go 1.12 was removed from oe-core, but currently k8s cannot
be built successfully with go 1.13. See link below.
https://github.com/kubernetes/kubernetes/issues/82531
We need to wait for k8s to support go 1.13 and update it
to latest release, as well as its depedencies. Before this
is done, add back go 1.12 and use it.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add support for a new distro feature to control kubernetes versions
and related configuration.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
A regression was introduced by commit ab12e48a:
[ python3-docker-compose: uprev to 1.25.0 ]
python3-docker-compose depends on python3-paramiko hence also depends
on python3-nacl but that recipe does not exist.
Port it from meta-lmp layer.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
A regression was introduced by commit ab12e48a:
[ python3-docker-compose: uprev to 1.25.0 ]
python3-docker-compose depends on python3-paramiko but that recipe does
not exist.
Port it from meta-lmp layer and uprev to the latest release 2.7.0.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Trying to use docker info and hello world container without this module
causes a daemon error.
docker info error log:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the
docker daemon running?
dockerd error log:
PREROUTING chain: iptables failed: iptables --wait -t nat -A PREROUTING -m
addrtype --dst-type LOCAL -j DOCKER: iptables v1.8.3 (legacy): Couldn't
load match `addrtype':No such file or directory
Signed-off-by: Norbert Kaminski <norbert.kaminski@3mdeb.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since go was upgraded to 1.13, there is a failure:
...
| src/vendor/golang.org/x/net/http2/frame.go:17:2: use of vendored package not allowed
| ../../../recipe-sysroot/usr/lib64/go/src/net/http/h2_bundle.go:49:2: use of vendored package not allowed
...
Refer upstream suggestion [1]:
`or copying your vendor contents into GOPATH/src rather than
mapping them in to GOPATH/src/vendor.'
[1] https://github.com/golang/go/issues/34068
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Remove maximum version requirements for docker-compose so that it
does not require old version recipes.
The old version recipes required are as below.
* PyYAML
* requests
* urllib3
* idna
* jsonschema
The current one has been tested against https://docs.docker.com/compose/gettingstarted/.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Seems no one is referring this recipe, there is already a
python-sqlalchemy_1.1.5 recipe in this layer.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since commit [a092153 containerd: Disable for all mips machines] applied,
and the cri-o runtime depends `virtual/containerd', it should do the same
thing to disable for all mips machines
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Change to inherit features_check, since distro_features_check has been
deprecated in OE.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The python-pyyaml recipe in this layer is 5.1.2, fix the wrong
PREFERRED_VERSION_python-pyyaml.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Commit c97fe5036ef3df2967d086711e6c0c405941e14b is Kubernetes v1.16.2
(see https://github.com/kubernetes/kubernetes/releases for verification)
and building with the current recipe generates v1.16.2 binaies although
the package names state v1.16.1.
Change-Id: I5701c18cc3ce205ad906eda2595d9ad7f5748b17
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The python3-docker-compose_1.16.1 requires 'docker<3.0, >=2.5.1', while
python3-docker 3.4.0 is provided. Error occurs when running
'docker-compose --version'.
Upgrade to python3-docker-compose_1.21.2 to make it work.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating kubernetes to use the 1.16 relese (instead of the 1.16) alpha.
No issues were found in build and runtime testing of this versus the
alpha release.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The image tools were not building with the oe/cross GO compiler
and flags. As such, you could end up with a binary on target with
the wong elf interpreter (the host one).
With this, we properly use the settings from our build.
We also bump the SRCREV to pickup a few minor fixes to the package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The layer does not expect recipes in the first subdir. Move the
podman-compose recipe into a podman-compose subdirectory.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add recipe for the FUSE implementation of overlayfs. This is useful
to improve startup time for podman rootless containers.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add podman-compose, a docker-compose implementation for podman. The
current version is not feature complete, hence not all docker-compose
file work.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add a default registries.conf and storage.conf. Those config files
are used by several projects of the containers group like buildah or
podman. Provide it as part of skopeo like the other distributions do.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
It seems that docker uses nowadays a rather vanilla version of runc,
at the time of writing 1.0.0-rc8. This version has successfully
tested with podman, hence remove the obsolete comment.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Create the initial recipe to provide crun as an alternative OCI runtime
provider.
This currently has a depdenency on seccomp, but it would be nice if we
can make that optional in the future to avoid pulling in all of
meta-security as a dependency.
Example:
% skopeo copy docker://busybox oci:busybox-oci:latest
% mkdir busybox-bundle
% oci-image-tool create --ref platform.os=linux busybox-oci busybox-bundle
% cd busybox-bundle/
% rm config.json
% runc spec
% runc run foo
^D
% crun run foo
^D
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The layer check for podman was copied from cri-o .. and some non
podman elements came over as part of that copy. We drop selinux
as a check, and fix some comments.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
podman can behave as transparent drop in replacement for docker
via a wrapper 'docker' script that simply calls podman when any
docker command is issues.
While this is an interesting feature, we want it to be optional
.. since it is possible that podman and docker might want to be
installed at the same time.
So we introduce a 'podman' PACKAGECONFIG, that controls whether
or not this wrapper is installed, and if it is installed it marks
the podman package as conflicting with docker (which gets us a
better message than a failed image assembly provides).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
In a similar manner to cri-o, we don't want to make meta-selinux
or meta-security a hard dependency to meta-virtualization. So we
implement a similar anonymous python check that allows the recipe
to be skipped if the dependent layers are not present (and hence
we are yocto compatible). If we get more than two recipes doing
layer checks (this is the 2nd), we can move the functionality to
a class.
We also make the runc dependency be virtual/runc versus picking
a specific provider (even if only runc-opencontainers has been
tested).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
ostree is now provided by meta-oe, which is a required layer so
we can drop it from the anonymous python checks for layers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
A tool that concurrently runs a whole bunch of go linters and
normalises their output to a standard format. Useful to build
podman.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add conmon, a OCI container runtime monitor.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This tool converts markdown into roff (man pages). Useful to build
podman.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use a standard location to store the cni tools and plugins. This
is more in line how other distributions package cni. Keep a symlink
to /opt/cni/bin for backward compatibility.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
slirp4netns allows connecting a network namespace to the Internet
in a completely unprivileged way, by connecting a TAP device in a
network namespace to the usermode TCP/IP stack ("slirp")."
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
skopeo is a command line utility that performs various operations on
container images and image repositories.
skopeo can work with OCI images as well as the original Docker v2
images.
The recipe originates from from meta-overc commit a497792. It has
been updated with the new project URL and v0.1.39.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Podman is a daemonless container engine for developing, managing, and
running OCI Containers on your Linux System. Containers can either be
run as root or in rootless mode.
This patch adds the initial recipe for podman. Currently the build tags
systemd (if in DISTRO_FEATURES), seccomp, varlink and remoteclient are
enabled which allows to run podman with overlayfs as root and vfs in
rootless mode. The storage drivers btrfs and device-mapper have not
been tested and are disabled at the moment.
It seems that seccomp is mandatory, which makes meta-security which
provides libseccomp a mandatory dependency for this recipe.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Build libvirt results in the follow warning:
ERROR: libvirt-5.5.0-r0 do_package: libvirt-ptest: Multiple shlib providers for libvirt-admin.so.0: libvirt, libvirt-ptest
(used by files: ./tmp/work/aarch64-overc-linux/libvirt/5.5.0-r0/packages-split/libvirt-ptest/usr/lib/libvirt/ptest/tools/virt-admin)
ERROR: libvirt-5.5.0-r0 do_package: libvirt: Multiple shlib providers for libvirt-admin.so.0: libvirt, libvirt-ptest
(used by files: ./tmp/work/aarch64-overc-linux/libvirt/5.5.0-r0/packages-split/libvirt/usr/bin/virt-admin)
This is caused by the introduction of a shlib provider check added to
openembedded-core (commit 61c413690034 [package: Multiple
shlib_providers for the same file should error]). You can see the
issue and solution discussed more here
https://bugzilla.yoctoproject.org/show_bug.cgi?id=4628
Since the ptest version of the shared library will only be used by the
ptest package so we can use PRIVATE_LIBS to have the shlib providers
list.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The build has broken again on master, even for non-static builds of
netns. The simplest fix is to extend our existing patch to cover this
case as well.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recipe for cri-o already has an anonymous Python function in place
to skip the recipe if dependencies are not found so there's no need to
force inclusion of the meta-selinux layer.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since commit:
[
Author: Tom Rini <trini@konsulko.com>
Date: Fri Feb 8 13:22:35 2019 -0500
docker: Move /etc/docker to a symlink to volatiles
The only thing which docker uses /etc/docker for is a TLS key for
connecting with other TLS-enabled services. Make /etc/docker a symlink
to the existing docker volatiles directory so that we can use docker on
a read-only rootfs.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
We've had a transient / volatile docker configuration since we point
our /etc configuration to /run. This is not always a good thing if
a static configuration for keys, etc, is desired.
We maintain this functionality under the 'transient-config'
PACKAGECONFIG, and also allow the existing static/permanent config
to be used.
Signed-off-by: Matt Spencer <matthew@thespencers.me.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recipe which was providing the default "docker" package was aligned
with the moby repositories. In order to make that alignment clear, we
rename that recipe docker-moby.
To allow easier switching between the docker providing recipes, we
introduce a virtual/docker PROVIDES to the common .inc file (and
hence each recipe). This allows users to chose what they want via
the standard PREFERRED_PROVIDER mechanism.
Also to allow existing package lists and image installs to
continue to work without changes, we make sure that the implementation
specific docker-<foo> packages RPROVIDE docker. If any packages are
missed, we'll add them to this list in future updates.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
