From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: patrick.vogelaar@belden.com
Cc: meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization] [PATCH] docker: make ca-certificates a packageconfig
Date: Thu, 18 Sep 2025 22:20:45 -0400 [thread overview]
Message-ID: <aMy9/Zv+52k+XDcl@gmail.com> (raw)
In-Reply-To: <14236.1757061728389674907@lists.yoctoproject.org>
In message: Re: [meta-virtualization] [PATCH] docker: make ca-certificates a packageconfig
on 05/09/2025 Patrick Vogelaar via B4 Relay via lists.yoctoproject.org wrote:
> On Thu, Sep 4, 2025 at 03:14 AM, Bruce Ashfield wrote:
>
> In message: [meta-virtualization][PATCH] docker: make ca-certificates a
> packageconfig
> on 24/08/2025 Patrick Vogelaar via B4 Relay via lists.yoctoproject.org
> wrote:
>
>
> Moving ca-certificates into a packageconfig allows using docker without
> installing all the certificates.
>
> I don't have (many) issues with the patch, but in my experience you
> can't work with any registries or services with the certs being present.
>
> Are you installing them some other way ? or using some alternative ?
>
> We are either not installing from registry at all, or we have our own registry
> were we put only the required certificate and not the whole pool of
> certificates.
Aha. So as long as the default doesn't change, I can live with
that explation and those that turn this off should know what they
are doing.
I had to fix the author before I could push though, so your
git-send-email needs a configuration tweak:
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 12 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 612 bytes | 612.00 KiB/s, done.
Total 5 (delta 4), reused 0 (delta 0), pack-reused 0
remote: ##############################################
remote: Invalid author Patrick Vogelaar via B4 Relay
remote: ##############################################
To ssh://push.yoctoproject.org/meta-virtualization
! [remote rejected] master -> master-next (pre-receive hook declined)
error: failed to push some refs to 'ssh://push.yoctoproject.org/meta-virtualization'
Bruce
>
> Patrick
>
>
> Since the defaults aren't changed by this patch, I'll definitely merge
> it. I'd just like to make sure that it won't create a hidden/non-working
> configuration.
>
> Bruce
>
>
> Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com>
> ---
> recipes-containers/docker/docker.inc | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/
> docker/docker.inc
> index 94ee34db..c464bc3c 100644
> --- a/recipes-containers/docker/docker.inc
> +++ b/recipes-containers/docker/docker.inc
> @@ -10,7 +10,6 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare
> iptables \
> ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \
> ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite',
> d)} \
> bridge-utils \
> - ca-certificates \
> "
> RDEPENDS:${PN} += "virtual-containerd $
> {VIRTUAL-RUNTIME_container_runtime}"
>
> @@ -37,10 +36,11 @@ RPROVIDES:${PN}-dev += "docker-dev"
> RPROVIDES:${PN}-contrip += "docker-dev"
>
> inherit pkgconfig
> -PACKAGECONFIG ??= "docker-init seccomp"
> +PACKAGECONFIG ??= "docker-init seccomp ca-certs"
> PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
> PACKAGECONFIG[docker-init] = ",,,docker-init"
> PACKAGECONFIG[transient-config] = "transient-config"
> +PACKAGECONFIG[ca-certs] = ",,,ca-certificates"
>
> GO_IMPORT = "import"
>
> --
> 2.34.1
>
>
> **********************************************************************
> DISCLAIMER:
> Privileged and/or Confidential information may be contained in this
> message. If you are not the addressee of this message, you may not
> copy, use or deliver this message to anyone. In such event, you should
> destroy the message and kindly notify the sender by reply e-mail. It is
> understood that opinions or conclusions that do not relate to the
> official business of the company are neither given nor endorsed by the
> company. Thank You.
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9375): https://lists.yoctoproject.org/g/meta-virtualization/message/9375
> Mute This Topic: https://lists.yoctoproject.org/mt/114864158/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
prev parent reply other threads:[~2025-09-19 2:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-24 12:14 [meta-virtualization][PATCH] docker: make ca-certificates a packageconfig Patrick Vogelaar
2025-09-04 1:14 ` Bruce Ashfield
2025-09-05 8:42 ` [PATCH] " Patrick Vogelaar via B4 Relay
2025-09-19 2:20 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMy9/Zv+52k+XDcl@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=meta-virtualization@lists.yoctoproject.org \
--cc=patrick.vogelaar@belden.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.