[PATCH v2 0/7] podman: add initial recipe

[PATCH v2 0/7] podman: add initial recipe

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

This adds Podman a daemonless container engine for developing,
managing, and running OCI Containers on your Linux System.
Containers can either be run as root or in rootless mode.
Simply put: `alias docker=podman`.

Currently the build tags systemd (if in DISTRO_FEATURES),
seccomp, varlink and remoteclient are enabled which allows to
run podman with overlayfs as root and vfs in rootless mode.
The storage drivers btrfs and device-mapper have not been
tested and are disabled at the moment.

--
Stefan

Changes in v2:
- Add slirp4netns recipe for rootless networking support
- Fix podman recipe to build properly (set GOARCH properly)
- Fix podman recipe commit message and comments
- Add varlink and remoteclient to build tags
- Move cni binaries to /usr/libexec/cni and create symlink for /opt/cni/bin

Stefan Agner (7):
  conmon: initial add
  go-metalinter: add recipe for gometalinter
  go-md2man: add md2man
  skopeo: add skopeo
  cni: move cni tools to /usr/libexec/cni
  slirp4netns: add slirp4netns user-mode networking
  podman: add the Pod Manager tool

 recipes-containers/conmon/conmon_2.0.0.bb     | 30 ++++++
 ...ail-if-clean-is-called-without-a-bui.patch | 31 +++++++
 recipes-containers/cri-o/files/crio.conf      |  2 +-
 recipes-containers/podman/podman_git.bb       | 93 +++++++++++++++++++
 recipes-containers/skopeo/skopeo_git.bb       | 73 +++++++++++++++
 recipes-devtools/go/go-md2man_git.bb          | 20 ++++
 recipes-devtools/go/go-metalinter_git.bb      | 24 +++++
 recipes-networking/cni/cni_git.bb             |  8 +-
 .../slirp4netns/slirp4netns_0.4.1.bb          | 16 ++++
 9 files changed, 294 insertions(+), 3 deletions(-)
 create mode 100644 recipes-containers/conmon/conmon_2.0.0.bb
 create mode 100644 recipes-containers/conmon/files/0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch
 create mode 100644 recipes-containers/podman/podman_git.bb
 create mode 100644 recipes-containers/skopeo/skopeo_git.bb
 create mode 100644 recipes-devtools/go/go-md2man_git.bb
 create mode 100644 recipes-devtools/go/go-metalinter_git.bb
 create mode 100644 recipes-networking/slirp4netns/slirp4netns_0.4.1.bb

-- 
2.20.1

[PATCH v2 1/7] conmon: initial add

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

Add conmon, a OCI container runtime monitor.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 recipes-containers/conmon/conmon_2.0.0.bb     | 30 ++++++++++++++++++
 ...ail-if-clean-is-called-without-a-bui.patch | 31 +++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 recipes-containers/conmon/conmon_2.0.0.bb
 create mode 100644 recipes-containers/conmon/files/0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch

diff --git a/recipes-containers/conmon/conmon_2.0.0.bb b/recipes-containers/conmon/conmon_2.0.0.bb
new file mode 100644
index 0000000..f4e2cd6
--- /dev/null
+++ b/recipes-containers/conmon/conmon_2.0.0.bb
@@ -0,0 +1,30 @@
+SUMMARY = "An OCI container runtime monitor"
+SECTION = "console/utils"
+HOMEPAGE = "https://github.com/containers/conmon"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=61af0b6932ea7b12fb9142721043bc77"
+
+DEPENDS = "glib-2.0"
+
+SRCREV = "e217fdff82e0b1a6184a28c43043a4065083407f"
+SRC_URI = "\
+    git://github.com/containers/conmon.git \
+    file://0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch \
+"
+
+SRC_URI[md5sum] = "5c711911d766d76813333c3812277574"
+SRC_URI[sha256sum] = "4c31278b2c03e5be5a696c3088bc86cf2557a70e00f697799c163aba18e3c40e"
+
+S = "${WORKDIR}/git"
+
+inherit pkgconfig
+
+EXTRA_OEMAKE = "PREFIX=${prefix} BINDIR=${bindir} LIBEXECDIR=${libexecdir}"
+
+do_install() {
+    oe_runmake 'DESTDIR=${D}' install
+}
+
+FILES_${PN} += " \
+    ${bindir}/conmon \
+"
diff --git a/recipes-containers/conmon/files/0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch b/recipes-containers/conmon/files/0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch
new file mode 100644
index 0000000..8d2b473
--- /dev/null
+++ b/recipes-containers/conmon/files/0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch
@@ -0,0 +1,31 @@
+From 6ef63dfcc65d5401bc7cc7170d569cefcdadcb38 Mon Sep 17 00:00:00 2001
+From: Stefan Agner <stefan@agner.ch>
+Date: Fri, 30 Aug 2019 17:49:22 +0200
+Subject: [PATCH] Makefile: don't fail if clean is called without a build
+
+Do not fail when calling the clean target without building first.
+
+Upstream-Status: Backport
+
+Signed-off-by: Stefan Agner <stefan@agner.ch>
+---
+ Makefile | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index fb0e4fb..b525595 100644
+--- a/Makefile
++++ b/Makefile
+@@ -66,8 +66,7 @@ bin:
+ 
+ .PHONY: clean
+ clean:
+-	rm -f bin/conmon src/*.o
+-	rmdir bin
++	rm -rf bin/ src/*.o
+ 
+ .PHONY: install install.bin install.crio install.podman podman crio
+ install: install.bin
+-- 
+2.23.0
+
-- 
2.20.1

[PATCH v2 2/7] go-metalinter: add recipe for gometalinter

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

A tool that concurrently runs a whole bunch of go linters and
normalises their output to a standard format. Useful to build
podman.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 recipes-devtools/go/go-metalinter_git.bb | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 recipes-devtools/go/go-metalinter_git.bb

diff --git a/recipes-devtools/go/go-metalinter_git.bb b/recipes-devtools/go/go-metalinter_git.bb
new file mode 100644
index 0000000..668b431
--- /dev/null
+++ b/recipes-devtools/go/go-metalinter_git.bb
@@ -0,0 +1,24 @@
+DESCRIPTION = "Go Meta Linter."
+HOMEPAGE = "https://github.com/alecthomas/gometalinter"
+SECTION = "devel/go"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://COPYING;md5=dee20b35647295553d32faef05846a7b"
+
+BBCLASSEXTEND = "native"
+
+SRCNAME = "gometalinter"
+
+PKG_NAME = "github.com/alecthomas/${SRCNAME}"
+SRC_URI = "git://${PKG_NAME}.git"
+
+SRCREV = "e8d801238da6f0dfd14078d68f9b53fa50a7eeb5"
+PV = "0.0+git${SRCPV}"
+
+S = "${WORKDIR}/git"
+
+do_install() {
+	install -d ${D}${prefix}/local/go/src/${PKG_NAME}
+	cp -r ${S}/* ${D}${prefix}/local/go/src/${PKG_NAME}/
+}
+
+FILES_${PN} += "${prefix}/local/go/src/${PKG_NAME}/*"
-- 
2.20.1

[PATCH v2 3/7] go-md2man: add md2man

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

This tool converts markdown into roff (man pages). Useful to build
podman.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 recipes-devtools/go/go-md2man_git.bb | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 recipes-devtools/go/go-md2man_git.bb

diff --git a/recipes-devtools/go/go-md2man_git.bb b/recipes-devtools/go/go-md2man_git.bb
new file mode 100644
index 0000000..cc8dd5c
--- /dev/null
+++ b/recipes-devtools/go/go-md2man_git.bb
@@ -0,0 +1,20 @@
+DESCRIPTION = "A markdown to manpage generator."
+HOMEPAGE = "https://github.com/cpuguy83/go-md2man"
+SECTION = "devel/go"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE.md;md5=80794f9009df723bbc6fe19234c9f517"
+
+BBCLASSEXTEND = "native"
+
+GO_IMPORT = "github.com/cpuguy83/go-md2man"
+#GO_INSTALL = "${GO_IMPORT}/bin/go-md2man"
+
+SRC_URI = "git://${GO_IMPORT}.git"
+
+SRCREV = "f79a8a8ca69da163eee19ab442bedad7a35bba5a"
+PV = "1.0.10+git${SRCPV}"
+
+S = "${WORKDIR}/git"
+
+inherit go
+
-- 
2.20.1

[PATCH v2 4/7] skopeo: add skopeo

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

skopeo is a command line utility that performs various operations on
container images and image repositories.

skopeo can work with OCI images as well as the original Docker v2
images.

The recipe originates from from meta-overc commit a497792. It has
been updated with the new project URL and v0.1.39.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 recipes-containers/skopeo/skopeo_git.bb | 73 +++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 recipes-containers/skopeo/skopeo_git.bb

diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb
new file mode 100644
index 0000000..82d3f23
--- /dev/null
+++ b/recipes-containers/skopeo/skopeo_git.bb
@@ -0,0 +1,73 @@
+HOMEPAGE = "https://github.com/containers/skopeo"
+SUMMARY = "Work with remote images registries - retrieving information, images, signing content"
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=7e611105d3e369954840a6668c438584"
+
+DEPENDS = " \
+    gpgme \
+    multipath-tools \
+    btrfs-tools \
+    glib-2.0 \
+    ostree \
+"
+
+inherit go
+
+RDEPENDS_${PN} = " \
+     gpgme \
+     libgpg-error \
+     libassuan \
+"
+
+SRC_URI = "git://github.com/containers/skopeo"
+
+SRCREV = "1cf1e06582142c522543560f2bc6d6756696e8ad"
+PV = "v0.1.39-dev+git${SRCPV}"
+GO_IMPORT = "import"
+
+S = "${WORKDIR}/git"
+
+inherit goarch
+inherit pkgconfig
+
+# This disables seccomp and apparmor, which are on by default in the
+# go package. 
+EXTRA_OEMAKE="BUILDTAGS=''"
+
+do_compile() {
+	export GOARCH="${TARGET_GOARCH}"
+
+	# Setup vendor directory so that it can be used in GOPATH.
+	#
+	# Go looks in a src directory under any directory in GOPATH but riddler
+	# uses 'vendor' instead of 'vendor/src'. We can fix this with a symlink.
+	#
+	# We also need to link in the ipallocator directory as that is not under
+	# a src directory.
+	ln -sfn . "${S}/src/import/vendor/src"
+	mkdir -p "${S}/src/import/vendor/src/github.com/projectatomic/skopeo"
+	ln -sfn "${S}/src/import/skopeo" "${S}/src/import/vendor/src/github.com/projectatomic/skopeo"
+	ln -sfn "${S}/src/import/version" "${S}/src/import/vendor/src/github.com/projectatomic/skopeo/version"
+	export GOPATH="${S}/src/import/vendor"
+
+	# Pass the needed cflags/ldflags so that cgo
+	# can find the needed headers files and libraries
+	export CGO_ENABLED="1"
+	export CFLAGS=""
+	export LDFLAGS=""
+	export CGO_CFLAGS="${BUILDSDK_CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+	export CGO_LDFLAGS="${BUILDSDK_LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+	cd ${S}/src/import
+
+	oe_runmake binary-local
+}
+
+do_install() {
+	install -d ${D}/${sbindir}
+	install -d ${D}/${sysconfdir}/containers
+
+	install ${S}/src/import/skopeo ${D}/${sbindir}/
+	install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json
+}
+
+INSANE_SKIP_${PN} += "ldflags"
-- 
2.20.1

[PATCH v2 5/7] cni: move cni tools to /usr/libexec/cni

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

Use a standard location to store the cni tools and plugins. This
is more in line how other distributions package cni. Keep a symlink
to /opt/cni/bin for backward compatibility.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 recipes-containers/cri-o/files/crio.conf | 2 +-
 recipes-networking/cni/cni_git.bb        | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/recipes-containers/cri-o/files/crio.conf b/recipes-containers/cri-o/files/crio.conf
index 51d7f40..9135df0 100644
--- a/recipes-containers/cri-o/files/crio.conf
+++ b/recipes-containers/cri-o/files/crio.conf
@@ -144,4 +144,4 @@ registries = [
 network_dir = "/etc/cni/net.d/"
 
 # plugin_dir is is where CNI plugin binaries are stored.
-plugin_dir = "/opt/cni/bin/"
+plugin_dir = "/opt/cni/bin"
diff --git a/recipes-networking/cni/cni_git.bb b/recipes-networking/cni/cni_git.bb
index 5348b95..b8adf88 100644
--- a/recipes-networking/cni/cni_git.bb
+++ b/recipes-networking/cni/cni_git.bb
@@ -63,16 +63,20 @@ do_compile() {
 }
 
 do_install() {
-    localbindir="/opt/cni/bin"
+    localbindir="${libexecdir}/cni/"
 
     install -d ${D}${localbindir}
     install -d ${D}/${sysconfdir}/cni/net.d
 
     install -m 755 ${S}/src/import/cnitool/cnitool ${D}/${localbindir}
     install -m 755 -D ${WORKDIR}/plugins/bin/* ${D}/${localbindir}
+
+    # Parts of k8s expect the cni binaries to be available in /opt/cni
+    install -d ${D}/opt/cni
+    ln -sf ${libexecdir}/cni/ ${D}/opt/cni/bin
 }
 
-FILES_${PN} += "/opt/cni/bin/*"
+FILES_${PN} += "${libexecdir}/cni/* /opt/cni/bin"
 
 INSANE_SKIP_${PN} += "ldflags already-stripped"
 
-- 
2.20.1

[PATCH v2 6/7] slirp4netns: add slirp4netns user-mode networking

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

slirp4netns allows connecting a network namespace to the Internet
in a completely unprivileged way, by connecting a TAP device in a
network namespace to the usermode TCP/IP stack ("slirp")."

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 .../slirp4netns/slirp4netns_0.4.1.bb             | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 recipes-networking/slirp4netns/slirp4netns_0.4.1.bb

diff --git a/recipes-networking/slirp4netns/slirp4netns_0.4.1.bb b/recipes-networking/slirp4netns/slirp4netns_0.4.1.bb
new file mode 100644
index 0000000..b47df96
--- /dev/null
+++ b/recipes-networking/slirp4netns/slirp4netns_0.4.1.bb
@@ -0,0 +1,16 @@
+SUMMARY = "User-mode networking for unprivileged network namespaces."
+DESCRIPTION = "slirp4netns allows connecting a network namespace to the \
+Internet in a completely unprivileged way, by connecting a TAP device in a \
+network namespace to the usermode TCP/IP stack ("slirp")."
+
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=1e2efd29c201480c6be2744d9edade26"
+
+SRCREV = "4d38845e2e311b684fc8d1c775c725bfcd5ddc27"
+SRC_URI = "git://github.com/rootless-containers/slirp4netns.git;nobranch=1"
+
+DEPENDS = "glib-2.0 libcap libseccomp"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
-- 
2.20.1

[PATCH v2 7/7] podman: add the Pod Manager tool

[Stefan Agner]

From: Stefan Agner <stefan.agner@toradex.com>

Podman is a daemonless container engine for developing, managing, and
running OCI Containers on your Linux System. Containers can either be
run as root or in rootless mode.

This patch adds the initial recipe for podman. Currently the build tags
systemd (if in DISTRO_FEATURES), seccomp, varlink and remoteclient are
enabled which allows to run podman with overlayfs as root and vfs in
rootless mode. The storage drivers btrfs and device-mapper have not
been tested and are disabled at the moment.

It seems that seccomp is mandatory, which makes meta-security which
provides libseccomp a mandatory dependency for this recipe.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
---
 recipes-containers/podman/podman_git.bb | 93 +++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 recipes-containers/podman/podman_git.bb

diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
new file mode 100644
index 0000000..09c3ce0
--- /dev/null
+++ b/recipes-containers/podman/podman_git.bb
@@ -0,0 +1,93 @@
+HOMEPAGE = "https://podman.io/"
+SUMMARY =  "A daemonless container engine"
+DESCRIPTION = "Podman is a daemonless container engine for developing, \
+    managing, and running OCI Containers on your Linux System. Containers can \
+    either be run as root or in rootless mode. Simply put: \
+    `alias docker=podman`. \
+    "
+
+DEPENDS = " \
+    go-metalinter-native \
+    go-md2man-native \
+    gpgme \
+    libseccomp \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+"
+
+SRCREV = "00057929f5acfd98341964d85722383363376d52"
+SRC_URI = " \
+    git://github.com/containers/libpod.git;branch=master \
+"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e"
+
+GO_IMPORT = "import"
+
+S = "${WORKDIR}/git"
+
+PV = "1.5.1+git${SRCREV}"
+
+PACKAGES =+ "${PN}-contrib"
+
+PODMAN_PKG = "github.com/containers/libpod"
+BUILDTAGS ?= "seccomp varlink remoteclient \
+${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
+exclude_graphdriver_btrfs exclude_graphdriver_devicemapper \
+containers_image_ostree_stub"
+
+# overide LDFLAGS to allow podman to build without: "flag provided but not # defined: -Wl,-O1
+export LDFLAGS=""
+
+inherit go goarch
+inherit systemd pkgconfig
+
+do_configure[noexec] = "1"
+
+EXTRA_OEMAKE = " \
+     PREFIX=${prefix} BINDIR=${bindir} LIBEXECDIR=${libexecdir} \
+     ETCDIR=${sysconfdir} TMPFILESDIR=${nonarch_libdir}/tmpfiles.d \
+     SYSTEMDDIR=${systemd_unitdir}/system USERSYSTEMDDIR=${systemd_unitdir}/user \
+"
+
+do_compile() {
+	cd ${S}/src
+	rm -rf .gopath
+	mkdir -p .gopath/src/"$(dirname "${PODMAN_PKG}")"
+	ln -sf ../../../../import/ .gopath/src/"${PODMAN_PKG}"
+
+	ln -sf "../../../import/vendor/github.com/varlink/" ".gopath/src/github.com/varlink"
+
+	export GOARCH="${BUILD_GOARCH}"
+	export GOPATH="${S}/src/.gopath"
+	export GOROOT="${STAGING_DIR_NATIVE}/${nonarch_libdir}/${HOST_SYS}/go"
+
+	cd ${S}/src/.gopath/src/"${PODMAN_PKG}"
+
+	oe_runmake cmd/podman/varlink/iopodman.go GO=go
+
+	# Pass the needed cflags/ldflags so that cgo
+	# can find the needed headers files and libraries
+	export GOARCH=${TARGET_GOARCH}
+	export CGO_ENABLED="1"
+	export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+	export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+
+	oe_runmake BUILDTAGS="${BUILDTAGS}"
+}
+
+do_install() {
+	cd ${S}/src/.gopath/src/"${PODMAN_PKG}"
+
+	oe_runmake install install.docker DESTDIR="${D}"
+}
+
+FILES_${PN} += " \
+    ${systemd_unitdir}/system/* \
+    ${systemd_unitdir}/user/* \
+    ${nonarch_libdir}/tmpfiles.d/* \
+    ${sysconfdir}/cni \
+"
+
+RDEPENDS_${PN} += "conmon runc-opencontainers iptables cni skopeo"
+RRECOMMENDS_${PN} += "slirp4netns"
-- 
2.20.1

Re: [PATCH v2 0/7] podman: add initial recipe

[Bruce Ashfield]

In message: [meta-virtualization] [PATCH v2 0/7] podman: add initial recipe
on 20/09/2019 Stefan Agner wrote:

> From: Stefan Agner <stefan.agner@toradex.com>
> 
> This adds Podman a daemonless container engine for developing,
> managing, and running OCI Containers on your Linux System.
> Containers can either be run as root or in rootless mode.
> Simply put: `alias docker=podman`.
> 
> Currently the build tags systemd (if in DISTRO_FEATURES),
> seccomp, varlink and remoteclient are enabled which allows to
> run podman with overlayfs as root and vfs in rootless mode.
> The storage drivers btrfs and device-mapper have not been
> tested and are disabled at the moment.
> 
> --
> Stefan
> 
> Changes in v2:
> - Add slirp4netns recipe for rootless networking support
> - Fix podman recipe to build properly (set GOARCH properly)
> - Fix podman recipe commit message and comments
> - Add varlink and remoteclient to build tags
> - Move cni binaries to /usr/libexec/cni and create symlink for /opt/cni/bin


FYI: I have this queued and under test. I'll follow up to the
individual patches if i have questions or issues that I can't fix
myself.

Bruce

> 
> Stefan Agner (7):
>   conmon: initial add
>   go-metalinter: add recipe for gometalinter
>   go-md2man: add md2man
>   skopeo: add skopeo
>   cni: move cni tools to /usr/libexec/cni
>   slirp4netns: add slirp4netns user-mode networking
>   podman: add the Pod Manager tool
> 
>  recipes-containers/conmon/conmon_2.0.0.bb     | 30 ++++++
>  ...ail-if-clean-is-called-without-a-bui.patch | 31 +++++++
>  recipes-containers/cri-o/files/crio.conf      |  2 +-
>  recipes-containers/podman/podman_git.bb       | 93 +++++++++++++++++++
>  recipes-containers/skopeo/skopeo_git.bb       | 73 +++++++++++++++
>  recipes-devtools/go/go-md2man_git.bb          | 20 ++++
>  recipes-devtools/go/go-metalinter_git.bb      | 24 +++++
>  recipes-networking/cni/cni_git.bb             |  8 +-
>  .../slirp4netns/slirp4netns_0.4.1.bb          | 16 ++++
>  9 files changed, 294 insertions(+), 3 deletions(-)
>  create mode 100644 recipes-containers/conmon/conmon_2.0.0.bb
>  create mode 100644 recipes-containers/conmon/files/0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch
>  create mode 100644 recipes-containers/podman/podman_git.bb
>  create mode 100644 recipes-containers/skopeo/skopeo_git.bb
>  create mode 100644 recipes-devtools/go/go-md2man_git.bb
>  create mode 100644 recipes-devtools/go/go-metalinter_git.bb
>  create mode 100644 recipes-networking/slirp4netns/slirp4netns_0.4.1.bb
> 
> -- 
> 2.20.1
> 
> -- 
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization

Re: [PATCH v2 0/7] podman: add initial recipe

[Bruce Ashfield]

On Thu, Sep 26, 2019 at 10:37 AM Bruce Ashfield
<bruce.ashfield@gmail.com> wrote:
>
>
> In message: [meta-virtualization] [PATCH v2 0/7] podman: add initial recipe
> on 20/09/2019 Stefan Agner wrote:
>
> > From: Stefan Agner <stefan.agner@toradex.com>
> >
> > This adds Podman a daemonless container engine for developing,
> > managing, and running OCI Containers on your Linux System.
> > Containers can either be run as root or in rootless mode.
> > Simply put: `alias docker=podman`.
> >
> > Currently the build tags systemd (if in DISTRO_FEATURES),
> > seccomp, varlink and remoteclient are enabled which allows to
> > run podman with overlayfs as root and vfs in rootless mode.
> > The storage drivers btrfs and device-mapper have not been
> > tested and are disabled at the moment.
> >
> > --
> > Stefan
> >
> > Changes in v2:
> > - Add slirp4netns recipe for rootless networking support
> > - Fix podman recipe to build properly (set GOARCH properly)
> > - Fix podman recipe commit message and comments
> > - Add varlink and remoteclient to build tags
> > - Move cni binaries to /usr/libexec/cni and create symlink for /opt/cni/bin
>
>
> FYI: I have this queued and under test. I'll follow up to the
> individual patches if i have questions or issues that I can't fix
> myself.

I just pushed the queue this morning. I stacked some commits on top to
tweak things a bit, but otherwise, they are as sent in this series.

I wasn't able to fully test podman due to a CNI networking issue, so
if you have a podman setup or log, I wouldn't mind seeing it so I can
run some additional tests.

Bruce

>
> Bruce
>
> >
> > Stefan Agner (7):
> >   conmon: initial add
> >   go-metalinter: add recipe for gometalinter
> >   go-md2man: add md2man
> >   skopeo: add skopeo
> >   cni: move cni tools to /usr/libexec/cni
> >   slirp4netns: add slirp4netns user-mode networking
> >   podman: add the Pod Manager tool
> >
> >  recipes-containers/conmon/conmon_2.0.0.bb     | 30 ++++++
> >  ...ail-if-clean-is-called-without-a-bui.patch | 31 +++++++
> >  recipes-containers/cri-o/files/crio.conf      |  2 +-
> >  recipes-containers/podman/podman_git.bb       | 93 +++++++++++++++++++
> >  recipes-containers/skopeo/skopeo_git.bb       | 73 +++++++++++++++
> >  recipes-devtools/go/go-md2man_git.bb          | 20 ++++
> >  recipes-devtools/go/go-metalinter_git.bb      | 24 +++++
> >  recipes-networking/cni/cni_git.bb             |  8 +-
> >  .../slirp4netns/slirp4netns_0.4.1.bb          | 16 ++++
> >  9 files changed, 294 insertions(+), 3 deletions(-)
> >  create mode 100644 recipes-containers/conmon/conmon_2.0.0.bb
> >  create mode 100644 recipes-containers/conmon/files/0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch
> >  create mode 100644 recipes-containers/podman/podman_git.bb
> >  create mode 100644 recipes-containers/skopeo/skopeo_git.bb
> >  create mode 100644 recipes-devtools/go/go-md2man_git.bb
> >  create mode 100644 recipes-devtools/go/go-metalinter_git.bb
> >  create mode 100644 recipes-networking/slirp4netns/slirp4netns_0.4.1.bb
> >
> > --
> > 2.20.1
> >
> > --
> > _______________________________________________
> > meta-virtualization mailing list
> > meta-virtualization@yoctoproject.org
> > https://lists.yoctoproject.org/listinfo/meta-virtualization



-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II

Re: [PATCH v2 0/7] podman: add initial recipe

[Stefan Agner]

On 2019-10-03 15:23, Bruce Ashfield wrote:
> On Thu, Sep 26, 2019 at 10:37 AM Bruce Ashfield
> <bruce.ashfield@gmail.com> wrote:
>>
>>
>> In message: [meta-virtualization] [PATCH v2 0/7] podman: add initial recipe
>> on 20/09/2019 Stefan Agner wrote:
>>
>> > From: Stefan Agner <stefan.agner@toradex.com>
>> >
>> > This adds Podman a daemonless container engine for developing,
>> > managing, and running OCI Containers on your Linux System.
>> > Containers can either be run as root or in rootless mode.
>> > Simply put: `alias docker=podman`.
>> >
>> > Currently the build tags systemd (if in DISTRO_FEATURES),
>> > seccomp, varlink and remoteclient are enabled which allows to
>> > run podman with overlayfs as root and vfs in rootless mode.
>> > The storage drivers btrfs and device-mapper have not been
>> > tested and are disabled at the moment.
>> >
>> > --
>> > Stefan
>> >
>> > Changes in v2:
>> > - Add slirp4netns recipe for rootless networking support
>> > - Fix podman recipe to build properly (set GOARCH properly)
>> > - Fix podman recipe commit message and comments
>> > - Add varlink and remoteclient to build tags
>> > - Move cni binaries to /usr/libexec/cni and create symlink for /opt/cni/bin
>>
>>
>> FYI: I have this queued and under test. I'll follow up to the
>> individual patches if i have questions or issues that I can't fix
>> myself.
> 
> I just pushed the queue this morning. I stacked some commits on top to
> tweak things a bit, but otherwise, they are as sent in this series.
> 
> I wasn't able to fully test podman due to a CNI networking issue, so
> if you have a podman setup or log, I wouldn't mind seeing it so I can
> run some additional tests.

If it is just network, this should run:
podman run -it --net=none registry.hub.docker.com/arm32v7/debian:buster 

I remember I had also issues with networking at first and had to enable
some kernel configs which were missing in my config, maybe related to
that in your case as well?

CONFIG_MACVLAN=m
CONFIG_MACVTAP=m
CONFIG_VXLAN=m
CONFIG_IPVLAN=m

CONFIG_TUN=m
CONFIG_TAP=m
CONFIG_NLMON=m

CONFIG_BRIDGE_VLAN_FILTERING=y


Also I had to disable static building for proper cgroup support and add
seccomp by overwriting runc PACKAGECONFIG:

PACKAGECONFIG_pn-${PREFERRED_PROVIDER_virtual/runc} = "seccomp"

I will do some builds and tests with latest meta-virtualization.

--
Stefan


> 
> Bruce
> 
>>
>> Bruce
>>
>> >
>> > Stefan Agner (7):
>> >   conmon: initial add
>> >   go-metalinter: add recipe for gometalinter
>> >   go-md2man: add md2man
>> >   skopeo: add skopeo
>> >   cni: move cni tools to /usr/libexec/cni
>> >   slirp4netns: add slirp4netns user-mode networking
>> >   podman: add the Pod Manager tool
>> >
>> >  recipes-containers/conmon/conmon_2.0.0.bb     | 30 ++++++
>> >  ...ail-if-clean-is-called-without-a-bui.patch | 31 +++++++
>> >  recipes-containers/cri-o/files/crio.conf      |  2 +-
>> >  recipes-containers/podman/podman_git.bb       | 93 +++++++++++++++++++
>> >  recipes-containers/skopeo/skopeo_git.bb       | 73 +++++++++++++++
>> >  recipes-devtools/go/go-md2man_git.bb          | 20 ++++
>> >  recipes-devtools/go/go-metalinter_git.bb      | 24 +++++
>> >  recipes-networking/cni/cni_git.bb             |  8 +-
>> >  .../slirp4netns/slirp4netns_0.4.1.bb          | 16 ++++
>> >  9 files changed, 294 insertions(+), 3 deletions(-)
>> >  create mode 100644 recipes-containers/conmon/conmon_2.0.0.bb
>> >  create mode 100644 recipes-containers/conmon/files/0001-Makefile-don-t-fail-if-clean-is-called-without-a-bui.patch
>> >  create mode 100644 recipes-containers/podman/podman_git.bb
>> >  create mode 100644 recipes-containers/skopeo/skopeo_git.bb
>> >  create mode 100644 recipes-devtools/go/go-md2man_git.bb
>> >  create mode 100644 recipes-devtools/go/go-metalinter_git.bb
>> >  create mode 100644 recipes-networking/slirp4netns/slirp4netns_0.4.1.bb
>> >
>> > --
>> > 2.20.1
>> >
>> > --
>> > _______________________________________________
>> > meta-virtualization mailing list
>> > meta-virtualization@yoctoproject.org
>> > https://lists.yoctoproject.org/listinfo/meta-virtualization