Message ID | 20230522202346.209785-2-christian@aperture.us |
---|---|
State | Accepted |
Headers | show |
Series | [v3,1/2] package/conmon: new package | expand |
Hello Christian, On Mon, 22 May 2023 13:23:46 -0700 Christian Stewart via buildroot <buildroot@buildroot.org> wrote: > podman is a CLI tool for spawning and running containers according to the OCI > specification. > > https://github.com/containers/podman > > Signed-off-by: Christian Stewart <christian@aperture.us> Overall it looks good of course, but I have a couple of questions. > diff --git a/package/podman/Config.in b/package/podman/Config.in > new file mode 100644 > index 0000000000..92f5d6ae3d > --- /dev/null > +++ b/package/podman/Config.in > @@ -0,0 +1,58 @@ > +config BR2_PACKAGE_PODMAN > + bool "podman" > + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve I don't think that's true. That was inherited from crun, and I just sent a patch that allows crun to build with uClibc. > + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS > + depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS > + depends on BR2_TOOLCHAIN_HAS_THREADS # conmon -> libglib2 > + depends on BR2_USE_MMU # libgpgme, conmon -> libglib2 > + depends on BR2_USE_WCHAR # conmon -> libglib2 I think you can just say "conmon, libglib2" as you inherit the dependencies from both. > + select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime > + select BR2_PACKAGE_CNI_PLUGINS > + select BR2_PACKAGE_CONMON > + select BR2_PACKAGE_CRUN > + select BR2_PACKAGE_IPTABLES > + select BR2_PACKAGE_LIBGLIB2 > + select BR2_PACKAGE_LIBGPGME Out of all those dependencies, you only have build dependencies on libglib2 and libgpgme. Are the other runtime dependencies? If so, please add a # runtime comment, like you did for the cgroupfs-mount dependency. > +if BR2_PACKAGE_PODMAN > + > +config BR2_PACKAGE_PODMAN_DRIVER_BTRFS > + bool "btrfs filesystem driver" > + depends on BR2_USE_MMU # btrfs-progs > + depends on BR2_TOOLCHAIN_HAS_THREADS # btrfs-progs > + select BR2_PACKAGE_BTRFS_PROGS > + help > + Build the btrfs filesystem driver. > + > +config BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER > + bool "devicemapper filesystem driver" > + depends on BR2_TOOLCHAIN_HAS_THREADS # lvm2 > + depends on BR2_USE_MMU # lvm2 > + depends on !BR2_STATIC_LIBS # lvm2 > + select BR2_PACKAGE_LVM2 > + help > + Build the devicemapper filesystem driver. > + > +config BR2_PACKAGE_PODMAN_DRIVER_VFS > + bool "vfs filesystem driver" > + depends on BR2_USE_WCHAR # gvfs > + depends on BR2_USE_MMU # gvfs > + depends on BR2_TOOLCHAIN_HAS_THREADS # gvfs > + depends on !BR2_STATIC_LIBS # gvfs > + select BR2_PACKAGE_GVFS > + help > + Build the vfs filesystem driver. Normally, we would need a Config.in comment about the dependencies, but I agree almost all of them are covered by the top-level option, and the only one remaining is !BR2_STATIC_LIBS... Perhaps not worth adding a Config.in comment for this, I agree. > + > +endif > + > +comment "podman needs a glibc or musl toolchain w/ threads, wchar" > + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \ > + BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS > + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ > + BR2_TOOLCHAIN_USES_UCLIBC Needs to be adjusted once the uClibc exclusion is removed. > diff --git a/package/podman/podman.mk b/package/podman/podman.mk > new file mode 100644 > index 0000000000..f888f3ae5e > --- /dev/null > +++ b/package/podman/podman.mk > @@ -0,0 +1,75 @@ > +################################################################################ > +# > +# podman > +# > +################################################################################ > + > +PODMAN_VERSION = 4.5.0 > +PODMAN_SITE = $(call github,containers,podman,v$(PODMAN_VERSION)) > +PODMAN_LICENSE = Apache-2.0 > +PODMAN_LICENSE_FILES = LICENSE > + > +PODMAN_CPE_ID_VENDOR = podman_project > +PODMAN_GOMOD = github.com/containers/podman/v4 > + > +PODMAN_BUILD_TARGETS = cmd/podman cmd/rootlessport cmd/quadlet > +PODMAN_DEPENDENCIES += libglib2 libgpgme Change += to =. > +define PODMAN_INSTALL_TARGET_CMDS > + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \ > + install.bin > + $(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni > + $(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni/net.d What do you need this? > + $(INSTALL) -D -m 644 $(@D)/cni/87-podman-bridge.conflist \ > + $(TARGET_DIR)/etc/cni/net.d/87-podman-bridge.conflist $(INSTALL) -D will create all directories that are needed to allow creating the destination file. > + $(INSTALL) -d -m 755 $(TARGET_DIR)/etc/containers > + $(INSTALL) -D -m 644 $(PODMAN_PKGDIR)/containers-policy.json \ > + $(TARGET_DIR)/etc/containers/policy.json Same comment. > +endef > + > +define PODMAN_INSTALL_INIT_SYSTEMD > + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \ > + install.systemd > +endef > + > +$(eval $(golang-package)) Otherwise, looks good. So it's really the question about build-time vs. run-time dependencies that didn't allow me to tweak the patch when applying. Could you rework the patch and send a new iteration? I promise, it will take less than 2 months to be handled :-) Thanks! Thomas
Hello Thomas and Christian, At 2023-07-30 05:27:23, "Thomas Petazzoni via buildroot" <buildroot@buildroot.org> wrote: >Hello Christian, > >On Mon, 22 May 2023 13:23:46 -0700 >Christian Stewart via buildroot <buildroot@buildroot.org> wrote: > >> podman is a CLI tool for spawning and running containers according to the OCI >> specification. >> >> https://github.com/containers/podman >> >> Signed-off-by: Christian Stewart <christian@aperture.us> > >Overall it looks good of course, but I have a couple of questions. > >> diff --git a/package/podman/Config.in b/package/podman/Config.in >> new file mode 100644 >> index 0000000000..92f5d6ae3d >> --- /dev/null >> +++ b/package/podman/Config.in >> @@ -0,0 +1,58 @@ >> +config BR2_PACKAGE_PODMAN >> + bool "podman" >> + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve > >I don't think that's true. That was inherited from crun, and I just >sent a patch that allows crun to build with uClibc. > >> + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS >> + depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS >> + depends on BR2_TOOLCHAIN_HAS_THREADS # conmon -> libglib2 >> + depends on BR2_USE_MMU # libgpgme, conmon -> libglib2 >> + depends on BR2_USE_WCHAR # conmon -> libglib2 > >I think you can just say "conmon, libglib2" as you inherit the >dependencies from both. > >> + select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime >> + select BR2_PACKAGE_CNI_PLUGINS >> + select BR2_PACKAGE_CONMON >> + select BR2_PACKAGE_CRUN >> + select BR2_PACKAGE_IPTABLES >> + select BR2_PACKAGE_LIBGLIB2 >> + select BR2_PACKAGE_LIBGPGME > >Out of all those dependencies, you only have build dependencies on >libglib2 and libgpgme. Are the other runtime dependencies? If so, >please add a # runtime comment, like you did for the cgroupfs-mount >dependency. > > >> +if BR2_PACKAGE_PODMAN >> + >> +config BR2_PACKAGE_PODMAN_DRIVER_BTRFS >> + bool "btrfs filesystem driver" >> + depends on BR2_USE_MMU # btrfs-progs >> + depends on BR2_TOOLCHAIN_HAS_THREADS # btrfs-progs >> + select BR2_PACKAGE_BTRFS_PROGS >> + help >> + Build the btrfs filesystem driver. >> + >> +config BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER >> + bool "devicemapper filesystem driver" >> + depends on BR2_TOOLCHAIN_HAS_THREADS # lvm2 >> + depends on BR2_USE_MMU # lvm2 >> + depends on !BR2_STATIC_LIBS # lvm2 >> + select BR2_PACKAGE_LVM2 >> + help >> + Build the devicemapper filesystem driver. >> + >> +config BR2_PACKAGE_PODMAN_DRIVER_VFS >> + bool "vfs filesystem driver" >> + depends on BR2_USE_WCHAR # gvfs >> + depends on BR2_USE_MMU # gvfs >> + depends on BR2_TOOLCHAIN_HAS_THREADS # gvfs >> + depends on !BR2_STATIC_LIBS # gvfs >> + select BR2_PACKAGE_GVFS >> + help >> + Build the vfs filesystem driver. > >Normally, we would need a Config.in comment about the dependencies, but >I agree almost all of them are covered by the top-level option, and the >only one remaining is !BR2_STATIC_LIBS... Perhaps not worth adding a >Config.in comment for this, I agree. > >> + >> +endif >> + >> +comment "podman needs a glibc or musl toolchain w/ threads, wchar" >> + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \ >> + BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS >> + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ >> + BR2_TOOLCHAIN_USES_UCLIBC > >Needs to be adjusted once the uClibc exclusion is removed. > >> diff --git a/package/podman/podman.mk b/package/podman/podman.mk >> new file mode 100644 >> index 0000000000..f888f3ae5e >> --- /dev/null >> +++ b/package/podman/podman.mk >> @@ -0,0 +1,75 @@ >> +################################################################################ >> +# >> +# podman >> +# >> +################################################################################ >> + >> +PODMAN_VERSION = 4.5.0 >> +PODMAN_SITE = $(call github,containers,podman,v$(PODMAN_VERSION)) >> +PODMAN_LICENSE = Apache-2.0 >> +PODMAN_LICENSE_FILES = LICENSE >> + >> +PODMAN_CPE_ID_VENDOR = podman_project >> +PODMAN_GOMOD = github.com/containers/podman/v4 >> + >> +PODMAN_BUILD_TARGETS = cmd/podman cmd/rootlessport cmd/quadlet >> +PODMAN_DEPENDENCIES += libglib2 libgpgme > >Change += to =. > > >> +define PODMAN_INSTALL_TARGET_CMDS >> + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \ >> + install.bin >> + $(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni >> + $(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni/net.d > >What do you need this? That's because the permissions for those two directories are 700 instead of 755. > >> + $(INSTALL) -D -m 644 $(@D)/cni/87-podman-bridge.conflist \ >> + $(TARGET_DIR)/etc/cni/net.d/87-podman-bridge.conflist > >$(INSTALL) -D will create all directories that are needed to allow >creating the destination file. > >> + $(INSTALL) -d -m 755 $(TARGET_DIR)/etc/containers >> + $(INSTALL) -D -m 644 $(PODMAN_PKGDIR)/containers-policy.json \ >> + $(TARGET_DIR)/etc/containers/policy.json > >Same comment. This directory permission is 755, so this line should not be required. > >> +endef >> + >> +define PODMAN_INSTALL_INIT_SYSTEMD >> + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \ >> + install.systemd >> +endef >> + >> +$(eval $(golang-package)) > >Otherwise, looks good. So it's really the question about build-time vs. >run-time dependencies that didn't allow me to tweak the patch when >applying. > >Could you rework the patch and send a new iteration? I promise, it will >take less than 2 months to be handled :-) > >Thanks! > >Thomas >-- >Thomas Petazzoni, co-owner and CEO, Bootlin >Embedded Linux and Kernel engineering and training >https://bootlin.com It should be noted that the Linux kernel requires CONFIG_ NETFILTER_ XT_ MATCH_ COMMENT option. Tested-by: TIAN Yuanhao <tianyuanhao3@163.com> Thanks, Yuanhao
diff --git a/DEVELOPERS b/DEVELOPERS index 7b3287731a..c5de54a637 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -559,6 +559,7 @@ F: package/moby-buildkit/ F: package/mosh/ F: package/nerdctl/ F: package/pkg-golang.mk +F: package/podman/ F: package/rtl8821au/ F: package/rtl8821cu/ F: package/runc/ diff --git a/package/Config.in b/package/Config.in index 52bc10b91b..492baf25c4 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2684,6 +2684,7 @@ menu "System tools" source "package/openvmtools/Config.in" source "package/pamtester/Config.in" source "package/petitboot/Config.in" + source "package/podman/Config.in" source "package/polkit/Config.in" source "package/powerpc-utils/Config.in" source "package/procps-ng/Config.in" diff --git a/package/podman/Config.in b/package/podman/Config.in new file mode 100644 index 0000000000..92f5d6ae3d --- /dev/null +++ b/package/podman/Config.in @@ -0,0 +1,58 @@ +config BR2_PACKAGE_PODMAN + bool "podman" + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS + depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS + depends on BR2_TOOLCHAIN_HAS_THREADS # conmon -> libglib2 + depends on BR2_USE_MMU # libgpgme, conmon -> libglib2 + depends on BR2_USE_WCHAR # conmon -> libglib2 + select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime + select BR2_PACKAGE_CNI_PLUGINS + select BR2_PACKAGE_CONMON + select BR2_PACKAGE_CRUN + select BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_LIBGLIB2 + select BR2_PACKAGE_LIBGPGME + help + podman is a CLI tool for spawning and running containers + according to the OCI specification. + + https://github.com/containers/podman + +if BR2_PACKAGE_PODMAN + +config BR2_PACKAGE_PODMAN_DRIVER_BTRFS + bool "btrfs filesystem driver" + depends on BR2_USE_MMU # btrfs-progs + depends on BR2_TOOLCHAIN_HAS_THREADS # btrfs-progs + select BR2_PACKAGE_BTRFS_PROGS + help + Build the btrfs filesystem driver. + +config BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER + bool "devicemapper filesystem driver" + depends on BR2_TOOLCHAIN_HAS_THREADS # lvm2 + depends on BR2_USE_MMU # lvm2 + depends on !BR2_STATIC_LIBS # lvm2 + select BR2_PACKAGE_LVM2 + help + Build the devicemapper filesystem driver. + +config BR2_PACKAGE_PODMAN_DRIVER_VFS + bool "vfs filesystem driver" + depends on BR2_USE_WCHAR # gvfs + depends on BR2_USE_MMU # gvfs + depends on BR2_TOOLCHAIN_HAS_THREADS # gvfs + depends on !BR2_STATIC_LIBS # gvfs + select BR2_PACKAGE_GVFS + help + Build the vfs filesystem driver. + +endif + +comment "podman needs a glibc or musl toolchain w/ threads, wchar" + depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \ + BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ + BR2_TOOLCHAIN_USES_UCLIBC + depends on BR2_USE_MMU diff --git a/package/podman/containers-policy.json b/package/podman/containers-policy.json new file mode 100644 index 0000000000..4480eb82b4 --- /dev/null +++ b/package/podman/containers-policy.json @@ -0,0 +1,14 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } +} diff --git a/package/podman/podman.hash b/package/podman/podman.hash new file mode 100644 index 0000000000..c011068682 --- /dev/null +++ b/package/podman/podman.hash @@ -0,0 +1,3 @@ +# Locally computed +sha256 830a633630bf6e61f2b8d4ca00efdd9a173ef25cdd49d4a4364c293e088561df podman-4.5.0.tar.gz +sha256 62fb8a3a9621dc2388174caaabe9c2317b694bb9a1d46c98bcf5655b68f51be3 LICENSE diff --git a/package/podman/podman.mk b/package/podman/podman.mk new file mode 100644 index 0000000000..f888f3ae5e --- /dev/null +++ b/package/podman/podman.mk @@ -0,0 +1,75 @@ +################################################################################ +# +# podman +# +################################################################################ + +PODMAN_VERSION = 4.5.0 +PODMAN_SITE = $(call github,containers,podman,v$(PODMAN_VERSION)) +PODMAN_LICENSE = Apache-2.0 +PODMAN_LICENSE_FILES = LICENSE + +PODMAN_CPE_ID_VENDOR = podman_project +PODMAN_GOMOD = github.com/containers/podman/v4 + +PODMAN_BUILD_TARGETS = cmd/podman cmd/rootlessport cmd/quadlet +PODMAN_DEPENDENCIES += libglib2 libgpgme +PODMAN_LDFLAGS = \ + -X $(PODMAN_GOMOD)/libpod/define.gitCommit=$(PODMAN_VERSION) +PODMAN_TAGS = exclude_graphdriver_zfs + +ifeq ($(BR2_INIT_SYSTEMD),y) +PODMAN_TAGS += systemd +endif + +ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y) +PODMAN_DEPENDENCIES += libapparmor +PODMAN_TAGS += apparmor +endif + +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) +PODMAN_TAGS += seccomp +PODMAN_DEPENDENCIES += libseccomp host-pkgconf +endif + +ifeq ($(BR2_PACKAGE_LIBSELINUX),y) +PODMAN_TAGS += selinux +PODMAN_DEPENDENCIES += libselinux +endif + +ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_BTRFS),y) +PODMAN_DEPENDENCIES += btrfs-progs +else +PODMAN_TAGS += exclude_graphdriver_btrfs +endif + +ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER),y) +PODMAN_DEPENDENCIES += lvm2 +else +PODMAN_TAGS += exclude_graphdriver_devicemapper +endif + +ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_VFS),y) +PODMAN_DEPENDENCIES += gvfs +else +PODMAN_TAGS += exclude_graphdriver_vfs +endif + +define PODMAN_INSTALL_TARGET_CMDS + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \ + install.bin + $(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni + $(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni/net.d + $(INSTALL) -D -m 644 $(@D)/cni/87-podman-bridge.conflist \ + $(TARGET_DIR)/etc/cni/net.d/87-podman-bridge.conflist + $(INSTALL) -d -m 755 $(TARGET_DIR)/etc/containers + $(INSTALL) -D -m 644 $(PODMAN_PKGDIR)/containers-policy.json \ + $(TARGET_DIR)/etc/containers/policy.json +endef + +define PODMAN_INSTALL_INIT_SYSTEMD + $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \ + install.systemd +endef + +$(eval $(golang-package))