Message ID | 20230522202346.209785-1-christian@aperture.us |
---|---|
State | Accepted |
Headers | show |
Series | [v3,1/2] package/conmon: new package | expand |
Hello Christian, On Mon, 22 May 2023 13:23:45 -0700 Christian Stewart via buildroot <buildroot@buildroot.org> wrote: > Conmon is an OCI container runtime monitor. > > https://github.com/containers/conmon > > Dependency of podman. > > Signed-off-by: Christian Stewart <christian@aperture.us> I've applied with a few changes, see below. I also have a request. > diff --git a/package/conmon/Config.in b/package/conmon/Config.in > new file mode 100644 > index 0000000000..65f693a29e > --- /dev/null > +++ b/package/conmon/Config.in > @@ -0,0 +1,16 @@ > +config BR2_PACKAGE_CONMON > + bool "conmon" > + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve This is incorrect: uClibc has fexecve() since its commit 858ffad217076227089cc17eb832db0bd1497792, merged in uClibc 1.0.33, so quite a while ago. I think all the packages that have this: package/balena-engine/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve package/cni-plugins/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve package/crun/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve package/embiggen-disk/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve package/lxc/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve package/runc/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve should be revisited, because uClibc now has fexecve(). Maybe they still don't build with uClibc for some other reason, but it's no longer the lack of fexecve(). > + depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2 > + depends on BR2_USE_MMU # libglib2 > + depends on BR2_USE_WCHAR # libglib2 > + select BR2_PACKAGE_LIBGLIB2 > + help > + Conmon is an OCI container runtime monitor. > + > + https://github.com/containers/conmon > + > +comment "conmon needs a glibc or musl toolchain w/ threads, wchar" > + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ > + BR2_TOOLCHAIN_USES_UCLIBC Tweaked that accordingly. > + depends on BR2_USE_MMU > diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash > new file mode 100644 > index 0000000000..82d1d14ba3 > --- /dev/null > +++ b/package/conmon/conmon.hash > @@ -0,0 +1,3 @@ > +# Locally computed > +sha256 7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe conmon-2.1.7.tar.gz > +sha256 9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016 LICENSE > diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk > new file mode 100644 > index 0000000000..dfac23189f > --- /dev/null > +++ b/package/conmon/conmon.mk > @@ -0,0 +1,36 @@ > +################################################################################ > +# > +# conmon > +# > +################################################################################ > + > +CONMON_VERSION = 2.1.7 > +CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION)) > +CONMON_LICENSE = Apache-2.0 > +CONMON_LICENSE_FILES = LICENSE > + > +CONMON_DEPENDENCIES += host-pkgconf libglib2 Changed += to =, as its unconditional. > + > +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) > +CONMON_DISABLE_SECCOMP = 0 > +CONMON_DEPENDENCIES += libseccomp > +else > +CONMON_DISABLE_SECCOMP = 1 > +endif > + > +define CONMON_CONFIGURE_CMDS > + printf '#!/bin/bash\necho "$(CONMON_DISABLE_SECCOMP)"\n' > \ > + $(@D)/hack/seccomp-notify.sh > + chmod +x $(@D)/hack/seccomp-notify.sh > +endef I merged as-is, but I really think a better solution would be to fix the upstream script. The original script goes like this: #! /usr/bin/env bash if $(printf '#include <linux/seccomp.h>\nvoid main(){struct seccomp_notif_sizes s;}' | cc -x c - -o /dev/null 2> /dev/null && pkg-config --atleast-version 2.5.0 libseccomp); then echo "0" fi I believe the only thing that is needed is to replace the hardcoded "cc" by ${CC} and have the Makefile invoking this script pass CC=<value> in the environment when calling the script. Then the script would work as-is with Buildroot, and we would no longer need to hack. Thanks! Thomas
diff --git a/DEVELOPERS b/DEVELOPERS index e76717e845..7b3287731a 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -543,6 +543,7 @@ F: package/balena-engine/ F: package/batman-adv/ F: package/catatonit/ F: package/cni-plugins/ +F: package/conmon/ F: package/containerd/ F: package/crun/ F: package/delve/ diff --git a/package/Config.in b/package/Config.in index 420ebaa370..52bc10b91b 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2631,6 +2631,7 @@ menu "System tools" source "package/bubblewrap/Config.in" source "package/cgroupfs-mount/Config.in" source "package/circus/Config.in" + source "package/conmon/Config.in" source "package/containerd/Config.in" source "package/coreutils/Config.in" source "package/cpulimit/Config.in" diff --git a/package/conmon/Config.in b/package/conmon/Config.in new file mode 100644 index 0000000000..65f693a29e --- /dev/null +++ b/package/conmon/Config.in @@ -0,0 +1,16 @@ +config BR2_PACKAGE_CONMON + bool "conmon" + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve + depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2 + depends on BR2_USE_MMU # libglib2 + depends on BR2_USE_WCHAR # libglib2 + select BR2_PACKAGE_LIBGLIB2 + help + Conmon is an OCI container runtime monitor. + + https://github.com/containers/conmon + +comment "conmon needs a glibc or musl toolchain w/ threads, wchar" + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \ + BR2_TOOLCHAIN_USES_UCLIBC + depends on BR2_USE_MMU diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash new file mode 100644 index 0000000000..82d1d14ba3 --- /dev/null +++ b/package/conmon/conmon.hash @@ -0,0 +1,3 @@ +# Locally computed +sha256 7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe conmon-2.1.7.tar.gz +sha256 9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016 LICENSE diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk new file mode 100644 index 0000000000..dfac23189f --- /dev/null +++ b/package/conmon/conmon.mk @@ -0,0 +1,36 @@ +################################################################################ +# +# conmon +# +################################################################################ + +CONMON_VERSION = 2.1.7 +CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION)) +CONMON_LICENSE = Apache-2.0 +CONMON_LICENSE_FILES = LICENSE + +CONMON_DEPENDENCIES += host-pkgconf libglib2 + +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y) +CONMON_DISABLE_SECCOMP = 0 +CONMON_DEPENDENCIES += libseccomp +else +CONMON_DISABLE_SECCOMP = 1 +endif + +define CONMON_CONFIGURE_CMDS + printf '#!/bin/bash\necho "$(CONMON_DISABLE_SECCOMP)"\n' > \ + $(@D)/hack/seccomp-notify.sh + chmod +x $(@D)/hack/seccomp-notify.sh +endef + +define CONMON_BUILD_CMDS + $(TARGET_MAKE_ENV) $(MAKE) CC="$(TARGET_CC)" CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" -C $(@D) bin/conmon +endef + +define CONMON_INSTALL_TARGET_CMDS + $(INSTALL) -D -m 755 $(@D)/bin/conmon $(TARGET_DIR)/usr/bin/conmon +endef + +$(eval $(generic-package))