From ceafc575c8ac3df29043f5872e2997c76d8688fc Mon Sep 17 00:00:00 2001 From: Christian Stewart Date: Sat, 20 Aug 2022 21:47:50 -0700 Subject: [PATCH 1/2] package/conmon: new package Conmon is an OCI container runtime monitor. https://github.com/containers/conmon Dependency of podman. Signed-off-by: Christian Stewart --- v1 -> v2: - requires libglib2, host-pkgconf - bump version to 2.1.7 v2 -> v3: - Added select BR2_PACKAGE_LIBGLIB2 - Inverted CONMON_ENABLE_SECCOMP to CONMON_DISABLE_SECCOMP - Thanks to Joachim for the review. Signed-off-by: Christian Stewart --- DEVELOPERS | 1 + package/Config.in | 1 + package/conmon/Config.in | 16 ++++++++++++++++ package/conmon/conmon.hash | 3 +++ package/conmon/conmon.mk | 36 ++++++++++++++++++++++++++++++++++++ 5 files changed, 57 insertions(+) create mode 100644 package/conmon/Config.in create mode 100644 package/conmon/conmon.hash create mode 100644 package/conmon/conmon.mk diff --git a/DEVELOPERS b/DEVELOPERS index e76717e845..7b3287731a 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -543,6 +543,7 @@ F: package/balena-engine/ F: package/batman-adv/ F: package/catatonit/ F: package/cni-plugins/ +F: package/conmon/ F: package/containerd/ F: package/crun/ F: package/delve/ diff --git a/package/Config.in b/package/Config.in index 420ebaa370..52bc10b91b 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2631,6 +2631,7 @@ menu "System tools" source "package/bubblewrap/Config.in" source "package/cgroupfs-mount/Config.in" source "package/circus/Config.in" + source "package/conmon/Config.in" source "package/containerd/Config.in" source "package/coreutils/Config.in" source "package/cpulimit/Config.in" diff --git a/package/conmon/Config.in b/package/conmon/Config.in new file mode 100644 index 0000000000..65f693a29e --- /dev/null +++ b/package/conmon/Config.in @@ -0,0 +1,16 @@ +config BR2_PACKAGE_CONMON + bool "conmon" + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve + depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2 + depends on BR2_USE_MMU # libglib2 + depends on BR2_USE_WCHAR # libglib2 + select BR2_PACKAGE_LIBGLIB2 + help + Conmon is an OCI container runtime monitor. + + https://github.com/containers/conmon + +comment "conmon needs a glibc or musl toolchain w/ threads, wchar" + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ + BR2_TOOLCHAIN_USES_UCLIBC + depends on BR2_USE_MMU diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash new file mode 100644 index 0000000000..82d1d14ba3 --- /dev/null +++ b/package/conmon/conmon.hash @@ -0,0 +1,3 @@ +# Locally computed +sha256 7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe conmon-2.1.7.tar.gz +sha256 9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016 LICENSE diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk new file mode 100644 index 0000000000..dfac23189f --- /dev/null +++ b/package/conmon/conmon.mk @@ -0,0 +1,36 @@ +################################################################################ +# +# conmon +# +################################################################################ + +CONMON_VERSION = 2.1.7 +CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION)) +CONMON_LICENSE = Apache-2.0 +CONMON_LICENSE_FILES = LICENSE + +CONMON_DEPENDENCIES += host-pkgconf libglib2 + +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) +CONMON_DISABLE_SECCOMP = 0 +CONMON_DEPENDENCIES += libseccomp +else +CONMON_DISABLE_SECCOMP = 1 +endif + +define CONMON_CONFIGURE_CMDS + printf '#!/bin/bash\necho "$(CONMON_DISABLE_SECCOMP)"\n' > \ + $(@D)/hack/seccomp-notify.sh + chmod +x $(@D)/hack/seccomp-notify.sh +endef + +define CONMON_BUILD_CMDS + $(TARGET_MAKE_ENV) $(MAKE) CC="$(TARGET_CC)" CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" -C $(@D) bin/conmon +endef + +define CONMON_INSTALL_TARGET_CMDS + $(INSTALL) -D -m 755 $(@D)/bin/conmon $(TARGET_DIR)/usr/bin/conmon +endef + +$(eval $(generic-package)) From ad50f8d98572a265a4cf0243e0d527571b6414dd Mon Sep 17 00:00:00 2001 From: Christian Stewart Date: Sun, 24 Jul 2022 16:25:36 -0700 Subject: [PATCH 2/2] package/podman: new package podman is a CLI tool for spawning and running containers according to the OCI specification. https://github.com/containers/podman Signed-off-by: Christian Stewart --- v1 -> v2: - package/podman: bump version to v4.5.0 - Add cmd/quadlet target as required by the install script. v2 -> v3: - remove duplicate CNI_PLUGINS line in Config.in - drop old unnecessary build tags: - btrfs_noversion: not needed for btrfs >= 3.16.1 - containers_image_openpgp: no longer supported - exclude_graphdriver_devicemapper: set later in the file - Added myself to DEVELOPERS list - Added conmon -> libglib2 depends statements - Dropped CATATONIT select statement - Added CGROUPFS_MOUNT dependency if not using systemd - Thanks to Joachim for the review. Signed-off-by: Christian Stewart --- DEVELOPERS | 1 + package/Config.in | 1 + package/podman/Config.in | 58 +++++++++++++++++++++ package/podman/containers-policy.json | 14 +++++ package/podman/podman.hash | 3 ++ package/podman/podman.mk | 75 +++++++++++++++++++++++++++ 6 files changed, 152 insertions(+) create mode 100644 package/podman/Config.in create mode 100644 package/podman/containers-policy.json create mode 100644 package/podman/podman.hash create mode 100644 package/podman/podman.mk diff --git a/DEVELOPERS b/DEVELOPERS index 7b3287731a..c5de54a637 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -559,6 +559,7 @@ F: package/moby-buildkit/ F: package/mosh/ F: package/nerdctl/ F: package/pkg-golang.mk +F: package/podman/ F: package/rtl8821au/ F: package/rtl8821cu/ F: package/runc/ diff --git a/package/Config.in b/package/Config.in index 52bc10b91b..492baf25c4 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2684,6 +2684,7 @@ menu "System tools" source "package/openvmtools/Config.in" source "package/pamtester/Config.in" source "package/petitboot/Config.in" + source "package/podman/Config.in" source "package/polkit/Config.in" source "package/powerpc-utils/Config.in" source "package/procps-ng/Config.in" diff --git a/package/podman/Config.in b/package/podman/Config.in new file mode 100644 index 0000000000..92f5d6ae3d --- /dev/null +++ b/package/podman/Config.in @@ -0,0 +1,58 @@ +config BR2_PACKAGE_PODMAN + bool "podman" + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS + depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS + depends on BR2_TOOLCHAIN_HAS_THREADS # conmon -> libglib2 + depends on BR2_USE_MMU # libgpgme, conmon -> libglib2 + depends on BR2_USE_WCHAR # conmon -> libglib2 + select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime + select BR2_PACKAGE_CNI_PLUGINS + select BR2_PACKAGE_CONMON + select BR2_PACKAGE_CRUN + select BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_LIBGLIB2 + select BR2_PACKAGE_LIBGPGME + help + podman is a CLI tool for spawning and running containers + according to the OCI specification. + + https://github.com/containers/podman + +if BR2_PACKAGE_PODMAN + +config BR2_PACKAGE_PODMAN_DRIVER_BTRFS + bool "btrfs filesystem driver" + depends on BR2_USE_MMU # btrfs-progs + depends on BR2_TOOLCHAIN_HAS_THREADS # btrfs-progs + select BR2_PACKAGE_BTRFS_PROGS + help + Build the btrfs filesystem driver. + +config BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER + bool "devicemapper filesystem driver" + depends on BR2_TOOLCHAIN_HAS_THREADS # lvm2 + depends on BR2_USE_MMU # lvm2 + depends on !BR2_STATIC_LIBS # lvm2 + select BR2_PACKAGE_LVM2 + help + Build the devicemapper filesystem driver. + +config BR2_PACKAGE_PODMAN_DRIVER_VFS + bool "vfs filesystem driver" + depends on BR2_USE_WCHAR # gvfs + depends on BR2_USE_MMU # gvfs + depends on BR2_TOOLCHAIN_HAS_THREADS # gvfs + depends on !BR2_STATIC_LIBS # gvfs + select BR2_PACKAGE_GVFS + help + Build the vfs filesystem driver. + +endif + +comment "podman needs a glibc or musl toolchain w/ threads, wchar" + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \ + BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ + BR2_TOOLCHAIN_USES_UCLIBC + depends on BR2_USE_MMU diff --git a/package/podman/containers-policy.json b/package/podman/containers-policy.json new file mode 100644 index 0000000000..4480eb82b4 --- /dev/null +++ b/package/podman/containers-policy.json @@ -0,0 +1,14 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } +} diff --git a/package/podman/podman.hash b/package/podman/podman.hash new file mode 100644 index 0000000000..c011068682 --- /dev/null +++ b/package/podman/podman.hash @@ -0,0 +1,3 @@ +# Locally computed +sha256 830a633630bf6e61f2b8d4ca00efdd9a173ef25cdd49d4a4364c293e088561df podman-4.5.0.tar.gz +sha256 62fb8a3a9621dc2388174caaabe9c2317b694bb9a1d46c98bcf5655b68f51be3 LICENSE diff --git a/package/podman/podman.mk b/package/podman/podman.mk new file mode 100644 index 0000000000..f888f3ae5e --- /dev/null +++ b/package/podman/podman.mk @@ -0,0 +1,75 @@ +################################################################################ +# +# podman +# +################################################################################ + +PODMAN_VERSION = 4.5.0 +PODMAN_SITE = $(call github,containers,podman,v$(PODMAN_VERSION)) +PODMAN_LICENSE = Apache-2.0 +PODMAN_LICENSE_FILES = LICENSE + +PODMAN_CPE_ID_VENDOR = podman_project +PODMAN_GOMOD = github.com/containers/podman/v4 + +PODMAN_BUILD_TARGETS = cmd/podman cmd/rootlessport cmd/quadlet +PODMAN_DEPENDENCIES += libglib2 libgpgme +PODMAN_LDFLAGS = \ + -X $(PODMAN_GOMOD)/libpod/define.gitCommit=$(PODMAN_VERSION) +PODMAN_TAGS = exclude_graphdriver_zfs + +ifeq ($(BR2_INIT_SYSTEMD),y) +PODMAN_TAGS += systemd +endif + +ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y) +PODMAN_DEPENDENCIES += libapparmor +PODMAN_TAGS += apparmor +endif + +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) +PODMAN_TAGS += seccomp +PODMAN_DEPENDENCIES += libseccomp host-pkgconf +endif + +ifeq ($(BR2_PACKAGE_LIBSELINUX),y) +PODMAN_TAGS += selinux +PODMAN_DEPENDENCIES += libselinux +endif + +ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_BTRFS),y) +PODMAN_DEPENDENCIES += btrfs-progs +else +PODMAN_TAGS += exclude_graphdriver_btrfs +endif + +ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER),y) +PODMAN_DEPENDENCIES += lvm2 +else +PODMAN_TAGS += exclude_graphdriver_devicemapper +endif + +ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_VFS),y) +PODMAN_DEPENDENCIES += gvfs +else +PODMAN_TAGS += exclude_graphdriver_vfs +endif + +define PODMAN_INSTALL_TARGET_CMDS + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \ + install.bin + $(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni + $(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni/net.d + $(INSTALL) -D -m 644 $(@D)/cni/87-podman-bridge.conflist \ + $(TARGET_DIR)/etc/cni/net.d/87-podman-bridge.conflist + $(INSTALL) -d -m 755 $(TARGET_DIR)/etc/containers + $(INSTALL) -D -m 644 $(PODMAN_PKGDIR)/containers-policy.json \ + $(TARGET_DIR)/etc/containers/policy.json +endef + +define PODMAN_INSTALL_INIT_SYSTEMD + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \ + install.systemd +endef + +$(eval $(golang-package))