From 8f87b24fda346516bbccbd4633c8d57da435a2f4 Mon Sep 17 00:00:00 2001 From: Joe Gooch Date: Tue, 13 Sep 2022 11:29:43 -0400 Subject: [PATCH 1/4] add .gitignore, save packages used in a .txt file --- .gitignore | 5 +++++ Dockerfile | 14 +++++--------- 2 files changed, 10 insertions(+), 9 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d872585 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +*.swp +*.tar.gz +*.tgz +*.raw + diff --git a/Dockerfile b/Dockerfile index 4352db3..1f1961f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,9 @@ RUN emerge -j4 --getbinpkg --buildpkgonly podman squashfs-tools FROM base AS staging COPY --from=builder /var/lib/portage/pkgs /var/lib/portage/pkgs RUN emerge --getbinpkg --usepkg squashfs-tools -RUN pkgs=$(emerge 2>/dev/null --usepkgonly --pretend podman | awk -F'] ' '/binary/{ print $ 2 }' | awk '{ print "="$1 }'); emerge --usepkgonly --root=/work --nodeps $pkgs +RUN mkdir -p /work /output +RUN emerge 2>/dev/null --usepkgonly --pretend podman | awk -F'] ' '/binary/{ print $ 2 }' | awk '{ print "="$1 }' > /output/podman-versions.txt +RUN emerge --usepkgonly --root=/work --nodeps $(cat /output/podman-versions.txt) RUN mkdir -p /work/usr/lib/extension-release.d && echo -e 'ID=flatcar\nSYSEXT_LEVEL=1.0' >/work/usr/lib/extension-release.d/extension-release.podman RUN mkdir -p /work/usr/src RUN mv /work/etc /work/usr/etc @@ -24,14 +26,8 @@ COPY usr /work/usr RUN mv /work/opt/cni/bin /work/usr/lib/cni RUN rm -rf /work/var /work/usr/include /work/usr/lib*/cmake /work/opt/cni RUN rmdir /work/opt -RUN mkdir -p /output && mksquashfs /work /output/podman.raw -noappend - -FROM busybox AS torcx -RUN mkdir /work /output -COPY torcx /work -RUN tar -zcvf /output/docker:podman.torcx.tgz -C /work . +RUN mksquashfs /work /output/podman.raw -noappend FROM busybox COPY --from=staging /output /output -COPY --from=torcx /output /output -CMD ["cp", "/output/podman.raw", "/output/docker:podman.torcx.tgz", "/out"] +CMD ["cp", "/output/podman.raw", "/output/podman-versions.txt", "/out"] From b5277873a25ff5e355d2852028c814dc53cb9d0d Mon Sep 17 00:00:00 2001 From: Joe Gooch Date: Tue, 13 Sep 2022 11:30:54 -0400 Subject: [PATCH 2/4] Add updates from gentoo - Update packages podman 4.0.3 -> 4.2, crun 1.4.4 -> 1.4.5, cni-plugins 0.9.1 -> 1.1.1 --- overlay/app-containers/crun/Manifest | 1 + overlay/app-containers/crun/crun-1.4.5.ebuild | 74 ++++++++ .../crun/files/crun-1.4.5-glibc-2.36.patch | 79 +++++++++ overlay/app-containers/podman/Manifest | 3 + .../podman/podman-4.1.0-r1.ebuild | 165 ++++++++++++++++++ .../podman/podman-4.1.1-r1.ebuild | 165 ++++++++++++++++++ .../podman/podman-4.2.0-r1.ebuild | 165 ++++++++++++++++++ overlay/net-misc/cni-plugins/Manifest | 1 + .../cni-plugins/cni-plugins-1.1.1.ebuild | 33 ++++ 9 files changed, 686 insertions(+) create mode 100644 overlay/app-containers/crun/crun-1.4.5.ebuild create mode 100644 overlay/app-containers/crun/files/crun-1.4.5-glibc-2.36.patch create mode 100644 overlay/app-containers/podman/podman-4.1.0-r1.ebuild create mode 100644 overlay/app-containers/podman/podman-4.1.1-r1.ebuild create mode 100644 overlay/app-containers/podman/podman-4.2.0-r1.ebuild create mode 100644 overlay/net-misc/cni-plugins/cni-plugins-1.1.1.ebuild diff --git a/overlay/app-containers/crun/Manifest b/overlay/app-containers/crun/Manifest index b64428a..96b8d0c 100644 --- a/overlay/app-containers/crun/Manifest +++ b/overlay/app-containers/crun/Manifest @@ -1,3 +1,4 @@ DIST crun-1.3.tar.xz 831108 BLAKE2B 37e8d0ba764ae77c870c68ea9cd93f1ea1c751eb2b6aa84481f81b22ec2eb5d9e518d4808bd1bca545c57d18c5c491372694009d6498652cce45fda8864e5835 SHA512 3b58ee65a41bc85ec31147053f00e9c2a2e5ee9a72381a65c19480cc24d80cad7c9f6e1a47b3e020facf0603c54e4d2640db187c5e66a7deb8b1ead7bc111ee6 DIST crun-1.4.2.tar.xz 873636 BLAKE2B f8b3546b7c4aeb7077af8cf9e7ec0059259143da80a6a0d020dc9d702e03008b2b1c2a6a5cdd555b625abc1f2ed5a55786525919eda15dc241d1b8f2334e8689 SHA512 f97eedf84a61cc3753f528b75b24f95131e871f734c8e770b9bdc4e1d33668162e6bdc0c4676c0164900bc987490d3dbd0060c27046091f012ad178ef42fbdbf DIST crun-1.4.4.tar.xz 877892 BLAKE2B 57e48c0a229db3f54212177cef3fdb3f59b4bb1d1cc865da956f026a35837d839489bd126f880d7a9ceb18f5cffbf0e32ac9ae59a4cd39c34e3aff5b32c0559a SHA512 1756dccf6509457a5dc114d43c4f4e99258a20c3437dfe06016d080989c5d3035f5735d62d18ab537b660ec36de04df369a2582745baf4ab680af367a19830fd +DIST crun-1.4.5.tar.xz 879044 BLAKE2B c80cae28c23140086682493a7dddb40640491e3ea827f0a7376d9be12570111d056022f50b8d7c574ca07790753d20de2314db5b89463994c4fffbc7576c372d SHA512 9f288279615fdf587018c465047fc8793daae280ab864bf9046994983239129d50f2eb89cac9b092e5cdc49a10f3523ab403a3f0e7451f7536b79f651a355153 diff --git a/overlay/app-containers/crun/crun-1.4.5.ebuild b/overlay/app-containers/crun/crun-1.4.5.ebuild new file mode 100644 index 0000000..ba94234 --- /dev/null +++ b/overlay/app-containers/crun/crun-1.4.5.ebuild @@ -0,0 +1,74 @@ +# Copyright 2019-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{8..10} ) + +# Can drop autotools/eautoreconf after next release & glibc patch gone +inherit autotools python-any-r1 + +DESCRIPTION="A fast and low-memory footprint OCI Container Runtime fully written in C" +HOMEPAGE="https://github.com/containers/crun" +SRC_URI="https://github.com/containers/${PN}/releases/download/${PV}/${P}.tar.xz" + +LICENSE="GPL-2+ LGPL-2.1+" +SLOT="0" +KEYWORDS="amd64 ~arm arm64 ~ppc64 ~riscv" +IUSE="+bpf +caps criu +seccomp selinux systemd static-libs" + +DEPEND=" + dev-libs/yajl:= + sys-kernel/linux-headers + caps? ( sys-libs/libcap ) + criu? ( >=sys-process/criu-3.15 ) + seccomp? ( sys-libs/libseccomp ) + systemd? ( sys-apps/systemd:= ) +" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-container )" +BDEPEND=" + ${PYTHON_DEPS} + virtual/pkgconfig +" + +# the crun test suite is comprehensive to the extent that tests will fail +# within a sandbox environment, due to the nature of the privileges +# required to create linux "containers". +RESTRICT="test" + +PATCHES=( + "${FILESDIR}"/${PN}-1.4.5-glibc-2.36.patch +) + +src_prepare() { + default + + eautoreconf +} + +src_configure() { + local myeconfargs=( + $(use_enable bpf) + $(use_enable caps) + $(use_enable criu) + $(use_enable seccomp) + $(use_enable systemd) + $(usex static-libs '--enable-shared --enable-static' '--enable-shared --disable-static' '' '') + ) + + # Need https://github.com/containers/libocispec/pull/107 to be merged & land in + # a crun release that syncs up w/ latest version, then can drop CONFIG_SHELL + CONFIG_SHELL="${BROOT}/bin/bash" econf "${myeconfargs[@]}" +} + +src_compile() { + emake -C libocispec + emake crun +} + +src_install() { + emake "DESTDIR=${D}" install-exec + doman crun.1 + einstalldocs +} diff --git a/overlay/app-containers/crun/files/crun-1.4.5-glibc-2.36.patch b/overlay/app-containers/crun/files/crun-1.4.5-glibc-2.36.patch new file mode 100644 index 0000000..12990c9 --- /dev/null +++ b/overlay/app-containers/crun/files/crun-1.4.5-glibc-2.36.patch @@ -0,0 +1,79 @@ +https://bugs.gentoo.org/863437 +https://github.com/containers/crun/commit/3df14584b84414df77b2079c1b8b48d44d0ceb61 + +From 3df14584b84414df77b2079c1b8b48d44d0ceb61 Mon Sep 17 00:00:00 2001 +From: Giuseppe Scrivano +Date: Tue, 26 Jul 2022 15:17:16 +0200 +Subject: [PATCH] linux: fix build with glibc 2.36 + +glibc 2.36 has the new mount API in the file. These +definitions conflict with the definitions in the +file. + +Add a check and include only if it doesn't conflict +with . + +Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2110738 + +Signed-off-by: Giuseppe Scrivano +--- a/configure.ac ++++ b/configure.ac +@@ -174,11 +174,21 @@ LIBS="" + AC_MSG_CHECKING([for new mount API (fsconfig)]) + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE([[ ++ #include ++ int cmd = FSCONFIG_CMD_CREATE; ++ ]])], ++ [AC_MSG_RESULT(yes) ++ AC_DEFINE([HAVE_FSCONFIG_CMD_CREATE_SYS_MOUNT_H], 1, [Define if FSCONFIG_CMD_CREATE is available in sys/mount.h])], ++ [AC_MSG_RESULT(no)]) ++AC_COMPILE_IFELSE( ++ [AC_LANG_SOURCE([[ ++ /* also make sure it doesn't conflict with since it is always used. */ ++ #include + #include + int cmd = FSCONFIG_CMD_CREATE; + ]])], + [AC_MSG_RESULT(yes) +- AC_DEFINE([HAVE_FSCONFIG_CMD_CREATE], 1, [Define if FSCONFIG_CMD_CREATE is available])], ++ AC_DEFINE([HAVE_FSCONFIG_CMD_CREATE_LINUX_MOUNT_H], 1, [Define if FSCONFIG_CMD_CREATE is available in linux/mount.h])], + [AC_MSG_RESULT(no)]) + + AC_MSG_CHECKING([for seccomp notify API]) +--- a/src/libcrun/linux.c ++++ b/src/libcrun/linux.c +@@ -26,9 +26,13 @@ + #include + #include + #include +-#ifdef HAVE_FSCONFIG_CMD_CREATE ++#ifdef HAVE_FSCONFIG_CMD_CREATE_LINUX_MOUNT_H + # include + #endif ++#if defined HAVE_FSCONFIG_CMD_CREATE_LINUX_MOUNT_H || defined HAVE_FSCONFIG_CMD_CREATE_SYS_MOUNT_H ++# define HAVE_NEW_MOUNT_API ++#endif ++ + #include + #include + #ifdef HAVE_CAP +@@ -990,7 +994,7 @@ open_mount_target (libcrun_container_t *container, const char *target_rel, libcr + static int + fsopen_mount (runtime_spec_schema_defs_mount *mount) + { +-#ifdef HAVE_FSCONFIG_CMD_CREATE ++#ifdef HAVE_NEW_MOUNT_API + cleanup_close int fsfd = -1; + int ret; + +@@ -1016,7 +1020,7 @@ fsopen_mount (runtime_spec_schema_defs_mount *mount) + static int + fs_move_mount_to (int fd, int dirfd, const char *name) + { +-#ifdef HAVE_FSCONFIG_CMD_CREATE ++#ifdef HAVE_NEW_MOUNT_API + if (name) + return syscall_move_mount (fd, "", dirfd, name, MOVE_MOUNT_F_EMPTY_PATH); + + diff --git a/overlay/app-containers/podman/Manifest b/overlay/app-containers/podman/Manifest index 3124af4..c4869e1 100644 --- a/overlay/app-containers/podman/Manifest +++ b/overlay/app-containers/podman/Manifest @@ -1 +1,4 @@ DIST podman-4.0.3.tar.gz 11392523 BLAKE2B 2d69fa8f52b061a931cf3dbe767edcb9eb5baf4f45fa77bcd9dd6e5541c126830c059a2bb97906f4fe9a4fd3257f77c801add06e1da910542ebafeaa2d032768 SHA512 a7c6f9a0f33641520c4143e6a3568129021783557f8ea7c846e4bc3f7da9bf70cb30b19cc7c6527809df2c46e6ded1d162a929dc4f44a5daafcf9d211b43b44a +DIST podman-4.1.0.tar.gz 10904727 BLAKE2B 6d01a65b13494dc948c0667147eca6f250a81056f1bcf6eda6285566b8aa7aa526794ea96a571aecad642a8b1d3d1877cd31683ccf46662f8681a2afac083b5a SHA512 4d5f240423f21b1224ce44853a2265359dacee0d921f0ea53a7fca34f9076ebfaa49f4327a59ac51f5bf5b9dafb47dda3a9bb8e609237cc69f833b42b95bcd0a +DIST podman-4.1.1.tar.gz 10905391 BLAKE2B a094785ccb7a84a42147fb0f0360480ad4f73a1cdaa29b666fabb08528584f5d37b1cf8fb807351d4a60d81779de4dec3ab5fc83275061eded21f97fd3fa5e7f SHA512 19dd2800b59dacf7edd5d8204bdaffa0959910c7751b582f5a12b8d644b52f9d6581b9c3b4cba3ddb0707f6a90c0dbc93de6d8e2eaa6a4234ebb9dfa28e693b3 +DIST podman-4.2.0.tar.gz 13019518 BLAKE2B a3b8d8b140b9d34e24f87f998fff3558649487b503bdd437f537f09adc51819d81786b6b4e858ef4e8a43c0d872cd20cd1ceee06988a36f830b9ffbb5109d14d SHA512 bc9e28d9938127f91be10ea8bc6c6f638a01d74d120efad5ad1e72c5f7b893685871e83872434745bc72ecaca430355b0f59d302660e8b4a53cc88a88cc37f9c diff --git a/overlay/app-containers/podman/podman-4.1.0-r1.ebuild b/overlay/app-containers/podman/podman-4.1.0-r1.ebuild new file mode 100644 index 0000000..2124736 --- /dev/null +++ b/overlay/app-containers/podman/podman-4.1.0-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +EGIT_COMMIT="e4b03902052294d4f342a185bb54702ed5bed8b1" + +inherit bash-completion-r1 flag-o-matic go-module tmpfiles + +DESCRIPTION="Library and podman tool for running OCI-based containers in Pods" +HOMEPAGE="https://github.com/containers/podman/" +MY_PN=podman +MY_P=${MY_PN}-${PV} +SRC_URI="https://github.com/containers/podman/archive/v${PV}.tar.gz -> ${MY_P}.tar.gz" +LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" +SLOT="0" + +KEYWORDS="amd64 arm64 ~ppc64 ~riscv" +IUSE="apparmor btrfs cgroup-hybrid +fuse +init +rootless selinux" +RESTRICT+=" test" + +COMMON_DEPEND=" + app-crypt/gpgme:= + >=app-containers/conmon-2.0.0 + cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6 ) + !cgroup-hybrid? ( app-containers/crun ) + dev-libs/libassuan:= + dev-libs/libgpg-error:= + >=app-containers/cni-plugins-0.8.6 + sys-apps/shadow:= + sys-fs/lvm2 + sys-libs/libseccomp:= + + apparmor? ( sys-libs/libapparmor ) + btrfs? ( sys-fs/btrfs-progs ) + init? ( app-containers/catatonit ) + rootless? ( app-containers/slirp4netns ) + selinux? ( sys-libs/libselinux:= ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-go/go-md2man" +RDEPEND="${COMMON_DEPEND} + fuse? ( sys-fs/fuse-overlayfs ) + selinux? ( sec-policy/selinux-podman )" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + default + + # Disable installation of python modules here, since those are + # installed by separate ebuilds. + local makefile_sed_args=( + -e '/^GIT_.*/d' + -e 's/$(GO) build/$(GO) build -v -work -x/' + -e 's/^\(install:.*\) install\.python$/\1/' + -e 's|^pkg/varlink/iopodman.go: .gopathok pkg/varlink/io.podman.varlink$|pkg/varlink/iopodman.go: pkg/varlink/io.podman.varlink|' + ) + + has_version -b '>=dev-lang/go-1.13.9' || makefile_sed_args+=(-e 's:GO111MODULE=off:GO111MODULE=on:') + + sed "${makefile_sed_args[@]}" -i Makefile || die +} + +src_compile() { + local git_commit=${EGIT_COMMIT} + + # Filter unsupported linker flags + filter-flags '-Wl,*' + + [[ -f hack/apparmor_tag.sh ]] || die + if use apparmor; then + echo -e "#!/bin/sh\necho apparmor" > hack/apparmor_tag.sh || die + else + echo -e "#!/bin/sh\ntrue" > hack/apparmor_tag.sh || die + fi + + [[ -f hack/btrfs_installed_tag.sh ]] || die + if use btrfs; then + echo -e "#!/bin/sh\ntrue" > hack/btrfs_installed_tag.sh || die + else + echo -e "#!/bin/sh\necho exclude_graphdriver_btrfs" > \ + hack/btrfs_installed_tag.sh || die + fi + + [[ -f hack/selinux_tag.sh ]] || die + if use selinux; then + echo -e "#!/bin/sh\necho selinux" > hack/selinux_tag.sh || die + else + echo -e "#!/bin/sh\ntrue" > hack/selinux_tag.sh || die + fi + + # Avoid this error when generating pkg/varlink/iopodman.go: + # cannot find package "github.com/varlink/go/varlink/idl" + mkdir -p _output || die + ln -snf ../vendor _output/src || die + GO111MODULE=off GOPATH=${PWD}/_output go generate ./pkg/varlink/... || die + rm _output/src || die + + export -n GOCACHE GOPATH XDG_CACHE_HOME + GOBIN="${S}/bin" \ + emake all \ + GIT_BRANCH=master \ + GIT_BRANCH_CLEAN=master \ + COMMIT_NO="${git_commit}" \ + GIT_COMMIT="${git_commit}" +} + +src_install() { + emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" install + + insinto /etc/containers + newins test/registries.conf registries.conf.example + newins test/policy.json policy.json.example + + insinto /usr/share/containers + doins vendor/github.com/containers/common/pkg/seccomp/seccomp.json + + newconfd "${FILESDIR}"/podman.confd podman + newinitd "${FILESDIR}"/podman.initd podman + + insinto /etc/logrotate.d + newins "${FILESDIR}/podman.logrotated" podman + + dobashcomp completions/bash/* + + insinto /usr/share/zsh/site-functions + doins completions/zsh/* + + insinto /usr/share/fish/vendor_completions.d + doins completions/fish/* + + keepdir /var/lib/containers +} + +pkg_preinst() { + PODMAN_ROOTLESS_UPGRADE=false + if use rootless; then + has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true + fi +} + +pkg_postinst() { + tmpfiles_process podman.conf + + local want_newline=false + if [[ ! ( -e ${EROOT%/*}/etc/containers/policy.json && -e ${EROOT%/*}/etc/containers/registries.conf ) ]]; then + elog "You need to create the following config files:" + elog "/etc/containers/registries.conf" + elog "/etc/containers/policy.json" + elog "To copy over default examples, use:" + elog "cp /etc/containers/registries.conf{.example,}" + elog "cp /etc/containers/policy.json{.example,}" + want_newline=true + fi + if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then + ${want_newline} && elog "" + elog "For rootless operation, you need to configure subuid/subgid" + elog "for user running podman. In case subuid/subgid has only been" + elog "configured for root, run:" + elog "usermod --add-subuids 1065536-1131071 " + elog "usermod --add-subgids 1065536-1131071 " + want_newline=true + fi +} diff --git a/overlay/app-containers/podman/podman-4.1.1-r1.ebuild b/overlay/app-containers/podman/podman-4.1.1-r1.ebuild new file mode 100644 index 0000000..acb3d40 --- /dev/null +++ b/overlay/app-containers/podman/podman-4.1.1-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +EGIT_COMMIT="f73d8f8875c2be7cd2049094c29aff90b1150241" + +inherit bash-completion-r1 flag-o-matic go-module tmpfiles + +DESCRIPTION="Library and podman tool for running OCI-based containers in Pods" +HOMEPAGE="https://github.com/containers/podman/" +MY_PN=podman +MY_P=${MY_PN}-${PV} +SRC_URI="https://github.com/containers/podman/archive/v${PV}.tar.gz -> ${MY_P}.tar.gz" +LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" +SLOT="0" + +KEYWORDS="~amd64 ~arm64 ~ppc64 ~riscv" +IUSE="apparmor btrfs cgroup-hybrid +fuse +init +rootless selinux" +RESTRICT+=" test" + +COMMON_DEPEND=" + app-crypt/gpgme:= + >=app-containers/conmon-2.0.0 + cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6 ) + !cgroup-hybrid? ( app-containers/crun ) + dev-libs/libassuan:= + dev-libs/libgpg-error:= + >=app-containers/cni-plugins-0.8.6 + sys-apps/shadow:= + sys-fs/lvm2 + sys-libs/libseccomp:= + + apparmor? ( sys-libs/libapparmor ) + btrfs? ( sys-fs/btrfs-progs ) + init? ( app-containers/catatonit ) + rootless? ( app-containers/slirp4netns ) + selinux? ( sys-libs/libselinux:= ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-go/go-md2man" +RDEPEND="${COMMON_DEPEND} + fuse? ( sys-fs/fuse-overlayfs ) + selinux? ( sec-policy/selinux-podman )" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + default + + # Disable installation of python modules here, since those are + # installed by separate ebuilds. + local makefile_sed_args=( + -e '/^GIT_.*/d' + -e 's/$(GO) build/$(GO) build -v -work -x/' + -e 's/^\(install:.*\) install\.python$/\1/' + -e 's|^pkg/varlink/iopodman.go: .gopathok pkg/varlink/io.podman.varlink$|pkg/varlink/iopodman.go: pkg/varlink/io.podman.varlink|' + ) + + has_version -b '>=dev-lang/go-1.13.9' || makefile_sed_args+=(-e 's:GO111MODULE=off:GO111MODULE=on:') + + sed "${makefile_sed_args[@]}" -i Makefile || die +} + +src_compile() { + local git_commit=${EGIT_COMMIT} + + # Filter unsupported linker flags + filter-flags '-Wl,*' + + [[ -f hack/apparmor_tag.sh ]] || die + if use apparmor; then + echo -e "#!/bin/sh\necho apparmor" > hack/apparmor_tag.sh || die + else + echo -e "#!/bin/sh\ntrue" > hack/apparmor_tag.sh || die + fi + + [[ -f hack/btrfs_installed_tag.sh ]] || die + if use btrfs; then + echo -e "#!/bin/sh\ntrue" > hack/btrfs_installed_tag.sh || die + else + echo -e "#!/bin/sh\necho exclude_graphdriver_btrfs" > \ + hack/btrfs_installed_tag.sh || die + fi + + [[ -f hack/selinux_tag.sh ]] || die + if use selinux; then + echo -e "#!/bin/sh\necho selinux" > hack/selinux_tag.sh || die + else + echo -e "#!/bin/sh\ntrue" > hack/selinux_tag.sh || die + fi + + # Avoid this error when generating pkg/varlink/iopodman.go: + # cannot find package "github.com/varlink/go/varlink/idl" + mkdir -p _output || die + ln -snf ../vendor _output/src || die + GO111MODULE=off GOPATH=${PWD}/_output go generate ./pkg/varlink/... || die + rm _output/src || die + + export -n GOCACHE GOPATH XDG_CACHE_HOME + GOBIN="${S}/bin" \ + emake all \ + GIT_BRANCH=master \ + GIT_BRANCH_CLEAN=master \ + COMMIT_NO="${git_commit}" \ + GIT_COMMIT="${git_commit}" +} + +src_install() { + emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" install + + insinto /etc/containers + newins test/registries.conf registries.conf.example + newins test/policy.json policy.json.example + + insinto /usr/share/containers + doins vendor/github.com/containers/common/pkg/seccomp/seccomp.json + + newconfd "${FILESDIR}"/podman.confd podman + newinitd "${FILESDIR}"/podman.initd podman + + insinto /etc/logrotate.d + newins "${FILESDIR}/podman.logrotated" podman + + dobashcomp completions/bash/* + + insinto /usr/share/zsh/site-functions + doins completions/zsh/* + + insinto /usr/share/fish/vendor_completions.d + doins completions/fish/* + + keepdir /var/lib/containers +} + +pkg_preinst() { + PODMAN_ROOTLESS_UPGRADE=false + if use rootless; then + has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true + fi +} + +pkg_postinst() { + tmpfiles_process podman.conf + + local want_newline=false + if [[ ! ( -e ${EROOT%/*}/etc/containers/policy.json && -e ${EROOT%/*}/etc/containers/registries.conf ) ]]; then + elog "You need to create the following config files:" + elog "/etc/containers/registries.conf" + elog "/etc/containers/policy.json" + elog "To copy over default examples, use:" + elog "cp /etc/containers/registries.conf{.example,}" + elog "cp /etc/containers/policy.json{.example,}" + want_newline=true + fi + if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then + ${want_newline} && elog "" + elog "For rootless operation, you need to configure subuid/subgid" + elog "for user running podman. In case subuid/subgid has only been" + elog "configured for root, run:" + elog "usermod --add-subuids 1065536-1131071 " + elog "usermod --add-subgids 1065536-1131071 " + want_newline=true + fi +} diff --git a/overlay/app-containers/podman/podman-4.2.0-r1.ebuild b/overlay/app-containers/podman/podman-4.2.0-r1.ebuild new file mode 100644 index 0000000..c797b11 --- /dev/null +++ b/overlay/app-containers/podman/podman-4.2.0-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +EGIT_COMMIT="7fe5a419cfd2880df2028ad3d7fd9378a88a04f4" + +inherit bash-completion-r1 flag-o-matic go-module tmpfiles + +DESCRIPTION="Library and podman tool for running OCI-based containers in Pods" +HOMEPAGE="https://github.com/containers/podman/" +MY_PN=podman +MY_P=${MY_PN}-${PV} +SRC_URI="https://github.com/containers/podman/archive/v${PV}.tar.gz -> ${MY_P}.tar.gz" +LICENSE="Apache-2.0 BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0" +SLOT="0" + +KEYWORDS="amd64 arm64 ~ppc64 ~riscv" +IUSE="apparmor btrfs cgroup-hybrid +fuse +init +rootless selinux" +RESTRICT+=" test" + +COMMON_DEPEND=" + app-crypt/gpgme:= + >=app-containers/conmon-2.0.0 + cgroup-hybrid? ( >=app-containers/runc-1.0.0_rc6 ) + !cgroup-hybrid? ( app-containers/crun ) + dev-libs/libassuan:= + dev-libs/libgpg-error:= + >=net-misc/cni-plugins-0.8.6 + sys-apps/shadow:= + sys-fs/lvm2 + sys-libs/libseccomp:= + + apparmor? ( sys-libs/libapparmor ) + btrfs? ( sys-fs/btrfs-progs ) + init? ( app-containers/catatonit ) + rootless? ( app-containers/slirp4netns ) + selinux? ( sys-libs/libselinux:= ) +" +DEPEND=" + ${COMMON_DEPEND} + dev-go/go-md2man" +RDEPEND="${COMMON_DEPEND} + fuse? ( sys-fs/fuse-overlayfs ) + selinux? ( sec-policy/selinux-podman )" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + default + + # Disable installation of python modules here, since those are + # installed by separate ebuilds. + local makefile_sed_args=( + -e '/^GIT_.*/d' + -e 's/$(GO) build/$(GO) build -v -work -x/' + -e 's/^\(install:.*\) install\.python$/\1/' + -e 's|^pkg/varlink/iopodman.go: .gopathok pkg/varlink/io.podman.varlink$|pkg/varlink/iopodman.go: pkg/varlink/io.podman.varlink|' + ) + + has_version -b '>=dev-lang/go-1.13.9' || makefile_sed_args+=(-e 's:GO111MODULE=off:GO111MODULE=on:') + + sed "${makefile_sed_args[@]}" -i Makefile || die +} + +src_compile() { + local git_commit=${EGIT_COMMIT} + + # Filter unsupported linker flags + filter-flags '-Wl,*' + + [[ -f hack/apparmor_tag.sh ]] || die + if use apparmor; then + echo -e "#!/bin/sh\necho apparmor" > hack/apparmor_tag.sh || die + else + echo -e "#!/bin/sh\ntrue" > hack/apparmor_tag.sh || die + fi + + [[ -f hack/btrfs_installed_tag.sh ]] || die + if use btrfs; then + echo -e "#!/bin/sh\ntrue" > hack/btrfs_installed_tag.sh || die + else + echo -e "#!/bin/sh\necho exclude_graphdriver_btrfs" > \ + hack/btrfs_installed_tag.sh || die + fi + + [[ -f hack/selinux_tag.sh ]] || die + if use selinux; then + echo -e "#!/bin/sh\necho selinux" > hack/selinux_tag.sh || die + else + echo -e "#!/bin/sh\ntrue" > hack/selinux_tag.sh || die + fi + + # Avoid this error when generating pkg/varlink/iopodman.go: + # cannot find package "github.com/varlink/go/varlink/idl" + mkdir -p _output || die + ln -snf ../vendor _output/src || die + GO111MODULE=off GOPATH=${PWD}/_output go generate ./pkg/varlink/... || die + rm _output/src || die + + export -n GOCACHE GOPATH XDG_CACHE_HOME + GOBIN="${S}/bin" \ + emake all \ + GIT_BRANCH=master \ + GIT_BRANCH_CLEAN=master \ + COMMIT_NO="${git_commit}" \ + GIT_COMMIT="${git_commit}" +} + +src_install() { + emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" install + + insinto /etc/containers + newins test/registries.conf registries.conf.example + newins test/policy.json policy.json.example + + insinto /usr/share/containers + doins vendor/github.com/containers/common/pkg/seccomp/seccomp.json + + newconfd "${FILESDIR}"/podman.confd podman + newinitd "${FILESDIR}"/podman.initd podman + + insinto /etc/logrotate.d + newins "${FILESDIR}/podman.logrotated" podman + + dobashcomp completions/bash/* + + insinto /usr/share/zsh/site-functions + doins completions/zsh/* + + insinto /usr/share/fish/vendor_completions.d + doins completions/fish/* + + keepdir /var/lib/containers +} + +pkg_preinst() { + PODMAN_ROOTLESS_UPGRADE=false + if use rootless; then + has_version 'app-containers/podman[rootless]' || PODMAN_ROOTLESS_UPGRADE=true + fi +} + +pkg_postinst() { + tmpfiles_process podman.conf + + local want_newline=false + if [[ ! ( -e ${EROOT%/*}/etc/containers/policy.json && -e ${EROOT%/*}/etc/containers/registries.conf ) ]]; then + elog "You need to create the following config files:" + elog "/etc/containers/registries.conf" + elog "/etc/containers/policy.json" + elog "To copy over default examples, use:" + elog "cp /etc/containers/registries.conf{.example,}" + elog "cp /etc/containers/policy.json{.example,}" + want_newline=true + fi + if [[ ${PODMAN_ROOTLESS_UPGRADE} == true ]] ; then + ${want_newline} && elog "" + elog "For rootless operation, you need to configure subuid/subgid" + elog "for user running podman. In case subuid/subgid has only been" + elog "configured for root, run:" + elog "usermod --add-subuids 1065536-1131071 " + elog "usermod --add-subgids 1065536-1131071 " + want_newline=true + fi +} diff --git a/overlay/net-misc/cni-plugins/Manifest b/overlay/net-misc/cni-plugins/Manifest index dfa22e2..58368f2 100644 --- a/overlay/net-misc/cni-plugins/Manifest +++ b/overlay/net-misc/cni-plugins/Manifest @@ -2,3 +2,4 @@ DIST cni-plugins-0.8.6.tar.gz 1993056 BLAKE2B 89276e0f7fdbc782b30ff675abcb0f92f2 DIST cni-plugins-0.8.7.tar.gz 1965945 BLAKE2B 592b1f126547363877c657e03d69fcb25874e6d472d731861a1a03e3933901bd618a5097f3d91f6ca7fbedce29a0ff0076a65be1a528a2584a7dcb5940a4b010 SHA512 1b11b080b1f54a8a792b1048573d7d882603b76929f0c9343eeb2e010f97700c0deea4489faeb493a1aeac12557b6847b26784c378d0430c47de6bdaca6aa70f DIST cni-plugins-0.9.0.tar.gz 2705022 BLAKE2B 82f723501901da40e4ea2f111bd1ed3023a1d11e1715902830f3cd0cf0d46d9f9c57389b3a763448fcd52c40aba97a731986ca1862e2ecd912e8a274abf626c9 SHA512 8d545d17e6bf4180755708e47607c855b99f6ea4183a33930b7d05974d2151c90873f1e2064b806059a26caba6942502d9954fce697bf000995d539c2208811c DIST cni-plugins-0.9.1.tar.gz 2703099 BLAKE2B 878f476e62f12020b39d33a79723fe246b34d80705d3a336573401743392adca9a57b196d6d191b4a6f281110f47ecbb1525aacd91cd488bea61c7aaed12a6ef SHA512 24e8fcedbff2ae7a83aa96085b546b164de6a0884d593e3b5386e9d2de3c4d9a215db9e9405332020cc45c371709a32b600e263e4f8dee62c51adafdc0180f24 +DIST cni-plugins-1.1.1.tar.gz 3076064 BLAKE2B 2fd70260995e423d2b4ac3a8d2135074baffe5d36177d5e1e5a9ce146f6d2ecfeb3b843de62e43f863085ff965be4160cf5f4cae892d3c59070ef390409ef3c9 SHA512 03da31caee5f9595abf65d4a551984b995bc18c5e97409549f08997c5a6a2b41a8950144f8a5b4f810cb401ddbe312232d2be76ec977acf8108eb490786b1817 diff --git a/overlay/net-misc/cni-plugins/cni-plugins-1.1.1.ebuild b/overlay/net-misc/cni-plugins/cni-plugins-1.1.1.ebuild new file mode 100644 index 0000000..d24a1fe --- /dev/null +++ b/overlay/net-misc/cni-plugins/cni-plugins-1.1.1.ebuild @@ -0,0 +1,33 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +inherit go-module linux-info systemd + +DESCRIPTION="Standard networking plugins for container networking" +HOMEPAGE="https://github.com/containernetworking/plugins" +SRC_URI="https://github.com/containernetworking/plugins/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="amd64 arm64 ~ppc64 ~riscv" +IUSE="hardened" + +CONFIG_CHECK="~BRIDGE_VLAN_FILTERING" +S="${WORKDIR}/plugins-${PV}" + +src_compile() { + CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')" ./build_linux.sh || die +} + +src_install() { + exeinto /opt/cni/bin + doexe bin/* + dodoc README.md + local i + for i in plugins/{meta/{bandwidth,firewall,flannel,portmap,sbr,tuning},main/{bridge,host-device,ipvlan,loopback,macvlan,ptp,vlan},ipam/{dhcp,host-local,static},sample}; do + newdoc README.md ${i##*/}.README.md + done + systemd_dounit plugins/ipam/dhcp/systemd/cni-dhcp.{service,socket} + newinitd "${FILESDIR}"/cni-dhcp.initd cni-dhcp +} From 66bb2691b1588d95efc8eb267623ebd95f2ac5fe Mon Sep 17 00:00:00 2001 From: Joe Gooch Date: Tue, 13 Sep 2022 11:56:59 -0400 Subject: [PATCH 3/4] Update ignores, and readme! --- .gitignore | 1 + README.md | 18 ++++++------------ 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index d872585..3e39c77 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ *.tar.gz *.tgz *.raw +/podman-versions.txt diff --git a/README.md b/README.md index cfcc360..0784888 100644 --- a/README.md +++ b/README.md @@ -6,21 +6,15 @@ make podman.raw # Use -Copy podman.raw to /etc/extensions. - -Disable selinux in /etc/selinux/config - must be disabled not permissive. Default file is a symlink so make a copy (`cp /etc/selinux/config{,-}; mv /etc/selinux/config{-,}`) - -Symlink the CNI plugins `ln -sf /usr/lib/cni/ /opt/cni/` +Copy podman.raw to /var/lib/extensions. Copy configs from /usr/etc/ into the appropriate directories in /etc. Remove the .example extensions. -Run `systemctl enable --now podman.socket` +If you want an example containers.conf, you can retrieve it from [here](https://raw.githubusercontent.com/containers/common/main/pkg/config/containers.conf) +Or simply `curl -O /etc/containers/containers.conf https://raw.githubusercontent.com/containers/common/main/pkg/config/containers.conf` -# Test +Optional: If you want rootless containers to work, disable selinux in /etc/selinux/config - must be disabled not permissive. Default file is a symlink so make a copy (`cp /etc/selinux/config{,-}; mv /etc/selinux/config{-,}`) -``` -snap install hello-world -snap run hello-world -``` +Optional: If you want remote podman services, run `systemctl enable --now podman.socket` -To make snaps accessible, add /var/lib/podman/snap/bin to $PATH. +If you want to remove docker entirely, visit [here](https://github.com/goochjj/flatcar-podman-docker-torcx) From a0f55ac6fbd8930ab7bac966bf096bb7057a39b9 Mon Sep 17 00:00:00 2001 From: Joe Gooch Date: Tue, 13 Sep 2022 12:08:16 -0400 Subject: [PATCH 4/4] torcx moved elsewhere --- torcx/.torcx/manifest.json | 8 -------- torcx/bin/docker | 7 ------- 2 files changed, 15 deletions(-) delete mode 100644 torcx/.torcx/manifest.json delete mode 100755 torcx/bin/docker diff --git a/torcx/.torcx/manifest.json b/torcx/.torcx/manifest.json deleted file mode 100644 index 9737f16..0000000 --- a/torcx/.torcx/manifest.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "kind": "image-manifest-v0", - "value": { - "bin": [ - "/bin/docker" - ] - } -} diff --git a/torcx/bin/docker b/torcx/bin/docker deleted file mode 100755 index b58bc04..0000000 --- a/torcx/bin/docker +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/bash - -[ -e /etc/containers/nodocker ] || \ -echo "Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg." >&2 - -exec /usr/bin/podman "$@" -