[Buildroot] [PATCH 0/3] package/distribution-registry: new package

[Buildroot] [PATCH 0/3] package/distribution-registry: new package

[yann.morin]

From: "Yann E. MORIN" <yann.morin@orange.com>

Hello All!

This small series introduces distribution-registry, the reference
implementation to host and distibute container images.

The series is three-fold:

 1. introduce the common containers-image-config package, that provides
    default, sane, official configuration files shared by multiple tools
    from the containers ecosystem;

 2. use those files for podman, instead of the custom, canned ones, and
    extend the skopeo runtime test to exercise using those files as
    well;

 3. introduce distribution-registry itself, with a runtime test.


Regards,
Yann E. MORIN.


The following changes since commit a7ea1e658de6d8f951ef8c4e81724c131306db6b

  board/bsh/imx6ulz-bsh-smm-m2: flash U-Boot (2025-05-12 23:00:50 +0200)


are available as patches in this mail series,

for you to apply patches up to 8d15f6761c6d86fb4b04c3209970e1a6cc803d78

  package/distribution-registry: new package (2025-05-13 13:42:39 +0200)


----------------------------------------------------------------
Yann E. MORIN (3):
      package/containers-image-config: new package
      package/skopeo: use containers-image-config files
      package/distribution-registry: new package

 package/Config.in                                  |  2 +
 package/containers-image-config/Config.in          |  8 ++
 .../containers-image-config.hash                   |  3 +
 .../containers-image-config.mk                     | 25 ++++++
 package/distribution-registry/Config.in            | 17 +++++
 package/distribution-registry/config.yml           | 13 ++++
 .../distribution-registry.hash                     |  3 +
 .../distribution-registry/distribution-registry.mk | 51 +++++++++++++
 .../distribution-registry.service                  | 10 +++
 package/podman/Config.in                           |  1 +
 package/podman/podman.mk                           | 10 ---
 package/podman/policy.json                         |  7 --
 package/podman/registries.conf                     |  1 -
 package/skopeo/Config.in                           |  1 +
 .../tests/package/test_distribution_registry.py    | 88 ++++++++++++++++++++++
 support/testing/tests/package/test_skopeo.py       | 20 +++++
 16 files changed, 242 insertions(+), 18 deletions(-)
 create mode 100644 package/containers-image-config/Config.in
 create mode 100644 package/containers-image-config/containers-image-config.hash
 create mode 100644 package/containers-image-config/containers-image-config.mk
 create mode 100644 package/distribution-registry/Config.in
 create mode 100644 package/distribution-registry/config.yml
 create mode 100644 package/distribution-registry/distribution-registry.hash
 create mode 100644 package/distribution-registry/distribution-registry.mk
 create mode 100644 package/distribution-registry/distribution-registry.service
 delete mode 100644 package/podman/policy.json
 delete mode 100644 package/podman/registries.conf
 create mode 100644 support/testing/tests/package/test_distribution_registry.py

-- 
                                        ____________
.-----------------.--------------------:       _    :------------------.
|  Yann E. MORIN  | Real-Time Embedded |    __/ )   | /"\ ASCII RIBBON |
|                 | Software  Designer |  _/ - /'   | \ / CAMPAIGN     |
| +33 638.411.245 '--------------------: (_    `--, |  X  AGAINST      |
| yann.morin (at) orange.com           |_="    ,--' | / \ HTML MAIL    |
'--------------------------------------:______/_____:------------------'

____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 1/3] package/containers-image-config: new package

[yann.morin]

From: "Yann E. MORIN" <yann.morin@orange.com>

The container/image repository is the standards regpository that drives
the image management in container tools, like podman or skopeo. Besides
a Go library, it also prodvides the template configuration files used
by those tools; those files can also serve as default ones.

Install those files instead of the canned ones we cary in podman, and
change podman to use this new package too.

The registry file needs a fixup, as it by default does not allow
searching unqualified images (i.e. those that do not contain a registry
name) in a default registry, for security reasons. However, the Docker
Hub is traditionally a registry that can be accessed without being
specified, so we make that possible.

As was noted in ebbaac08e3f4 (package/podman: new package), "[p]roviding
actual files is going to be use-case dependent, and interested parties
will have to provide their own config files, e.g. in a rootfs overlay."

Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/Config.in                             |  1 +
 package/containers-image-config/Config.in     |  8 ++++++
 .../containers-image-config.hash              |  3 +++
 .../containers-image-config.mk                | 25 +++++++++++++++++++
 package/podman/Config.in                      |  1 +
 package/podman/podman.mk                      | 10 --------
 package/podman/policy.json                    |  7 ------
 package/podman/registries.conf                |  1 -
 8 files changed, 38 insertions(+), 18 deletions(-)
 create mode 100644 package/containers-image-config/Config.in
 create mode 100644 package/containers-image-config/containers-image-config.hash
 create mode 100644 package/containers-image-config/containers-image-config.mk
 delete mode 100644 package/podman/policy.json
 delete mode 100644 package/podman/registries.conf

diff --git a/package/Config.in b/package/Config.in
index a9074ac405..c8022a91ec 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2835,6 +2835,7 @@ menu "System tools"
 	source "package/circus/Config.in"
 	source "package/conmon/Config.in"
 	source "package/containerd/Config.in"
+	source "package/containers-image-config/Config.in"
 	source "package/coreutils/Config.in"
 	source "package/cpulimit/Config.in"
 	source "package/cpuload/Config.in"
diff --git a/package/containers-image-config/Config.in b/package/containers-image-config/Config.in
new file mode 100644
index 0000000000..d40712e56d
--- /dev/null
+++ b/package/containers-image-config/Config.in
@@ -0,0 +1,8 @@
+config BR2_PACKAGE_CONTAINERS_IMAGE_CONFIG
+	bool "containers-image-config"
+	help
+	  Install default, minimalist configuration files used by the
+	  various tools dealing with containers images, like podman,
+	  skopeo...
+
+	  https://github.com/containers/image
diff --git a/package/containers-image-config/containers-image-config.hash b/package/containers-image-config/containers-image-config.hash
new file mode 100644
index 0000000000..0159b0fc62
--- /dev/null
+++ b/package/containers-image-config/containers-image-config.hash
@@ -0,0 +1,3 @@
+# Locally computed:
+sha256  afdbb1487571d4cc8974e11c72bc4e05043fb490cfc0581783789f414c64f87b  containers-image-config-v5.35.0-git4.tar.gz
+sha256  716a8b80635c394681e652823e1e42e411ad2d254e1f202403422d74f4b0b106  LICENSE
diff --git a/package/containers-image-config/containers-image-config.mk b/package/containers-image-config/containers-image-config.mk
new file mode 100644
index 0000000000..2f03f8e8fb
--- /dev/null
+++ b/package/containers-image-config/containers-image-config.mk
@@ -0,0 +1,25 @@
+################################################################################
+#
+# containers-image-config
+#
+################################################################################
+
+CONTAINERS_IMAGE_CONFIG_VERSION = v5.35.0
+CONTAINERS_IMAGE_CONFIG_SITE = https://github.com/containers/image
+CONTAINERS_IMAGE_CONFIG_SITE_METHOD = git
+
+CONTAINERS_IMAGE_CONFIG_LICENSE = Apache-2.0
+CONTAINERS_IMAGE_CONFIG_LICENSE_FILES = LICENSE
+
+define CONTAINERS_IMAGE_CONFIG_INSTALL_TARGET_CMDS
+	$(INSTALL) -D -m 0644 \
+		$(@D)/default-policy.json \
+		$(TARGET_DIR)/etc/containers/policy.json
+	$(INSTALL) -D -m 0644 \
+		$(@D)/registries.conf \
+		$(TARGET_DIR)/etc/containers/registries.conf
+	$(SED) '/^# unqualified-search-registries = .*/s//unqualified-search-registries = ["docker.io"]/' \
+		$(TARGET_DIR)/etc/containers/registries.conf
+endef
+
+$(eval $(generic-package))
diff --git a/package/podman/Config.in b/package/podman/Config.in
index 4378d9918d..35d291a7e8 100644
--- a/package/podman/Config.in
+++ b/package/podman/Config.in
@@ -12,6 +12,7 @@ config BR2_PACKAGE_PODMAN
 	select BR2_PACKAGE_CA_CERTIFICATES  # runtime
 	select BR2_PACKAGE_CGROUPFS_V2_MOUNT if !BR2_PACKAGE_CGROUPFS_MOUNT && !BR2_INIT_SYSTEMD  # runtime
 	select BR2_PACKAGE_CONMON  # runtime
+	select BR2_PACKAGE_CONTAINERS_IMAGE_CONFIG  # runtime
 	select BR2_PACKAGE_LIBGPGME
 	select BR2_PACKAGE_LIBSECCOMP
 	select BR2_PACKAGE_NETAVARK  # runtime
diff --git a/package/podman/podman.mk b/package/podman/podman.mk
index 7ca9b9ddcb..27d9a84712 100644
--- a/package/podman/podman.mk
+++ b/package/podman/podman.mk
@@ -99,16 +99,6 @@ define PODMAN_LINUX_CONFIG_FIXUPS
 	$(PODMAN_LINUX_CONFIG_FIXUPS_BTRFS)
 endef
 
-define PODMAN_CONFIG
-	$(Q)$(INSTALL) -D -m 0644 \
-		$(PODMAN_PKGDIR)/policy.json \
-		$(TARGET_DIR)/etc/containers/policy.json
-	$(Q)$(INSTALL) -D -m 0644 \
-		$(PODMAN_PKGDIR)/registries.conf \
-		$(TARGET_DIR)/etc/containers/registries.conf
-endef
-PODMAN_POST_INSTALL_TARGET_HOOKS += PODMAN_CONFIG
-
 define PODMAN_HELPERS
 	$(Q)mkdir -p $(TARGET_DIR)/usr/libexec/podman
 	$(Q)ln -sf ../../bin/aardvark-dns $(TARGET_DIR)/usr/libexec/podman/aardvark-dns
diff --git a/package/podman/policy.json b/package/podman/policy.json
deleted file mode 100644
index 9333053f93..0000000000
--- a/package/podman/policy.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  "default": [
-    {
-      "type": "insecureAcceptAnything"
-    }
-  ]
-}
diff --git a/package/podman/registries.conf b/package/podman/registries.conf
deleted file mode 100644
index d44d892da3..0000000000
--- a/package/podman/registries.conf
+++ /dev/null
@@ -1 +0,0 @@
-unqualified-search-registries = ["docker.io"]
-- 
2.34.1

____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 2/3] package/skopeo: use containers-image-config files

[yann.morin]

From: "Yann E. MORIN" <yann.morin@orange.com>

... and extend the skopeo runtime test to make use of those.

Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
---
 package/skopeo/Config.in                     |  1 +
 support/testing/tests/package/test_skopeo.py | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/package/skopeo/Config.in b/package/skopeo/Config.in
index f1acc3a50f..0de9b16047 100644
--- a/package/skopeo/Config.in
+++ b/package/skopeo/Config.in
@@ -8,6 +8,7 @@ config BR2_PACKAGE_SKOPEO
 	depends on !BR2_STATIC_LIBS  # lvm2
 	select BR2_PACKAGE_HOST_GO
 	select BR2_PACKAGE_BTRFS_PROGS
+	select BR2_PACKAGE_CONTAINERS_IMAGE_CONFIG  # runtime
 	select BR2_PACKAGE_LIBGPGME
 	select BR2_PACKAGE_LVM2
 	help
diff --git a/support/testing/tests/package/test_skopeo.py b/support/testing/tests/package/test_skopeo.py
index 79c3da8b3d..99ba978de2 100644
--- a/support/testing/tests/package/test_skopeo.py
+++ b/support/testing/tests/package/test_skopeo.py
@@ -32,6 +32,20 @@ class TestSkopeo(infra.basetest.BRTest):
         bb_info = json.loads("".join(output))
         self.assertEqual(bb_info["Name"], "docker.io/library/busybox")
 
+        # Then check we can retrieve the image from the default registry
+        # Copy all archs in the image to check we can enumerate those (inspect
+        # does not enumerate all archs)
+        self.assertRunOk(
+            "skopeo copy -a docker://busybox:latest oci-archive:busybox-latest.oci",
+            timeout=120,
+        )
+
+        # Check we can inspect a local OCI archive
+        self.assertRunOk(
+            "skopeo inspect oci-archive:busybox-latest.oci",
+            timeout=30,
+        )
+
         # Now, check we can reach an arbitrary registry: quay.io
         output, _ = self.emulator.run(
             "skopeo inspect docker://quay.io/quay/busybox:latest",
@@ -39,3 +53,9 @@ class TestSkopeo(infra.basetest.BRTest):
         )
         skopeo_info = json.loads("".join(output))
         self.assertEqual(skopeo_info["Name"], "quay.io/quay/busybox")
+
+        # Finally check we can retrieve the image from an arbitrary registry
+        self.assertRunOk(
+            "skopeo copy docker://quay.io/quay/busybox:latest oci-archive:busybox-quay.io-latest.oci",
+            timeout=120,
+        )
-- 
2.34.1

____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 3/3] package/distribution-registry: new package

[yann.morin]

From: "Yann E. MORIN" <yann.morin@orange.com>

This package provides a reference, functional implementation of a
registry for distributing container images. Formerly the Docker
registry, it now also handles OCI images, so can be used to distribute
all kinds of container related images: classic Docker images, OCI
images, but also helms [0] and the likes, which are also packages as OCI
images in fact.

The upstream name of the package is just "distribution" [1], but this is
a bit too generic and unsearchable; distributions like Debian and Ubuntu
traditionally provides it as the "docker-registry" package, but this is
now misleading as it is not just for Docker anymore. So we decided to
name it "distribution-registry": it contains the upstream name and will
be searchable with the 'registry' part as well.

The built executable is named "registry", which is also a bit too
generic. Again, for the same reasons as above, we name it
"distribution-registry"; this also incidentally makes our golang-package
infra "just work" and do the right thing when it installs the package.

The upstream package provides a wrapper Makefile to build the package,
but it does not do more than our infra already does; the only little nit
is that it allows updating the version file (with git infra et al.). We
can just ignore that and update the version ourselves.

We also provide a minimalist configuration file: it exposes the registry
to localhost only, as a security measure. This file will have to be
overridden (e.g. in a rootfs-overlay) with proper authentication, and
with further locally meaningful setup anyway.

Finally, we also implement a run-time test that validates that we can
push and pull images to/from the registry. Since the registry is a big
go package, it takes time to start, so wait for it a little bit (and yet
a little bit more after it starts logging), and increase the timeouts
for commands that deal with the registry.

For this simple test, the registry is directly exposed with plain HTTP,
not HTTPS, so we must declare it as insecure, so that container tools
can reach it without custom options (e.g. without using skopeo's
--{src,dest}-tls-verify=false options).

We re-use skopeo to talk to the registry. This allows us to grab an
image from the Docker hub registry, and push it to our local registry,
then retrieve it back. Since we want to diffferentiate failures to grab
the image from the Docker Hub [2], from failures to push to our
registry, we do it in two steps: copy from Docker Hub to a local OCI
image, then push that to our registry.

Since both distribution-registry and skopeo are big go-based, statically
linked binaries, running both in the standard virtual machine does not
work: the 256MiB emulated in vexpress are not enough and cause segfaults
when running both at once. The vexpress also only accepts at most
256MiB, so we must use another machine; we decided to use the same as is
used by the podman teest case, which allows at least 1Gib, which is now
enough.

[0] https://helm.sh/
[1] https://github.com/distribution/distribution
[2] in case we reach the 100-pulls-a-day limitation

Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Christian Stewart <christian@aperture.us>
---
 package/Config.in                             |  1 +
 package/distribution-registry/Config.in       | 17 ++++
 package/distribution-registry/config.yml      | 13 +++
 .../distribution-registry.hash                |  3 +
 .../distribution-registry.mk                  | 51 +++++++++++
 .../distribution-registry.service             | 10 +++
 .../package/test_distribution_registry.py     | 88 +++++++++++++++++++
 7 files changed, 183 insertions(+)
 create mode 100644 package/distribution-registry/Config.in
 create mode 100644 package/distribution-registry/config.yml
 create mode 100644 package/distribution-registry/distribution-registry.hash
 create mode 100644 package/distribution-registry/distribution-registry.mk
 create mode 100644 package/distribution-registry/distribution-registry.service
 create mode 100644 support/testing/tests/package/test_distribution_registry.py

diff --git a/package/Config.in b/package/Config.in
index c8022a91ec..1f9f3298c9 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2846,6 +2846,7 @@ menu "System tools"
 	source "package/dcron/Config.in"
 	source "package/ddrescue/Config.in"
 	source "package/debianutils/Config.in"
+	source "package/distribution-registry/Config.in"
 	source "package/docker-cli/Config.in"
 	source "package/docker-cli-buildx/Config.in"
 	source "package/docker-compose/Config.in"
diff --git a/package/distribution-registry/Config.in b/package/distribution-registry/Config.in
new file mode 100644
index 0000000000..af650171b1
--- /dev/null
+++ b/package/distribution-registry/Config.in
@@ -0,0 +1,17 @@
+config BR2_PACKAGE_DISTRIBUTION_REGISTRY
+	bool "distribution-registry"
+	depends on BR2_PACKAGE_HOST_GO_TARGET_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_HOST_GO_TARGET_CGO_LINKING_SUPPORTS
+	help
+	  The toolkit to pack, ship, store, and deliver container
+	  content.
+
+	  The goal of this project is to provide a simple, secure, and
+	  scalable base for building a large scale registry solution or
+	  running a simple private registry. It is a core library for
+	  many registry operators including Docker Hub, GitHub Container
+	  Registry, GitLab Container Registry and DigitalOcean Container
+	  Registry, as well as the CNCF Harbor Project, and VMware
+	  Harbor Registry.
+
+	  https://github.com/distribution/distribution
diff --git a/package/distribution-registry/config.yml b/package/distribution-registry/config.yml
new file mode 100644
index 0000000000..77944827a5
--- /dev/null
+++ b/package/distribution-registry/config.yml
@@ -0,0 +1,13 @@
+version: 0.1
+storage:
+  cache:
+    blobdescriptor: inmemory
+  filesystem:
+    rootdirectory: /var/lib/docker-registry
+  delete:
+    enabled: true
+http:
+  addr: 127.0.0.1:5000
+  net: tcp
+  headers:
+    X-Content-Type-Options: [nosniff]
diff --git a/package/distribution-registry/distribution-registry.hash b/package/distribution-registry/distribution-registry.hash
new file mode 100644
index 0000000000..38d7b5a487
--- /dev/null
+++ b/package/distribution-registry/distribution-registry.hash
@@ -0,0 +1,3 @@
+# Locally computed
+sha256  6330e6b625c0232b43cee8ea32800a660a7d7a0c79f4f53e4d9a8a6707138d46  distribution-registry-v3.0.0-git4-go2.tar.gz
+sha256  cb5e8e7e5f4a3988e1063c142c60dc2df75605f4c46515e776e3aca6df976e14  LICENSE
diff --git a/package/distribution-registry/distribution-registry.mk b/package/distribution-registry/distribution-registry.mk
new file mode 100644
index 0000000000..e78fab2206
--- /dev/null
+++ b/package/distribution-registry/distribution-registry.mk
@@ -0,0 +1,51 @@
+################################################################################
+#
+# distribution-registry
+#
+################################################################################
+
+DISTRIBUTION_REGISTRY_VERSION = v3.0.0
+DISTRIBUTION_REGISTRY_SITE = https://github.com/distribution/distribution
+DISTRIBUTION_REGISTRY_SITE_METHOD = git
+
+DISTRIBUTION_REGISTRY_LICENSE = Apache-2.0
+DISTRIBUTION_REGISTRY_LICENSE_FILES = LICENSE
+
+DISTRIBUTION_REGISTRY_GOMOD = github.com/distribution/distribution/v3
+
+DISTRIBUTION_REGISTRY_BUILD_TARGETS = cmd/registry
+
+# Inject the version as if done by upstream's wrapper Makefile
+define DISTRIBUTION_REGISTRY_SET_VERSION
+	$(SED) 's/^var version = ".*"$$/var version = "$(DISTRIBUTION_REGISTRY_VERSION)"/' \
+		$(@D)/version/version.go
+endef
+DISTRIBUTION_REGISTRY_PRE_CONFIGURE_HOOKS += DISTRIBUTION_REGISTRY_SET_VERSION
+
+# distribution-registry builds the 'registry' executable, but that name is
+# a bit too generic. Rename it to match the package name; this has the nice
+# side effect that it will be automatically picked up for install by the
+# golang-package infra.
+define DISTRIBUTION_REGISTRY_RENAME
+	mv $(@D)/bin/registry $(@D)/bin/distribution-registry
+endef
+DISTRIBUTION_REGISTRY_POST_BUILD_HOOKS += DISTRIBUTION_REGISTRY_RENAME
+
+define DISTRIBUTION_REGISTRY_CONFIG
+	$(INSTALL) -m 0644 -D \
+		$(DISTRIBUTION_REGISTRY_PKGDIR)/config.yml \
+		$(TARGET_DIR)/etc/docker/registry/config.yml
+endef
+DISTRIBUTION_REGISTRY_POST_INSTALL_TARGET_HOOKS += DISTRIBUTION_REGISTRY_CONFIG
+
+define DISTRIBUTION_REGISTRY_USERS
+	distribution-registry -1 distribution-registry -1 * - - - Distribution registry
+endef
+
+define DISTRIBUTION_REGISTRY_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -m 0644 -D \
+		$(DISTRIBUTION_REGISTRY_PKGDIR)/distribution-registry.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/distribution-registry.service
+endef
+
+$(eval $(golang-package))
diff --git a/package/distribution-registry/distribution-registry.service b/package/distribution-registry/distribution-registry.service
new file mode 100644
index 0000000000..767786bc99
--- /dev/null
+++ b/package/distribution-registry/distribution-registry.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Distribution registry
+After=network.target
+
+[Service]
+User=distribution-registry
+ExecStart=/usr/bin/distribution-registry serve /etc/docker/registry/config.yml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/support/testing/tests/package/test_distribution_registry.py b/support/testing/tests/package/test_distribution_registry.py
new file mode 100644
index 0000000000..c5af5d849d
--- /dev/null
+++ b/support/testing/tests/package/test_distribution_registry.py
@@ -0,0 +1,88 @@
+import infra.basetest
+import json
+import os
+import time
+
+
+class TestDistributionRegistry(infra.basetest.BRTest):
+    config = \
+        """
+        BR2_arm=y
+        BR2_cortex_a9=y
+        BR2_ARM_ENABLE_VFP=y
+        BR2_TOOLCHAIN_EXTERNAL=y
+        BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
+        BR2_PER_PACKAGE_DIRECTORIES=y
+        BR2_SYSTEM_DHCP="eth0"
+        BR2_LINUX_KERNEL=y
+        BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+        BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="5.10.202"
+        BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
+        BR2_LINUX_KERNEL_DTS_SUPPORT=y
+        BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9"
+        BR2_PACKAGE_CA_CERTIFICATES=y
+        BR2_PACKAGE_DISTRIBUTION_REGISTRY=y
+        BR2_PACKAGE_SKOPEO=y
+        BR2_PACKAGE_HOST_GO_BIN=y
+        BR2_TARGET_ROOTFS_CPIO=y
+        # BR2_TARGET_ROOTFS_TAR is not set
+        """
+
+    def test_run(self):
+        kernel_file = os.path.join(self.builddir, "images", "zImage")
+        dtb_file = os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb")
+        cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+        self.emulator.boot(
+            arch="armv5",
+            kernel=kernel_file,
+            kernel_cmdline=[
+                'console=ttyAMA0',
+            ],
+            options=[
+                '-M', 'vexpress-a9',
+                "-m", "1G",
+                "-nic", "user,model=lan9118",
+                "-dtb", dtb_file,
+                "-initrd", cpio_file,
+            ],
+        )
+        self.emulator.login()
+
+        # Allow unfettered access to the local registry:
+        self.assertRunOk("mkdir /etc/containers/registries.conf.d")
+        self.assertRunOk("printf '[[registry]]\\nlocation = \"localhost:5000\"\\ninsecure = true\\n' >/etc/containers/registries.conf.d/localhost.conf")
+
+        # Check we can at least run
+        self.assertRunOk("distribution-registry --version", timeout=30)
+
+        # Spawn the registry and wait for it to be ready
+        self.assertRunOk(
+            "distribution-registry serve /etc/docker/registry/config.yml >/tmp/registry.log 2>&1 &",
+        )
+        for i in range(60):
+            time.sleep(1)
+            _, ret = self.emulator.run("test -s /tmp/registry.log")
+            if ret == 0:
+                time.sleep(2)  # Wait just a little tiny bit more...
+                break
+        else:
+            raise SystemError("Cannot start the registry")
+
+        # Get a multi-arch image from the Docker hub registry
+        # Huge timeout because qemu-system-arm has slirp issues
+        self.assertRunOk(
+            "skopeo copy -a docker://busybox:1.37.0-glibc oci-archive:busybox-1.37.0-glibc.oci",
+            timeout=600,
+        )
+
+        # Push the multi-arch image to the local registry
+        self.assertRunOk(
+            "skopeo copy -a oci-archive:busybox-1.37.0-glibc.oci docker://localhost:5000/busybox:1.37.0-glibc",
+            timeout=120,
+        )
+
+        # Pull the image back
+        self.assertRunOk(
+            "skopeo copy -a docker://localhost:5000/busybox:1.37.0-glibc oci-archive:busybox-1.37.0-glibc-2.oci",
+            timeout=120,
+        )
-- 
2.34.1

____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot