[Buildroot] [PATCH v2 1/2] package/conmon: new package

[Buildroot] [PATCH v2 1/2] package/conmon: new package

[Christian Stewart via buildroot]

Conmon is an OCI container runtime monitor.

https://github.com/containers/conmon

Dependency of podman.

Signed-off-by: Christian Stewart <christian@aperture.us>

---

v1 -> v2:

 - requires libglib2, host-pkgconf
 - bump version to 2.1.7

Signed-off-by: Christian Stewart <christian@aperture.us>
---
 DEVELOPERS                 |  1 +
 package/Config.in          |  1 +
 package/conmon/Config.in   | 15 +++++++++++++++
 package/conmon/conmon.hash |  3 +++
 package/conmon/conmon.mk   | 36 ++++++++++++++++++++++++++++++++++++
 5 files changed, 56 insertions(+)
 create mode 100644 package/conmon/Config.in
 create mode 100644 package/conmon/conmon.hash
 create mode 100644 package/conmon/conmon.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index 37c1f06ec1..1608317654 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -543,6 +543,7 @@ F:	package/balena-engine/
 F:	package/batman-adv/
 F:	package/catatonit/
 F:	package/cni-plugins/
+F:	package/conmon/
 F:	package/containerd/
 F:	package/crun/
 F:	package/delve/
diff --git a/package/Config.in b/package/Config.in
index 420ebaa370..52bc10b91b 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2631,6 +2631,7 @@ menu "System tools"
 	source "package/bubblewrap/Config.in"
 	source "package/cgroupfs-mount/Config.in"
 	source "package/circus/Config.in"
+	source "package/conmon/Config.in"
 	source "package/containerd/Config.in"
 	source "package/coreutils/Config.in"
 	source "package/cpulimit/Config.in"
diff --git a/package/conmon/Config.in b/package/conmon/Config.in
new file mode 100644
index 0000000000..c4b428a541
--- /dev/null
+++ b/package/conmon/Config.in
@@ -0,0 +1,15 @@
+config BR2_PACKAGE_CONMON
+	bool "conmon"
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
+	depends on BR2_USE_MMU # libglib2
+	depends on BR2_USE_WCHAR # libglib2
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
+	help
+	  Conmon is an OCI container runtime monitor.
+
+	  https://github.com/containers/conmon
+
+comment "conmon needs a glibc or musl toolchain w/ threads, wchar"
+	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
+		BR2_TOOLCHAIN_USES_UCLIBC
+	depends on BR2_USE_MMU
diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash
new file mode 100644
index 0000000000..82d1d14ba3
--- /dev/null
+++ b/package/conmon/conmon.hash
@@ -0,0 +1,3 @@
+# Locally computed
+sha256  7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe  conmon-2.1.7.tar.gz
+sha256  9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016  LICENSE
diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk
new file mode 100644
index 0000000000..cda059042a
--- /dev/null
+++ b/package/conmon/conmon.mk
@@ -0,0 +1,36 @@
+################################################################################
+#
+# conmon
+#
+################################################################################
+
+CONMON_VERSION = 2.1.7
+CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION))
+CONMON_LICENSE = Apache-2.0
+CONMON_LICENSE_FILES = LICENSE
+
+CONMON_DEPENDENCIES += host-pkgconf libglib2
+
+ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
+CONMON_ENABLE_SECCOMP = 1
+CONMON_DEPENDENCIES += libseccomp
+else
+CONMON_ENABLE_SECCOMP = 0
+endif
+
+define CONMON_CONFIGURE_CMDS
+	printf '#!/bin/bash\necho "$(CONMON_ENABLE_SECCOMP)"\n' > \
+		$(@D)/hack/seccomp-notify.sh
+	chmod +x $(@D)/hack/seccomp-notify.sh
+endef
+
+define CONMON_BUILD_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) CC="$(TARGET_CC)" CFLAGS="$(TARGET_CFLAGS)" \
+		LDFLAGS="$(TARGET_LDFLAGS)" -C $(@D) bin/conmon
+endef
+
+define CONMON_INSTALL_TARGET_CMDS
+	$(INSTALL) -D -m 755 $(@D)/bin/conmon $(TARGET_DIR)/usr/bin/conmon
+endef
+
+$(eval $(generic-package))
-- 
2.40.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH v2 2/2] package/podman: new package

[Christian Stewart via buildroot]

podman is a CLI tool for spawning and running containers according to the OCI
specification.

https://github.com/containers/podman

Signed-off-by: Christian Stewart <christian@aperture.us>

---

v1 -> v2:

 - package/podman: bump version to v4.5.0
 - Add cmd/quadlet target as required by the install script.

Signed-off-by: Christian Stewart <christian@aperture.us>
---
 package/Config.in                     |  1 +
 package/podman/Config.in              | 55 +++++++++++++++++++
 package/podman/containers-policy.json | 14 +++++
 package/podman/podman.hash            |  3 ++
 package/podman/podman.mk              | 77 +++++++++++++++++++++++++++
 5 files changed, 150 insertions(+)
 create mode 100644 package/podman/Config.in
 create mode 100644 package/podman/containers-policy.json
 create mode 100644 package/podman/podman.hash
 create mode 100644 package/podman/podman.mk

diff --git a/package/Config.in b/package/Config.in
index 52bc10b91b..492baf25c4 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2684,6 +2684,7 @@ menu "System tools"
 	source "package/openvmtools/Config.in"
 	source "package/pamtester/Config.in"
 	source "package/petitboot/Config.in"
+	source "package/podman/Config.in"
 	source "package/polkit/Config.in"
 	source "package/powerpc-utils/Config.in"
 	source "package/procps-ng/Config.in"
diff --git a/package/podman/Config.in b/package/podman/Config.in
new file mode 100644
index 0000000000..f23435621a
--- /dev/null
+++ b/package/podman/Config.in
@@ -0,0 +1,55 @@
+config BR2_PACKAGE_PODMAN
+	bool "podman"
+	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
+	depends on BR2_TOOLCHAIN_HAS_THREADS
+	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
+	depends on BR2_USE_MMU # libgpgme
+	select BR2_PACKAGE_CATATONIT
+	select BR2_PACKAGE_CNI_PLUGINS
+	select BR2_PACKAGE_CONMON
+	select BR2_PACKAGE_CNI_PLUGINS
+	select BR2_PACKAGE_CRUN
+	select BR2_PACKAGE_IPTABLES
+	select BR2_PACKAGE_LIBGPGME
+	help
+	  podman is a CLI tool for spawning and running containers
+	  according to the OCI specification.
+
+	  https://github.com/containers/podman
+
+if BR2_PACKAGE_PODMAN
+
+config BR2_PACKAGE_PODMAN_DRIVER_BTRFS
+	bool "btrfs filesystem driver"
+	depends on BR2_USE_MMU # btrfs-progs
+	depends on BR2_TOOLCHAIN_HAS_THREADS # btrfs-progs
+	select BR2_PACKAGE_BTRFS_PROGS
+	help
+	  Build the btrfs filesystem driver.
+
+config BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER
+	bool "devicemapper filesystem driver"
+	depends on BR2_TOOLCHAIN_HAS_THREADS # lvm2
+	depends on BR2_USE_MMU # lvm2
+	depends on !BR2_STATIC_LIBS # lvm2
+	select BR2_PACKAGE_LVM2
+	help
+	  Build the devicemapper filesystem driver.
+
+config BR2_PACKAGE_PODMAN_DRIVER_VFS
+	bool "vfs filesystem driver"
+	depends on BR2_USE_WCHAR # gvfs
+	depends on BR2_USE_MMU # gvfs
+	depends on BR2_TOOLCHAIN_HAS_THREADS # gvfs
+	depends on !BR2_STATIC_LIBS # gvfs
+	select BR2_PACKAGE_GVFS
+	help
+	  Build the vfs filesystem driver.
+
+endif
+
+comment "podman needs a glibc or musl toolchain w/ threads"
+	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS && \
+		BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
+	depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_TOOLCHAIN_USES_UCLIBC
diff --git a/package/podman/containers-policy.json b/package/podman/containers-policy.json
new file mode 100644
index 0000000000..4480eb82b4
--- /dev/null
+++ b/package/podman/containers-policy.json
@@ -0,0 +1,14 @@
+{
+  "default": [
+    {
+    "type": "insecureAcceptAnything"
+  }
+  ],
+  "transports":
+  {
+    "docker-daemon":
+    {
+      "": [{"type":"insecureAcceptAnything"}]
+    }
+  }
+}
diff --git a/package/podman/podman.hash b/package/podman/podman.hash
new file mode 100644
index 0000000000..c011068682
--- /dev/null
+++ b/package/podman/podman.hash
@@ -0,0 +1,3 @@
+# Locally computed
+sha256  830a633630bf6e61f2b8d4ca00efdd9a173ef25cdd49d4a4364c293e088561df  podman-4.5.0.tar.gz
+sha256  62fb8a3a9621dc2388174caaabe9c2317b694bb9a1d46c98bcf5655b68f51be3  LICENSE
diff --git a/package/podman/podman.mk b/package/podman/podman.mk
new file mode 100644
index 0000000000..1df3a06616
--- /dev/null
+++ b/package/podman/podman.mk
@@ -0,0 +1,77 @@
+################################################################################
+#
+# podman
+#
+################################################################################
+
+PODMAN_VERSION = 4.5.0
+PODMAN_SITE = $(call github,containers,podman,v$(PODMAN_VERSION))
+PODMAN_LICENSE = Apache-2.0
+PODMAN_LICENSE_FILES = LICENSE
+
+PODMAN_CPE_ID_VENDOR = podman_project
+PODMAN_GOMOD = github.com/containers/podman/v4
+
+PODMAN_BUILD_TARGETS = cmd/podman cmd/rootlessport cmd/quadlet
+PODMAN_DEPENDENCIES += libgpgme
+PODMAN_LDFLAGS = \
+	-X $(PODMAN_GOMOD)/libpod/define.gitCommit=$(PODMAN_VERSION)
+PODMAN_TAGS = \
+	btrfs_noversion containers_image_openpgp \
+	exclude_graphdriver_devicemapper exclude_graphdriver_zfs
+
+ifeq ($(BR2_INIT_SYSTEMD),y)
+PODMAN_TAGS += systemd
+endif
+
+ifeq ($(BR2_PACKAGE_LIBAPPARMOR),y)
+PODMAN_DEPENDENCIES += libapparmor
+PODMAN_TAGS += apparmor
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
+PODMAN_TAGS += seccomp
+PODMAN_DEPENDENCIES += libseccomp host-pkgconf
+endif
+
+ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
+PODMAN_TAGS += selinux
+PODMAN_DEPENDENCIES += libselinux
+endif
+
+ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_BTRFS),y)
+PODMAN_DEPENDENCIES += btrfs-progs
+else
+PODMAN_TAGS += exclude_graphdriver_btrfs
+endif
+
+ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER),y)
+PODMAN_DEPENDENCIES += lvm2
+else
+PODMAN_TAGS += exclude_graphdriver_devicemapper
+endif
+
+ifeq ($(BR2_PACKAGE_PODMAN_DRIVER_VFS),y)
+PODMAN_DEPENDENCIES += gvfs
+else
+PODMAN_TAGS += exclude_graphdriver_vfs
+endif
+
+define PODMAN_INSTALL_TARGET_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \
+		install.bin
+	$(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni
+	$(INSTALL) -d -m 700 $(TARGET_DIR)/etc/cni/net.d
+	$(INSTALL) -D -m 644 $(@D)/cni/87-podman-bridge.conflist \
+		$(TARGET_DIR)/etc/cni/net.d/87-podman-bridge.conflist
+	$(INSTALL) -d -m 755 $(TARGET_DIR)/etc/containers
+	$(INSTALL) -D -m 644 $(PODMAN_PKGDIR)/containers-policy.json \
+		$(TARGET_DIR)/etc/containers/policy.json
+endef
+
+define PODMAN_INSTALL_INIT_SYSTEMD
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(TARGET_DIR) PREFIX=/usr \
+		install.systemd
+endef
+
+$(eval $(golang-package))
-- 
2.40.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2 1/2] package/conmon: new package

[Joachim Wiberg]

Hi!

Here's a very quick review while trying out your patch to get podman
running.  Only a cursory glance, have not run check-package.

On Thu, May 11, 2023 at 17:25, Christian Stewart via buildroot <buildroot@buildroot.org> wrote:
> [snip]
> diff --git a/package/conmon/Config.in b/package/conmon/Config.in
> new file mode 100644
> index 0000000000..c4b428a541
> --- /dev/null
> +++ b/package/conmon/Config.in
> @@ -0,0 +1,15 @@
> +config BR2_PACKAGE_CONMON
> +	bool "conmon"
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
> +	depends on BR2_USE_MMU # libglib2
> +	depends on BR2_USE_WCHAR # libglib2
> +	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve

Shouldn't there also be a select BR2_PACKAGE_LIBGLIB2 here as well?

> +	help
> +	  Conmon is an OCI container runtime monitor.
> +
> +	  https://github.com/containers/conmon
> +
> +comment "conmon needs a glibc or musl toolchain w/ threads, wchar"
> +	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
> +		BR2_TOOLCHAIN_USES_UCLIBC
> +	depends on BR2_USE_MMU
> diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk
> new file mode 100644
> index 0000000000..cda059042a
> --- /dev/null
> +++ b/package/conmon/conmon.mk
> @@ -0,0 +1,36 @@
> +################################################################################
> +#
> +# conmon
> +#
> +################################################################################
> +
> +CONMON_VERSION = 2.1.7
> +CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION))
> +CONMON_LICENSE = Apache-2.0
> +CONMON_LICENSE_FILES = LICENSE
> +
> +CONMON_DEPENDENCIES += host-pkgconf libglib2

The libglib2 dependency is listed here, so Config.in should select it, right?

> +
> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> +CONMON_ENABLE_SECCOMP = 1
> +CONMON_DEPENDENCIES += libseccomp
> +else
> +CONMON_ENABLE_SECCOMP = 0
> +endif

Should be 0, 1 here, because 'echo 0' below enable LIBSECCOMP in conmon.

> +define CONMON_CONFIGURE_CMDS
> +	printf '#!/bin/bash\necho "$(CONMON_ENABLE_SECCOMP)"\n' > \
> +		$(@D)/hack/seccomp-notify.sh
> +	chmod +x $(@D)/hack/seccomp-notify.sh
> +endef

Best regards
 /Joachim
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2 2/2] package/podman: new package

[Joachim Wiberg]

Hi,

even quicker review from minor things I noticed:

On Thu, May 11, 2023 at 17:25, Christian Stewart via buildroot <buildroot@buildroot.org> wrote:
> [snip]
>  package/Config.in                     |  1 +
>  package/podman/Config.in              | 55 +++++++++++++++++++
>  package/podman/containers-policy.json | 14 +++++
>  package/podman/podman.hash            |  3 ++
>  package/podman/podman.mk              | 77 +++++++++++++++++++++++++++

You forgot to update the DEVELOPERS file with your new package.

> [snip]
> diff --git a/package/podman/Config.in b/package/podman/Config.in
> new file mode 100644
> index 0000000000..f23435621a
> --- /dev/null
> +++ b/package/podman/Config.in
> @@ -0,0 +1,55 @@
> +config BR2_PACKAGE_PODMAN
> +	bool "podman"
> +	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
> +	depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
> +	depends on BR2_TOOLCHAIN_HAS_THREADS
> +	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
> +	depends on BR2_USE_MMU # libgpgme
> +	select BR2_PACKAGE_CATATONIT

Noob question, is CATATONIT really a dependency?  I thought it was only
needed/recommended when composing a new container.

> +	select BR2_PACKAGE_CNI_PLUGINS
> +	select BR2_PACKAGE_CONMON
> +	select BR2_PACKAGE_CNI_PLUGINS

Duplicate

> +	select BR2_PACKAGE_CRUN
> +	select BR2_PACKAGE_IPTABLES

Not sure, but for container networking we also need BRIDGE_UTILS, right?

> +	select BR2_PACKAGE_LIBGPGME

For rootless support, isn't SHADOW + SHADOW_SUBORDINATE_IDS and
SLIRP4NETNS required?

CGROUPFS_MOUNT is probably needed for non-systemd builds.

CA_CERTIFICATES is needed for https pull.


Best regards
 /Joachim
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2 1/2] package/conmon: new package

[Yann E. MORIN]

Christian, All,

On 2023-05-11 17:25 -0700, Christian Stewart via buildroot spake thusly:
> Conmon is an OCI container runtime monitor.
> 
> https://github.com/containers/conmon
> 
> Dependency of podman.
> 
> Signed-off-by: Christian Stewart <christian@aperture.us>

You got comments from Joachin on both patches, so I marked them as
changes-requested.

Regards,
Yann E. MORIN.

> ---
> 
> v1 -> v2:
> 
>  - requires libglib2, host-pkgconf
>  - bump version to 2.1.7
> 
> Signed-off-by: Christian Stewart <christian@aperture.us>
> ---
>  DEVELOPERS                 |  1 +
>  package/Config.in          |  1 +
>  package/conmon/Config.in   | 15 +++++++++++++++
>  package/conmon/conmon.hash |  3 +++
>  package/conmon/conmon.mk   | 36 ++++++++++++++++++++++++++++++++++++
>  5 files changed, 56 insertions(+)
>  create mode 100644 package/conmon/Config.in
>  create mode 100644 package/conmon/conmon.hash
>  create mode 100644 package/conmon/conmon.mk
> 
> diff --git a/DEVELOPERS b/DEVELOPERS
> index 37c1f06ec1..1608317654 100644
> --- a/DEVELOPERS
> +++ b/DEVELOPERS
> @@ -543,6 +543,7 @@ F:	package/balena-engine/
>  F:	package/batman-adv/
>  F:	package/catatonit/
>  F:	package/cni-plugins/
> +F:	package/conmon/
>  F:	package/containerd/
>  F:	package/crun/
>  F:	package/delve/
> diff --git a/package/Config.in b/package/Config.in
> index 420ebaa370..52bc10b91b 100644
> --- a/package/Config.in
> +++ b/package/Config.in
> @@ -2631,6 +2631,7 @@ menu "System tools"
>  	source "package/bubblewrap/Config.in"
>  	source "package/cgroupfs-mount/Config.in"
>  	source "package/circus/Config.in"
> +	source "package/conmon/Config.in"
>  	source "package/containerd/Config.in"
>  	source "package/coreutils/Config.in"
>  	source "package/cpulimit/Config.in"
> diff --git a/package/conmon/Config.in b/package/conmon/Config.in
> new file mode 100644
> index 0000000000..c4b428a541
> --- /dev/null
> +++ b/package/conmon/Config.in
> @@ -0,0 +1,15 @@
> +config BR2_PACKAGE_CONMON
> +	bool "conmon"
> +	depends on BR2_TOOLCHAIN_HAS_THREADS # libglib2
> +	depends on BR2_USE_MMU # libglib2
> +	depends on BR2_USE_WCHAR # libglib2
> +	depends on !BR2_TOOLCHAIN_USES_UCLIBC # no fexecve
> +	help
> +	  Conmon is an OCI container runtime monitor.
> +
> +	  https://github.com/containers/conmon
> +
> +comment "conmon needs a glibc or musl toolchain w/ threads, wchar"
> +	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS || \
> +		BR2_TOOLCHAIN_USES_UCLIBC
> +	depends on BR2_USE_MMU
> diff --git a/package/conmon/conmon.hash b/package/conmon/conmon.hash
> new file mode 100644
> index 0000000000..82d1d14ba3
> --- /dev/null
> +++ b/package/conmon/conmon.hash
> @@ -0,0 +1,3 @@
> +# Locally computed
> +sha256  7d0f9a2f7cb8a76c51990128ac837aaf0cc89950b6ef9972e94417aa9cf901fe  conmon-2.1.7.tar.gz
> +sha256  9c9d771d4004725237a31ada889fe06c85a24fd0a29e41825181ab4cde54f016  LICENSE
> diff --git a/package/conmon/conmon.mk b/package/conmon/conmon.mk
> new file mode 100644
> index 0000000000..cda059042a
> --- /dev/null
> +++ b/package/conmon/conmon.mk
> @@ -0,0 +1,36 @@
> +################################################################################
> +#
> +# conmon
> +#
> +################################################################################
> +
> +CONMON_VERSION = 2.1.7
> +CONMON_SITE = $(call github,containers,conmon,v$(CONMON_VERSION))
> +CONMON_LICENSE = Apache-2.0
> +CONMON_LICENSE_FILES = LICENSE
> +
> +CONMON_DEPENDENCIES += host-pkgconf libglib2
> +
> +ifeq ($(BR2_PACKAGE_LIBSECCOMP),y)
> +CONMON_ENABLE_SECCOMP = 1
> +CONMON_DEPENDENCIES += libseccomp
> +else
> +CONMON_ENABLE_SECCOMP = 0
> +endif
> +
> +define CONMON_CONFIGURE_CMDS
> +	printf '#!/bin/bash\necho "$(CONMON_ENABLE_SECCOMP)"\n' > \
> +		$(@D)/hack/seccomp-notify.sh
> +	chmod +x $(@D)/hack/seccomp-notify.sh
> +endef
> +
> +define CONMON_BUILD_CMDS
> +	$(TARGET_MAKE_ENV) $(MAKE) CC="$(TARGET_CC)" CFLAGS="$(TARGET_CFLAGS)" \
> +		LDFLAGS="$(TARGET_LDFLAGS)" -C $(@D) bin/conmon
> +endef
> +
> +define CONMON_INSTALL_TARGET_CMDS
> +	$(INSTALL) -D -m 755 $(@D)/bin/conmon $(TARGET_DIR)/usr/bin/conmon
> +endef
> +
> +$(eval $(generic-package))
> -- 
> 2.40.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v2 2/2] package/podman: new package

[Christian Stewart via buildroot]

Hi Joachim,

On Tue, May 16, 2023 at 10:18 PM Joachim Wiberg <troglobit@gmail.com> wrote:
> You forgot to update the DEVELOPERS file with your new package.

Will fix for next revision, thanks.


> > +     select BR2_PACKAGE_CATATONIT
>
> Noob question, is CATATONIT really a dependency?  I thought it was only
> needed/recommended when composing a new container.

When starting a container with the --init flag, both Docker and Podman
will use an init binary as the PID 1 within the container. The init
binary comes from the host system. With Docker and Containerd we use
/usr/bin/tini symlink to /usr/bin/tini.

The default in podman is to use catatonit at /usr/bin/catatonit for
--init, so I had included it as a dependency here.

An alternative could be to add a dependency on Tini and adding
`init_path = "/usr/bin/tini"` to `/usr/share/containers/libpod.conf`.

However: currently in Docker and Containerd we do not actually "select
TINI". Docker will use it if it's present, but we don't depend on it
directly. So I have dropped the "select CATATONIT" for the next
package revision.

>
> > +     select BR2_PACKAGE_CNI_PLUGINS
> > +     select BR2_PACKAGE_CONMON
> > +     select BR2_PACKAGE_CNI_PLUGINS
>
> Duplicate

Fixed, thanks.

> Not sure, but for container networking we also need BRIDGE_UTILS, right?

Not from what I've read, plus I've been testing without it & it works fine.

It's not in the list of dependencies on the arch package either.

> > +     select BR2_PACKAGE_LIBGPGME
>
> For rootless support, isn't SHADOW + SHADOW_SUBORDINATE_IDS and
> SLIRP4NETNS required?

Possibly, but given that our default mode here is to run podman as a
system daemon, I don't know if enforcing these requirements is
strictly necessary. If a user wants to use podman in rootless mode
they can enable these things.

> CGROUPFS_MOUNT is probably needed for non-systemd builds.

Good catch, added & fixed, thanks.

> CA_CERTIFICATES is needed for https pull.

That's also true for docker and balena-engine and containerd, but we
don't select CA_CERTIFICATES there.

Podman will work fine without it, assuming you just load container
images locally w/o https pull.

Sent another revision as v3, thanks!

Best regards,
Christian Stewart
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot