Generally, our host gcc version below 8.0, but cross toolchain in yocto
above 8.0, now 8.3, the option "macro-prefix-map" coming from 8.0, so if
the host gcc below 8.0, it can't unrecognized the option "macro-prefix-map".
In criu source code, the HOSTCFLAGS coming from CFLAGS:
https://github.com/checkpoint-restore/criu/blob/criu-dev/Makefile#L17
In yocto project, the CFLAGS coming from the cross toolchain, containing
the "-fmacro-prefix-map" default, so we should use the BUILD_CFLAGS, it
contains the flags that used for host building.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
There are multiple different tools/techniques to generate OCI images.
Many of these techniques are part of more complex workflows, or have
many options that are needed as part of a larger system or are needed
to provide flexibility in the tooling (i.e. they construct the
container as well as build the OCI image, or they can push directly
to a registry, etc).
What we want within the build context of bitbake/oe is to not
duplicate work that is done by bitbake, the other image bbclasses
or the runtime part of the ecosystem. This means only the construction
of an image-spec v1.x image without dependencies on build, or execution
of the container within a tool. We'd also like the tool to not pull
in multiple, unused dependencies that must be built native/native-sdk,
etc, to support the simple use case.
The requirements above exclude (for now) tools such as skopeo, umoci,
buildah, img, orca-build, kaniko, scratchbuild, etc. Leading us to
a from-scratch implementation .. or enter sloci-image.
sloci-image is a simple CLI for packing a rootfs into a single layer
OCI image. It can easily be extended, or ported to other language
implementations in the future. But it brings nearly no native
dependencies and is a pure/clean implementation of the image spec
that integrates nicely in an oe/bitbake environment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This module is part of the perl package now and is shipped by default.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.
Changes in runc since
6635b4f0 merge branch 'cve-2019-5736'
0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
dd023c45 merge branch 'pr-1972'
Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The only thing which docker uses /etc/docker for is a TLS key for
connecting with other TLS-enabled services. Make /etc/docker a symlink
to the existing docker volatiles directory so that we can use docker on
a read-only rootfs.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
refreshing the containerd support to 1.2.x. We have to tweak the package
linking and update the go compile patch, but otherwise, the build is
unchanged.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This recipe does not build for mips, so set COMPATIBLE_HOST to avoid that.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This change reduces the length of ${PV} for several recipes and gives us
auto-incrementing version numbers.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If we're building runc-opencontainers it's likely that we're not using
docker.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A very small # of new commits. Most are minor bug fixes, no feature
work. I looked at adding ptests but the tests are mostly in an
unusable state at the moment, for example several require cgm despite
cgmanager being deprecated. So I have opted to continue without them
and only when we can work with upstream to improve their testing can
we seriously consider adding them.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When CRIU is called for a first time and the /run/criu.kdat file does
not exists, the following warning is shown:
Warn (criu/kerndat.c:847): Can't load /run/criu.kdat
This patch is replacing this warning with a more appropriate debug
message.
File /run/criu.kdat does not exist
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Fix numerous docker.init issues such as missing runtime dependency
util-linux-unshare, incomplete handling of start/stop etc. operations
and minor typos.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
docker/k8s and other components have been refreshed to the 18.09 release
tags. So we update runc to keep in sync.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Infrastructure changes triggered updated to supporting parts of the
docker stack, so to make sure that everything stays in sync we update
to the 18.09 release.
There were some minor build differences in this update, but in the
end, things are better since we can use some more of the Make infrastructure
versus calling 'go build' directly.
Also, docker-ce and docker are now virtually the same, except for the
moby based docker pulling in the cli and libnetwork repos independently.
There should be virtually no difference between the results, but we still
keep the two variants for flexibility.
We also drop the unused/legacy 'hi.Dockerfile'.
Tested with both kubernetes and docker unit tests.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Since kubernetes is now on 1.12, we need to sync our cri-o release
to match.
There are some build changes to the utilities, and a patch refresh,
but otherwise, this is very similar to the exiting build of cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We aren't running any ptests for cri-o (it is hard to test in
isolation), and the update to go 1.11 has broken the build in the
ptest phase.
For now, we remove the task to get the build running again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The update to go 1.11 exposed some issues with the cross compilation of
kubernetes. The best way to fix those issues is to uprev to 1.12 and to
inhibit the building of the test modules (which query the host for
infrastructure that is not present).
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* Refresh patch to avoid fuzz warnings
* Update to 3.0.2 as lxc-destroy failed when
system boot in nfs rootfs in lxc 3.0.1 as below:
# lxc-destroy -n test9
lxc-destroy: test9: utils.c: _recursive_rmdir: 149 Failed to delete /var/lib/lxc/test9
lxc-destroy: test9: lxccontainer.c: container_destroy: 2946 Failed to destroy directory "/var/lib/lxc/test9" for "test9"
Destroying test9 failed
Update to 3.0.2 to fix the above issue
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
oci-image-tools-0.2.0-dev+gitAUTOINC+4abe1a166f-r0 do_package_qa:
QA Issue: ELF binary 'work/aarch64-poky-linux/oci-image-tools/
0.2.0-dev+gitAUTOINC+4abe1a166f-r0/packages-split/oci-image-tools/
usr/sbin/oci-image-tool' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-oci-image-tools = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-oci-image-tools = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
WARNING: docker-18.03.0+git708b068d3095c6a6be939eb2da78c921d2e945e2-r0
do_package_qa: QA Issue: ELF binary 'work/aarch64-poky-linux/docker/
18.03.0+git708b068d3095c6a6be939eb2da78c921d2e945e2-r0/packages-split/
docker/usr/bin/docker' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-docker = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-docker = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: ELF binary
'work/aarch64-poky-linux/docker-distribution/v2.6.2-r0/packages-split/
docker-registry/usr/sbin/registry' has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-docker-distribution = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-docker-distribution = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
when bitbake lib32-docker-distribution, we might met below
warning:
lib32-docker-distribution-v2.6.2-r0 do_package_qa: QA Issue: No GNU_HASH
in the elf binary: 'work/core2-32-wrsmllib32-linux/lib32-docker-distribution
/v2.6.2-r0/packages-split/lib32-docker-registry/usr/sbin/registry' [ldflags]
which caused by "INSANE_SKIP_docker-registry += "ldflags already-stripped"
don't cover case for multilib, so add multilib prefix MLPREFIX
to fix it.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1. After security flag PIE is enabled by default, we might met
below QA warning on some arch, like aarch64, fix it by skip
textrel QA check refer commit b689c72a of oe-core
oci-runtime-tools-0.1.0+gitAUTOINC+6e7da8148f-r0 do_package_qa: QA Issue:
ELF binary 'work/aarch64-poky-linux/oci-runtime-tools/0.1.0+gitAUTOINC+6e7
da8148f-r0/packages-split/oci-runtime-tools/usr/sbin/oci-runtime-tool'
has relocations in .text [textrel]
2. This problem is caused since security_flags.inc is used by default.
so alternative work around is:
SECURITY_CFLAGS_pn-oci-runtime-tools = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_LDFLAGS_pn-oci-runtime-tools = ""
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This recipe was originally written and included in meta-overc as it
was used by the overc framework so we implemented it there to sort out
the kinks. Since this package is not specific to the OverC framework
and people may be interested in including it in their images without
having any interest in the OverC framework we are moving this recipe
here, alongside lxc and other container related recipes.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
containerd does not support mips since it depends on boltdb which does not
support mips.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When runing:
lxc-create -t download -n test
The system reports that the getopt command can't find. This is because
the lxc-download template depends on getopt command. So add the runtime
depends on util-linux-getopt for lxc.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A fairly straightforward uprev requiring minimal patch refreshing
since a few hunks were failing due to conflicts with upstream updates.
Unfortunately upstream starting using the now overloaded "PYTHON"
variable in their Makefiles, this is not the path to the python
executable but rather the name 'python2' or 'python3' which is used to
determine which local directories to include. Due to this we must
explicitly assign values to 'PYTHON_FULL' and 'PYTHON'. We use
'python2' since we are using 'setuptools' and therefore are explicitly
using python v2, at some point we might want to make this recipe work
with either python v2 or v3 but for now we continue to explicitly use
v2.
Instead of using version specific filename we switch to using _git.bb
which is inline with similar 'git' recipes found in oe-core and other
repos.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We use the systemd service file from within the docker git
repo. Removing the unused recipe space version, since it is
invalid and causes confusion.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Without this, our go build will throw the following QA error during the
build:
ERROR: kubernetes-1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubern
etes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/apiextensions-apiserver'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/deepcopy-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/defaulter-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/genswaggertypedocs'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin
/linkcheck'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/openapi-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/genyaml'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/conversion-gen'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/gendocs'
No GNU_HASH in the elf binary: 'tmp/work/core2-64-overc-linux/kubernetes/1.11.0+git210c9cd7e1782e9fe46938fe0368556f2166a528-r0/packages-split/kubernetes-misc/usr/bin/ginkgo' [ldflags]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
* Keep variables close to the function they are used in, so R(untime)DEPENDS goes below do_install, PV next to SRCREV, etc.
* Don't use =+ as multiline seperator, it's a *very* heavy bitbake operation.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A previous commit changed do_installed to install everything, not just
kube*, adjust PACKAGES to keep ${PN} empty as it was before.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
'make all' uses 'uname' to select the build target, leading to compile failures like this:
| arm-angstrom-linux-gnueabi-gcc: error: unrecognized command line option '-m64'
After providing the proper arch to the makefile it will try to use a hardcoded compiler:
| # runtime/cgo
| exec: "arm-linux-gnueabihf-gcc": executable file not found in $PATH
Fix that up by removing all hardcoded 'CC' entries in golang.sh
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1) Upgrade criu from 3.4 to 3.9.
2) Delete fix-building-on-newest-glibc-and-kernel.patch for it has been merged in upstream.
3) Add CFLAGS_arm += "-D__WORDSIZE"
add this CFLAGS to solve the compile problem for arm.
The log is as following:
| ....../tmp/work/armv5e-poky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/bits/wordsize.h:36:2: error: #error "__WORDSIZE is not defined"
| #error "__WORDSIZE is not defined"
| ^
| ....../tmp/work/armv5e-poky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/bits/wordsize.h:59:2: error: #
4) Add export C_INCLUDE_PATH="${STAGING_INCDIR}/libnl3"
add C_INCLUDE_PATH to solve the compile problem for arm.
which is libnetlink.c can't find head file.
| In file included from criu/libnetlink.c:5:
| ....../tmp/work/armv5e-p
| oky-linux-gnueabi/criu/3.9+gitAUTOINC+202b7745bd-r0/recipe-sysroot/usr/include/libnl3/netlink/attr.h:15:10: fatal error: netlink/netlink.h: No such file or directory #include <netlink/netlink.h>
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Updating to the 1.11 kubernetes release. This includes the standard
set of features, updates and bug fixes.
One build element of note is 1.11+ requires go 1.10.2+, so the following
must be set in your configuration: GOVERSION = "1.10%"
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
tini is licensed under the MIT license instead of Apache-2.0.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
- Bug fix release
- Fixes gcc8 build failures
- Update patch for fuzz issues.
- remove --disable-python and --disable-lua as they have been removed
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The tests are already built when we do_compile so we only need to copy
them to the ptest path and create a wrapper script to run them. This
has the added benefit of reducing the size of the lxc package.
We have to manipulate the test sources some to remove gpg validation
and a few other minor changes, none of which actually change what is
being tested (notes are provided in the associated commit logs).
The following are the ptest results currently acheived:
### Starting LXC ptest ###
./tests/lxc-test-api-reboot FAIL
./tests/lxc-test-apparmor SKIPPED
./tests/lxc-test-attach PASS
./tests/lxc-test-automount PASS
./tests/lxc-test-autostart PASS
./tests/lxc-test-cgpath PASS
./tests/lxc-test-cloneconfig PASS
./tests/lxc-test-clonetest PASS
./tests/lxc-test-concurrent PASS
./tests/lxc-test-config-jump-table PASS
./tests/lxc-test-console PASS
./tests/lxc-test-console-log PASS
./tests/lxc-test-containertests PASS
./tests/lxc-test-createconfig PASS
./tests/lxc-test-createtest PASS
./tests/lxc-test-criu-check-feature PASS
./tests/lxc-test-destroytest PASS
./tests/lxc-test-device-add-remove PASS
./tests/lxc-test-get_item PASS
./tests/lxc-test-getkeys PASS
./tests/lxc-test-list PASS
./tests/lxc-test-locktests PASS
./tests/lxc-test-lxcpath PASS
./tests/lxc-test-may-control PASS
./tests/lxc-test-no-new-privs PASS
./tests/lxc-test-parse-config-file PASS
./tests/lxc-test-raw-clone PASS
./tests/lxc-test-reboot PASS
./tests/lxc-test-rootfs PASS
./tests/lxc-test-saveconfig PASS
./tests/lxc-test-share-ns PASS
./tests/lxc-test-shortlived PASS
./tests/lxc-test-shutdowntest SKIPPED
./tests/lxc-test-snapshot PASS
./tests/lxc-test-startone PASS
./tests/lxc-test-state-server SKIPPED
./tests/lxc-test-utils PASS
Results:
PASSED = 33
FAILED = 1
SKIPPED = 3
(for details check individual test log in ./logs directory)
### LXC ptest complete ###
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We have a new dependency on 'mountpoint' which is now called in the
download template script. We also hit an upstream bug due to improper
use of 'mktemp', so we apply a patch to fix this and sent the fix
upstream as well.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Update to the latest lxc release. This requires some minor patch
updates (fuzz and offset, not content) along with dropping a no longer
needed fix for gcc7 (gcc 7.3 is everywhere and is patched).
The ptests were already busted before the uprev so I was not able to
run them but I will follow up with a fix for this. I did run against
our usual usecases 'lxc-create', 'lxc-console', 'lxc-ls',
'lxc-destroy', 'lxc-start', 'lxc-execute', 'lxc-attach'... and there
were no issues (outcomes matched v2.0.8).
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This removes the warning that docker can't find docker-init
in PATH.
This recipe is based on the recipe from meta-resin.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Adding missing RDEPENDS on iptables, the lxc-net service will fail
without this. Use the new 'pkg_postinst_ontarget_' instead of failing
out to signal runtime postinst scripts, this conforms with the latest
expectation for bitbake. The interfaces file is specific to sysvinit
and unneeded for systemd so block the creation of these files only
when building for sysvinit.
Lastly add a default 'lxc-net' file. Since we have a separate
lxc-networking package we can complete it with this configuration
which is sourced by '/etc/default/lxc' (which is part of the core lxc
package). In doing this we are like Debian when the lxc-networking
package is not installed in the image, and like Ubuntu when it is.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Without this we get:
ERROR: Missing required tool: wget
When attempting to do something like:
lxc-create -n ubu -t download -- --no-validate -d ubuntu -r xenial
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This was renamed back in v1.1.0 but I suppose most folks have been
buiding for systemd or were not using this functionality and it went
unnoticed.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
For some packages we include a -setup package which can be installed
as part of an image to complete a more comprehensive setup of the main
package. This is common for example in meta-cloud-services since many
OpenStack packages have extensive setup.
The -setup package for lxc did at one point do comprehensive setup but
over time this has been moved to the -networking package. Now the
-setup package is only being used as a container for the systemd
service files or sysvinit scripts. This can better be accomplished by
setting appropriate runlevels for the initscripts or disabling or
masking the systemd services (via SYSTEMD_AUTO_ENABLE).
This also fixes some confusion or what might be considered a bug
around -setup and -networking packages as the -setup package was
mopping up the lxc-net.service file, instead of it being included in
the -networking package.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This requires libseccomp from meta-security so it is not enabled by default.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This requires libseccomp from meta-security so it is not enabled by default.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Upgrade and make the recipe more systemd "friendly". For the most part
nobody is going to use this with systemd but in case they do they will
get a masked and empty services file, as they do with Debian or
Ubuntu. Otherwise this is a minor update from v1.11.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
LXC is licensed under LGPLv2.1 not GPLv2. The COPYING file
referenced in the LXC recipe on all branches have the same content,
checksum and all define LICENSE="GPLv2" rather than "LGPLv2.1".
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The upstream Makefile now calls `$(GO)` instead of just `go` so this patch isn't
needed anymore.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
go 1.9.x was triggering linkage errors on some build hosts due to
missing symbols.
| tmp/work/core2-64-poky-linux/runc-docker/1.0.0-rc5+gitAUTOINC+4fc53a81fb-r0/recipe-sysroot/usr/lib/../lib/libc.a(dl-reloc-static-pie.o): In function `elf_mac:
| /usr/src/debug/glibc/2.27-r0/git/sysdeps/x86_64/dl-machine.h:59: undefined reference to `_DYNAMIC'
| tmp/work/core2-64-poky-linux/runc-docker/1.0.0-rc5+gitAUTOINC+4fc53a81fb-r0/recipe-sysroot/usr/lib/../lib/libc.a(dl-reloc-static-pie.o): In function `elf_get:
| /usr/src/debug/glibc/2.27-r0/git/elf/get-dynamic-info.h:48: undefined reference to `_DYNAMIC'
By ensuring that our sysroot provided go binary and build flags make
it into the build enviroment we can build properly with 1.9 and 1.10
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Refresh patches with devtool command to fix do_patch warning.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
With newer glibc(>= 2.26) and kernel(>=4.14), criu would fail to build:
In file included from
/buildarea/build/tmp/work/core2-64-poky-linux/criu/3.4+gitAUTOINC+a31c1854e1-r0/recipe-sysroot/usr/include/linux/aio_abi.h:31:0,
from criu/cr-check.c:24:
/buildarea/build/tmp/work/core2-64-poky-linux/criu/3.4+gitAUTOINC+a31c1854e1-r0/recipe-sysroot/usr/include/sys/mount.h:35:3:
error: expected identifier before numeric constant
MS_RDONLY = 1, /* Mount read-only. */
^
CC criu/parasite-syscall.o
CC criu/pipes.o
CC criu/pie-util.o
CC criu/pie-util-vdso.o
CC criu/plugin.o
/buildarea/build/tmp/work/core2-64-poky-linux/criu/3.4+gitAUTOINC+a31c1854e1-r0/git/scripts/nmk/scripts/build.mk:110:
recipe for target 'criu/cr-check.o' failed
make[2]: *** [criu/cr-check.o] Error 1
Backport a patch to fix it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rather than invoking go directly to build docker-proxy, we can use
the libnetwork Make infrastructure. This picks up our exported go
enviroment variables, and other sysroot flags.
We also apply one patch to ensure that the cross-go toolchain is
used, and that the proper build flags are used.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The runc makefile now uses $(GO) universally, but sets the variable
as GO := go by default. This means that the host go will be used
instead of our recipe sysroot variant.
A simple export of the variable is not enough in all cases (due
to Make assignments), so both export it AND pass it directly to the
oe_make call.
This fixes docker-runc builds on ARM64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Uprev containerd to v1.0.2 for compatibility with recent docker (18.04+)
builds.
With this uprev we also significantly restructure the build to use more
of the latest oe-core go build infrastructure, but non-standard parts of
the build remain.
We also allow containerd to be build with CGO enabled to avoid linkage
errors with the oe provided go build infrastructure.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This commit introduces a docker-ce reference recipe that is nearly
identical to the docker_git recipe.
The main difference between these two recipes is that one builds from
moby and this one from the docker-ce repository itself. The different
repositories mean that a different selection of commits are used and
that the build locations change slightly.
Although both docker_git and this recipe share nearly all their code,
they will vary more in the future, and prematurely factoring them
into a .inc file is not practical (until this proves useful).
Future work: remove the individual libnetwork and cli repository
fetches and build the components directly from the docker-ce repo.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Uprev the docker daemon, proxy and cli to 18.03.0.
The SRCREVs for these updates come from the versions logged in the
docker-ce 18.03.0 release. The docker-ce recipe has a pure docker-ce
single repository build, but here, we continue to assemble the individual
parts for maximum flexibility.
Along with the uprev, we add new dependencies required to build the new
version; libtool and pkcconfig (although unused by the recipe itself).
Finally we switch to a Makefile based build of the cli to allow the
commit and docker version to be properly captured in the docker executable.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Uprev both variants of runc to v1.0.0-rc5.
We drop patches that have made it into the upstream runc, and we also
refresh the context of of two others.
The docker and opencontainers variants are virtually identical, but
we keep the two variants for now to protect against any future forks
in the support.
The runc-docker SRCREV comes from the docker-ce 18.04 logged commit,
while runc-opencontainers is updated to the tip of the master branch.
Runtime tested with docker on x86-64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Only include aufs-utils if the corresponding distro feature is enabled.
Without that the aufs kernel driver is not included too.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The python3-enum package was removed and it is now part of core.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
systemd unit dir can be customized by the distro (e.g. usrmerge), so
make sure the correct unit dir path is set on configure.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
kube-proxy is required on all kubernetes nodes. Rather than it being
in the catch-all package, we put it in an explicit package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rebuilding criu would cause the following error.
| make: .gitid: Command not found
| make: *** [Makefile:260: clean-top] Error 127
Fix this problem by setting CLEANBROKEN to "1".
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When attempting to create a container using
lxc-create -t download -n test -- no-validate --dist ubuntu --release \
xenial --arch amd64
the container creation will fail due to missing 'xz' and in the case
of 'tar' due to invalid options if the busybox version of 'tar' is
used.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A while ago changes were merged to meta-openembedded to make
/etc/dnsmasq.d (and specifically the files it contains) referenced
when the main instance of dnsmasq is run (see dnsmasq.service and
commit ba665493a0dd [dnsmasq: allow for dnsmasq instances to reuse
default dnsmasq.conf]).
We, however, continued to modify the global configuration
(/etc/dnsmasq.conf) to keep the main instance of dnsmasq from
attaching to virbr0 and lxcbr0, by using 'bind-dynamic'. This approach
is problematic, since it is common that other instances of dnsmasq
will make use of the global configuration file and may have
incompatible options. We see this for example when attempting to start
lxc-net which will attempt to use 'bind-interface' which is
incompatible with 'bind-dynamic' that we were adding to the global
configuration.
Here we remove our change to the global configuration (leaving it
mostly empty as it should be) and instead have lxc and libvirt
packages instruct the global instance not to bind to virbr0 and lxcbr0
by adding configuration files to /etc/dnsmasq.d (setting
except-interface).
The added benefit to this approach is that if lxc or libvirt are not
part of an image the global configuration will not be modified in such
a way as to expect that they are present.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The runc-docker has all the code in it to properly run a stop hook if
you use it in the foreground. It doesn't work in the back ground
because there is no way for a golang application to fork a child exit
out of the parent process because all the golang threads stay with the
parent.
This patch has three parts that happen ONLY when $SIGUSR1_PARENT_PID
is set.
1) At the point where runc start would normally exit, it closes
stdin/stdout/stderr so it would be possible to daemonize "runc start ...".
2) The code to send a SIGUSR1 to the parent process was added. The
idea being that a parent process would simply exit at that point
because it was blocking until runc performed everything it was
required to perform.
3) The code was copied which performs the normal the signal handling
block which is used for the foreground operation of runc.
-- More information --
When you use "runc run " it is running in the "foreground", in the
sense it takes over your existing terminal.
The runc-docker doesn't have a way to start it with "runc run&" where
you can send it to the background and have everything work. With this
commit, it does allow you to do that and have all the stop hooks fire
at the time what ever runc started exits.
Lets take a quick look at what "runc run" does today:
* Starts a whole pile of threads
* Sets up all name spaces
* Starts child process for container and leaves it paused at image activation
* runs start hooks
* executes "continue" for container process
* waits for container app to exit
* executes stop hooks
Now lets look at "runc create/start" does today:
runc create
* Starts a whole pile of threads
* Sets up all name spaces
* Starts child process for container and leaves it paused at image activation
* exits -- [ NOTE: this is our problem! ]
runc start
* runs start hooks
* executes "continue" for continue process
At this point when the container app exits nothing is waiting for it
to run any kind of hooks.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The rdepends on glibc-utils was removed without reason
in the following commit:
"""
e73608d56e
lxc: 2.0.0 -> 2.0.8
"""
And it causes failure:
/usr/libexec/lxc/lxc-net: line 125: getent: command not found
So add the dependency back.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rather than throwing an error if we can't map a user to a uid,
output a warning. We aren't actually running the code, but are
just extracting it .. so the user not existing isn't an issue.
With this, we avoid the not-so-useful traces like this:
config.User: unsupported format
github.com/opencontainers/image-tools/image.(*config).runtimeSpec
oci-image-tools/0.2.0-dev+gitAUTOINC+4abe1a166f-r0/oci-image-tools-0.2.0-dev+gitAUTOINC+4abe1a16 6f/src/import/vendor/src/github.com/opencontainers/image-tools/image/config.go:109
<...>
src/import/cmd/oci-image-tool/main.go:57
runtime.main /usr/lib64/go/src/runtime/proc.go:185
runtime.goexit /usr/lib64/go/src/runtime/asm_amd64.s:2337
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If the root name space has additional cgroup mounts, pass them to the
container.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Ricardo Salveti <ricardo@opensourcefoundries.com> pointed out that
runc-docker was not getting a proper PV due to the use of SRCREV
in the variable.
By switching to SRCPV, we get the right PV for both variants of
runc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The go bbclass already inherits goarch.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This variable isn't picked up by the runc Makefile anyway as it isn't exported.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The "vendor/src" symlink is already created in do_compile in runc.inc.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The recvtty demo/reference application has cross compilation issues when
targeting aarch64 platforms. As it is just a demo application and is not usually
used, we can just patch the Makefile to disable building this application.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If the GOARCH isn't set CGO took the ARCH from the host and tries
to use -m64 flag that isn't available in aarch64 compiler.
...
| # github.com/opencontainers/runc/libcontainer/system
| aarch64-linaro-linux-gcc: error: unrecognized command line option
'-m64'
| # github.com/containerd/console
| aarch64-linaro-linux-gcc: error: unrecognized command line option
'-m64'
| Makefile:60: recipe for target 'shim-static' failed
...
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Introducing the kubernets components for container orchestration.
The packaging introduced here creates the framework for more
advanced kubernetes configurations. By itself, it doesn't do much
but it makes the components available to be configured and deployed
as master/worker nodes.
It integrates with the previously introduced cni and cri-o
components available in meta-virt.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
These variables are now set correctly by go.bbclass in oe-core. Changing them to
point at the native sysroot just leads to build errors in some cases, for
example when the target and host have matching GOARCH but not matching c
libraries.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The makefiles for both providers of runc need to be patched in similar ways to
ensure that we use the binaries from go-cross and not go-native.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This patch hasn't been used in a long time.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
These fixes are needed due to updates to go.bbclass in oe-core. See commit
01a8d45370 for more information.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
To prepare for native kubernetes support without docker on a target,
we integrate the cri-o incubator project.
cri-o is meant to provide an integration path between OCI conformant
runtimes and the kubelet. Specifically, it implements the Kubelet
Container Runtime Interface (CRI) using OCI conformant runtimes.
The scope of cri-o is tied to the scope of the CRI.
This initial introduction is build + packaging only. It is expected
that configuration and deployment tweaks are done at the distro
level.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The following commit:
commit df3a46feb971386f922c7c2c2822b88301f87cb0
Author: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Date: Tue Aug 1 17:39:39 2017 +0800
implement add/set function for hooks items
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Breaks the ability to specify multiple hooks with the same path
(i.e. a shell script that does different things based on arguments).
The author's intent with the change is unclear, so rather than fix
it, we revert it for now.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This requires some packages as well as the pypi.bbclass from meta-python.
It uses Python 3 as I don't think it makes sense to use Python 2 anymore.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We want to build in ${S}, so we now require an explicit cd ${S}
to avoid landing in the build directory.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Recently in the oe-core the go.bbclass changed and requires the
defition of the GO_IMPORT variable. This was intended to simplify how
the compilation works with go packages and it is still a work in
progress.
This patch set makes the recipes compatible to generate the same end
result as before using the new go.bbclass from oe-core.
Any patches that were included in the recipes had to have the paths
adjusted because the new go.bbclass manipulates the notion of S to be
S + "src" + "$GO_IMPORT" internally for the purpose of unpack, patch
and compile.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Our current version of criu is about a year old and has some
compilation issues with the latest gcc (currently it is
unbuildable). Since the version of criu and the kernel version are
fairly tightly coupled it wouldn't be surprising of this old criu
would also be exhibiting some runtime issues with our fairly new
kernel version.
With the above in mind we uprev to criu v3.4 which was recently
released. This requires several of the patches to be updated (mostly
context). We are able to drop the selinux related change as RSS
prevents the situation this was working around from happenning.
This was validated using https://criu.org/Simple_loop (and a few
variants).
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
While the recipe was functional under an image based on core-image-
full-cmdline, when tested with core-image-minimal runtime issues
appeared: Singularity was unable to create a filesystem within the
container. This change fixes this issue.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If Bash is not included by any other recipe, the recipe fails at the QA
check. This commit adds Bash to the list of dependencies, preventing
this issue.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Singularity is a container platform built on the principle of mobility
of compute. It is designed to be used on HPC clusters and, unlike
Docker, it does not require root access to mount an image. In addition,
it can use Docker images out-of-the-box and it can pull them from the
Docker Hub. For more information, see singularity.lbl.gov
This recipe enables building the Singularity container platform.
Additionally, it creates a symlink from /usr/bin/python3 to
/usr/bin/python, as well as a symlink to where python3 expects
CA certificates to be.
I have tested it on a Raspberry Pi 3: I successfully built and run
arm32v7 images from Docker Hub. Make sure you have the right image for
your CPU architecture: it defaults to amd64.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru at gmail dot com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The build is failing due to a failing QA check:
ERROR: lxc-2.0.8-r0 do_package_qa: QA Issue:
/usr/lib/lxc/ptest/src/tests/lxc-test-may-control contained in
package lxc-ptest requires /bin/bash, but no providers found in
RDEPENDS_lxc-ptest? [file-rdeps]
Add bash to the the ptest RDEPENDS.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Fix daemonization, align args with docker.service, fix line breaks in
log file - and fix INITSCRIPT_PARAMS (there is no variable
OS_DEFAULT_INITSCRIPT_PARAMS).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Analogously to docker: There is no variable
OS_DEFAULT_INITSCRIPT_PARAMS, just use "defaults".
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
To match the docker (moby) and runc updates, we need the latest containerd
from the 0.2.x branch to work in cooperation with the other components.
Note: containerd master won't currently work with docker master, but is
very similar to 0.2.x. The build target varies slightly in master, but
otherwise with these changes to the recipe and build steps we can switch
easily when the time comes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The docker uprev missed the version string which matches the actual
binary being built. With this change, the package now reflects the
correct version.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The latest oci-runtime-tool builds are throwing the missing GNU_HASH
error during QA checks.
This is common with go applications, and isn't a problem, so for now,
we simply skip the check.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The config.json has elements which have changed in the latest runc.
These changes are not backward compatible with older versions of runc.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The selinux disable patch required changes as more setfilecon
operations were added.
The new upstream work is needed to allow the rootfs specification to
continue working because runc no longer passes the "root" key as a
part of the json configuration which is sent to a hook via stdin.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The build method for docker client changed where by the docker cli is
now required to be pulled in from a separate git tree to be built.
The integration patch to cross compile was also upreved since some
parts of it were accepted upstream while other parts have not been
accepted at this time.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This allows for setting up a detached session where you do not want to
set the terminal to false in the config.json. More or less this is a
runtime override.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Uprev to pick up latest changes in docker-runc.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Fix the following QA warnings:
QA Issue: lxc rdepends on gmp, but it isn't a build dependency,
missing gmp in DEPENDS or PACKAGECONFIG? [build-deps]
QA Issue: lxc rdepends on libidn, but it isn't a build dependency,
missing libidn in DEPENDS or PACKAGECONFIG? [build-deps]
QA Issue: lxc rdepends on gnutls, but it isn't a build dependency,
missing gnutls in DEPENDS or PACKAGECONFIG? [build-deps]
QA Issue: lxc rdepends on nettle, but it isn't a build dependency,
missing nettle in DEPENDS or PACKAGECONFIG? [build-deps]
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Fix the following QA warning:
QA Issue: /usr/libexec/criu/scripts/systemd-autofs-restart.sh contained
in package criu requires /bin/bash, but no providers found in
RDEPENDS_criu? [file-rdeps]
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Fix the following QA warning:
QA Issue: criu rdepends on libbsd, but it isn't a build dependency? [build-deps]
This had been fixed by 1fd94d8535,
but then was overwritten by b9b7ece0cd
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
According to https://github.com/docker/libtrust, this repo is now deprecated
and the library was integrated in the docker-distribution repository.
Signed-off-by: Anselmo L. S. Melo <anselmo.melo@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
gcc 7 has a bug:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=11672https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78969
In order to avoid the build failure that this causes we reduce the
range by one. Better to have a slight reduction in the range than
having nobody to be able to build and use lxc.
Once gcc is fixed this can be reverted.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
1)Upgrade lxc from 2.0.0 to 2.0.8.
2)Delete two patches, since it is integrated upstream.
Delete Generate-lxc-restore-net-properly.patch,this script has already been rearchitected out of existence by cba98d127bf490b018a016b792ae05fd2d29c5ee
Delete Use-AC_HEADER_MAJOR-to-detect-major-minor-makedev.patch,this script has already been rearchitected out of existence by af6824fce9c9536fbcabef8d5547f6c486f55fdf from git://github.com/lxc/lxc.git
3)Modify two patches, since the data has been changed.
automake-ensure-VPATH-builds-correctly.patch
runtest.patch
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Updating to the latest oci-image-tools for better support in unpack/creating
runtime bundles.
With this update, we get a single tool with subcommands, versus separate
commands previously.
We also add two proposed (but not merged) patches that can deal with existing
symlinks when unpacking layers. Without this, we fail to unpack many complex
containers due to duplicate files in layers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Historically Yocto installs python modules in ${libdir} and not the
no-arch variant. The criu install was following every other distros
use of the non-arch variant, /usr/lib, which was being picked up by
the QA check. Modify the criu Makefile to enable us to overwrite this
location by using setup.py's install-lib directive.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
To provide hexdump which is used as part of the build process. Resolves
| criu/pie/../../scripts/gen-offsets.sh: line 37: hexdump: command not found
| criu/pie/Makefile:96: recipe for target 'criu/pie/parasite-blob.h' failed
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
I am not sure how the uprev to v2.5 was completed without seeing this
patch failure but regardless the file being patched was moved to the
'criu' directory as part of the v2.5 release. Update the path found in
the patch and update the context in the patch such that it applies.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Continue work to use go infra in oe-core instead of the support for go
previously found in meta-virt. This is a 1:1 drop in replacement and
removes one more go piece from meta-virt in favor of the common
support found in oe-core.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rather than explicit go-cross DEPENDS, we can inherit go.bbclass and
pick up them automatically.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This recipe just installs a pair of shell scripts.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Lua support is automatically enabled when configuring LXC if lua is
available in the sysroot. The packaging step will fail since the lua
related files are not in FILES.
This patch explicitly enables/disables lua support using PACKAGECONFIG,
and also adds lua-related files to FILES.
Signed-off-by: Jonatan Pålsson <jonatan.palsson@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The docker recipe has some outdated go hacks. While this doesn't remove
them all, it does use more of the oe-core go infrastructure .. and that
results in more consistent builds.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
glibc-utils is only provided by glibc therefore
add it with glibc overrides.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Rather than expliciting depending on go-cross-${TARGET_ARCH}, we
can now simply inherit the oe-core go bbclass. This gets us the
correct go dependencies and other variables properly set.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We can now use the oe-core go bbclass to get our DEPENDS correct
for building these go packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Follow the bouncing docker-registry package. Rather than use the docker hub
registry container, we can have finer grained control if we clone and build
the docker-distribution repository directly.
Since this is distinct from the main docker package/codebase, we break the
registry back out into its own package.
We also create a baseline configuration and .service file that can be the
basis for more complex implementations.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The docker v1 registry has long been depreciated and moved into the
docker distribution library.
The registry is run via the docker CLI and not through a standalone
server.
This change removes the old registry and adds a .service file + package
for docker registry in the main docker recipe. Anyone that wants to
run a local registry can install the docker-registry package and the
service will start.
Note: No full config.yml file is provided, since the default are sane.
If tweaks are required, we can use ENV vars or consider adding a
config overlay.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Most (all) distros package docker-proxy along with the docker CLI
and daemon .. largely due to the fact that it is required to run
the docker registry.
docker-proxy is part of the libnetwork repository, so we add it to
the docker recipe as a separate git repo and integrate it into the
build and packaging process.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Since there are two implementations of runc and containerd that may
not always be in sync, the docker variant, and the opencontainers
variable, we create a virtual/* namespace for these components.
Anything requiring runc or containerd should set a preferred provider
to get the desired/tested variant.
We set the default provider to the docker variants, since they are
the primary use case for these components.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Oru existing docker.service file is using an out of date command. We
can use the contrib .service file instead .. and hopefully it will
stay up to date.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
At the moment we only use runc in conjunction with docker. In order to
allow docker to function correctly we need to use the version
specified in docker's vendor.conf file. Uprev runc to this version.
NOTE that the docker folks have actually forked runc and I have used
this fork as the SRC_URI. I could have chosen instead to use the old
SRC_URI along with the fork point commit as the SRCREV, and then
applied the 2 commits the docker team have added beyond the fork. I
opted instead to use the fork such that 'docker info' would not
complain about a version mismatch. This also makes it easier to google
for issues since the commit ID matches.
NOTE when we eventually have more users of runc we will have to
determine a strategy to either have them all use the same version or
allow for multiple versions of runc on the system. This is also true
for containerd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Docker defines required dependency versions in its vendor.conf
file. These can also be validated by running 'docker info' on the
running system. In order to avoid issues, such as the current one
where docker can't run containers, we need to ensure we match these
versions. Uprev containerd to the version defined in docker's
vendor.conf file.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Go only understands "386" as target arch, not "i586". Adjust this.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Regular users don't need lxc, docker-registry and rt-tests on the target.
These tools aren't even needed or provide additional features when running
docker at runtime. They also increase the size of the image uneccessarily.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Docker is failing to build because it is attempting to download
missing go dependencies. Add new recipes for missing dependencies and
update existing recipes to ensure the version defined in docker's
vendor.conf is available.
Note that this fixes the build only. At this time many docker
functions are working, such as 'docker image', 'docker pull' and more,
but 'docker run' is currently failing.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Since we are building a cross tool which produces something which is
ARCH specific we should stick to the <toolname>-cross-<arch> naming
convention. A variant of this patch has been floating around for a
while but with the changes around per recipe sysroots, distributed
builds, shared builds... we are best served to adopt this convention
now.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Make use of bitbake variable where appropriate, this makes the recipe portable.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Make use of bitbake variable where appropriate, this makes the recipe portable.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The poky/oe-core commit [glibc: Upgrade to 2.25 snapshot] brought with
it a change that has apparently been in the works for a while, to move
major() and minor() definitions from <sys/types.h> to
<sys/sysmacros.h>. This version of glibc took the step of adding a
warning about this change which results in the build failure of lxc
since we build with -Werror:
| lxclvm.c:139:13: error: In the GNU C Library, "major" is defined
| by <sys/sysmacros.h>. For historical compatibility, it is
| currently defined by <sys/types.h> as well, but we plan to
| remove this soon. To use "major", include <sys/sysmacros.h>
| directly. If you did not intend to use a system-defined macro
| "major", you should undefine it after including <sys/types.h>. [-Werror]
| major(statbuf.st_rdev), minor(statbuf.st_rdev));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instead of dropping -Werror we are opting instead to apply the
upstream fix for this since it is available and applies relatively
cleanly.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Similar to commit 01aa8f1, runc and containered also need to set GOROOT
explicitly.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This new version of docker starts to assume that go 1.7 is
used. Specifically in go 1.7 golang.org/x/net/context has been merged
so the include is starting to be shortened to simply "context" which
does not work when using go 1.6. We can continue to use go 1.6 by
using the full pkg path.
Additionally the docker-proxy is not built when using the hacks build
mechanism, as we do to build docker (ie. we don't build docker in a
docker container). We could probably find a way to build docker-proxy
using the build hacks, but for now we will simply drop docker-proxy
from the package. In an embedded env. using the proxy doesn't make a
lot of sense anyways.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Adjust SRCREV and DOCKER_VERSION to match docker 1.13.0 release.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
lxc's postinst will run populate-volatile.sh scripts,
which is provided by initscripts package, thus it's better
to add this rdepends.
Signed-off-by: fli <fupan.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
cosmetic only, no changes in behavior:
* align all the DEPENDS, better readability
* fix indentation in do_install(): space -> tab
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
It allows to:
* easily extend future architecture added/supported
* tune arm architecture and set GOARM as appropriate
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The oci runtime uses config.json to configure and control containers.
Most of that file can be generated via the oci runtime tools.
With this package we can generate container configurations dynamically
on the target.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
To support running "OS containers" aka systemd as the entry point under runc,
we provide the oci-systemd-hook.
By adding this to the pre-start and stop hook points, coupled with the proper
config.json, you can start systemd controlled containers via runc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Bitbake reports a [debug-files] QA Issue for the following path:
packages-split/lxc/usr/lib/lxc/lxc/hooks/.debug/unmount-namespace
Signed-off-by: Igor Socec <igor.socec@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The script /usr/share/docker/config-check.sh is very useful to test all
kernel requirements for docker. A lot of embedded boards will use a
custom kernel config that does not have all kernel features enabled by
default. Install the script so kernel developer can easily enable the
missing features.
Signed-off-by: Stefan Lengfeld <s.lengfeld@phytec.de>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We need to ensure we are using the target toolchain and sysroot to
avoid possible host contamination, and in the case of non x86-64
target builds, allow the build to complete successfully.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
getent is needed by lxc-net of lxc, but current system misses it,
so add glibc-utils to lxc's rdepend, fix this issue.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This is a small package so despite the large version jump the changes
are minor, mostly bug fixes and some work around systemd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Seems upstream adjusted their LICENSE file. The license is still
Apache version 2 so no worries about having to update the LICENSE
string for the recipe.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Systemd takes care of setting up the various cgroup mounts at boot,
and likewise the tearing down of these at shutdown. It is therefor a
useless dependency when we are using systemd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Bumping the version of docker and dependencies. This gets us closer to
runc 1.0, which is the foundation for future OCI efforts.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The docker build isn't properly using CFLAGS/LDFLAGS, which triggers the following
QA error:
ERROR: docker-1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: 'docker/1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0/packages-split/docker/usr/bin/docker' [ldflags]
ERROR: docker-1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0 do_package_qa: QA run found fatal errors. Please consider fixing them
ERROR: docker-1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0 do_package_qa: Function failed: do_package_qa
ERROR: Logfile of failure stored in: tmp/work/core2-64-overc-linux/docker/1.11.1+git5604cbed50d51c4039b1abcb1cf87c4e01bce924-r0/temp/log.do_package_qa.63906
ERROR: Task meta-virtualization/recipes-containers/docker/docker_git.bb:do_package_qa (meta-virtualization/recipes-containers/docker/docker_git.bb:do_package_qa) failed with exit code '1'
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If the lxc is compiled with gcc 5.2 -O2 optimization on arm,
lxc-console/lxc-stop command always produce segment fault.
The same issue also occurred on systemd: [YOCTO #8291]
For lxc, after several testing, it only needs to disable
schedule-insns2 to fix the segment fault issue.
Signed-off-by: fli <fupan.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When building for qemux86 the following error was encountered due to GOARCH
being set incorrectly:
compile: unknown architecture "i586"
This can be fixed by using the go-osarchmap class.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Some recipes in RDEPENDS are installing specific version of package, for
example:
gunicorn (= 19.1.1)
If usigin ipk for PACKAGE_CLASSES, opkg prints error:
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies
for docker:
* gunicorn (= 19.1.1) *
* opkg_install: Cannot install package docker.
This error is caused because opkg appends package revision to version.
In this case:
gunicorn_19.1.1-r0.1
If we use comparator >= this error doesn't appear.
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
It shows warning when build crius if libselinux has been built already:
WARNING: QA Issue: criu rdepends on libselinux, but it isn't a build dependency? [build-deps]
Add a patch to disable selinux support when 'selinux' is not in PACKAGECONF.
And update indentation at same time.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Usually $GOROOT is set by go tool, but if sstate is specified, $GOROOT
is set to the path in the first project. If docker is built in the
another project(with same SSTATE_DIR) later, and the first project is removed,
the following error will be seen:
| go: cannot find GOROOT directory:
/path/to/previous/project/bitbake_build/tmp/sysroots/x86_64-linux/usr/lib/x86_64-wrs-linux/go
This commit is overriding $GOROOT stored in the go tool in sstate cache,
making sure it is set to the correct path in current project.
See more information here: https://golang.org/doc/install#install
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Since CRIU does not explicitly nominate the version of protobuf as 2.6.1, which
should not be included just here. And it seems protobuf-2.5.0 is doable or this
CRIU version based on a basic testing according to criu.org/Simple_loop as well,
so remove it from criu.
Signed-off-by: Zumeng Chen <zumeng.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We no longer need go-net and go-sqlite for the docker build and
runtime. The upstream repos are no longer properly fetching, so
we can simply drop the recipes and dependency.
If they are ever needed in the future, we can revisit the upstream
source for them.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Recent patch did deprecate a standard POSIX function [1].
This is the build error:
| ../../../lxc-2.0.0/src/lxc/cgfs.c: In function 'cgroup_rmdir':
| ../../../lxc-2.0.0/src/lxc/cgfs.c:172:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
| while (!readdir_r(dir, &dirent, &direntp)) {
| ^
| In file included from ../../../lxc-2.0.0/src/lxc/cgfs.c:30:0:
| /.../build/tmp-glibc/sysroots/qemux86-64/usr/include/dirent.h:183:12: note: declared here
| extern int readdir_r (DIR *__restrict __dirp,
| ^
[1] https://www.sourceware.org/ml/libc-alpha/2016-02/msg00093.html
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The 'base_contains' is now deprecated and only kept as a compatibility method. It will be removed in future releases.
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This is fixing:
QA Issue: criu rdepends on libbsd, but it isn't a build dependency? [build-deps]
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Updating docker to the 1.11.1 release, which uses the open container initiative
components.
With this udpate, we drop patches that are no longer required, and adjust the
install/strip routines to not look for obselete components.
There are now 4 binaries required for docker to work:
- docker
- docker-containerd
- docker-containerd-shim
- docker-runc
The new containerd and runc recipes provide the latter, while docker provides
the cli and daemon.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
With the update to docker 1.11.x, we must also introduce runc. From the
runc site:
runC is a CLI tool for spawning and running containers according to the OCP specification.
Containers are started as a child process of runC and can be embedded into various other
systems without having to run a Docker daemon.
runC is built on libcontainer, the same container technology powering millions of
Docker Engine installations.
Docker images can be run with runC.
So not only is runc required for docker, it is useful for any system that wants
to run OCP containers AND docker containers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
With the update to docker 1.11.x+, we need the OCI containerd to control
runc:
containerd is a daemon to control runC, built for performance and density.
containerd leverages runC's advanced features such as seccomp and user
namespace support as well as checkpoint and restore for cloning and
live migration of containers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
2.0.0 is released, and contains many of the patches we've been carrying for
1.x.
With this updated, we drop upstream backports (and submitted patches), and
refresh on patch. Otherwise, everything is the same.
Sanity tested on x86-64.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Recently the configure with python enabled has become the default here.
However, if the host doesn't have python3, configure fails with:
checking for a Python interpreter with version >= 3.2... none
configure: error: You must install python3
We have a python3 in the sysroot, but we need to inherit it for it to
be available for lxc's configure step.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Cherry picked patch from lxc upstream commit:
f2e206ff47<lxc: let lxc-start support wlan phys>
to enable lxc-start command support wlan0 device
and make cube-essential support paththrough wlan
device from host to lxc containers.
Signed-off-by: fli <fupan.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
