From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Christian Stewart via buildroot <buildroot@buildroot.org>
Cc: Joachim Wiberg <troglobit@gmail.com>,
Tian Yuanhao <tianyuanhao3@163.com>,
"Yann E . MORIN" <yann.morin.1998@free.fr>,
Christian Stewart <christian@aperture.us>
Subject: Re: [Buildroot] [PATCH v3 1/2] package/conmon: new package
Date: Sat, 29 Jul 2023 23:13:08 +0200 [thread overview]
Message-ID: <20230729231308.1d795ee8@windsurf> (raw)
In-Reply-To: <20230522202346.209785-1-christian@aperture.us>
Hello Christian,
On Mon, 22 May 2023 13:23:45 -0700
Christian Stewart via buildroot <buildroot@buildroot.org> wrote:
> Conmon is an OCI container runtime monitor.
>
> https://github.com/containers/conmon
>
> Dependency of podman.
>
> Signed-off-by: Christian Stewart <christian@aperture.us>
I've applied with a few changes, see below. I also have a request.
> diff --git a/package/conmon/Config.in b/package/conmon/Config.in
> new file mode 100644
> index 0000000000..65f693a29e
> --- /dev/null
> +++ b/package/conmon/Config.in
> @@ -0,0 +1,16 @@
> +config BR2_PACKAGE_CONMON
> + bool "conmon"
> + depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
This is incorrect: uClibc has fexecve() since its commit
858ffad217076227089cc17eb832db0bd1497792, merged in uClibc 1.0.33, so
quite a while ago. I think all the packages that have this:
package/balena-engine/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/cni-plugins/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/crun/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/embiggen-disk/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/lxc/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/runc/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
should be revisited, because uClibc now has fexecve(). Maybe they still
don't build with uClibc for some other reason, but it's no longer the
lack of fexecve().
> + depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
> + depends on BR2_USE_MMU # libglib2
> + depends on BR2_USE_WCHAR # libglib2
> + select BR2_PACKAGE_LIBGLIB2
> + help
> + Conmon is an OCI container runtime monitor.
> +
> + https://github.com/containers/conmon
> +
> +comment "conmon needs a glibc or musl toolchain w/ threads, wchar"
> + depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
> + BR2_TOOLCHAIN_USES_UCLIBC
Tweaked that accordingly.
> + depends on BR2_USE_MMU
> diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash
> new file mode 100644
> index 0000000000..82d1d14ba3
> --- /dev/null
> +++ b/package/conmon/conmon.hash
> @@ -0,0 +1,3 @@
> +# Locally computed
> +sha256 7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe conmon-2.1.7.tar.gz
> +sha256 9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016 LICENSE
> diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk
> new file mode 100644
> index 0000000000..dfac23189f
> --- /dev/null
> +++ b/package/conmon/conmon.mk
> @@ -0,0 +1,36 @@
> +################################################################################
> +#
> +# conmon
> +#
> +################################################################################
> +
> +CONMON_VERSION = 2.1.7
> +CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION))
> +CONMON_LICENSE = Apache-2.0
> +CONMON_LICENSE_FILES = LICENSE
> +
> +CONMON_DEPENDENCIES += host-pkgconf libglib2
Changed += to =, as its unconditional.
> +
> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> +CONMON_DISABLE_SECCOMP = 0
> +CONMON_DEPENDENCIES += libseccomp
> +else
> +CONMON_DISABLE_SECCOMP = 1
> +endif
> +
> +define CONMON_CONFIGURE_CMDS
> + printf '#!/bin/bash\necho "$(CONMON_DISABLE_SECCOMP)"\n' > \
> + $(@D)/hack/seccomp-notify.sh
> + chmod +x $(@D)/hack/seccomp-notify.sh
> +endef
I merged as-is, but I really think a better solution would be to fix
the upstream script. The original script goes like this:
#! /usr/bin/env bash
if $(printf '#include <linux/seccomp.h>\nvoid main(){struct seccomp_notif_sizes s;}' | cc -x c - -o /dev/null 2> /dev/null && pkg-config --atleast-version 2.5.0 libseccomp); then
echo "0"
fi
I believe the only thing that is needed is to replace the hardcoded
"cc" by ${CC} and have the Makefile invoking this script pass
CC=<value> in the environment when calling the script. Then the script
would work as-is with Buildroot, and we would no longer need to hack.
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-07-29 21:13 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-22 20:23 [Buildroot] [PATCH v3 1/2] package/conmon: new package Christian Stewart via buildroot
2023-05-22 20:23 ` [Buildroot] [PATCH v3 2/2] package/podman: " Christian Stewart via buildroot
2023-07-29 21:27 ` Thomas Petazzoni via buildroot
2023-08-11 3:32 ` TIAN Yuanhao
2023-07-29 21:13 ` Thomas Petazzoni via buildroot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230729231308.1d795ee8@windsurf \
--to=buildroot@buildroot.org \
--cc=christian@aperture.us \
--cc=thomas.petazzoni@bootlin.com \
--cc=tianyuanhao3@163.com \
--cc=troglobit@gmail.com \
--cc=yann.morin.1998@free.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox