From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: patrick.vogelaar@belden.com
Cc: meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization] [PATCH] docker: make ca-certificates a packageconfig
Date: Thu, 18 Sep 2025 22:20:45 -0400 [thread overview]
Message-ID: <aMy9/Zv+52k+XDcl@gmail.com> (raw)
In-Reply-To: <14236.1757061728389674907@lists.yoctoproject.org>
In message: Re: [meta-virtualization] [PATCH] docker: make ca-certificates a packageconfig
on 05/09/2025 Patrick Vogelaar via B4 Relay via lists.yoctoproject.org wrote:
> On Thu, Sep 4, 2025 at 03:14 AM, Bruce Ashfield wrote:
>
> In message: [meta-virtualization][PATCH] docker: make ca-certificates a
> packageconfig
> on 24/08/2025 Patrick Vogelaar via B4 Relay via lists.yoctoproject.org
> wrote:
>
>
> Moving ca-certificates into a packageconfig allows using docker without
> installing all the certificates.
>
> I don't have (many) issues with the patch, but in my experience you
> can't work with any registries or services with the certs being present.
>
> Are you installing them some other way ? or using some alternative ?
>
> We are either not installing from registry at all, or we have our own registry
> were we put only the required certificate and not the whole pool of
> certificates.
Aha. So as long as the default doesn't change, I can live with
that explation and those that turn this off should know what they
are doing.
I had to fix the author before I could push though, so your
git-send-email needs a configuration tweak:
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 12 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 612 bytes | 612.00 KiB/s, done.
Total 5 (delta 4), reused 0 (delta 0), pack-reused 0
remote: ##############################################
remote: Invalid author Patrick Vogelaar via B4 Relay
remote: ##############################################
To ssh://push.yoctoproject.org/meta-virtualization
! [remote rejected] master -> master-next (pre-receive hook declined)
error: failed to push some refs to 'ssh://push.yoctoproject.org/meta-virtualization'
Bruce
>
> Patrick
>
>
> Since the defaults aren't changed by this patch, I'll definitely merge
> it. I'd just like to make sure that it won't create a hidden/non-working
> configuration.
>
> Bruce
>
>
> Signed-off-by: Patrick Vogelaar <patrick.vogelaar@belden.com>
> ---
> recipes-containers/docker/docker.inc | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/
> docker/docker.inc
> index 94ee34db..c464bc3c 100644
> --- a/recipes-containers/docker/docker.inc
> +++ b/recipes-containers/docker/docker.inc
> @@ -10,7 +10,6 @@ RDEPENDS:${PN} = "util-linux util-linux-unshare
> iptables \
> ${@bb.utils.contains('DISTRO_FEATURES', 'aufs', 'aufs-util', '', d)} \
> ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'cgroup-lite',
> d)} \
> bridge-utils \
> - ca-certificates \
> "
> RDEPENDS:${PN} += "virtual-containerd $
> {VIRTUAL-RUNTIME_container_runtime}"
>
> @@ -37,10 +36,11 @@ RPROVIDES:${PN}-dev += "docker-dev"
> RPROVIDES:${PN}-contrip += "docker-dev"
>
> inherit pkgconfig
> -PACKAGECONFIG ??= "docker-init seccomp"
> +PACKAGECONFIG ??= "docker-init seccomp ca-certs"
> PACKAGECONFIG[seccomp] = "seccomp,,libseccomp"
> PACKAGECONFIG[docker-init] = ",,,docker-init"
> PACKAGECONFIG[transient-config] = "transient-config"
> +PACKAGECONFIG[ca-certs] = ",,,ca-certificates"
>
> GO_IMPORT = "import"
>
> --
> 2.34.1
>
>
> **********************************************************************
> DISCLAIMER:
> Privileged and/or Confidential information may be contained in this
> message. If you are not the addressee of this message, you may not
> copy, use or deliver this message to anyone. In such event, you should
> destroy the message and kindly notify the sender by reply e-mail. It is
> understood that opinions or conclusions that do not relate to the
> official business of the company are neither given nor endorsed by the
> company. Thank You.
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9375): https://lists.yoctoproject.org/g/meta-virtualization/message/9375
> Mute This Topic: https://lists.yoctoproject.org/mt/114864158/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
prev parent reply other threads:[~2025-09-19 2:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-24 12:14 [meta-virtualization][PATCH] docker: make ca-certificates a packageconfig Patrick Vogelaar
2025-09-04 1:14 ` Bruce Ashfield
2025-09-05 8:42 ` [PATCH] " Patrick Vogelaar via B4 Relay
2025-09-19 2:20 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMy9/Zv+52k+XDcl@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=meta-virtualization@lists.yoctoproject.org \
--cc=patrick.vogelaar@belden.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox