lxc-net enabled the IPv6 by default since v6.0.0[1], when named enabled on
system, the lxc-net which based on dnsmasq would fail to bind the IPv6
address on lxcbrX interface, that cause lxc cannot work correctly.
LXC upstream changed the default v6 address again[2], we need to line up with
upstream. Updated the lxc-net default v6 address to named.conf.option to tell
named don't bind and listen that address.
Ref:
[1] https://github.com/lxc/lxc/commit/e8888344
[2] https://github.com/lxc/lxc/commit/31012d49
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
With:
https://lists.openembedded.org/g/bitbake-devel/message/17508
there are many WARNINGs from this layer will cover src_uri.inc files
in next commit.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As it turns out CNI needs iptables to configure some plugins,
and without it we get a silent fail. It will also be added
to the recipe as a RRECOMMENDS, but we also put it in the
packagegroup for more visibility.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When debugging or configuration networking for CNI and
containerd we should ensure that support utilties are present.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adding the following new pacakge groups:
packagegroup-cni
packagegroup-netavark
packagegroup-container-tools
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
cri-tools aims to provide a series of debugging and validation
tools for Kubelet CRI, which includes:
crictl: CLI for kubelet CRI.
critest: validation test suites for kubelet CRI.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
lxc-net enabled the IPv6 by default since v6.0.0[1], when named enabled on
system, the lxc-net which based on dnsmasq would fail to bind the IPv6
address on lxcbrX interface, that cause lxc cannot work correctly.
Add the lxc-net default v6 address to named.conf.option to tell named don't
bind and listen that address.
[1] https://github.com/lxc/lxc/commit/e8888344
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To ensure that the go code can be unpacked and the license file
found, we add destsuffix to the SRC_URI.
We still have a gcc14 build issue, but this at least gets us
to that issue.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Now that UNPACKDIR has been introduced to OE-Core, use it in the
do_install fuction so that as/when things move around and UNPACKDIR
is no longer WORKDIR, it continues to work correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
libvirtd has its own network interface named virbr0, and it using
dnsmasq to setup the DNS. the named.service also listen interface and try to
bind the port 59 on virtbr0, that cause dnsmasq report following error:
dnsmasq: failed to create listening socket for 192.168.122.1: Address already in use
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
runv rdepends on qemu, so update COMPATIBLE_HOST for runv to accord with qemu.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recipe *podman* requires the distro feature *ipv6*. Using a distro
without it causes the build of *packagegroup-container* fails, even if
*packagegroup-podman* is not used:
ERROR: Nothing RPROVIDES 'podman' (but /build/../work/layers-3rdparty/meta-virtualization/recipes-core/packagegroups/packagegroup-container.bb RDEPENDS on or otherwise requires it)
podman was skipped: missing required distro feature 'ipv6' (not in DISTRO_FEATURES)
NOTE: Runtime target 'podman' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['podman']
NOTE: Runtime target 'packagegroup-docker' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['packagegroup-docker', 'podman']
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
packagegroup-kubernetes requires kubernetes which is only compatible
with x86_64, arm and aarch64, so set COMPATIBLE_HOST for
packagegroup-kubernetes to align with it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recipe docker-moby which is required by packagegroup-container is
not compatible with mips. And it inherits goarch.bbclass, so it is not
compatible with riscv32 too. Update COMPATIBLE_HOST accordingly for
packagegroup-container.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Currently oci-image-tools has a do_compile error for riscv64. The
problem could be reproduced by:
MACHINE=qemuriscv64 bitbake oci-image-tools
So explicitly set COMPATIBLE_HOST here to avoid it building for riscv64.
When someone interested in using this recipe for riscv64 fixes the
compile issue, this setting could be removed.
Also don't build packagegroup-container/packagegroup-kubernetes since
they depends on oci-image-tools
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Not hardcoding the version of busybox from the core layer in this layer
is a small improvement for maintenance.
But the main motivation is to support the following layer combination
without getting a parse error from bitbake:
- poky LTS, branch = kirkstone
- meta-lts-mixins, branch = kirkstone/go
- meta-lts-mixins, branch = kirkstone/rust
- meta-virtualization, branch = master
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OEcore has an update to busybox, and since we include the core
recipe directly, we have to update our PV to match.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
While the insane.bbclass upstream-status check hasn't been made
default, users of meta-virtualization may have it enabled in their
distros .. so the effect is the same. We must have this tracking
tag in out patches.
This is a bulk update to add the tag and silence the QA message.
As packages get updated, the normal/routine process of checking
the patches will continue, and the status fields may (or may not)
get more useful.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The base inittab recipe is creating inittab entries for consoles listed
in SERIAL_CONSOLES.
For qemu, this contains "115200,hvc0" so an entry is created in inittab
for it.
Prevent to create a second entry if hvc0 is present in SERIAL_CONSOLES.
On qemuarm, this solves issues with the console when starting on top of
Xen as dom0.
Signed-off-by: Bertrand Marquis <bertrand.marquis@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Although the components of kata containers aren't functional, we
keep it around in case someone is interested in fixing the recipe.
It was skipped from the global protocol=https addition for that
reason .. but in case someone is running global/world fetches, this
can cause a problem. So we add the missing procotol specification.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OE core commit a7d5150b621c2ab4e4 has bumped busybox to 1.35.0, so
we update our initrd recipe accordingly.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To ensure nodes can join the cluster, and have the proper configuration
of some kernel options we add two more packages to the packagegroup
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As introduced in the oe-core post:
https://lists.openembedded.org/g/openembedded-core/message/157623
SRC_URIs without an explicit branch will generate warnings, and
eventually be an error.
We run the provided conversion script to make sure that meta-virt
is ready for the change.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Similar to the oe-core commit:
commit 93ac180d8c389f16964bce8bd5538d9389e970e6
Author: Michael Opdenacker <michael.opdenacker@bootlin.com>
Date: Wed Sep 1 11:20:20 2021 +0200
meta: stop using "virtual/" in RPROVIDES and RDEPENDS
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
We stop rproviding virtual/containerd to keep the namespace clean.
There aren't many users of this virtual provides, but we keep
it around (for now) to maintain compatibility.
At the same time we convert the RPROVIDES to virtual-containerd, to keep
it available and consistent with oe-core use virtual-libc, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Similar to the oe-core commit:
commit 93ac180d8c389f16964bce8bd5538d9389e970e6
Author: Michael Opdenacker <michael.opdenacker@bootlin.com>
Date: Wed Sep 1 11:20:20 2021 +0200
meta: stop using "virtual/" in RPROVIDES and RDEPENDS
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
We stop rproviding virtual/runc to keep the namespace clean.
There aren't many users of this virtual provides, but we keep
it around (for now) to maintain compatibility.
At the same time we convert the RPROVIDES to virtual-runc, to keep
it available and consistent with oe-core use virtual-libc, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
OE core has updated busybox, so we bump to match.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
libseccomp has moved to oe-core, so we can drop our checks and
blacklisting of packages if meta-security is not in the layer
configuration.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To ensure yocto compatibility, we should not be changing the behaviour
of recipes simply when meta-virt is included.
As such, we change our sysvinit-inittab changes to only trigger when
virtualization is in the distro features.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add nsenter to Busybox configuration as it is required by Podman at runtime
Signed-off-by: Nathan Dunne <Nathan.Dunne@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* PNBLACKLISTs are IMHO a bit easier to read and easier to override from distro
which e.g. provides own recipe for libseccomp
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
* copy the skip from podman recipe, because this packagegroup
depends on podman
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
bumping runX to the 1.0 tag
- drop patches that are part of the release
- bump kernel to v5.4.104 to work with our gcc10
- tweak initrd install to use externally provided busybox
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
To make it easier to build container host or k*s host images (as
well as guests), we start to add some packagegroups that wrap the
required elements.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
In some scenarios (and package managers), packages post install
scripts may have references to /bin/sh.
The package manager doesn't know if the scripts will run on the
build host or target, so we get a calculated redepnds on /bin/sh
base-files and base-passwd fall into this category of having
post installs, but no need for /bin/sh on the target.
If you know what you are installing, and want the smallest
container possible, this package will satisfy the dependency when
assembling the rootfs.
To enable it, put the following in a configuration file (local.conf
or otherwise):
PACKAGE_EXTRA_ARCHS_append = " container-dummy-provides"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Some of the dependencies are no longer valid for the kata runtime
recipe.
This also drops hyperstart as a dependency. With this removal, we
need a replacement kernel and initrd for kata. That replacement
will happen in future commits.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We already have a distro feature that controls the static/non-static
configuration of libgcrypt: 'vmsep'
To avoid build errors on distros that don't have static libgcrypt
available, we move the CONFIG_STATIC config to a fragment and only
enable it whent he distro feature is set.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
runx knows how to build its own copy of busybox for its initrd,
adding a flag to allow us to select which mode we want.
Signed-off-by: Bruce Ashfield <bruce.ashfield@xilinx.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adding one build and one runtime robustness change:
- build: specify the syroot native as a library path to qemu user.
This allows us to run dynamic executables
- runtime: add a patch to increase the serial fd timeout. We'll
drop this once it is merged upstream.
Signed-off-by: Bruce Ashfield <bruce.ashfield@xilinx.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
