* [meta-virtualization][PATCH] docker: make ca-certificates a packageconfig @ 2025-08-24 12:14 Patrick Vogelaar 2025-09-04 1:14 ` Bruce Ashfield 0 siblings, 1 reply; 4+ messages in thread From: Patrick Vogelaar @ 2025-08-24 12:14 UTC (permalink / raw) To: meta-virtualization; +Cc: Patrick Vogelaar Moving ca-certificates into a packageconfig allows using docker without installing all the certificates. Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com> --- recipes-containers/docker/docker.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/docker/docker.inc index 94ee34db..c464bc3c 100644 --- a/recipes-containers/docker/docker.inc +++ b/recipes-containers/docker/docker.inc @@ -10,7 +10,6 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare iptables \ ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \ bridge-utils \ - ca-certificates \ " RDEPENDS:${PN} += "virtual-containerd ${VIRTUAL-RUNTIME_container_runtime}" @@ -37,10 +36,11 @@ RPROVIDES:${PN}-dev += "docker-dev" RPROVIDES:${PN}-contrip += "docker-dev" inherit pkgconfig -PACKAGECONFIG ??= "docker-init seccomp" +PACKAGECONFIG ??= "docker-init seccomp ca-certs" PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" PACKAGECONFIG[docker-init] = ",,,docker-init" PACKAGECONFIG[transient-config] = "transient-config" +PACKAGECONFIG[ca-certs] = ",,,ca-certificates" GO_IMPORT = "import" -- 2.34.1 ********************************************************************** DISCLAIMER: Privileged and/or Confidential information may be contained in this message. If you are not the addressee of this message, you may not copy, use or deliver this message to anyone. In such event, you should destroy the message and kindly notify the sender by reply e-mail. It is understood that opinions or conclusions that do not relate to the official business of the company are neither given nor endorsed by the company. Thank You. ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [meta-virtualization][PATCH] docker: make ca-certificates a packageconfig 2025-08-24 12:14 [meta-virtualization][PATCH] docker: make ca-certificates a packageconfig Patrick Vogelaar @ 2025-09-04 1:14 ` Bruce Ashfield 2025-09-05 8:42 ` [PATCH] " Patrick Vogelaar via B4 Relay 0 siblings, 1 reply; 4+ messages in thread From: Bruce Ashfield @ 2025-09-04 1:14 UTC (permalink / raw) To: patrick.vogelaar; +Cc: meta-virtualization In message: [meta-virtualization][PATCH] docker: make ca-certificates a packageconfig on 24/08/2025 Patrick Vogelaar via B4 Relay via lists.yoctoproject.org wrote: > Moving ca-certificates into a packageconfig allows using docker without > installing all the certificates. I don't have (many) issues with the patch, but in my experience you can't work with any registries or services with the certs being present. Are you installing them some other way ? or using some alternative ? Since the defaults aren't changed by this patch, I'll definitely merge it. I'd just like to make sure that it won't create a hidden/non-working configuration. Bruce > > Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com> > --- > recipes-containers/docker/docker.inc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/docker/docker.inc > index 94ee34db..c464bc3c 100644 > --- a/recipes-containers/docker/docker.inc > +++ b/recipes-containers/docker/docker.inc > @@ -10,7 +10,6 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare iptables \ > ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ > ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} \ > bridge-utils \ > - ca-certificates \ > " > RDEPENDS:${PN} += "virtual-containerd ${VIRTUAL-RUNTIME_container_runtime}" > > @@ -37,10 +36,11 @@ RPROVIDES:${PN}-dev += "docker-dev" > RPROVIDES:${PN}-contrip += "docker-dev" > > inherit pkgconfig > -PACKAGECONFIG ??= "docker-init seccomp" > +PACKAGECONFIG ??= "docker-init seccomp ca-certs" > PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" > PACKAGECONFIG[docker-init] = ",,,docker-init" > PACKAGECONFIG[transient-config] = "transient-config" > +PACKAGECONFIG[ca-certs] = ",,,ca-certificates" > > GO_IMPORT = "import" > > -- > 2.34.1 > > > ********************************************************************** > DISCLAIMER: > Privileged and/or Confidential information may be contained in this message. If you are not the addressee of this message, you may not copy, use or deliver this message to anyone. In such event, you should destroy the message and kindly notify the sender by reply e-mail. It is understood that opinions or conclusions that do not relate to the official business of the company are neither given nor endorsed by the company. Thank You. > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#9357): https://lists.yoctoproject.org/g/meta-virtualization/message/9357 > Mute This Topic: https://lists.yoctoproject.org/mt/114864158/1050810 > Group Owner: meta-virtualization+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] docker: make ca-certificates a packageconfig 2025-09-04 1:14 ` Bruce Ashfield @ 2025-09-05 8:42 ` Patrick Vogelaar via B4 Relay 2025-09-19 2:20 ` [meta-virtualization] " Bruce Ashfield 0 siblings, 1 reply; 4+ messages in thread From: Patrick Vogelaar via B4 Relay @ 2025-09-05 8:42 UTC (permalink / raw) To: meta-virtualization [-- Attachment #1: Type: text/plain, Size: 2810 bytes --] On Thu, Sep 4, 2025 at 03:14 AM, Bruce Ashfield wrote: > > In message: [meta-virtualization][PATCH] docker: make ca-certificates a > packageconfig > on 24/08/2025 Patrick Vogelaar via B4 Relay via lists.yoctoproject.org > wrote: > > >> Moving ca-certificates into a packageconfig allows using docker without >> installing all the certificates. > > I don't have (many) issues with the patch, but in my experience you > can't work with any registries or services with the certs being present. > > Are you installing them some other way ? or using some alternative ? We are either not installing from registry at all, or we have our own registry were we put only the required certificate and not the whole pool of certificates. Patrick > > > Since the defaults aren't changed by this patch, I'll definitely merge > it. I'd just like to make sure that it won't create a hidden/non-working > configuration. > > Bruce > > >> Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com> >> --- >> recipes-containers/docker/docker.inc | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/recipes-containers/docker/docker.inc >> b/recipes-containers/docker/docker.inc >> index 94ee34db..c464bc3c 100644 >> --- a/recipes-containers/docker/docker.inc >> +++ b/recipes-containers/docker/docker.inc >> @@ -10,7 +10,6 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare iptables >> \ >> ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ >> ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', d)} >> \ >> bridge-utils \ >> - ca-certificates \ >> " >> RDEPENDS:${PN} += "virtual-containerd >> ${VIRTUAL-RUNTIME_container_runtime}" >> >> @@ -37,10 +36,11 @@ RPROVIDES:${PN}-dev += "docker-dev" >> RPROVIDES:${PN}-contrip += "docker-dev" >> >> inherit pkgconfig >> -PACKAGECONFIG ??= "docker-init seccomp" >> +PACKAGECONFIG ??= "docker-init seccomp ca-certs" >> PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" >> PACKAGECONFIG[docker-init] = ",,,docker-init" >> PACKAGECONFIG[transient-config] = "transient-config" >> +PACKAGECONFIG[ca-certs] = ",,,ca-certificates" >> >> GO_IMPORT = "import" >> >> -- >> 2.34.1 >> >> >> ********************************************************************** >> DISCLAIMER: >> Privileged and/or Confidential information may be contained in this >> message. If you are not the addressee of this message, you may not copy, >> use or deliver this message to anyone. In such event, you should destroy >> the message and kindly notify the sender by reply e-mail. It is understood >> that opinions or conclusions that do not relate to the official business >> of the company are neither given nor endorsed by the company. Thank You. > > [-- Attachment #2: Type: text/html, Size: 2967 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [meta-virtualization] [PATCH] docker: make ca-certificates a packageconfig 2025-09-05 8:42 ` [PATCH] " Patrick Vogelaar via B4 Relay @ 2025-09-19 2:20 ` Bruce Ashfield 0 siblings, 0 replies; 4+ messages in thread From: Bruce Ashfield @ 2025-09-19 2:20 UTC (permalink / raw) To: patrick.vogelaar; +Cc: meta-virtualization In message: Re: [meta-virtualization] [PATCH] docker: make ca-certificates a packageconfig on 05/09/2025 Patrick Vogelaar via B4 Relay via lists.yoctoproject.org wrote: > On Thu, Sep 4, 2025 at 03:14 AM, Bruce Ashfield wrote: > > In message: [meta-virtualization][PATCH] docker: make ca-certificates a > packageconfig > on 24/08/2025 Patrick Vogelaar via B4 Relay via lists.yoctoproject.org > wrote: > > > Moving ca-certificates into a packageconfig allows using docker without > installing all the certificates. > > I don't have (many) issues with the patch, but in my experience you > can't work with any registries or services with the certs being present. > > Are you installing them some other way ? or using some alternative ? > > We are either not installing from registry at all, or we have our own registry > were we put only the required certificate and not the whole pool of > certificates. Aha. So as long as the default doesn't change, I can live with that explation and those that turn this off should know what they are doing. I had to fix the author before I could push though, so your git-send-email needs a configuration tweak: Enumerating objects: 9, done. Counting objects: 100% (9/9), done. Delta compression using up to 12 threads Compressing objects: 100% (5/5), done. Writing objects: 100% (5/5), 612 bytes | 612.00 KiB/s, done. Total 5 (delta 4), reused 0 (delta 0), pack-reused 0 remote: ############################################## remote: Invalid author Patrick Vogelaar via B4 Relay remote: ############################################## To ssh://push.yoctoproject.org/meta-virtualization ! [remote rejected] master -> master-next (pre-receive hook declined) error: failed to push some refs to 'ssh://push.yoctoproject.org/meta-virtualization' Bruce > > Patrick > > > Since the defaults aren't changed by this patch, I'll definitely merge > it. I'd just like to make sure that it won't create a hidden/non-working > configuration. > > Bruce > > > Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com> > --- > recipes-containers/docker/docker.inc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/ > docker/docker.inc > index 94ee34db..c464bc3c 100644 > --- a/recipes-containers/docker/docker.inc > +++ b/recipes-containers/docker/docker.inc > @@ -10,7 +10,6 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare > iptables \ > ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \ > ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite', > d)} \ > bridge-utils \ > - ca-certificates \ > " > RDEPENDS:${PN} += "virtual-containerd $ > {VIRTUAL-RUNTIME_container_runtime}" > > @@ -37,10 +36,11 @@ RPROVIDES:${PN}-dev += "docker-dev" > RPROVIDES:${PN}-contrip += "docker-dev" > > inherit pkgconfig > -PACKAGECONFIG ??= "docker-init seccomp" > +PACKAGECONFIG ??= "docker-init seccomp ca-certs" > PACKAGECONFIG[seccomp] = "seccomp,,libseccomp" > PACKAGECONFIG[docker-init] = ",,,docker-init" > PACKAGECONFIG[transient-config] = "transient-config" > +PACKAGECONFIG[ca-certs] = ",,,ca-certificates" > > GO_IMPORT = "import" > > -- > 2.34.1 > > > ********************************************************************** > DISCLAIMER: > Privileged and/or Confidential information may be contained in this > message. If you are not the addressee of this message, you may not > copy, use or deliver this message to anyone. In such event, you should > destroy the message and kindly notify the sender by reply e-mail. It is > understood that opinions or conclusions that do not relate to the > official business of the company are neither given nor endorsed by the > company. Thank You. > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#9375): https://lists.yoctoproject.org/g/meta-virtualization/message/9375 > Mute This Topic: https://lists.yoctoproject.org/mt/114864158/1050810 > Group Owner: meta-virtualization+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-09-19 2:20 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-08-24 12:14 [meta-virtualization][PATCH] docker: make ca-certificates a packageconfig Patrick Vogelaar 2025-09-04 1:14 ` Bruce Ashfield 2025-09-05 8:42 ` [PATCH] " Patrick Vogelaar via B4 Relay 2025-09-19 2:20 ` [meta-virtualization] " Bruce Ashfield
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.