[Buildroot] [PATCH v2 1/1] package/crun: new package

[Buildroot] [PATCH v2 1/1] package/crun: new package

[Christian Stewart via buildroot]

crun is a fast and low-memory OCI Container Runtime in C.

https://github.com/containers/crun

Signed-off-by: Christian Stewart <christian@paral.in>

---

v1 -> v2:

 - add libcap and systemd flags
 - use upstream download tar.gz with submodules and git version
 - no need to use the submodule download method nor the patch.

Signed-off-by: Christian Stewart <christian@paral.in>
---
 DEVELOPERS             |  1 +
 package/Config.in      |  1 +
 package/crun/Config.in |  7 +++++++
 package/crun/crun.hash |  4 ++++
 package/crun/crun.mk   | 36 ++++++++++++++++++++++++++++++++++++
 5 files changed, 49 insertions(+)
 create mode 100644 package/crun/Config.in
 create mode 100644 package/crun/crun.hash
 create mode 100644 package/crun/crun.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index d2bd0d809a..b92821f9c7 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -530,6 +530,7 @@ F:	package/python-pylibftdi/
 N:	Christian Stewart <christian@paral.in>
 F:	package/batman-adv/
 F:	package/containerd/
+F:	package/crun/
 F:	package/delve/
 F:	package/docker-cli/
 F:	package/docker-engine/
diff --git a/package/Config.in b/package/Config.in
index d1c098c48f..fd591d9e52 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2567,6 +2567,7 @@ menu "System tools"
 	source "package/coreutils/Config.in"
 	source "package/cpulimit/Config.in"
 	source "package/cpuload/Config.in"
+	source "package/crun/Config.in"
 	source "package/daemon/Config.in"
 	source "package/dc3dd/Config.in"
 	source "package/dcron/Config.in"
diff --git a/package/crun/Config.in b/package/crun/Config.in
new file mode 100644
index 0000000000..5aca10dcdb
--- /dev/null
+++ b/package/crun/Config.in
@@ -0,0 +1,7 @@
+config BR2_PACKAGE_CRUN
+	bool "crun"
+	select BR2_PACKAGE_YAJL # libocispec
+	help
+	  crun is a fast and low-memory OCI Container Runtime in C.
+
+	  https://github.com/containers/crun
diff --git a/package/crun/crun.hash b/package/crun/crun.hash
new file mode 100644
index 0000000000..de61310e08
--- /dev/null
+++ b/package/crun/crun.hash
@@ -0,0 +1,4 @@
+# Locally computed
+sha256  acd24012daa951cf1674b20b2d5f87975d5d6c8e8c80bfe12e4cffa3495cae67  crun-1.5.tar.gz
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
+sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.libcrun
diff --git a/package/crun/crun.mk b/package/crun/crun.mk
new file mode 100644
index 0000000000..210d3c5860
--- /dev/null
+++ b/package/crun/crun.mk
@@ -0,0 +1,36 @@
+################################################################################
+#
+# crun
+#
+################################################################################
+
+CRUN_VERSION = 1.5
+CRUN_SITE = https://github.com/containers/crun/releases/download/$(CRUN_VERSION)
+CRUN_DEPENDENCIES = host-pkgconf yajl
+
+CRUN_LICENSE = GPL-2.0+ (crun binary), LGPL-2.1+ (libcrun)
+CRUN_LICENSE_FILES = COPYING COPYING.libcrun
+
+CRUN_AUTORECONF = YES
+CRUN_CONF_OPTS += --enable-embedded-yajl=no
+
+ifeq ($(BR2_PACKAGE_LIBCAP),y)
+CRUN_DEPENDENCIES += libcap
+else
+CRUN_CONF_OPTS += --disable-caps
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
+CRUN_DEPENDENCIES += libseccomp
+else
+CRUN_CONF_OPTS += --disable-seccomp
+endif
+
+ifeq ($(BR2_PACKAGE_SYSTEMD),y)
+CRUN_CONF_OPTS += --enable-systemd
+CRUN_DEPENDENCIES += systemd host-pkgconf
+else
+CRUN_CONF_OPTS += --disable-systemd
+endif
+
+$(eval $(autotools-package))
-- 
2.37.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2 1/1] package/crun: new package

[TIAN Yuanhao]

Maybe we should explicitly enable these kernel configurations:

CONFIG_USER_NS # setgroups
CONFIG_BLK_DEV_THROTTLING # io.max

Tested-by: TIAN Yuanhao <tianyuanhao3@163.com>

在 8/22/22 22:48, Christian Stewart via buildroot 写道:
> crun is a fast and low-memory OCI Container Runtime in C.
>
> https://github.com/containers/crun
>
> Signed-off-by: Christian Stewart <christian@paral.in>
>
> ---
>
> v1 -> v2:
>
>   - add libcap and systemd flags
>   - use upstream download tar.gz with submodules and git version
>   - no need to use the submodule download method nor the patch.
>
> Signed-off-by: Christian Stewart <christian@paral.in>
> ---
>   DEVELOPERS             |  1 +
>   package/Config.in      |  1 +
>   package/crun/Config.in |  7 +++++++
>   package/crun/crun.hash |  4 ++++
>   package/crun/crun.mk   | 36 ++++++++++++++++++++++++++++++++++++
>   5 files changed, 49 insertions(+)
>   create mode 100644 package/crun/Config.in
>   create mode 100644 package/crun/crun.hash
>   create mode 100644 package/crun/crun.mk
>
> diff --git a/DEVELOPERS b/DEVELOPERS
> index d2bd0d809a..b92821f9c7 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -530,6 +530,7 @@ F:	package/python-pylibftdi/
>   N:	Christian Stewart <christian@paral.in>
>   F:	package/batman-adv/
>   F:	package/containerd/
> +F:	package/crun/
>   F:	package/delve/
>   F:	package/docker-cli/
>   F:	package/docker-engine/
> diff --git a/package/Config.in b/package/Config.in
> index d1c098c48f..fd591d9e52 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -2567,6 +2567,7 @@ menu "System tools"
>   	source "package/coreutils/Config.in"
>   	source "package/cpulimit/Config.in"
>   	source "package/cpuload/Config.in"
> +	source "package/crun/Config.in"
>   	source "package/daemon/Config.in"
>   	source "package/dc3dd/Config.in"
>   	source "package/dcron/Config.in"
> diff --git a/package/crun/Config.in b/package/crun/Config.in
> new file mode 100644
> index 0000000000..5aca10dcdb
> --- /dev/null
> +++ b/package/crun/Config.in
> @@ -0,0 +1,7 @@
> +config BR2_PACKAGE_CRUN
> +	bool "crun"
> +	select BR2_PACKAGE_YAJL # libocispec
> +	help
> +	  crun is a fast and low-memory OCI Container Runtime in C.
> +
> +	  https://github.com/containers/crun
> diff --git a/package/crun/crun.hash b/package/crun/crun.hash
> new file mode 100644
> index 0000000000..de61310e08
> --- /dev/null
> +++ b/package/crun/crun.hash
> @@ -0,0 +1,4 @@
> +# Locally computed
> +sha256  acd24012daa951cf1674b20b2d5f87975d5d6c8e8c80bfe12e4cffa3495cae67  crun-1.5.tar.gz
> +sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> +sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.libcrun
> diff --git a/package/crun/crun.mk b/package/crun/crun.mk
> new file mode 100644
> index 0000000000..210d3c5860
> --- /dev/null
> +++ b/package/crun/crun.mk
> @@ -0,0 +1,36 @@
> +################################################################################
> +#
> +# crun
> +#
> +################################################################################
> +
> +CRUN_VERSION = 1.5
> +CRUN_SITE = https://github.com/containers/crun/releases/download/$(CRUN_VERSION)
> +CRUN_DEPENDENCIES = host-pkgconf yajl
> +
> +CRUN_LICENSE = GPL-2.0+ (crun binary), LGPL-2.1+ (libcrun)
> +CRUN_LICENSE_FILES = COPYING COPYING.libcrun
> +
> +CRUN_AUTORECONF = YES
> +CRUN_CONF_OPTS += --enable-embedded-yajl=no
> +
> +ifeq ($(BR2_PACKAGE_LIBCAP),y)
> +CRUN_DEPENDENCIES += libcap
> +else
> +CRUN_CONF_OPTS += --disable-caps
> +endif
> +
> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> +CRUN_DEPENDENCIES += libseccomp
> +else
> +CRUN_CONF_OPTS += --disable-seccomp
> +endif
> +
> +ifeq ($(BR2_PACKAGE_SYSTEMD),y)
> +CRUN_CONF_OPTS += --enable-systemd
> +CRUN_DEPENDENCIES += systemd host-pkgconf
> +else
> +CRUN_CONF_OPTS += --disable-systemd
> +endif
> +
> +$(eval $(autotools-package))

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2 1/1] package/crun: new package

[Yann E. MORIN]

Yuanhao, All,

On 2022-08-23 05:31 -0700, TIAN Yuanhao spake thusly:
> Maybe we should explicitly enable these kernel configurations:
> CONFIG_USER_NS # setgroups
> CONFIG_BLK_DEV_THROTTLING # io.max

Are they strictly required for runc to be functional at all, or are they
just optional?

We try to be very conservative about the options we en able in the
kernel, to just the ones that are strictly needed.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2 1/1] package/crun: new package

[TIAN Yuanhao]

Yann, All,

在 8/23/22 10:26, Yann E. MORIN 写道:

 > Yuanhao, All,
 >
 > On 2022-08-23 05:31 -0700, TIAN Yuanhao spake thusly:
 >
 >> Maybe we should explicitly enable these kernel configurations:
 >>
 >> CONFIG_USER_NS # setgroups
 >> CONFIG_BLK_DEV_THROTTLING # io.max
 >
 > Are they strictly required for runc to be functional at all, or are 
they just optional?
 >
 > We try to be very conservative about the options we en able in the 
kernel, to just the ones that are strictly needed.

According to the source code, these are mandatory configurations. Tested 
by running the hello-world container.

In fact, most of the kernel configurations in docker-engine.mk actually 
belongs to runc, of course, it should also be true for crun.

Regards,
TIAN Yuanhao

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2 1/1] package/crun: new package

[Thomas Petazzoni]

Hello,

On Mon, 22 Aug 2022 22:48:11 -0700
Christian Stewart via buildroot <buildroot@buildroot.org> wrote:

> +CRUN_AUTORECONF = YES
> +CRUN_CONF_OPTS += --enable-embedded-yajl=no

Changed += to just =, and changed --enable-embedded-yajl=no to
--disable-embedded-yajl.

> +
> +ifeq ($(BR2_PACKAGE_LIBCAP),y)
> +CRUN_DEPENDENCIES += libcap

Added --enable-caps

> +else
> +CRUN_CONF_OPTS += --disable-caps
> +endif
> +
> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> +CRUN_DEPENDENCIES += libseccomp

Added --enable-seccomp

Applied with those minor adjustements. Thanks a lot!

Could you have a look at the review from TIAN Yuanhao
<tianyuanhao3@163.com> who suggested enabling some kernel config
options?

Thanks!

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot