It depends on virtual/containerd which is provided by
containerd-opencontainers, so set the same COMPATIBLE_HOST as the last one.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Attempting to build for x86-64 will result in an error:
cannot find package runtime/cgo (using -importcfg)
...go/pkg/tool/linux_amd64/link: cannot open file : open : no such file or directory
As a workaround we switch the build target to 'build' which results in
a slightly smaller executable but does mean that several dynamic
libraries are required to run the generated executable. This shouldn't
be a problem as the build system will ensure the libraries are present
on images where the executable will be included. This change only
means the executable can't be copied as a single entity to a different
machine and run.
We do also patch the Makefile to allow the 'static' target to build
successfully and in the patch commit log we describe the issue in full
(at least in as much detail as we currently have on the issue). But
since the issue isn't fully understood we don't recommend the 'static'
build to be used at this time, thus default to the 'build' target.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
If we build libvirt with mips64 arch will fail that was not compatible with,
so place the qemu configure options to PACKAGECONFIG, let the PACKAGECONFIG
control the build options.
qemu is in the default PACKAGECONFIG, so we are not changing the build
for non-mips architectures.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Althought the bbappends are currently empty, lets stick with
the versioned (versus wildcard) bbappend. They serve as an
explicit reference to which kernels have been tested with
meta-virt
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since af6363374cbd ("cgroup: make CONFIG_CGROUP_NET_PRIO bool and drop unnecessary init_netclassid_cgroup()"),
CONFIG_CGROUP_NET_PRIO has become a bool option. Forcedly setting it to "m"
would end up with "n". Change it to "y" here.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
1. set the cross compile sysroot to find the rocksdb library
2. correct the install path for library in Distutils.cmake
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
1. Add a hook support script for libvirt
Add daemon, qemu, lxc and network script when the correspond to
libvirt daemon, qemu guest, lxc guest and network started or stoped,
based on:
https://libvirt.org/hooks.html
2. Add a qemu user and a qemu group and a kvm group
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Generally, our host gcc version below 8.0, but cross toolchain in yocto
above 8.0, now 8.3, the option "macro-prefix-map" coming from 8.0, so if
the host gcc below 8.0, it can't unrecognized the option "macro-prefix-map".
In criu source code, the HOSTCFLAGS coming from CFLAGS:
https://github.com/checkpoint-restore/criu/blob/criu-dev/Makefile#L17
In yocto project, the CFLAGS coming from the cross toolchain, containing
the "-fmacro-prefix-map" default, so we should use the BUILD_CFLAGS, it
contains the flags that used for host building.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
container-base is a sample/reference image type that uses the
newly integrated image-oci image type to directly create OCI
compatible images from a build.
This image type can be inherited and extended to implement more
complex container types, with modified image configurations.
It is inspired by / based off the samples in the presentation
done by Scott Murray (Building Container Images with
OpenEmbedded and the Yocto Project) at ELCe 2018.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This image class creates an oci image spec directory from a generated
rootfs. The contents of the rootfs do not matter (i.e. they need not be
container optimized), but by using the container image type and small
footprint images, we can create directly executable container images.
Once the tarball (or oci image directory) has been created of the OCI
image, it can be manipulated by standard tools. For example, to create a
runtime bundle from the oci image, the following can be done:
Assuming the image name is "container-base":
If the oci image was a tarball, extract it (skip, if a directory is being directly used)
% tar xvf container-base-<arch>-<stamp>.rootfs-oci-latest-x86_64-linux.oci-image.tar
And then create the bundle:
% oci-image-tool create --ref name=latest container-base-<arch>-<stamp>.rootfs-oci container-base-oci-bundle
Or to copy (push) the oci image to a docker registry, skopeo can be used (vary the
tag based on the created oci image:
% skopeo copy --dest-creds <username>:<password> oci:container-base-<arch>-<stamp>:latest docker://zeddii/container-base
The following image variables are available to customize the details
of the constructed image (defaults as shown):
OCI_IMAGE_AUTHOR ?= "${PATCH_GIT_USER_NAME}"
OCI_IMAGE_AUTHOR_EMAIL ?= "${PATCH_GIT_USER_EMAIL}"
OCI_IMAGE_TAG ?= "latest"
OCI_IMAGE_RUNTIME_UID ?= ""
OCI_IMAGE_ARCH ?= "${TARGET_ARCH}"
OCI_IMAGE_SUBARCH ?= "${@oci_map_subarch(d.getVar('TARGET_ARCH'), d.getVar('TUNE_FEATURES'), d)}"
OCI_IMAGE_ENTRYPOINT ?= "sh"
OCI_IMAGE_ENTRYPOINT_ARGS ?= ""
OCI_IMAGE_WORKINGDIR ?= ""
//List of ports to expose from a container running this image:
//PORT[/PROT]
// format: <port>/tcp, <port>/udp, or <port> (same as <port>/tcp).
OICI_IMAGE_PORTS ?= ""
// key=value list of labels
OCI_IMAGE_LABELS ?= ""
// key=value list of environment variables
OCI_IMAGE_ENV_VARS ?= ""
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
There are multiple different tools/techniques to generate OCI images.
Many of these techniques are part of more complex workflows, or have
many options that are needed as part of a larger system or are needed
to provide flexibility in the tooling (i.e. they construct the
container as well as build the OCI image, or they can push directly
to a registry, etc).
What we want within the build context of bitbake/oe is to not
duplicate work that is done by bitbake, the other image bbclasses
or the runtime part of the ecosystem. This means only the construction
of an image-spec v1.x image without dependencies on build, or execution
of the container within a tool. We'd also like the tool to not pull
in multiple, unused dependencies that must be built native/native-sdk,
etc, to support the simple use case.
The requirements above exclude (for now) tools such as skopeo, umoci,
buildah, img, orca-build, kaniko, scratchbuild, etc. Leading us to
a from-scratch implementation .. or enter sloci-image.
sloci-image is a simple CLI for packing a rootfs into a single layer
OCI image. It can easily be extended, or ported to other language
implementations in the future. But it brings nearly no native
dependencies and is a pure/clean implementation of the image spec
that integrates nicely in an oe/bitbake environment.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Adds patch to fix detection of the "no-pie" vs "nopie" flag, which needs
to be performed for both the host and target compilers; cannot assume
that one works for the other.
Use EXTRA_HOST_CFLAGS and EXTRA_HOST_LDFLAGS variables for passing
the host tool build parameters: BUILD_CFLAGS and BUILD_LDFLAGS.
Drop unneeded 'NO_WERROR=1' from the recipe and rewrap line.
Uprev commit to latest git revision.
Signed-off-by: Christopher Clark <christopher.clark6@baesystems.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This module is part of the perl package now and is shipped by default.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use git hash which addresses CVE-2019-5736. Use the same git hash
used in top of Docker 18.09 branch.
Changes in runc since
6635b4f0 merge branch 'cve-2019-5736'
0a8e4117 nsenter: clone /proc/self/exe to avoid exposing host binary to container
dd023c45 merge branch 'pr-1972'
Fixes: CVE-2019-5736
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When enable ccache for ceph, error occurs:
-----------------------------------------------------
ccache: invalid option -- 'E'
...
Unable to determine C++ standard library, got .
-----------------------------------------------------
This is because variable "CXX_STDLIB" was null in CMakeLists.txt line: 637,
The "CXX_STDLIB" come from:
-----------------------------------------------------
execute_process(
COMMAND ./librarytest.sh ${CMAKE_CXX_COMPILER} ${CMAKE_CXX_FLAGS}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
OUTPUT_VARIABLE CXX_STDLIB
)
-----------------------------------------------------
The script librarytest.sh in ceph accept argument: compile and flags, but when
enable ccache, the compile replace by ccache, so that script failed.
So we disable ccache for ceph now.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The only thing which docker uses /etc/docker for is a TLS key for
connecting with other TLS-enabled services. Make /etc/docker a symlink
to the existing docker volatiles directory so that we can use docker on
a read-only rootfs.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
refreshing the containerd support to 1.2.x. We have to tweak the package
linking and update the go compile patch, but otherwise, the build is
unchanged.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
"libxl" package does not exist, use Xen.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This recipe does not build for mips, so set COMPATIBLE_HOST to avoid that.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The v2.11 version fixed a bug as follow.
Error info:
ovs|00002|db_ctl_base|ERR|external-ids:hostname=: argument does not
end in "=" followed by a value.
The result of ptest between v2.11 and v2.10.1 is similar.
v2.11:
ERROR: 2765 tests were run,
317 failed (1 expected failure).
85 tests were skipped.
v2.10.1:
ERROR: 2662 tests were run,
311 failed (1 expected failure).
85 tests were skipped.
I checked the detailed result. The failed tests were mostly related
to python2 as the image only use python3.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
linux-yocto-dev would also use virualization features.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
kernel has replaced CONFIG_NF_CONNTRACK_IPV4 with CONFIG_NF_CONNTRACK.
[commit: a0ae2562c]
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This change reduces the length of ${PV} for several recipes and gives us
auto-incrementing version numbers.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If we're building runc-opencontainers it's likely that we're not using
docker.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
If we don't explicitly set the GO variable as an argument to make then
the native go toolchain is invoked instead of the cross-toolchain we
actually want. This can result in a netns binary which is built for the
wrong architecture.
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
fixes:
WARNING: linux-yocto-4.18.21+gitAUTOINC+9e348b6f9d_db2d813869-r0
do_kernel_configcheck: [kernel config]: This BSP sets config
options that are not offered anywhere within this kernel:
CONFIG_EXT3_FS_XATTR
CONFIG_RESOURCE_COUNTERS
CONFIG_CGROUP_MEM_RES_CTLR
CONFIG_CLS_CGROUP
CONFIG_NETPRIO_CGROUP
CONFIG_DEVPTS_MULTIPLE_INSTANCES
Configs were either dropped or renamed according to the updates made
in the kernel, as capture below.
CONFIG_RESOURCE_COUNTERS gone since kernel v3.19 via mainline
commit 5b1efc027c0b51ca3e76f4e00c83358f8349f543.
CONFIG_CGROUP_MEM_RES_CTLR renamed since kernel v3.6 via mainline
commit c255a458055e459f65eb7b7f51dc5dbdd0caf1d8
CONFIG_CLS_CGROUP never existed AFAICT it should have always
been CONFIG_NET_CLS_CGROUP
CONFIG_NETPRIO_CGROUP renamed since kernel v3.14 via mainline
commit 86f8515f9721fa171483f0fe0391968fbb949cc9
CONFIG_DEVPTS_MULTIPLE_INSTANCES removed since kernel v4.7 via mainline
commit eedf265aa003b4781de24cfed40a655a664457e6
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
add the py2 version for python-docker and python-docker-pycreds packages.
add python-six and python-backport_ssl (for ph2 only) as python-docker dependencies.
verify the connection to docker engine at run time -
>>> import docker
>>> client = docker.from_env()
>>> client.images.list()
[<Image: 'hello-world:latest'>]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Instead of setting virtio kernel configs in LXC fragment, just reuse
cfg/virtio.scc from yocto-kernel-cache.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
The script lxc-checkconfig doesn't seem to report virtio related kernel
configs as required, so remove them from lxc.cfg instead.
Signed-off-by: Chin Huat Ang <chin.huat.ang@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Ceph package depends on libibverbs, which is provided by the
meta-cloud-services layer.
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
A very small # of new commits. Most are minor bug fixes, no feature
work. I looked at adding ptests but the tests are mostly in an
unusable state at the moment, for example several require cgm despite
cgmanager being deprecated. So I have opted to continue without them
and only when we can work with upstream to improve their testing can
we seriously consider adding them.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
When CRIU is called for a first time and the /run/criu.kdat file does
not exists, the following warning is shown:
Warn (criu/kerndat.c:847): Can't load /run/criu.kdat
This patch is replacing this warning with a more appropriate debug
message.
File /run/criu.kdat does not exist
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
