[Buildroot] [PATCH v3 1/2] package/conmon: new package

[Buildroot] [PATCH v3 1/2] package/conmon: new package

[Christian Stewart via buildroot]

Conmon is an OCI container runtime monitor.

https://github.com/containers/conmon

Dependency of podman.

Signed-off-by: Christian Stewart <christian@aperture.us>

---

v1 -> v2:

 - requires libglib2, host-pkgconf
 - bump version to 2.1.7

v2 -> v3:

 - Added select BR2_PACKAGE_LIBGLIB2
 - Inverted CONMON_ENABLE_SECCOMP to CONMON_DISABLE_SECCOMP
 - Thanks to Joachim for the review.

Signed-off-by: Christian Stewart <christian@aperture.us>
---
 DEVELOPERS                 |  1 +
 package/Config.in          |  1 +
 package/conmon/Config.in   | 16 ++++++++++++++++
 package/conmon/conmon.hash |  3 +++
 package/conmon/conmon.mk   | 36 ++++++++++++++++++++++++++++++++++++
 5 files changed, 57 insertions(+)
 create mode 100644 package/conmon/Config.in
 create mode 100644 package/conmon/conmon.hash
 create mode 100644 package/conmon/conmon.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index e76717e845..7b3287731a 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -543,6 +543,7 @@ F:	package/balena-engine/
 F:	package/batman-adv/
 F:	package/catatonit/
 F:	package/cni-plugins/
+F:	package/conmon/
 F:	package/containerd/
 F:	package/crun/
 F:	package/delve/
diff --git a/package/Config.in b/package/Config.in
index 420ebaa370..52bc10b91b 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2631,6 +2631,7 @@ menu "System tools"
 	source "package/bubblewrap/Config.in"
 	source "package/cgroupfs-mount/Config.in"
 	source "package/circus/Config.in"
+	source "package/conmon/Config.in"
 	source "package/containerd/Config.in"
 	source "package/coreutils/Config.in"
 	source "package/cpulimit/Config.in"
diff --git a/package/conmon/Config.in b/package/conmon/Config.in
new file mode 100644
index 0000000000..65f693a29e
--- /dev/null
+++ b/package/conmon/Config.in
@@ -0,0 +1,16 @@
+config BR2_PACKAGE_CONMON
+	bool "conmon"
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
+	depends on BR2_USE_MMU # libglib2
+	depends on BR2_USE_WCHAR # libglib2
+	select BR2_PACKAGE_LIBGLIB2
+	help
+	  Conmon is an OCI container runtime monitor.
+
+	  https://github.com/containers/conmon
+
+comment "conmon needs a glibc or musl toolchain w/ threads, wchar"
+	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
+		BR2_TOOLCHAIN_USES_UCLIBC
+	depends on BR2_USE_MMU
diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash
new file mode 100644
index 0000000000..82d1d14ba3
--- /dev/null
+++ b/package/conmon/conmon.hash
@@ -0,0 +1,3 @@
+# Locally computed
+sha256  7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe  conmon-2.1.7.tar.gz
+sha256  9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016  LICENSE
diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk
new file mode 100644
index 0000000000..dfac23189f
--- /dev/null
+++ b/package/conmon/conmon.mk
@@ -0,0 +1,36 @@
+################################################################################
+#
+# conmon
+#
+################################################################################
+
+CONMON_VERSION = 2.1.7
+CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION))
+CONMON_LICENSE = Apache-2.0
+CONMON_LICENSE_FILES = LICENSE
+
+CONMON_DEPENDENCIES += host-pkgconf libglib2
+
+ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
+CONMON_DISABLE_SECCOMP = 0
+CONMON_DEPENDENCIES += libseccomp
+else
+CONMON_DISABLE_SECCOMP = 1
+endif
+
+define CONMON_CONFIGURE_CMDS
+	printf '#!/bin/bash\necho "$(CONMON_DISABLE_SECCOMP)"\n' > \
+		$(@D)/hack/seccomp-notify.sh
+	chmod +x $(@D)/hack/seccomp-notify.sh
+endef
+
+define CONMON_BUILD_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) CC="$(TARGET_CC)" CFLAGS="$(TARGET_CFLAGS)" \
+		LDFLAGS="$(TARGET_LDFLAGS)" -C $(@D) bin/conmon
+endef
+
+define CONMON_INSTALL_TARGET_CMDS
+	$(INSTALL) -D -m 755 $(@D)/bin/conmon $(TARGET_DIR)/usr/bin/conmon
+endef
+
+$(eval $(generic-package))
-- 
2.40.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH v3 2/2] package/podman: new package

[Christian Stewart via buildroot]

podman is a CLI tool for spawning and running containers according to the OCI
specification.

https://github.com/containers/podman

Signed-off-by: Christian Stewart <christian@aperture.us>

---

v1 -> v2:

 - package/podman: bump version to v4.5.0
 - Add cmd/quadlet target as required by the install script.

v2 -> v3:

 - remove duplicate CNI_PLUGINS line in Config.in
 - drop old unnecessary build tags:
   - btrfs_noversion: not needed for btrfs >= 3.16.1
   - containers_image_openpgp: no longer supported
   - exclude_graphdriver_devicemapper: set later in the file
 - Added myself to DEVELOPERS list
 - Added conmon -> libglib2 depends statements
 - Dropped CATATONIT select statement
 - Added CGROUPFS_MOUNT dependency if not using systemd
 - Thanks to Joachim for the review.

Signed-off-by: Christian Stewart <christian@aperture.us>
---
 DEVELOPERS                            |  1 +
 package/Config.in                     |  1 +
 package/podman/Config.in              | 58 +++++++++++++++++++++
 package/podman/containers-policy.json | 14 +++++
 package/podman/podman.hash            |  3 ++
 package/podman/podman.mk              | 75 +++++++++++++++++++++++++++
 6 files changed, 152 insertions(+)
 create mode 100644 package/podman/Config.in
 create mode 100644 package/podman/containers-policy.json
 create mode 100644 package/podman/podman.hash
 create mode 100644 package/podman/podman.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 7b3287731a..c5de54a637 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -559,6 +559,7 @@ F:	package/moby-buildkit/
 F:	package/mosh/
 F:	package/nerdctl/
 F:	package/pkg-golang.mk
+F:	package/podman/
 F:	package/rtl8821au/
 F:	package/rtl8821cu/
 F:	package/runc/
diff --git a/package/Config.in b/package/Config.in
index 52bc10b91b..492baf25c4 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2684,6 +2684,7 @@ menu "System tools"
 	source "package/openvmtools/Config.in"
 	source "package/pamtester/Config.in"
 	source "package/petitboot/Config.in"
+	source "package/podman/Config.in"
 	source "package/polkit/Config.in"
 	source "package/powerpc-utils/Config.in"
 	source "package/procps-ng/Config.in"
diff --git a/package/podman/Config.in b/package/podman/Config.in
new file mode 100644
index 0000000000..92f5d6ae3d
--- /dev/null
+++ b/package/podman/Config.in
@@ -0,0 +1,58 @@
+config BR2_PACKAGE_PODMAN
+	bool "podman"
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
+	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
+	depends on BR2_TOOLCHAIN_HAS_THREADS # conmon -> libglib2
+	depends on BR2_USE_MMU # libgpgme, conmon -> libglib2
+	depends on BR2_USE_WCHAR # conmon -> libglib2
+	select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime
+	select BR2_PACKAGE_CNI_PLUGINS
+	select BR2_PACKAGE_CONMON
+	select BR2_PACKAGE_CRUN
+	select BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_LIBGLIB2
+	select BR2_PACKAGE_LIBGPGME
+	help
+	  podman is a CLI tool for spawning and running containers
+	  according to the OCI specification.
+
+	  https://github.com/containers/podman
+
+if BR2_PACKAGE_PODMAN
+
+config BR2_PACKAGE_PODMAN_DRIVER_BTRFS
+	bool "btrfs filesystem driver"
+	depends on BR2_USE_MMU # btrfs-progs
+	depends on BR2_TOOLCHAIN_HAS_THREADS # btrfs-progs
+	select BR2_PACKAGE_BTRFS_PROGS
+	help
+	  Build the btrfs filesystem driver.
+
+config BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER
+	bool "devicemapper filesystem driver"
+	depends on BR2_TOOLCHAIN_HAS_THREADS # lvm2
+	depends on BR2_USE_MMU # lvm2
+	depends on !BR2_STATIC_LIBS # lvm2
+	select BR2_PACKAGE_LVM2
+	help
+	  Build the devicemapper filesystem driver.
+
+config BR2_PACKAGE_PODMAN_DRIVER_VFS
+	bool "vfs filesystem driver"
+	depends on BR2_USE_WCHAR # gvfs
+	depends on BR2_USE_MMU # gvfs
+	depends on BR2_TOOLCHAIN_HAS_THREADS # gvfs
+	depends on !BR2_STATIC_LIBS # gvfs
+	select BR2_PACKAGE_GVFS
+	help
+	  Build the vfs filesystem driver.
+
+endif
+
+comment "podman needs a glibc or musl toolchain w/ threads, wchar"
+	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \
+		BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
+	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
+		BR2_TOOLCHAIN_USES_UCLIBC
+	depends on BR2_USE_MMU
diff --git a/package/podman/containers-policy.json b/package/podman/containers-policy.json
new file mode 100644
index 0000000000..4480eb82b4
--- /dev/null
+++ b/package/podman/containers-policy.json
@@ -0,0 +1,14 @@
+{
+  "default": [
+    {
+    "type": "insecureAcceptAnything"
+  }
+  ],
+  "transports":
+  {
+    "docker-daemon":
+    {
+      "": [{"type":"insecureAcceptAnything"}]
+    }
+  }
+}
diff --git a/package/podman/podman.hash b/package/podman/podman.hash
new file mode 100644
index 0000000000..c011068682
--- /dev/null
+++ b/package/podman/podman.hash
@@ -0,0 +1,3 @@
+# Locally computed
+sha256  830a633630bf6e61f2b8d4ca00efdd9a173ef25cdd49d4a4364c293e088561df  podman-4.5.0.tar.gz
+sha256  62fb8a3a9621dc2388174caaabe9c2317b694bb9a1d46c98bcf5655b68f51be3  LICENSE
diff --git a/package/podman/podman.mk b/package/podman/podman.mk
new file mode 100644
index 0000000000..f888f3ae5e
--- /dev/null
+++ b/package/podman/podman.mk
@@ -0,0 +1,75 @@
+################################################################################
+#
+# podman
+#
+################################################################################
+
+PODMAN_VERSION = 4.5.0
+PODMAN_SITE = $(call github,containers,podman,v$(PODMAN_VERSION))
+PODMAN_LICENSE = Apache-2.0
+PODMAN_LICENSE_FILES = LICENSE
+
+PODMAN_CPE_ID_VENDOR = podman_project
+PODMAN_GOMOD = github.com/containers/podman/v4
+
+PODMAN_BUILD_TARGETS = cmd/podman cmd/rootlessport cmd/quadlet
+PODMAN_DEPENDENCIES += libglib2 libgpgme
+PODMAN_LDFLAGS = \
+	-X $(PODMAN_GOMOD)/libpod/define.gitCommit=$(PODMAN_VERSION)
+PODMAN_TAGS = exclude_graphdriver_zfs
+
+ifeq ($(BR2_INIT_SYSTEMD),y)
+PODMAN_TAGS += systemd
+endif
+
+ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y)
+PODMAN_DEPENDENCIES += libapparmor
+PODMAN_TAGS += apparmor
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
+PODMAN_TAGS += seccomp
+PODMAN_DEPENDENCIES += libseccomp host-pkgconf
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+PODMAN_TAGS += selinux
+PODMAN_DEPENDENCIES += libselinux
+endif
+
+ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_BTRFS),y)
+PODMAN_DEPENDENCIES += btrfs-progs
+else
+PODMAN_TAGS += exclude_graphdriver_btrfs
+endif
+
+ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER),y)
+PODMAN_DEPENDENCIES += lvm2
+else
+PODMAN_TAGS += exclude_graphdriver_devicemapper
+endif
+
+ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_VFS),y)
+PODMAN_DEPENDENCIES += gvfs
+else
+PODMAN_TAGS += exclude_graphdriver_vfs
+endif
+
+define PODMAN_INSTALL_TARGET_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \
+		install.bin
+	$(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni
+	$(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni/net.d
+	$(INSTALL) -D -m 644 $(@D)/cni/87-podman-bridge.conflist \
+		$(TARGET_DIR)/etc/cni/net.d/87-podman-bridge.conflist
+	$(INSTALL) -d -m 755 $(TARGET_DIR)/etc/containers
+	$(INSTALL) -D -m 644 $(PODMAN_PKGDIR)/containers-policy.json \
+		$(TARGET_DIR)/etc/containers/policy.json
+endef
+
+define PODMAN_INSTALL_INIT_SYSTEMD
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \
+		install.systemd
+endef
+
+$(eval $(golang-package))
-- 
2.40.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v3 1/2] package/conmon: new package

[Thomas Petazzoni via buildroot]

Hello Christian,

On Mon, 22 May 2023 13:23:45 -0700
Christian Stewart via buildroot <buildroot@buildroot.org> wrote:

> Conmon is an OCI container runtime monitor.
> 
> https://github.com/containers/conmon
> 
> Dependency of podman.
> 
> Signed-off-by: Christian Stewart <christian@aperture.us>

I've applied with a few changes, see below. I also have a request.

> diff --git a/package/conmon/Config.in b/package/conmon/Config.in
> new file mode 100644
> index 0000000000..65f693a29e
> --- /dev/null
> +++ b/package/conmon/Config.in
> @@ -0,0 +1,16 @@
> +config BR2_PACKAGE_CONMON
> +	bool "conmon"
> +	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve

This is incorrect: uClibc has fexecve() since its commit
858ffad217076227089cc17eb832db0bd1497792, merged in uClibc 1.0.33, so
quite a while ago. I think all the packages that have this:

package/balena-engine/Config.in:        depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/cni-plugins/Config.in:  depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/crun/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/embiggen-disk/Config.in:        depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/lxc/Config.in:  depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
package/runc/Config.in: depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve

should be revisited, because uClibc now has fexecve(). Maybe they still
don't build with uClibc for some other reason, but it's no longer the
lack of fexecve().

> +	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
> +	depends on BR2_USE_MMU # libglib2
> +	depends on BR2_USE_WCHAR # libglib2
> +	select BR2_PACKAGE_LIBGLIB2
> +	help
> +	  Conmon is an OCI container runtime monitor.
> +
> +	  https://github.com/containers/conmon
> +
> +comment "conmon needs a glibc or musl toolchain w/ threads, wchar"
> +	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
> +		BR2_TOOLCHAIN_USES_UCLIBC

Tweaked that accordingly.

> +	depends on BR2_USE_MMU
> diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash
> new file mode 100644
> index 0000000000..82d1d14ba3
> --- /dev/null
> +++ b/package/conmon/conmon.hash
> @@ -0,0 +1,3 @@
> +# Locally computed
> +sha256  7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe  conmon-2.1.7.tar.gz
> +sha256  9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016  LICENSE
> diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk
> new file mode 100644
> index 0000000000..dfac23189f
> --- /dev/null
> +++ b/package/conmon/conmon.mk
> @@ -0,0 +1,36 @@
> +################################################################################
> +#
> +# conmon
> +#
> +################################################################################
> +
> +CONMON_VERSION = 2.1.7
> +CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION))
> +CONMON_LICENSE = Apache-2.0
> +CONMON_LICENSE_FILES = LICENSE
> +
> +CONMON_DEPENDENCIES += host-pkgconf libglib2

Changed += to =, as its unconditional.

> +
> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> +CONMON_DISABLE_SECCOMP = 0
> +CONMON_DEPENDENCIES += libseccomp
> +else
> +CONMON_DISABLE_SECCOMP = 1
> +endif
> +
> +define CONMON_CONFIGURE_CMDS
> +	printf '#!/bin/bash\necho "$(CONMON_DISABLE_SECCOMP)"\n' > \
> +		$(@D)/hack/seccomp-notify.sh
> +	chmod +x $(@D)/hack/seccomp-notify.sh
> +endef

I merged as-is, but I really think a better solution would be to fix
the upstream script. The original script goes like this:

#! /usr/bin/env bash
if $(printf '#include <linux/seccomp.h>\nvoid main(){struct seccomp_notif_sizes s;}' | cc -x c - -o /dev/null 2> /dev/null && pkg-config --atleast-version 2.5.0 libseccomp); then
        echo "0"
fi

I believe the only thing that is needed is to replace the hardcoded
"cc" by ${CC} and have the Makefile invoking this script pass
CC=<value> in the environment when calling the script. Then the script
would work as-is with Buildroot, and we would no longer need to hack.

Thanks!

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v3 2/2] package/podman: new package

[Thomas Petazzoni via buildroot]

Hello Christian,

On Mon, 22 May 2023 13:23:46 -0700
Christian Stewart via buildroot <buildroot@buildroot.org> wrote:

> podman is a CLI tool for spawning and running containers according to the OCI
> specification.
> 
> https://github.com/containers/podman
> 
> Signed-off-by: Christian Stewart <christian@aperture.us>

Overall it looks good of course, but I have a couple of questions.

> diff --git a/package/podman/Config.in b/package/podman/Config.in
> new file mode 100644
> index 0000000000..92f5d6ae3d
> --- /dev/null
> +++ b/package/podman/Config.in
> @@ -0,0 +1,58 @@
> +config BR2_PACKAGE_PODMAN
> +	bool "podman"
> +	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve

I don't think that's true. That was inherited from crun, and I just
sent a patch that allows crun to build with uClibc.

> +	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
> +	depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # conmon -> libglib2
> +	depends on BR2_USE_MMU # libgpgme, conmon -> libglib2
> +	depends on BR2_USE_WCHAR # conmon -> libglib2

I think you can just say "conmon, libglib2" as you inherit the
dependencies from both.

> +	select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime
> +	select BR2_PACKAGE_CNI_PLUGINS
> +	select BR2_PACKAGE_CONMON
> +	select BR2_PACKAGE_CRUN
> +	select BR2_PACKAGE_IPTABLES
> +	select BR2_PACKAGE_LIBGLIB2
> +	select BR2_PACKAGE_LIBGPGME

Out of all those dependencies, you only have build dependencies on
libglib2 and libgpgme. Are the other runtime dependencies? If so,
please add a # runtime comment, like you did for the cgroupfs-mount
dependency.


> +if BR2_PACKAGE_PODMAN
> +
> +config BR2_PACKAGE_PODMAN_DRIVER_BTRFS
> +	bool "btrfs filesystem driver"
> +	depends on BR2_USE_MMU # btrfs-progs
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # btrfs-progs
> +	select BR2_PACKAGE_BTRFS_PROGS
> +	help
> +	  Build the btrfs filesystem driver.
> +
> +config BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER
> +	bool "devicemapper filesystem driver"
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # lvm2
> +	depends on BR2_USE_MMU # lvm2
> +	depends on !BR2_STATIC_LIBS # lvm2
> +	select BR2_PACKAGE_LVM2
> +	help
> +	  Build the devicemapper filesystem driver.
> +
> +config BR2_PACKAGE_PODMAN_DRIVER_VFS
> +	bool "vfs filesystem driver"
> +	depends on BR2_USE_WCHAR # gvfs
> +	depends on BR2_USE_MMU # gvfs
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # gvfs
> +	depends on !BR2_STATIC_LIBS # gvfs
> +	select BR2_PACKAGE_GVFS
> +	help
> +	  Build the vfs filesystem driver.

Normally, we would need a Config.in comment about the dependencies, but
I agree almost all of them are covered by the top-level option, and the
only one remaining is !BR2_STATIC_LIBS... Perhaps not worth adding a
Config.in comment for this, I agree.

> +
> +endif
> +
> +comment "podman needs a glibc or musl toolchain w/ threads, wchar"
> +	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \
> +		BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
> +	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
> +		BR2_TOOLCHAIN_USES_UCLIBC

Needs to be adjusted once the uClibc exclusion is removed.

> diff --git a/package/podman/podman.mk b/package/podman/podman.mk
> new file mode 100644
> index 0000000000..f888f3ae5e
> --- /dev/null
> +++ b/package/podman/podman.mk
> @@ -0,0 +1,75 @@
> +################################################################################
> +#
> +# podman
> +#
> +################################################################################
> +
> +PODMAN_VERSION = 4.5.0
> +PODMAN_SITE = $(call github,containers,podman,v$(PODMAN_VERSION))
> +PODMAN_LICENSE = Apache-2.0
> +PODMAN_LICENSE_FILES = LICENSE
> +
> +PODMAN_CPE_ID_VENDOR = podman_project
> +PODMAN_GOMOD = github.com/containers/podman/v4
> +
> +PODMAN_BUILD_TARGETS = cmd/podman cmd/rootlessport cmd/quadlet
> +PODMAN_DEPENDENCIES += libglib2 libgpgme

Change += to =.


> +define PODMAN_INSTALL_TARGET_CMDS
> +	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \
> +		install.bin
> +	$(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni
> +	$(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni/net.d

What do you need this?

> +	$(INSTALL) -D -m 644 $(@D)/cni/87-podman-bridge.conflist \
> +		$(TARGET_DIR)/etc/cni/net.d/87-podman-bridge.conflist

$(INSTALL) -D will create all directories that are needed to allow
creating the destination file.

> +	$(INSTALL) -d -m 755 $(TARGET_DIR)/etc/containers
> +	$(INSTALL) -D -m 644 $(PODMAN_PKGDIR)/containers-policy.json \
> +		$(TARGET_DIR)/etc/containers/policy.json

Same comment.

> +endef
> +
> +define PODMAN_INSTALL_INIT_SYSTEMD
> +	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \
> +		install.systemd
> +endef
> +
> +$(eval $(golang-package))

Otherwise, looks good. So it's really the question about build-time vs.
run-time dependencies that didn't allow me to tweak the patch when
applying.

Could you rework the patch and send a new iteration? I promise, it will
take less than 2 months to be handled :-)

Thanks!

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v3 2/2] package/podman: new package

[TIAN Yuanhao]

Hello Thomas and Christian,

At 2023-07-30 05:27:23, "Thomas Petazzoni via buildroot" <buildroot@buildroot.org> wrote:
>Hello Christian,
>
>On Mon, 22 May 2023 13:23:46 -0700
>Christian Stewart via buildroot <buildroot@buildroot.org> wrote:
>
>> podman is a CLI tool for spawning and running containers according to the OCI
>> specification.
>> 
>> https://github.com/containers/podman
>> 
>> Signed-off-by: Christian Stewart <christian@aperture.us>
>
>Overall it looks good of course, but I have a couple of questions.
>
>> diff --git a/package/podman/Config.in b/package/podman/Config.in
>> new file mode 100644
>> index 0000000000..92f5d6ae3d
>> --- /dev/null
>> +++ b/package/podman/Config.in
>> @@ -0,0 +1,58 @@
>> +config BR2_PACKAGE_PODMAN
>> +	bool "podman"
>> +	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
>
>I don't think that's true. That was inherited from crun, and I just
>sent a patch that allows crun to build with uClibc.
>
>> +	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
>> +	depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
>> +	depends on BR2_TOOLCHAIN_HAS_THREADS # conmon -> libglib2
>> +	depends on BR2_USE_MMU # libgpgme, conmon -> libglib2
>> +	depends on BR2_USE_WCHAR # conmon -> libglib2
>
>I think you can just say "conmon, libglib2" as you inherit the
>dependencies from both.
>
>> +	select BR2_PACKAGE_CGROUPFS_MOUNT if !BR2_PACKAGE_SYSTEMD # runtime
>> +	select BR2_PACKAGE_CNI_PLUGINS
>> +	select BR2_PACKAGE_CONMON
>> +	select BR2_PACKAGE_CRUN
>> +	select BR2_PACKAGE_IPTABLES
>> +	select BR2_PACKAGE_LIBGLIB2
>> +	select BR2_PACKAGE_LIBGPGME
>
>Out of all those dependencies, you only have build dependencies on
>libglib2 and libgpgme. Are the other runtime dependencies? If so,
>please add a # runtime comment, like you did for the cgroupfs-mount
>dependency.
>
>
>> +if BR2_PACKAGE_PODMAN
>> +
>> +config BR2_PACKAGE_PODMAN_DRIVER_BTRFS
>> +	bool "btrfs filesystem driver"
>> +	depends on BR2_USE_MMU # btrfs-progs
>> +	depends on BR2_TOOLCHAIN_HAS_THREADS # btrfs-progs
>> +	select BR2_PACKAGE_BTRFS_PROGS
>> +	help
>> +	  Build the btrfs filesystem driver.
>> +
>> +config BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER
>> +	bool "devicemapper filesystem driver"
>> +	depends on BR2_TOOLCHAIN_HAS_THREADS # lvm2
>> +	depends on BR2_USE_MMU # lvm2
>> +	depends on !BR2_STATIC_LIBS # lvm2
>> +	select BR2_PACKAGE_LVM2
>> +	help
>> +	  Build the devicemapper filesystem driver.
>> +
>> +config BR2_PACKAGE_PODMAN_DRIVER_VFS
>> +	bool "vfs filesystem driver"
>> +	depends on BR2_USE_WCHAR # gvfs
>> +	depends on BR2_USE_MMU # gvfs
>> +	depends on BR2_TOOLCHAIN_HAS_THREADS # gvfs
>> +	depends on !BR2_STATIC_LIBS # gvfs
>> +	select BR2_PACKAGE_GVFS
>> +	help
>> +	  Build the vfs filesystem driver.
>
>Normally, we would need a Config.in comment about the dependencies, but
>I agree almost all of them are covered by the top-level option, and the
>only one remaining is !BR2_STATIC_LIBS... Perhaps not worth adding a
>Config.in comment for this, I agree.
>
>> +
>> +endif
>> +
>> +comment "podman needs a glibc or musl toolchain w/ threads, wchar"
>> +	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \
>> +		BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
>> +	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
>> +		BR2_TOOLCHAIN_USES_UCLIBC
>
>Needs to be adjusted once the uClibc exclusion is removed.
>
>> diff --git a/package/podman/podman.mk b/package/podman/podman.mk
>> new file mode 100644
>> index 0000000000..f888f3ae5e
>> --- /dev/null
>> +++ b/package/podman/podman.mk
>> @@ -0,0 +1,75 @@
>> +################################################################################
>> +#
>> +# podman
>> +#
>> +################################################################################
>> +
>> +PODMAN_VERSION = 4.5.0
>> +PODMAN_SITE = $(call github,containers,podman,v$(PODMAN_VERSION))
>> +PODMAN_LICENSE = Apache-2.0
>> +PODMAN_LICENSE_FILES = LICENSE
>> +
>> +PODMAN_CPE_ID_VENDOR = podman_project
>> +PODMAN_GOMOD = github.com/containers/podman/v4
>> +
>> +PODMAN_BUILD_TARGETS = cmd/podman cmd/rootlessport cmd/quadlet
>> +PODMAN_DEPENDENCIES += libglib2 libgpgme
>
>Change += to =.
>
>
>> +define PODMAN_INSTALL_TARGET_CMDS
>> +	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \
>> +		install.bin
>> +	$(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni
>> +	$(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni/net.d
>
>What do you need this?

That's because the permissions for those two directories are 700 instead of 755.

>
>> +	$(INSTALL) -D -m 644 $(@D)/cni/87-podman-bridge.conflist \
>> +		$(TARGET_DIR)/etc/cni/net.d/87-podman-bridge.conflist
>
>$(INSTALL) -D will create all directories that are needed to allow
>creating the destination file.
>
>> +	$(INSTALL) -d -m 755 $(TARGET_DIR)/etc/containers
>> +	$(INSTALL) -D -m 644 $(PODMAN_PKGDIR)/containers-policy.json \
>> +		$(TARGET_DIR)/etc/containers/policy.json
>
>Same comment.

This directory permission is 755, so this line should not be required.

>
>> +endef
>> +
>> +define PODMAN_INSTALL_INIT_SYSTEMD
>> +	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \
>> +		install.systemd
>> +endef
>> +
>> +$(eval $(golang-package))
>
>Otherwise, looks good. So it's really the question about build-time vs.
>run-time dependencies that didn't allow me to tweak the patch when
>applying.
>
>Could you rework the patch and send a new iteration? I promise, it will
>take less than 2 months to be handled :-)
>
>Thanks!
>
>Thomas
>-- 
>Thomas Petazzoni, co-owner and CEO, Bootlin
>Embedded Linux and Kernel engineering and training
>https://bootlin.com

It should be noted that the Linux kernel requires CONFIG_ NETFILTER_ XT_ MATCH_ COMMENT option.

Tested-by: TIAN Yuanhao <tianyuanhao3@163.com> 

Thanks,
Yuanhao
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot