From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Christian Stewart via buildroot <buildroot@buildroot.org>
Cc: Joachim Wiberg <troglobit@gmail.com>,
Tian Yuanhao <tianyuanhao3@163.com>,
"Yann E . MORIN" <yann.morin.1998@free.fr>,
Christian Stewart <christian@aperture.us>
Subject: Re: [Buildroot] [PATCH v3 1/2] package/conmon: new package
Date: Sat, 29 Jul 2023 23:13:08 +0200 [thread overview]
Message-ID: <20230729231308.1d795ee8@windsurf> (raw)
In-Reply-To: <20230522202346.209785-1-christian@aperture.us>
Hello Christian,
On Mon, 22 May 2023 13:23:45 -0700
Christian Stewart via buildroot <buildroot@buildroot.org> wrote:
> Conmon is an OCI container runtime monitor.
>
> https://github.com/containers/conmon
>
> Dependency of podman.
>
> Signed-off-by: Christian Stewart <christian@aperture.us>
I've applied with a few changes, see below. I also have a request.
> diff --git a/package/conmon/Config.in b/package/conmon/Config.in
> new file mode 100644
> index 0000000000..65f693a29e
> --- /dev/null
> +++ b/package/conmon/Config.in
> @@ -0,0 +1,16 @@
> +config BR2_PACKAGE_CONMON
> + bool "conmon"
> + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
This is incorrect: uClibc has fexecve() since its commit
858ffad217076227089cc17eb832db0bd1497792, merged in uClibc 1.0.33, so
quite a while ago. I think all the packages that have this:
package/balena-engine/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/cni-plugins/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/crun/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/embiggen-disk/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/lxc/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/runc/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
should be revisited, because uClibc now has fexecve(). Maybe they still
don't build with uClibc for some other reason, but it's no longer the
lack of fexecve().
> + depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
> + depends on BR2_USE_MMU # libglib2
> + depends on BR2_USE_WCHAR # libglib2
> + select BR2_PACKAGE_LIBGLIB2
> + help
> + Conmon is an OCI container runtime monitor.
> +
> + https://github.com/containers/conmon
> +
> +comment "conmon needs a glibc or musl toolchain w/ threads, wchar"
> + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
> + BR2_TOOLCHAIN_USES_UCLIBC
Tweaked that accordingly.
> + depends on BR2_USE_MMU
> diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash
> new file mode 100644
> index 0000000000..82d1d14ba3
> --- /dev/null
> +++ b/package/conmon/conmon.hash
> @@ -0,0 +1,3 @@
> +# Locally computed
> +sha256 7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe conmon-2.1.7.tar.gz
> +sha256 9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016 LICENSE
> diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk
> new file mode 100644
> index 0000000000..dfac23189f
> --- /dev/null
> +++ b/package/conmon/conmon.mk
> @@ -0,0 +1,36 @@
> +################################################################################
> +#
> +# conmon
> +#
> +################################################################################
> +
> +CONMON_VERSION = 2.1.7
> +CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION))
> +CONMON_LICENSE = Apache-2.0
> +CONMON_LICENSE_FILES = LICENSE
> +
> +CONMON_DEPENDENCIES += host-pkgconf libglib2
Changed += to =, as its unconditional.
> +
> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> +CONMON_DISABLE_SECCOMP = 0
> +CONMON_DEPENDENCIES += libseccomp
> +else
> +CONMON_DISABLE_SECCOMP = 1
> +endif
> +
> +define CONMON_CONFIGURE_CMDS
> + printf '#!/bin/bash\necho "$(CONMON_DISABLE_SECCOMP)"\n' > \
> + $(@D)/hack/seccomp-notify.sh
> + chmod +x $(@D)/hack/seccomp-notify.sh
> +endef
I merged as-is, but I really think a better solution would be to fix
the upstream script. The original script goes like this:
#! /usr/bin/env bash
if $(printf '#include <linux/seccomp.h>\nvoid main(){struct seccomp_notif_sizes s;}' | cc -x c - -o /dev/null 2> /dev/null && pkg-config --atleast-version 2.5.0 libseccomp); then
echo "0"
fi
I believe the only thing that is needed is to replace the hardcoded
"cc" by ${CC} and have the Makefile invoking this script pass
CC=<value> in the environment when calling the script. Then the script
would work as-is with Buildroot, and we would no longer need to hack.
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-07-29 21:13 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-22 20:23 [Buildroot] [PATCH v3 1/2] package/conmon: new package Christian Stewart via buildroot
2023-05-22 20:23 ` [Buildroot] [PATCH v3 2/2] package/podman: " Christian Stewart via buildroot
2023-07-29 21:27 ` Thomas Petazzoni via buildroot
2023-08-11 3:32 ` TIAN Yuanhao
2023-07-29 21:13 ` Thomas Petazzoni via buildroot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230729231308.1d795ee8@windsurf \
--to=buildroot@buildroot.org \
--cc=christian@aperture.us \
--cc=thomas.petazzoni@bootlin.com \
--cc=tianyuanhao3@163.com \
--cc=troglobit@gmail.com \
--cc=yann.morin.1998@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.