MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 12:50:22 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
51a891439b
meta-virtualization/recipes-containers/lxc/lxc_git.bb
Bruce Ashfield 51a891439b lxc: update to v5.0.2 
We drop a patch that has been merged upsream, and also bump the
version to lxc-5.0.2, which comprises the following commits:

    d57173681 Release LXC 5.0.2
    17c85aac6 Fix build error on sparc64 caused by using the gold linker
    b7dfb1312 lxc-default-cgns apparmor profile: allow overlay mounts
    5cde898f4 lxc_user_nic: fix get_mtu() error handling
    80553b5b4 Patching an incoming CVE (CVE-2022-47952)
    1089f49c5 build: force linking against liblxc
    0d2a03118 checkconfig: Fix filesystem capability check
    e17429580 checkconfig: Tweak cgroup handling
    4ab76611d checkconfig: Tweak layout
    0bca9bb18 checkconfig: Hide version if no lxc-start
    957e0a5d9 checkconfig: Fix mixed tabs/spaces
    4916a16bd src/lxc/meson.build: fix build without apparmor
    a330126b4 build: use cc.get_define to detect FS_CONFIG_* symbols
    c89be8325 cgroups: fix cgroup layout detection in __initialize_cgroups
    7802f3647 state: additional check in lxc_wait to prevent OOB
    4b434bf52 cgroups: check snprintf retval in unpriv_systemd_create_scope
    0eca8d2ea cgroups: fix buffer out-of-bounds access in enable_controllers_delegation
    4ce8345d6 network: always initialize struct nl_handler
    28a1591cd apparmor: properly check lxc_strmmap ret value
    bd56c89ea github: fix coverity (add libpam-dev)
    a1ead0dcc github: fix coverity build
    9e35b3ecd conf: ensure mount tunnel is a dependent mount
    2ff447445 apparmor: allow shared mounts in start-container.in
    58e878209 conf: create separate peer group for container's root
    06b4612ee cgroups: only allocate user namespace if we have to
    2662959b8 cgroups: use userns_exec_full() during cgroup removal
    4dcc84c6b README: remove lgtm
    748720ceb tests: lxc-test-reboot: Fix build on ia64
    5749e2e20 Unroll IN_SET since the max usage is 2 elements check
    495b1bbf4 tests: lxc-test-checkpoint-restore: use trap to do cleanup
    77e08b887 tools: lxc-destroy: update help message for --force
    9165ff1ed lxc/attach: Detect EACCES from execvp and convert to 126 exit status
    011faff36 lxc-attach: Fix lost return codes of spawned processes that are killed
    931693945 Update README.md
    a6287882e conf: allow cross-device links
    8fa6d765a build(deps): bump actions/checkout from 2 to 3
    e08c1b740 Update cifuzz.yml
    0e9e64db8 fix error message when use tools with -? option
    f1a61a5f0 use sd_bus_call_method_async to replace the asyncv one
    ca863bd72 tree-wide: split open helpers into open_utils.h
    02900160c build: prevent the inclusion of linux/mount.h with a hack
    51b8763b0 mount_utils: remove conf.h include
    460243f40 mount: move mount utilities from syscall_wrappers.h into mount_utils.h
    d5d7e2036 tree-wide: minimize liburing.h inclusion
    e2b8776bb meson: fix docbook2x detection
    d1dfce9c5 tree-wide: use struct open_how directly
    c9bca3326 tree-wide: use struct clone_args directly
    497479ea3 tree-wide: wipe direct or indirect linux/mount.h inclusion
    02f4bd00f build: check for FS_CONFIG_* header symbol in sys/mount.h
    c222fb567 gitignore: Simplify
    22e8a7941 meson.build: strip newline for variable assignments
    d5600cf76 meson.build: strip newlines from git output
    7d6b53438 src/lxc/meson.build: fix the static library path
    1d5c7e771 build: drop build-time systemd dependency
    59f69162c build: only build init.lxc.static if libcap is statically linkable
    062c2d980 build: fix handling of dependancies to fix build on openSUSE
    2a9743bba cgroups: fix -Waddress warning
    e510d6bd8 build: detect sys/pidfd.h availability
    b7b269680 build: detect where struct mount_attr is declared
    5313e5048 meson.build: allow explicit distrosysconfdir
    0539095ac Release LXC 5.0.1
    a1329fefe README: update security mails
    315d4cec6 meson.build: fix build without stack-protector
    aba631cd4 meson.build: fix build with -Dcapabilities=false
    c2ee9b440 src/lxc/log.h: fix STRERROR_R_CHAR_P
    d441ee585 meson: add remaining still-in-use config checks
    00a79876b Store mount options in correct variable
    da0f35646 Fix off-by-one error constructing mount options
    31bff905a add check for statvfs
    242289b6b start: fix namespace sharing
    41f602361 conf: fix append_ttyname()
    ea4fd7f85 start: record inherited namespaces earlier to make it available for idmapped rootfs setup
    e74fd55bc start: don't overwrite file descriptors during namespace preservation
    dcfd75bb4 conf: log file descriptors on error during idmapped mount setup
    c3e648700 fix for issue 4026: set broadcast to 0.0.0.0 for /31 and /32
    cfcbdb75f use systemd dbus StartTransientUnit for unpriv cgroup2
    28726f215 Fix uninitialized read in parse_cap when libcap is not used
    d663495ee meson: Generate compile commands by iterating over an array

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2023-01-19 15:42:25 -05:00

210 lines
7.3 KiB
BlitzBasic
Raw Blame History

DESCRIPTION = "lxc aims to use these new functionnalities to provide an userspace container object"
SECTION = "console/utils"
LICENSE = "LGPL-2.1-only & GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c \
file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \
"
DEPENDS = "libxml2 libcap"
RDEPENDS:${PN} = " \
rsync \
curl \
gzip \
xz \
tar \
libcap-bin \
bridge-utils \
dnsmasq \
perl-module-strict \
perl-module-getopt-long \
perl-module-vars \
perl-module-exporter \
perl-module-constant \
perl-module-overload \
perl-module-exporter-heavy \
gmp \
libidn \
gnutls \
nettle \
util-linux-mountpoint \
util-linux-getopt \
"
RDEPENDS:${PN}:append:libc-glibc = " glibc-utils"
RDEPENDS:${PN}-ptest += "file make gmp nettle gnutls bash libgcc"
RDEPENDS:${PN}-networking += "iptables"
SRC_URI = "git://github.com/lxc/lxc.git;branch=stable-5.0;protocol=https \
file://lxc-1.0.0-disable-udhcp-from-busybox-template.patch \
file://run-ptest \
file://templates-actually-create-DOWNLOAD_TEMP-directory.patch \
file://template-make-busybox-template-compatible-with-core-.patch \
file://templates-use-curl-instead-of-wget.patch \
file://0001-download-don-t-try-compatbility-index.patch \
file://tests-our-init-is-not-busybox.patch \
file://dnsmasq.conf \
file://lxc-net \
"
SRCREV = "d571736812b89e195bee69b900fe09115a1e7e00"
PV = "5.0.2+git${SRCPV}"
S = "${WORKDIR}/git"
# Let's not configure for the host distro.
#
PTEST_CONF = "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '-Dtests=true', '', d)}"
# No meson equivalent for --with-distro
# EXTRA_OECONF += "--with-distro=${DISTRO} ${PTEST_CONF}"
EXTRA_OEMESON += "${PTEST_CONF}"
# No meson equivalent for these yet
# EXTRA_OECONF += "--enable-log-src-basename --disable-werror"
PACKAGECONFIG ??= "templates \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'seccomp', 'seccomp', '', d)} \
"
# Meson doesn't seem to be as fine grained as the autotools releases
# PACKAGECONFIG[doc] = "--enable-doc --enable-api-docs,--disable-doc --disable-api-docs,,"
PACKAGECONFIG[doc] = "-Dman=true,-Dman=false,,"
# No meson equiv found for rpath yet
# PACKAGECONFIG[rpath] = "--enable-rpath,--disable-rpath,,"
PACKAGECONFIG[apparmor] = "-Dapparmor=true,-Dapparmor=false,apparmor,apparmor"
PACKAGECONFIG[templates] = ",,, ${PN}-templates"
PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux,libselinux"
PACKAGECONFIG[seccomp] ="-Dseccomp=true,-Dseccomp=false,libseccomp,libseccomp"
# meson equiv for the unitdir found yet
# PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_unitdir}/system/,--without-systemdsystemunitdir,systemd,"
PACKAGECONFIG[systemd] = "-Dinit-script=systemd,-Dinit-script=sysvinit,systemd,"
# required by python3 to run setup.py
export BUILD_SYS
export HOST_SYS
export STAGING_INCDIR
export STAGING_LIBDIR
inherit meson pkgconfig ptest update-rc.d systemd python3native
SYSTEMD_PACKAGES = "${PN} ${PN}-networking"
SYSTEMD_SERVICE:${PN} = "lxc.service lxc-monitord.service"
SYSTEMD_AUTO_ENABLE:${PN} = "disable"
SYSTEMD_SERVICE:${PN}-networking = "lxc-net.service"
SYSTEMD_AUTO_ENABLE:${PN}-networking = "enable"
INITSCRIPT_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', '${PN}', d)} ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', '${PN}-networking',d)}"
INITSCRIPT_NAME:${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'lxc-containers', d)}"
INITSCRIPT_PARAMS:${PN} = "defaults"
INITSCRIPT_NAME:${PN}-networking = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'lxc-net', d)}"
INITSCRIPT_PARAMS:${PN}-networking = "defaults"
FILES:${PN}-doc = "${mandir} ${infodir}"
# For LXC the docdir only contains example configuration files and should be included in the lxc package
FILES:${PN} += "${docdir}"
FILES:${PN} += "${libdir}/python3*"
FILES:${PN} += "${datadir}/bash-completion"
FILES:${PN}-dbg += "${libexecdir}/lxc/.debug"
FILES:${PN}-dbg += "${libexecdir}/lxc/hooks/.debug"
PACKAGES =+ "${PN}-templates ${PN}-networking ${PN}-lua"
FILES:lua-${PN} = "${datadir}/lua ${libdir}/lua"
FILES:lua-${PN}-dbg += "${libdir}/lua/lxc/.debug"
FILES:${PN}-templates += "${datadir}/lxc/templates"
RDEPENDS:${PN}-templates += "bash"
FILES:${PN}-networking += " \
${sysconfdir}/init.d/lxc-net \
${sysconfdir}/default/lxc-net \
"
# Not needed for meson
# CACHED_CONFIGUREVARS += " \
# ac_cv_path_PYTHON='${STAGING_BINDIR_NATIVE}/python3-native/python3' \
# am_cv_python_pyexecdir='${PYTHON_SITEPACKAGES_DIR}' \
# am_cv_python_pythondir='${PYTHON_SITEPACKAGES_DIR}' \
#"
do_install:append() {
# The /var/cache/lxc directory created by the Makefile
# is wiped out in volatile, we need to create this at boot.
rm -rf ${D}${localstatedir}/cache
install -d ${D}${sysconfdir}/default/volatiles
echo "d root root 0755 ${localstatedir}/cache/lxc none" \
> ${D}${sysconfdir}/default/volatiles/99_lxc
for i in `grep -l "#! */bin/bash" ${D}${datadir}/lxc/hooks/*`; do \
sed -e 's|#! */bin/bash|#!/bin/sh|' -i $i; done
if "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}"; then
# nothing special for systemd at the moment
true
else
# with meson, these aren't built unless sysvinit is the enabled
# init system.
install -d ${D}${sysconfdir}/init.d
install -m 755 config/init/sysvinit/lxc* ${D}${sysconfdir}/init.d
fi
# since python3-native is used for install location this will not be
# suitable for the target and we will have to correct the package install
if ${@bb.utils.contains('PACKAGECONFIG', 'python', 'true', 'false', d)}; then
if [ -d ${D}${exec_prefix}/lib/python* ]; then mv ${D}${exec_prefix}/lib/python* ${D}${libdir}/; fi
rmdir --ignore-fail-on-non-empty ${D}${exec_prefix}/lib
fi
# /etc/default/lxc sources lxc-net, this allows lxc bridge when lxc-networking
# is not installed this results in no lxcbr0, but when lxc-networking is installed
# lxcbr0 will be fully configured.
install -m 644 ${WORKDIR}/lxc-net ${D}${sysconfdir}/default/
# Force the main dnsmasq instance to bind only to specified interfaces and
# to not bind to virbr0. Libvirt will run its own instance on this interface.
install -d ${D}/${sysconfdir}/dnsmasq.d
install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/lxc
}
EXTRA_OEMAKE += "TEST_DIR=${D}${PTEST_PATH}/src/tests"
do_install_ptest() {
# Move tests to the "ptest directory"
install -d ${D}/${PTEST_PATH}/tests
mv ${D}/usr/bin/lxc-test-* ${D}/${PTEST_PATH}/tests/.
}
pkg_postinst:${PN}() {
if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
/etc/init.d/populate-volatile.sh update
fi
}
pkg_postinst:${PN}-networking() {
if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
cat >> $D/etc/network/interfaces << EOF
auto lxcbr0
iface lxcbr0 inet dhcp
bridge_ports eth0
bridge_fd 0
bridge_maxwait 0
EOF
cat<<EOF>$D/etc/network/if-pre-up.d/lxcbr0
#! /bin/sh
if test "x\$IFACE" = xlxcbr0 ; then
brctl show |grep lxcbr0 > /dev/null 2>/dev/null
if [ \$? != 0 ] ; then
brctl addbr lxcbr0
brctl addif lxcbr0 eth0
ip addr flush eth0
ifconfig eth0 up
fi
fi
EOF
chmod 755 $D/etc/network/if-pre-up.d/lxcbr0
fi
}
Reference in New Issue View Git Blame Copy Permalink