* [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error"
@ 2023-02-20 4:54 Chen Qi
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 2/3] container-host-config: provide /etc/containers/policy.json Chen Qi
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Chen Qi @ 2023-02-20 4:54 UTC (permalink / raw)
To: meta-virtualization
Do NOT merge this patch. This revert-type patch is only an indication
that the original patch on master-next should be dropped.
A follow-up patch to master-next will be sent to add policy.json to
container-host-config.
This reverts commit 3a905978b2e6eb558072e65b2688a1ced5aa50a3.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
recipes-containers/cri-o/cri-o_git.bb | 2 --
1 file changed, 2 deletions(-)
diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb
index 57dfe8e..9467cf1 100644
--- a/recipes-containers/cri-o/cri-o_git.bb
+++ b/recipes-containers/cri-o/cri-o_git.bb
@@ -98,8 +98,6 @@ do_install() {
install -m 0644 ${S}/src/import/contrib/systemd/crio-wipe.service ${D}${systemd_unitdir}/system/
install -d ${D}${localstatedir}/lib/crio
- install -d ${D}${sysconfdir}/containers
- install -m 0644 ${S}/src/import/contrib/policy.json ${D}${sysconfdir}/containers
}
FILES:${PN}-config = "${sysconfdir}/crio/config/*"
--
2.37.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-virtualization][master-next][PATCH 2/3] container-host-config: provide /etc/containers/policy.json
2023-02-20 4:54 [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error" Chen Qi
@ 2023-02-20 4:54 ` Chen Qi
2023-02-21 15:13 ` Bruce Ashfield
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 3/3] container-host-config: extend to native and nativesdk Chen Qi
2023-02-21 15:14 ` [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error" Bruce Ashfield
2 siblings, 1 reply; 6+ messages in thread
From: Chen Qi @ 2023-02-20 4:54 UTC (permalink / raw)
To: meta-virtualization
The /etc/containers/policy.json[1] file is used to specify verification
policy. For now, we can see it's used by both cri-o and skopeo. To avoid
conflict, we use container-host-config to provide this file and make both
skopeo and cri-o depend on it.
[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
.../container-host-config/container-host-config.bb | 2 ++
.../container-host-config/policy.json | 7 +++++++
recipes-containers/cri-o/cri-o_git.bb | 1 +
recipes-containers/skopeo/skopeo_git.bb | 1 -
4 files changed, 10 insertions(+), 1 deletion(-)
create mode 100755 recipes-containers/container-host-config/container-host-config/policy.json
diff --git a/recipes-containers/container-host-config/container-host-config.bb b/recipes-containers/container-host-config/container-host-config.bb
index c762dea..c2f17bf 100644
--- a/recipes-containers/container-host-config/container-host-config.bb
+++ b/recipes-containers/container-host-config/container-host-config.bb
@@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
SRC_URI = " \
file://storage.conf \
file://registries.conf \
+ file://policy.json \
"
do_install() {
@@ -15,4 +16,5 @@ do_install() {
install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf
install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf
+ install ${WORKDIR}/policy.json ${D}/${sysconfdir}/containers/policy.json
}
diff --git a/recipes-containers/container-host-config/container-host-config/policy.json b/recipes-containers/container-host-config/container-host-config/policy.json
new file mode 100755
index 0000000..bb26e57
--- /dev/null
+++ b/recipes-containers/container-host-config/container-host-config/policy.json
@@ -0,0 +1,7 @@
+{
+ "default": [
+ {
+ "type": "insecureAcceptAnything"
+ }
+ ]
+}
diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb
index 9467cf1..2ae3303 100644
--- a/recipes-containers/cri-o/cri-o_git.bb
+++ b/recipes-containers/cri-o/cri-o_git.bb
@@ -57,6 +57,7 @@ inherit systemd
inherit go
inherit goarch
inherit pkgconfig
+inherit container-host
EXTRA_OEMAKE="BUILDTAGS=''"
diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb
index 66168ca..4d062ed 100644
--- a/recipes-containers/skopeo/skopeo_git.bb
+++ b/recipes-containers/skopeo/skopeo_git.bb
@@ -82,7 +82,6 @@ do_install() {
install -d ${D}/${sysconfdir}/containers
install ${S}/src/import/bin/skopeo ${D}/${sbindir}/
- install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json
}
do_install:append:class-native() {
--
2.37.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-virtualization][master-next][PATCH 3/3] container-host-config: extend to native and nativesdk
2023-02-20 4:54 [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error" Chen Qi
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 2/3] container-host-config: provide /etc/containers/policy.json Chen Qi
@ 2023-02-20 4:54 ` Chen Qi
2023-02-21 15:14 ` Bruce Ashfield
2023-02-21 15:14 ` [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error" Bruce Ashfield
2 siblings, 1 reply; 6+ messages in thread
From: Chen Qi @ 2023-02-20 4:54 UTC (permalink / raw)
To: meta-virtualization
skopeo rdepends on it, and skopeo has been extended to native and
nativesdk, so container-host-config needs also be extended.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
.../container-host-config/container-host-config.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-containers/container-host-config/container-host-config.bb b/recipes-containers/container-host-config/container-host-config.bb
index c2f17bf..80abddf 100644
--- a/recipes-containers/container-host-config/container-host-config.bb
+++ b/recipes-containers/container-host-config/container-host-config.bb
@@ -18,3 +18,5 @@ do_install() {
install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf
install ${WORKDIR}/policy.json ${D}/${sysconfdir}/containers/policy.json
}
+
+BBCLASSEXTEND = "native nativesdk"
--
2.37.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [meta-virtualization][master-next][PATCH 2/3] container-host-config: provide /etc/containers/policy.json
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 2/3] container-host-config: provide /etc/containers/policy.json Chen Qi
@ 2023-02-21 15:13 ` Bruce Ashfield
0 siblings, 0 replies; 6+ messages in thread
From: Bruce Ashfield @ 2023-02-21 15:13 UTC (permalink / raw)
To: Chen Qi; +Cc: meta-virtualization
Good catch, I had meant to include this in the configuration
package and forgot.
This is now staged on master-next.
Bruce
In message: [meta-virtualization][master-next][PATCH 2/3] container-host-config: provide /etc/containers/policy.json
on 19/02/2023 Chen Qi wrote:
> The /etc/containers/policy.json[1] file is used to specify verification
> policy. For now, we can see it's used by both cri-o and skopeo. To avoid
> conflict, we use container-host-config to provide this file and make both
> skopeo and cri-o depend on it.
>
> [1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
> .../container-host-config/container-host-config.bb | 2 ++
> .../container-host-config/policy.json | 7 +++++++
> recipes-containers/cri-o/cri-o_git.bb | 1 +
> recipes-containers/skopeo/skopeo_git.bb | 1 -
> 4 files changed, 10 insertions(+), 1 deletion(-)
> create mode 100755 recipes-containers/container-host-config/container-host-config/policy.json
>
> diff --git a/recipes-containers/container-host-config/container-host-config.bb b/recipes-containers/container-host-config/container-host-config.bb
> index c762dea..c2f17bf 100644
> --- a/recipes-containers/container-host-config/container-host-config.bb
> +++ b/recipes-containers/container-host-config/container-host-config.bb
> @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384
> SRC_URI = " \
> file://storage.conf \
> file://registries.conf \
> + file://policy.json \
> "
>
> do_install() {
> @@ -15,4 +16,5 @@ do_install() {
>
> install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf
> install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf
> + install ${WORKDIR}/policy.json ${D}/${sysconfdir}/containers/policy.json
> }
> diff --git a/recipes-containers/container-host-config/container-host-config/policy.json b/recipes-containers/container-host-config/container-host-config/policy.json
> new file mode 100755
> index 0000000..bb26e57
> --- /dev/null
> +++ b/recipes-containers/container-host-config/container-host-config/policy.json
> @@ -0,0 +1,7 @@
> +{
> + "default": [
> + {
> + "type": "insecureAcceptAnything"
> + }
> + ]
> +}
> diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb
> index 9467cf1..2ae3303 100644
> --- a/recipes-containers/cri-o/cri-o_git.bb
> +++ b/recipes-containers/cri-o/cri-o_git.bb
> @@ -57,6 +57,7 @@ inherit systemd
> inherit go
> inherit goarch
> inherit pkgconfig
> +inherit container-host
>
> EXTRA_OEMAKE="BUILDTAGS=''"
>
> diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb
> index 66168ca..4d062ed 100644
> --- a/recipes-containers/skopeo/skopeo_git.bb
> +++ b/recipes-containers/skopeo/skopeo_git.bb
> @@ -82,7 +82,6 @@ do_install() {
> install -d ${D}/${sysconfdir}/containers
>
> install ${S}/src/import/bin/skopeo ${D}/${sbindir}/
> - install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json
> }
>
> do_install:append:class-native() {
> --
> 2.37.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7883): https://lists.yoctoproject.org/g/meta-virtualization/message/7883
> Mute This Topic: https://lists.yoctoproject.org/mt/97080776/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-virtualization][master-next][PATCH 3/3] container-host-config: extend to native and nativesdk
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 3/3] container-host-config: extend to native and nativesdk Chen Qi
@ 2023-02-21 15:14 ` Bruce Ashfield
0 siblings, 0 replies; 6+ messages in thread
From: Bruce Ashfield @ 2023-02-21 15:14 UTC (permalink / raw)
To: Chen Qi; +Cc: meta-virtualization
I had also meant to include this in my original recipe, but
cleaned too much up!
This is now staged on master-next.
Bruce
In message: [meta-virtualization][master-next][PATCH 3/3] container-host-config: extend to native and nativesdk
on 19/02/2023 Chen Qi wrote:
> skopeo rdepends on it, and skopeo has been extended to native and
> nativesdk, so container-host-config needs also be extended.
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
> .../container-host-config/container-host-config.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/recipes-containers/container-host-config/container-host-config.bb b/recipes-containers/container-host-config/container-host-config.bb
> index c2f17bf..80abddf 100644
> --- a/recipes-containers/container-host-config/container-host-config.bb
> +++ b/recipes-containers/container-host-config/container-host-config.bb
> @@ -18,3 +18,5 @@ do_install() {
> install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf
> install ${WORKDIR}/policy.json ${D}/${sysconfdir}/containers/policy.json
> }
> +
> +BBCLASSEXTEND = "native nativesdk"
> --
> 2.37.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7882): https://lists.yoctoproject.org/g/meta-virtualization/message/7882
> Mute This Topic: https://lists.yoctoproject.org/mt/97080775/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error"
2023-02-20 4:54 [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error" Chen Qi
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 2/3] container-host-config: provide /etc/containers/policy.json Chen Qi
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 3/3] container-host-config: extend to native and nativesdk Chen Qi
@ 2023-02-21 15:14 ` Bruce Ashfield
2 siblings, 0 replies; 6+ messages in thread
From: Bruce Ashfield @ 2023-02-21 15:14 UTC (permalink / raw)
To: Chen Qi; +Cc: meta-virtualization
dropped.
Bruce
In message: [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error"
on 19/02/2023 Chen Qi wrote:
> Do NOT merge this patch. This revert-type patch is only an indication
> that the original patch on master-next should be dropped.
>
> A follow-up patch to master-next will be sent to add policy.json to
> container-host-config.
>
> This reverts commit 3a905978b2e6eb558072e65b2688a1ced5aa50a3.
>
> Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
> ---
> recipes-containers/cri-o/cri-o_git.bb | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb
> index 57dfe8e..9467cf1 100644
> --- a/recipes-containers/cri-o/cri-o_git.bb
> +++ b/recipes-containers/cri-o/cri-o_git.bb
> @@ -98,8 +98,6 @@ do_install() {
> install -m 0644 ${S}/src/import/contrib/systemd/crio-wipe.service ${D}${systemd_unitdir}/system/
>
> install -d ${D}${localstatedir}/lib/crio
> - install -d ${D}${sysconfdir}/containers
> - install -m 0644 ${S}/src/import/contrib/policy.json ${D}${sysconfdir}/containers
> }
>
> FILES:${PN}-config = "${sysconfdir}/crio/config/*"
> --
> 2.37.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7881): https://lists.yoctoproject.org/g/meta-virtualization/message/7881
> Mute This Topic: https://lists.yoctoproject.org/mt/97080774/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-02-21 15:14 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-20 4:54 [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error" Chen Qi
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 2/3] container-host-config: provide /etc/containers/policy.json Chen Qi
2023-02-21 15:13 ` Bruce Ashfield
2023-02-20 4:54 ` [meta-virtualization][master-next][PATCH 3/3] container-host-config: extend to native and nativesdk Chen Qi
2023-02-21 15:14 ` Bruce Ashfield
2023-02-21 15:14 ` [meta-virtualization][master-next][PATCH 1/3] Revert "cri-o: install policy.json to avoid image pulling error" Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.