lib/containers/storage" + +[storage.options] +# Storage options to be passed to underlying storage drivers + +# AdditionalImageStores is used to pass paths to additional Read/Only image stores +# Must be comma separated list. +additionalimagestores = [ +] + +# Size is used to set a maximum size of the container image. Only supported by +# certain container storage drivers. +size = "" + +# Path to an helper program to use for mounting the file system instead of mounting it +# directly. +#mount_program = "/usr/bin/fuse-overlayfs" + +# OverrideKernelCheck tells the driver to ignore kernel checks based on kernel version +override_kernel_check = "true" + +# mountopt specifies comma separated list of extra mount options +mountopt = "nodev" + +# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of +# a container, to UIDs/GIDs as they should appear outside of the container, and +# the length of the range of UIDs/GIDs. Additional mapped sets can be listed +# and will be heeded by libraries, but there are limits to the number of +# mappings which the kernel will allow when you later attempt to run a +# container. +# +# remap-uids = 0:1668442479:65536 +# remap-gids = 0:1668442479:65536 + +# Remap-User/Group is a name which can be used to look up one or more UID/GID +# ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting +# with an in-container ID of 0 and the a host-level ID taken from the lowest +# range that matches the specified name, and using the length of that range. +# Additional ranges are then assigned, using the ranges which specify the +# lowest host-level IDs first, to the lowest not-yet-mapped container-level ID, +# until all of the entries have been used for maps. +# +# remap-user = "storage" +# remap-group = "storage" + +[storage.options.thinpool] +# Storage Options for thinpool + +# autoextend_percent determines the amount by which pool needs to be +# grown. This is specified in terms of % of pool size. So a value of 20 means +# that when threshold is hit, pool will be grown by 20% of existing +# pool size. +# autoextend_percent = "20" + +# autoextend_threshold determines the pool extension threshold in terms +# of percentage of pool size. For example, if threshold is 60, that means when +# pool is 60% full, threshold has been hit. +# autoextend_threshold = "80" + +# basesize specifies the size to use when creating the base device, which +# limits the size of images and containers. +# basesize = "10G" + +# blocksize specifies a custom blocksize to use for the thin pool. +# blocksize="64k" + +# directlvm_device specifies a custom block storage device to use for the +# thin pool. Required if you setup devicemapper. +# directlvm_device = "" + +# directlvm_device_force wipes device even if device already has a filesystem. +# directlvm_device_force = "True" + +# fs specifies the filesystem type to use for the base device. +# fs="xfs" + +# log_level sets the log level of devicemapper. +# 0: LogLevelSuppress 0 (Default) +# 2: LogLevelFatal +# 3: LogLevelErr +# 4: LogLevelWarn +# 5: LogLevelNotice +# 6: LogLevelInfo +# 7: LogLevelDebug +# log_level = "7" + +# min_free_space specifies the min free space percent in a thin pool require for +# new device creation to succeed. Valid values are from 0% - 99%. +# Value 0% disables +# min_free_space = "10%" + +# mkfsarg specifies extra mkfs arguments to be used when creating the base. +# device. +# mkfsarg = "" + +# use_deferred_removal marks devicemapper block device for deferred removal. +# If the thinpool is in use when the driver attempts to remove it, the driver +# tells the kernel to remove it as soon as possible. Note this does not free +# up the disk space, use deferred deletion to fully remove the thinpool. +# use_deferred_removal = "True" + +# use_deferred_deletion marks thinpool device for deferred deletion. +# If the device is busy when the driver attempts to delete it, the driver +# will attempt to delete device every 30 seconds until successful. +# If the program using the driver exits, the driver will continue attempting +# to cleanup the next time the driver is used. Deferred deletion permanently +# deletes the device and all data stored in device will be lost. +# use_deferred_deletion = "True" + +# xfs_nospace_max_retries specifies the maximum number of retries XFS should +# attempt to complete IO when ENOSPC (no space) error is returned by +# underlying storage device. +# xfs_nospace_max_retries = "0" + +# If specified, use OSTree to deduplicate files with the overlay backend +ostree_repo = "" + +# Set to skip a PRIVATE bind mount on the storage home directory. Only supported by +# certain container storage drivers +skip_mount_home = "false" diff --git a/external/meta-virtualization/recipes-containers/skopeo/skopeo_git.bb b/external/meta-virtualization/recipes-containers/skopeo/skopeo_git.bb new file mode 100644 index 00000000..f5a62313 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/skopeo/skopeo_git.bb @@ -0,0 +1,80 @@ +HOMEPAGE = "https://github.com/containers/skopeo" +SUMMARY = "Work with remote images registries - retrieving information, images, signing content" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=7e611105d3e369954840a6668c438584" + +DEPENDS = " \ + gpgme \ + multipath-tools \ + btrfs-tools \ + glib-2.0 \ + ostree \ +" + +inherit go + +RDEPENDS_${PN} = " \ + gpgme \ + libgpg-error \ + libassuan \ +" + +SRC_URI = " \ + git://github.com/containers/skopeo \ + file://storage.conf \ + file://registries.conf \ +" + +SRCREV = "1cf1e06582142c522543560f2bc6d6756696e8ad" +PV = "v0.1.39-dev+git${SRCPV}" +GO_IMPORT = "import" + +S = "${WORKDIR}/git" + +inherit goarch +inherit pkgconfig + +# This disables seccomp and apparmor, which are on by default in the +# go package. +EXTRA_OEMAKE="BUILDTAGS=''" + +do_compile() { + export GOARCH="${TARGET_GOARCH}" + + # Setup vendor directory so that it can be used in GOPATH. + # + # Go looks in a src directory under any directory in GOPATH but riddler + # uses 'vendor' instead of 'vendor/src'. We can fix this with a symlink. + # + # We also need to link in the ipallocator directory as that is not under + # a src directory. + ln -sfn . "${S}/src/import/vendor/src" + mkdir -p "${S}/src/import/vendor/src/github.com/projectatomic/skopeo" + ln -sfn "${S}/src/import/skopeo" "${S}/src/import/vendor/src/github.com/projectatomic/skopeo" + ln -sfn "${S}/src/import/version" "${S}/src/import/vendor/src/github.com/projectatomic/skopeo/version" + export GOPATH="${S}/src/import/vendor" + + # Pass the needed cflags/ldflags so that cgo + # can find the needed headers files and libraries + export CGO_ENABLED="1" + export CFLAGS="" + export LDFLAGS="" + export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + cd ${S}/src/import + + oe_runmake binary-local +} + +do_install() { + install -d ${D}/${sbindir} + install -d ${D}/${sysconfdir}/containers + + install ${S}/src/import/skopeo ${D}/${sbindir}/ + install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json + + install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf + install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf +} + +INSANE_SKIP_${PN} += "ldflags" diff --git a/external/meta-virtualization/recipes-containers/sloci-image/sloci-image-native_git.bb b/external/meta-virtualization/recipes-containers/sloci-image/sloci-image-native_git.bb new file mode 100644 index 00000000..56e8e0f1 --- /dev/null +++ b/external/meta-virtualization/recipes-containers/sloci-image/sloci-image-native_git.bb @@ -0,0 +1,22 @@ +SUMMARY = "A simple CLI tool for packing rootfs into a single-layer OCI image" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://git/LICENSE;md5=948cd8e59069fad992b0469af9ad7966" +SRC_URI = "git://github.com/jirutka/sloci-image.git" + +DEPENDS = "" + +SRCREV = "4015e49763e5a738026a5bbfcf32b38b5a4fa650" +PV = "v0.1.0+git${SRCPV}" + +inherit native + +S = "${WORKDIR}" + +do_compile() { + : +} + +do_install() { + cd ${S}/git + make PREFIX="${exec_prefix}" DESTDIR=${D} install +} |