skopeo: use container-host bbclass to provide configuration

Instead of providing storage and registries configuration files in this package, we inherit container-host which will provide a common definition of these configs. This allows multiple packages to ensure that the configuration files are present, and not conflict in their installation. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
author: Bruce Ashfield <bruce.ashfield@gmail.com> 2023-02-17 15:19:53 -0500
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2023-02-17 15:21:53 -0500
commit: 82698d923439e3637016f8334cfba215afe49a55 (patch)
tree: b1bc1dbaed7d56c5761c75238b40edc1b66e5797
parent: a0baf4ed455828c7aed068337547c3037969e643 (diff)
download: meta-virtualization-82698d923439e3637016f8334cfba215afe49a55.tar.gz
3 files changed, 2 insertions, 225 deletions
diff --git a/recipes-containers/skopeo/files/registries.conf b/recipes-containers/skopeo/files/registries.conf
deleted file mode 100644
index ba6c3f6e..00000000
--- a/recipes-containers/skopeo/files/registries.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# This is a system-wide configuration file used to
-# keep track of registries for various container backends.
-# It adheres to TOML format and does not support recursive
-# lists of registries.
-# The default location for this configuration file is /etc/containers/registries.conf.
-# The only valid categories are: 'registries.search', 'registries.insecure', 
-# and 'registries.block'.
-[registries.search]
-registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
-# If you need to access insecure registries, add the registry's fully-qualified name.
-# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
-[registries.insecure]
-registries = []
-# If you need to block pull access from a registry, uncomment the section below
-# and add the registries fully-qualified name.
-#
-# Docker only
-[registries.block]
-registries = []
diff --git a/recipes-containers/skopeo/files/storage.conf b/recipes-containers/skopeo/files/storage.conf
deleted file mode 100644
index 722750c0..00000000
--- a/recipes-containers/skopeo/files/storage.conf
+++ /dev/null
@@ -1,195 +0,0 @@
-# This file is is the configuration file for all tools
-# that use the containers/storage library.
-# See man 5 containers-storage.conf for more information
-# The "container storage" table contains all of the server options.
-[storage]
-# Default Storage Driver, Must be set for proper operation.
-driver = "overlay"
-# Temporary storage location
-runroot = "/run/containers/storage"
-# Primary Read/Write location of container storage
-graphroot = "/var/lib/containers/storage"
-# Storage path for rootless users
-#
-# rootless_storage_path = "$HOME/.local/share/containers/storage"
-[storage.options]
-# Storage options to be passed to underlying storage drivers
-# AdditionalImageStores is used to pass paths to additional Read/Only image stores
-# Must be comma separated list.
-additionalimagestores = [
-]
-# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
-# a container, to the UIDs/GIDs as they should appear outside of the container,
-# and the length of the range of UIDs/GIDs.  Additional mapped sets can be
-# listed and will be heeded by libraries, but there are limits to the number of
-# mappings which the kernel will allow when you later attempt to run a
-# container.
-#
-# remap-uids = 0:1668442479:65536
-# remap-gids = 0:1668442479:65536
-# Remap-User/Group is a user name which can be used to look up one or more UID/GID
-# ranges in the /etc/subuid or /etc/subgid file.  Mappings are set up starting
-# with an in-container ID of 0 and then a host-level ID taken from the lowest
-# range that matches the specified name, and using the length of that range.
-# Additional ranges are then assigned, using the ranges which specify the
-# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
-# until all of the entries have been used for maps.
-#
-# remap-user = "containers"
-# remap-group = "containers"
-# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
-# ranges in the /etc/subuid and /etc/subgid file.  These ranges will be partitioned
-# to containers configured to create automatically a user namespace.  Containers
-# configured to automatically create a user namespace can still overlap with containers
-# having an explicit mapping set.
-# This setting is ignored when running as rootless.
-# root-auto-userns-user = "storage"
-#
-# Auto-userns-min-size is the minimum size for a user namespace created automatically.
-# auto-userns-min-size=1024
-#
-# Auto-userns-max-size is the minimum size for a user namespace created automatically.
-# auto-userns-max-size=65536
-[storage.options.overlay]
-# ignore_chown_errors can be set to allow a non privileged user running with
-# a single UID within a user namespace to run containers. The user can pull
-# and use any image even those with multiple uids.  Note multiple UIDs will be
-# squashed down to the default uid in the container.  These images will have no
-# separation between the users in the container. Only supported for the overlay
-# and vfs drivers.
-#ignore_chown_errors = "false"
-# Inodes is used to set a maximum inodes of the container image.
-# inodes = ""
-# Path to an helper program to use for mounting the file system instead of mounting it
-# directly.
-#mount_program = "/usr/bin/fuse-overlayfs"
-# mountopt specifies comma separated list of extra mount options
-mountopt = "nodev"
-# Set to skip a PRIVATE bind mount on the storage home directory.
-# skip_mount_home = "false"
-# Size is used to set a maximum size of the container image.
-# size = ""
-# ForceMask specifies the permissions mask that is used for new files and
-# directories.
-#
-# The values "shared" and "private" are accepted.
-# Octal permission masks are also accepted.
-#
-#  "": No value specified.
-#     All files/directories, get set with the permissions identified within the
-#     image.
-#  "private": it is equivalent to 0700.
-#     All files/directories get set with 0700 permissions.  The owner has rwx
-#     access to the files. No other users on the system can access the files.
-#     This setting could be used with networked based homedirs.
-#  "shared": it is equivalent to 0755.
-#     The owner has rwx access to the files and everyone else can read, access
-#     and execute them. This setting is useful for sharing containers storage
-#     with other users.  For instance have a storage owned by root but shared
-#     to rootless users as an additional store.
-#     NOTE:  All files within the image are made readable and executable by any
-#     user on the system. Even /etc/shadow within your image is now readable by
-#     any user.
-#
-#   OCTAL: Users can experiment with other OCTAL Permissions.
-#
-#  Note: The force_mask Flag is an experimental feature, it could change in the
-#  future.  When "force_mask" is set the original permission mask is stored in
-#  the "user.containers.override_stat" xattr and the "mount_program" option must
-#  be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
-#  extended attribute permissions to processes within containers rather then the
-#  "force_mask"  permissions.
-#
-# force_mask = ""
-[storage.options.thinpool]
-# Storage Options for thinpool
-# autoextend_percent determines the amount by which pool needs to be
-# grown. This is specified in terms of % of pool size. So a value of 20 means
-# that when threshold is hit, pool will be grown by 20% of existing
-# pool size.
-# autoextend_percent = "20"
-# autoextend_threshold determines the pool extension threshold in terms
-# of percentage of pool size. For example, if threshold is 60, that means when
-# pool is 60% full, threshold has been hit.
-# autoextend_threshold = "80"
-# basesize specifies the size to use when creating the base device, which
-# limits the size of images and containers.
-# basesize = "10G"
-# blocksize specifies a custom blocksize to use for the thin pool.
-# blocksize="64k"
-# directlvm_device specifies a custom block storage device to use for the
-# thin pool. Required if you setup devicemapper.
-# directlvm_device = ""
-# directlvm_device_force wipes device even if device already has a filesystem.
-# directlvm_device_force = "True"
-# fs specifies the filesystem type to use for the base device.
-# fs="xfs"
-# log_level sets the log level of devicemapper.
-# 0: LogLevelSuppress 0 (Default)
-# 2: LogLevelFatal
-# 3: LogLevelErr
-# 4: LogLevelWarn
-# 5: LogLevelNotice
-# 6: LogLevelInfo
-# 7: LogLevelDebug
-# log_level = "7"
-# min_free_space specifies the min free space percent in a thin pool require for
-# new device creation to succeed. Valid values are from 0% - 99%.
-# Value 0% disables
-# min_free_space = "10%"
-# mkfsarg specifies extra mkfs arguments to be used when creating the base
-# device.
-# mkfsarg = ""
-# metadata_size is used to set the `pvcreate --metadatasize` options when
-# creating thin devices. Default is 128k
-# metadata_size = ""
-# Size is used to set a maximum size of the container image.
-# size = ""
-# use_deferred_removal marks devicemapper block device for deferred removal.
-# If the thinpool is in use when the driver attempts to remove it, the driver
-# tells the kernel to remove it as soon as possible. Note this does not free
-# up the disk space, use deferred deletion to fully remove the thinpool.
-# use_deferred_removal = "True"
-# use_deferred_deletion marks thinpool device for deferred deletion.
-# If the device is busy when the driver attempts to delete it, the driver
-# will attempt to delete device every 30 seconds until successful.
-# If the program using the driver exits, the driver will continue attempting
-# to cleanup the next time the driver is used. Deferred deletion permanently
-# deletes the device and all data stored in device will be lost.
-# use_deferred_deletion = "True"
-# xfs_nospace_max_retries specifies the maximum number of retries XFS should
-# attempt to complete IO when ENOSPC (no space) error is returned by
-# underlying storage device.
-# xfs_nospace_max_retries = "0"
diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb
index a719671c..66168ca8 100644
--- a/recipes-containers/skopeo/skopeo_git.bb
+++ b/recipes-containers/skopeo/skopeo_git.bb
@@ -21,8 +21,6 @@ RDEPENDS:${PN} = " \
 SRC_URI = " \
    git://github.com/containers/skopeo;branch=main;protocol=https \
-    file://storage.conf \
-    file://registries.conf \
    file://0001-makefile-add-GOBUILDFLAGS-to-go-build-call.patch \
 "
@@ -35,6 +33,8 @@ S = "${WORKDIR}/git"
 inherit goarch
 inherit pkgconfig
+inherit container-host
 # This CVE was fixed in the container image go library skopeo is using.
 # See:
 # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
@@ -83,9 +83,6 @@ do_install() {
        install ${S}/src/import/bin/skopeo ${D}/${sbindir}/
        install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json
-        install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf
-        install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf
 }
 do_install:append:class-native() {
author	Bruce Ashfield <bruce.ashfield@gmail.com>	2023-02-17 15:19:53 -0500
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2023-02-17 15:21:53 -0500
commit	82698d923439e3637016f8334cfba215afe49a55 (patch)
tree	b1bc1dbaed7d56c5761c75238b40edc1b66e5797
parent	a0baf4ed455828c7aed068337547c3037969e643 (diff)
download	meta-virtualization-82698d923439e3637016f8334cfba215afe49a55.tar.gz

diff --git a/recipes-containers/skopeo/files/registries.conf b/recipes-containers/skopeo/files/registries.conf deleted file mode 100644 index ba6c3f6e..00000000 --- a/recipes-containers/skopeo/files/registries.conf +++ /dev/null
@@ -1,25 +0,0 @@
1	# This is a system-wide configuration file used to
2	# keep track of registries for various container backends.
3	# It adheres to TOML format and does not support recursive
4	# lists of registries.
5
6	# The default location for this configuration file is /etc/containers/registries.conf.
7
8	# The only valid categories are: 'registries.search', 'registries.insecure',
9	# and 'registries.block'.
10
11	[registries.search]
12	registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org']
13
14	# If you need to access insecure registries, add the registry's fully-qualified name.
15	# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
16	[registries.insecure]
17	registries = []
18
19
20	# If you need to block pull access from a registry, uncomment the section below
21	# and add the registries fully-qualified name.
22	#
23	# Docker only
24	[registries.block]
25	registries = []


diff --git a/recipes-containers/skopeo/files/storage.conf b/recipes-containers/skopeo/files/storage.conf deleted file mode 100644 index 722750c0..00000000 --- a/recipes-containers/skopeo/files/storage.conf +++ /dev/null
@@ -1,195 +0,0 @@
1	# This file is is the configuration file for all tools
2	# that use the containers/storage library.
3	# See man 5 containers-storage.conf for more information
4	# The "container storage" table contains all of the server options.
5	[storage]
6
7	# Default Storage Driver, Must be set for proper operation.
8	driver = "overlay"
9
10	# Temporary storage location
11	runroot = "/run/containers/storage"
12
13	# Primary Read/Write location of container storage
14	graphroot = "/var/lib/containers/storage"
15
16	# Storage path for rootless users
17	#
18	# rootless_storage_path = "$HOME/.local/share/containers/storage"
19
20	[storage.options]
21	# Storage options to be passed to underlying storage drivers
22
23	# AdditionalImageStores is used to pass paths to additional Read/Only image stores
24	# Must be comma separated list.
25	additionalimagestores = [
26	]
27
28	# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
29	# a container, to the UIDs/GIDs as they should appear outside of the container,
30	# and the length of the range of UIDs/GIDs. Additional mapped sets can be
31	# listed and will be heeded by libraries, but there are limits to the number of
32	# mappings which the kernel will allow when you later attempt to run a
33	# container.
34	#
35	# remap-uids = 0:1668442479:65536
36	# remap-gids = 0:1668442479:65536
37
38	# Remap-User/Group is a user name which can be used to look up one or more UID/GID
39	# ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting
40	# with an in-container ID of 0 and then a host-level ID taken from the lowest
41	# range that matches the specified name, and using the length of that range.
42	# Additional ranges are then assigned, using the ranges which specify the
43	# lowest host-level IDs first, to the lowest not-yet-mapped in-container ID,
44	# until all of the entries have been used for maps.
45	#
46	# remap-user = "containers"
47	# remap-group = "containers"
48
49	# Root-auto-userns-user is a user name which can be used to look up one or more UID/GID
50	# ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned
51	# to containers configured to create automatically a user namespace. Containers
52	# configured to automatically create a user namespace can still overlap with containers
53	# having an explicit mapping set.
54	# This setting is ignored when running as rootless.
55	# root-auto-userns-user = "storage"
56	#
57	# Auto-userns-min-size is the minimum size for a user namespace created automatically.
58	# auto-userns-min-size=1024
59	#
60	# Auto-userns-max-size is the minimum size for a user namespace created automatically.
61	# auto-userns-max-size=65536
62
63	[storage.options.overlay]
64	# ignore_chown_errors can be set to allow a non privileged user running with
65	# a single UID within a user namespace to run containers. The user can pull
66	# and use any image even those with multiple uids. Note multiple UIDs will be
67	# squashed down to the default uid in the container. These images will have no
68	# separation between the users in the container. Only supported for the overlay
69	# and vfs drivers.
70	#ignore_chown_errors = "false"
71
72	# Inodes is used to set a maximum inodes of the container image.
73	# inodes = ""
74
75	# Path to an helper program to use for mounting the file system instead of mounting it
76	# directly.
77	#mount_program = "/usr/bin/fuse-overlayfs"
78
79	# mountopt specifies comma separated list of extra mount options
80	mountopt = "nodev"
81
82	# Set to skip a PRIVATE bind mount on the storage home directory.
83	# skip_mount_home = "false"
84
85	# Size is used to set a maximum size of the container image.
86	# size = ""
87
88	# ForceMask specifies the permissions mask that is used for new files and
89	# directories.
90	#
91	# The values "shared" and "private" are accepted.
92	# Octal permission masks are also accepted.
93	#
94	# "": No value specified.
95	# All files/directories, get set with the permissions identified within the
96	# image.
97	# "private": it is equivalent to 0700.
98	# All files/directories get set with 0700 permissions. The owner has rwx
99	# access to the files. No other users on the system can access the files.
100	# This setting could be used with networked based homedirs.
101	# "shared": it is equivalent to 0755.
102	# The owner has rwx access to the files and everyone else can read, access
103	# and execute them. This setting is useful for sharing containers storage
104	# with other users. For instance have a storage owned by root but shared
105	# to rootless users as an additional store.
106	# NOTE: All files within the image are made readable and executable by any
107	# user on the system. Even /etc/shadow within your image is now readable by
108	# any user.
109	#
110	# OCTAL: Users can experiment with other OCTAL Permissions.
111	#
112	# Note: The force_mask Flag is an experimental feature, it could change in the
113	# future. When "force_mask" is set the original permission mask is stored in
114	# the "user.containers.override_stat" xattr and the "mount_program" option must
115	# be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the
116	# extended attribute permissions to processes within containers rather then the
117	# "force_mask" permissions.
118	#
119	# force_mask = ""
120
121	[storage.options.thinpool]
122	# Storage Options for thinpool
123
124	# autoextend_percent determines the amount by which pool needs to be
125	# grown. This is specified in terms of % of pool size. So a value of 20 means
126	# that when threshold is hit, pool will be grown by 20% of existing
127	# pool size.
128	# autoextend_percent = "20"
129
130	# autoextend_threshold determines the pool extension threshold in terms
131	# of percentage of pool size. For example, if threshold is 60, that means when
132	# pool is 60% full, threshold has been hit.
133	# autoextend_threshold = "80"
134
135	# basesize specifies the size to use when creating the base device, which
136	# limits the size of images and containers.
137	# basesize = "10G"
138
139	# blocksize specifies a custom blocksize to use for the thin pool.
140	# blocksize="64k"
141
142	# directlvm_device specifies a custom block storage device to use for the
143	# thin pool. Required if you setup devicemapper.
144	# directlvm_device = ""
145
146	# directlvm_device_force wipes device even if device already has a filesystem.
147	# directlvm_device_force = "True"
148
149	# fs specifies the filesystem type to use for the base device.
150	# fs="xfs"
151
152	# log_level sets the log level of devicemapper.
153	# 0: LogLevelSuppress 0 (Default)
154	# 2: LogLevelFatal
155	# 3: LogLevelErr
156	# 4: LogLevelWarn
157	# 5: LogLevelNotice
158	# 6: LogLevelInfo
159	# 7: LogLevelDebug
160	# log_level = "7"
161
162	# min_free_space specifies the min free space percent in a thin pool require for
163	# new device creation to succeed. Valid values are from 0% - 99%.
164	# Value 0% disables
165	# min_free_space = "10%"
166
167	# mkfsarg specifies extra mkfs arguments to be used when creating the base
168	# device.
169	# mkfsarg = ""
170
171	# metadata_size is used to set the `pvcreate --metadatasize` options when
172	# creating thin devices. Default is 128k
173	# metadata_size = ""
174
175	# Size is used to set a maximum size of the container image.
176	# size = ""
177
178	# use_deferred_removal marks devicemapper block device for deferred removal.
179	# If the thinpool is in use when the driver attempts to remove it, the driver
180	# tells the kernel to remove it as soon as possible. Note this does not free
181	# up the disk space, use deferred deletion to fully remove the thinpool.
182	# use_deferred_removal = "True"
183
184	# use_deferred_deletion marks thinpool device for deferred deletion.
185	# If the device is busy when the driver attempts to delete it, the driver
186	# will attempt to delete device every 30 seconds until successful.
187	# If the program using the driver exits, the driver will continue attempting
188	# to cleanup the next time the driver is used. Deferred deletion permanently
189	# deletes the device and all data stored in device will be lost.
190	# use_deferred_deletion = "True"
191
192	# xfs_nospace_max_retries specifies the maximum number of retries XFS should
193	# attempt to complete IO when ENOSPC (no space) error is returned by
194	# underlying storage device.
195	# xfs_nospace_max_retries = "0"


diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb index a719671c..66168ca8 100644 --- a/recipes-containers/skopeo/skopeo_git.bb +++ b/recipes-containers/skopeo/skopeo_git.bb
@@ -21,8 +21,6 @@ RDEPENDS:${PN} = " \
21		21
22	SRC_URI = " \	22	SRC_URI = " \
23	git://github.com/containers/skopeo;branch=main;protocol=https \	23	git://github.com/containers/skopeo;branch=main;protocol=https \
24	file://storage.conf \
25	file://registries.conf \
26	file://0001-makefile-add-GOBUILDFLAGS-to-go-build-call.patch \	24	file://0001-makefile-add-GOBUILDFLAGS-to-go-build-call.patch \
27	"	25	"
28		26
@@ -35,6 +33,8 @@ S = "${WORKDIR}/git"
35	inherit goarch	33	inherit goarch
36	inherit pkgconfig	34	inherit pkgconfig
37		35
		36	inherit container-host
		37
38	# This CVE was fixed in the container image go library skopeo is using.	38	# This CVE was fixed in the container image go library skopeo is using.
39	# See:	39	# See:
40	# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214	40	# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
@@ -83,9 +83,6 @@ do_install() {
83		83
84	install ${S}/src/import/bin/skopeo ${D}/${sbindir}/	84	install ${S}/src/import/bin/skopeo ${D}/${sbindir}/
85	install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json	85	install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json
86
87	install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf
88	install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf
89	}	86	}
90		87
91	do_install:append:class-native() {	88	do_install:append:class-native() {