linuxcontainers.org has moved where downloads can be found, so we
adjust our SRC_URI accordingly.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Backport the patches from the upstream:
https://github.com/kubernetes/kubernetes.git [branch: release-1.16]
ba3ca4929ed3887c95f94fcf97610f3449446804
68750fefd3df76b7b008ef7b18e8acd18d5c2f2e
d22a61e21d677f7527bc8a4aeb3288c5e11dd49b
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Backport the CVE patch from the upstream:
https://github.com/kubernetes/kubernetes.git
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Backport the CVE patch from the upstream:
https://github.com/kubernetes/kubernetes.git
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Backport the CVE patches from the upstream:
https://github.com/kubernetes/kubernetes.git
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
As done by the docker-moby recipe, move the definition of the default
build tags outside do_compile and let the docker build tags be
customized via the packageconfig options set by the recipe.
This is required for enabling seccomp support during build time.
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When Autotools makes configuration of LXC, the check of
the memfd_create() function fails because __stub_memfd_create and
__stub___memfd_create (The GNU C library defines this for functions
which it implements to always fail with ENOSYS) are defined in Glibc,
which leads to the fact that the macro HAVE_MEMFD_CREATE is not
defined and LXC provides defintion of the memfd_create() function as
static inline which in turn conflicts with a definition from
the <bits/mman-shared.h> file and causes an error:
| In file included from ../../../lxc-3.2.1/src/lxc/conf.c:79:
| <src_path>//lxc/syscall_wrappers.h:77:19: error: static declaration
| of 'memfd_create' follows non-static declaration
| | static inline int memfd_create(const char *name, unsigned int flags) {
| | ^~~~~~~~~~~~
| In file included from /usr/include/bits/mman-linux.h:111,
| from /usr/include/bits/mman.h:34,
| from /usr/include/sys/mman.h:41,
| from <src_path>/lxc-3.2.1/src/lxc/conf.c:42:
| /usr/include/bits/mman-shared.h:50:5: note: previous declaration
| of 'memfd_create' was here
| | int memfd_create (const char *__name, unsigned int __flags) __THROW;
| | ^~~~~~~~~~~~
Upstream PR: https://github.com/lxc/lxc/pull/3168 (merged)
Signed-off-by: Oleksii Kurochko <olkuroch@cisco.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
(cherry picked from commit 15e9fc23ec)
Signed-off-by: Oleksii Kurochko <olkuroch@cisco.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bump to latest podman release 1.6.4. The changelog lists some new
features but mostly bugfixes between 1.6.1 and 1.6.4.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bump to latest version 2.0.2. This also makes our Makefile fix obsolete
as the fix has been aplied upstream.
Already Podman 1.6.0 actually recommended 2.0.1 and higher, with 1.6.3
this has been made mandatory. Use conmon 2.0.2 which is also used in
podmans build Dockerfile of the 1.6.4 release.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Commit c97fe5036ef3df2967d086711e6c0c405941e14b is Kubernetes v1.16.2
(see https://github.com/kubernetes/kubernetes/releases for verification)
and building with the current recipe generates v1.16.2 binaies although
the package names state v1.16.1.
Change-Id: I5701c18cc3ce205ad906eda2595d9ad7f5748b17
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The python3-docker-compose_1.16.1 requires 'docker<3.0, >=2.5.1', while
python3-docker 3.4.0 is provided. Error occurs when running
'docker-compose --version'.
Upgrade to python3-docker-compose_1.21.2 to make it work.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Updating kubernetes to use the 1.16 relese (instead of the 1.16) alpha.
No issues were found in build and runtime testing of this versus the
alpha release.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The image tools were not building with the oe/cross GO compiler
and flags. As such, you could end up with a binary on target with
the wong elf interpreter (the host one).
With this, we properly use the settings from our build.
We also bump the SRCREV to pickup a few minor fixes to the package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The layer does not expect recipes in the first subdir. Move the
podman-compose recipe into a podman-compose subdirectory.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add podman-compose, a docker-compose implementation for podman. The
current version is not feature complete, hence not all docker-compose
file work.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add a default registries.conf and storage.conf. Those config files
are used by several projects of the containers group like buildah or
podman. Provide it as part of skopeo like the other distributions do.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
It seems that docker uses nowadays a rather vanilla version of runc,
at the time of writing 1.0.0-rc8. This version has successfully
tested with podman, hence remove the obsolete comment.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Create the initial recipe to provide crun as an alternative OCI runtime
provider.
This currently has a depdenency on seccomp, but it would be nice if we
can make that optional in the future to avoid pulling in all of
meta-security as a dependency.
Example:
% skopeo copy docker://busybox oci:busybox-oci:latest
% mkdir busybox-bundle
% oci-image-tool create --ref platform.os=linux busybox-oci busybox-bundle
% cd busybox-bundle/
% rm config.json
% runc spec
% runc run foo
^D
% crun run foo
^D
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The layer check for podman was copied from cri-o .. and some non
podman elements came over as part of that copy. We drop selinux
as a check, and fix some comments.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
podman can behave as transparent drop in replacement for docker
via a wrapper 'docker' script that simply calls podman when any
docker command is issues.
While this is an interesting feature, we want it to be optional
.. since it is possible that podman and docker might want to be
installed at the same time.
So we introduce a 'podman' PACKAGECONFIG, that controls whether
or not this wrapper is installed, and if it is installed it marks
the podman package as conflicting with docker (which gets us a
better message than a failed image assembly provides).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
In a similar manner to cri-o, we don't want to make meta-selinux
or meta-security a hard dependency to meta-virtualization. So we
implement a similar anonymous python check that allows the recipe
to be skipped if the dependent layers are not present (and hence
we are yocto compatible). If we get more than two recipes doing
layer checks (this is the 2nd), we can move the functionality to
a class.
We also make the runc dependency be virtual/runc versus picking
a specific provider (even if only runc-opencontainers has been
tested).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
ostree is now provided by meta-oe, which is a required layer so
we can drop it from the anonymous python checks for layers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add conmon, a OCI container runtime monitor.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use a standard location to store the cni tools and plugins. This
is more in line how other distributions package cni. Keep a symlink
to /opt/cni/bin for backward compatibility.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
skopeo is a command line utility that performs various operations on
container images and image repositories.
skopeo can work with OCI images as well as the original Docker v2
images.
The recipe originates from from meta-overc commit a497792. It has
been updated with the new project URL and v0.1.39.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Podman is a daemonless container engine for developing, managing, and
running OCI Containers on your Linux System. Containers can either be
run as root or in rootless mode.
This patch adds the initial recipe for podman. Currently the build tags
systemd (if in DISTRO_FEATURES), seccomp, varlink and remoteclient are
enabled which allows to run podman with overlayfs as root and vfs in
rootless mode. The storage drivers btrfs and device-mapper have not
been tested and are disabled at the moment.
It seems that seccomp is mandatory, which makes meta-security which
provides libseccomp a mandatory dependency for this recipe.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since commit:
[
Author: Tom Rini <trini@konsulko.com>
Date: Fri Feb 8 13:22:35 2019 -0500
docker: Move /etc/docker to a symlink to volatiles
The only thing which docker uses /etc/docker for is a TLS key for
connecting with other TLS-enabled services. Make /etc/docker a symlink
to the existing docker volatiles directory so that we can use docker on
a read-only rootfs.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
We've had a transient / volatile docker configuration since we point
our /etc configuration to /run. This is not always a good thing if
a static configuration for keys, etc, is desired.
We maintain this functionality under the 'transient-config'
PACKAGECONFIG, and also allow the existing static/permanent config
to be used.
Signed-off-by: Matt Spencer <matthew@thespencers.me.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
The recipe which was providing the default "docker" package was aligned
with the moby repositories. In order to make that alignment clear, we
rename that recipe docker-moby.
To allow easier switching between the docker providing recipes, we
introduce a virtual/docker PROVIDES to the common .inc file (and
hence each recipe). This allows users to chose what they want via
the standard PREFERRED_PROVIDER mechanism.
Also to allow existing package lists and image installs to
continue to work without changes, we make sure that the implementation
specific docker-<foo> packages RPROVIDE docker. If any packages are
missed, we'll add them to this list in future updates.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bump the git hashes to Docker CE v19.03.2.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since commit applied in moby [61a3285 Support cross-compile for arm]
it hardcoded var-CC to support cross-compile for arm
Correct it with "${parameter:-word}" format, it is helpful for user
define toolchains
(Use Default Values. If parameter is unset or null, the expansion of
word is substituted. Otherwise, the value of parameter is substituted.)
61a3285864
This fixes a build issue seen when building docker-ce:
exec: "aarch64-linux-gnu-gcc": executable file not found in $PATH
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Use GNU Make 4.2.1(such as fedora-29) to build k8s in a long directory,
it failed with `execvp: /bin/bash: Argument list too long'
[snip]
$ cd /buildarea1/hjia/wrlinux-1019/I_/suspect_/that_/if_/you_/create_/your_/project_/in_/a_/very_/deep_/directory/build_master-wr_qemux86-64_faw_2019090509/build/tmp-glibc/work/core2-64-wrs-linux/kubernetes/v1.16.0-alpha+git7054e3ead7e1a00ca6ac3ec47ea355b76061a35a-r0/kubernetes-v1.16.0-alpha+git7054e3ead7e1a00ca6ac3ec47ea355b76061a35a/src/import
$ make cross KUBE_BUILD_PLATFORMS=linux/amd64 GOLDFLAGS=""
|+++ [0804 16:38:32] Building go targets for linux/amd64:
| ./vendor/k8s.io/code-generator/cmd/deepcopy-gen
|make[1]: execvp: /bin/bash: Argument list too long
|make[1]: *** [Makefile.generated_files:184: pkg/kubectl/cmd/testing/zz_generated.deepcopy.go] Error 127
|make: *** [Makefile:557: generated_files] Error 2
...
[snip]
From make manual [1]
$?
The names of all the prerequisites that are newer than the target, with spaces between them.
While two `$?' was passed to bash in a line, it caused above failure,
drop a duplicated one could workaround the issue.
[1] https://www.gnu.org/software/make/manual/html_node/Automatic-Variables.html
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
When curl's MIT license is preferable to wget's GPLv3. Which it is in
several situations.
Change-Id: I72ee1ce66493c564557b73fae80f5219ef83af6d
Signed-off-by: Joakim Roubert <joakimr@axis.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
commit 7394c154a9 [containers: update oci-systemd-hook to 0.2.0]
incorrectly adjusted the context around the patch
0001-Add-additional-cgroup-mounts-from-root-NS-automatica.patch.
This resulted in containers failing with an error:
systemdhook <error>: Failed to mkdir new dest: /opt/container/cube-server/rootfs/sys/fs/cgroup/perf_event: No such file or directory
Unfortunately, the code was being patched in ahead of the mounting of
the tmpfs after the patch context was adjusted. You can even get a
hint of this in the comment "Systemd is already handled above". Here
we correct this by pushing the code down to the correct position in
the file/function, making the error go away and proper function
return.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
nl80211 device can't be moved to another namespace due to
e389f2afd8509(start: unify and simplify network creation), and lxc
community has fixed this issue with:
commit 3dd7829433f63b2ec1323a1f237efa7d67ea6e2b lxc upstream
This patch is grabbing the commit above, and should be abandoned with
lxc uprev afterwards.
See more details here: https://github.com/lxc/lxc/issues/3105
Signed-off-by: Yunguo Wei <yunguo.wei@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since comit 3f64779e in meta-oe:
[ libdevmapper/lvm2: force recipe libdevmapper to populate sysroot only ]
libdevmapper recipe does not provide package any more, we need RDEPENDS
on libdevmapper which is being provided by lvm2 recipe.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
It defaults to "-s -w" [1] which strips debug information, refresh a backported
patch to build unstripped binaries
https://golang.org/cmd/link/
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Specify GOLDFLAGS as an empty string for building unstripped binaries, which allows
you to use code debugging tools like delve. When GOLDFLAGS is unspecified, it defaults
to "-s -w" which strips debug information. Other flags that can be used for GOLDFLAGS
are documented at https://golang.org/cmd/link/ [1]
[1] https://github.com/kubernetes/kubernetes/blob/master/build/root/Makefile#L82
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Add a new PACKAGECONFIG, static, which when enabled will build
runc as static. Default to enable it.
We need this because we should allow users to build runc as not
static so that when docker's cgroup driver is set to systemd,
we don't get error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
There are unnessary and incorrect settings like GOOS and GOROOT.
There are also redundant settings like GOPATH, CGO_CFLAGS, etc,
whose latter setting will cover the previous one.
So clean all these up.
Also, remove the comment which suggests settings GOVERSION to "1.10%",
as it's no longer valid for current OE.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
cri-o depends on ostree, libselinux and libseccomp
and we should check if the layer which provides these
recipes exist or not before go on.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Currently kubernetes does not build for qemux86, qemumips, qemumips64,
qemuppc. So set COMPATIBLE_HOST to make this clear. Otherwise we get
build failure when trying to build like below.
fatal error: bits/long-double-64.h: No such file or directory
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
DOCKER_BUILDTAGS has tags that exclude btrfs and devicemapper graph
drivers. To enable either, the tags have to be removed, but this isn't
easily possible as DOCKER_BUILDTAGS can't be overridden via a
bbappend.
Define a BUILD_TAGS variable in the docker recipe that is set with the
exclude tags, and use it for setting DOCKER_BUILDTAGS. This makes it
possible for downstream to tweak BUILD_TAGS/DOCKER_BUILD_TAGS via a
bbappend.
Signed-off-by: Anoop Karollil <anoop.karollil@ge.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since commit applied in moby [61a3285 Support cross-compile for arm]
it hardcoded var-CC to support cross-compile for arm
Correct it with "${parameter:-word}" format, it is helpful for user
define toolchains
(Use Default Values. If parameter is unset or null, the expansion of
word is substituted. Otherwise, the value of parameter is substituted.)
61a3285864
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
