[meta-virtualization][RFC][PATCH] meta-virt-container.inc: Install shadow in read-only rootfs

[meta-virtualization][RFC][PATCH] meta-virt-container.inc: Install shadow in read-only rootfs

[Pavel Zhukov]

Podman requires /etc/sub[g]uid for rootless mode but the file is being deleted
if shadow is in ROOTFS_RO_UNNEEDED (even if different package like the
podman itself provides it) and rpm backend is used.

Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
---
 conf/distro/include/meta-virt-container.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/conf/distro/include/meta-virt-container.inc b/conf/distro/include/meta-virt-container.inc
index c3ac8394..7a8a9616 100644
--- a/conf/distro/include/meta-virt-container.inc
+++ b/conf/distro/include/meta-virt-container.inc
@@ -38,3 +38,4 @@ VIRTUAL-RUNTIME_container_orchestration ??= "k3s"
 
 VIRTUAL-RUNTIME_cri ??= "virtual-containerd"
 VIRTUAL-RUNTIME_cni ??= "cni"
+ROOTFS_RO_UNNEEDED:remove = " shadow"
-- 
2.44.2

Re: [meta-virtualization][RFC][PATCH] meta-virt-container.inc: Install shadow in read-only rootfs

[Bruce Ashfield]

I haven't forgotten about this, I was just buried in getting some
cross container install items to work and was behind on my patch
queue.

I'll think about this more this week and see if there's an alternate
solution.

Bruce

In message: [meta-virtualization][RFC][PATCH] meta-virt-container.inc: Install shadow in read-only rootfs
on 13/06/2024 Pavel Zhukov via lists.yoctoproject.org wrote:

> Podman requires /etc/sub[g]uid for rootless mode but the file is being deleted
> if shadow is in ROOTFS_RO_UNNEEDED (even if different package like the
> podman itself provides it) and rpm backend is used.
> 
> Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
> ---
>  conf/distro/include/meta-virt-container.inc | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/conf/distro/include/meta-virt-container.inc b/conf/distro/include/meta-virt-container.inc
> index c3ac8394..7a8a9616 100644
> --- a/conf/distro/include/meta-virt-container.inc
> +++ b/conf/distro/include/meta-virt-container.inc
> @@ -38,3 +38,4 @@ VIRTUAL-RUNTIME_container_orchestration ??= "k3s"
>  
>  VIRTUAL-RUNTIME_cri ??= "virtual-containerd"
>  VIRTUAL-RUNTIME_cni ??= "cni"
> +ROOTFS_RO_UNNEEDED:remove = " shadow"
> -- 
> 2.44.2
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#8796): https://lists.yoctoproject.org/g/meta-virtualization/message/8796
> Mute This Topic: https://lists.yoctoproject.org/mt/106648146/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 

Re: [meta-virtualization][RFC][PATCH] meta-virt-container.inc: Install shadow in read-only rootfs

[Bruce Ashfield]

In message: [meta-virtualization][RFC][PATCH] meta-virt-container.inc: Install shadow in read-only rootfs
on 13/06/2024 Pavel Zhukov via lists.yoctoproject.org wrote:

> Podman requires /etc/sub[g]uid for rootless mode but the file is being deleted
> if shadow is in ROOTFS_RO_UNNEEDED (even if different package like the
> podman itself provides it) and rpm backend is used.
> 
> Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
> ---
>  conf/distro/include/meta-virt-container.inc | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/conf/distro/include/meta-virt-container.inc b/conf/distro/include/meta-virt-container.inc
> index c3ac8394..7a8a9616 100644
> --- a/conf/distro/include/meta-virt-container.inc
> +++ b/conf/distro/include/meta-virt-container.inc
> @@ -38,3 +38,4 @@ VIRTUAL-RUNTIME_container_orchestration ??= "k3s"
>  
>  VIRTUAL-RUNTIME_cri ??= "virtual-containerd"
>  VIRTUAL-RUNTIME_cni ??= "cni"
> +ROOTFS_RO_UNNEEDED:remove = " shadow"

I've finally got enough of my recipe version uprevs working
to get back to this.

I haven't come up with anything that is much different than
your proposal for this, but I still think we can make it a
bit more virtualization "friendly" and something that could
be overriden if needed.

The easiest way would be to just assign to a variable first,
make that variable a weak assignent and if someone wants
to override the behaviour they could.

Or alternatively, we just initialize our variable by
the default one, and do the remove from that variable,
finally doing the assignment back to ROORFS_RO_UNNEEDED.

I thought about asking for an image feature test, but
since the variable is only used when readonly roofs is
in image features, that seems exessive.

We are covered on the virtualization disto feature front
by the core meta-virt checks, so also good for that.

Did you want to have a crack at those changes, or should
I have a go at them ?

Bruce


> -- 
> 2.44.2
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#8796): https://lists.yoctoproject.org/g/meta-virtualization/message/8796
> Mute This Topic: https://lists.yoctoproject.org/mt/106648146/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>