diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2023-02-19 20:54:22 -0800 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2023-02-21 10:11:47 -0500 |
| commit | a1bb5d0ab0c2828508d080c5c4bfa97bd9786b64 (patch) | |
| tree | 0577868115e0a3dc601d39b543ce12fa1601448f | |
| parent | 9a78db8a9174f811baae36a82370f2827c0bc889 (diff) | |
| download | meta-virtualization-a1bb5d0ab0c2828508d080c5c4bfa97bd9786b64.tar.gz | |
container-host-config: provide /etc/containers/policy.json
The /etc/containers/policy.json[1] file is used to specify verification
policy. For now, we can see it's used by both cri-o and skopeo. To avoid
conflict, we use container-host-config to provide this file and make both
skopeo and cri-o depend on it.
[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
4 files changed, 10 insertions, 1 deletions
diff --git a/recipes-containers/container-host-config/container-host-config.bb b/recipes-containers/container-host-config/container-host-config.bb index c762dea7..c2f17bfe 100644 --- a/recipes-containers/container-host-config/container-host-config.bb +++ b/recipes-containers/container-host-config/container-host-config.bb | |||
| @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384 | |||
| 8 | SRC_URI = " \ | 8 | SRC_URI = " \ |
| 9 | file://storage.conf \ | 9 | file://storage.conf \ |
| 10 | file://registries.conf \ | 10 | file://registries.conf \ |
| 11 | file://policy.json \ | ||
| 11 | " | 12 | " |
| 12 | 13 | ||
| 13 | do_install() { | 14 | do_install() { |
| @@ -15,4 +16,5 @@ do_install() { | |||
| 15 | 16 | ||
| 16 | install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf | 17 | install ${WORKDIR}/storage.conf ${D}/${sysconfdir}/containers/storage.conf |
| 17 | install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf | 18 | install ${WORKDIR}/registries.conf ${D}/${sysconfdir}/containers/registries.conf |
| 19 | install ${WORKDIR}/policy.json ${D}/${sysconfdir}/containers/policy.json | ||
| 18 | } | 20 | } |
diff --git a/recipes-containers/container-host-config/container-host-config/policy.json b/recipes-containers/container-host-config/container-host-config/policy.json new file mode 100755 index 00000000..bb26e57f --- /dev/null +++ b/recipes-containers/container-host-config/container-host-config/policy.json | |||
| @@ -0,0 +1,7 @@ | |||
| 1 | { | ||
| 2 | "default": [ | ||
| 3 | { | ||
| 4 | "type": "insecureAcceptAnything" | ||
| 5 | } | ||
| 6 | ] | ||
| 7 | } | ||
diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb index 9467cf1f..2ae3303c 100644 --- a/recipes-containers/cri-o/cri-o_git.bb +++ b/recipes-containers/cri-o/cri-o_git.bb | |||
| @@ -57,6 +57,7 @@ inherit systemd | |||
| 57 | inherit go | 57 | inherit go |
| 58 | inherit goarch | 58 | inherit goarch |
| 59 | inherit pkgconfig | 59 | inherit pkgconfig |
| 60 | inherit container-host | ||
| 60 | 61 | ||
| 61 | EXTRA_OEMAKE="BUILDTAGS=''" | 62 | EXTRA_OEMAKE="BUILDTAGS=''" |
| 62 | 63 | ||
diff --git a/recipes-containers/skopeo/skopeo_git.bb b/recipes-containers/skopeo/skopeo_git.bb index 66168ca8..4d062ed0 100644 --- a/recipes-containers/skopeo/skopeo_git.bb +++ b/recipes-containers/skopeo/skopeo_git.bb | |||
| @@ -82,7 +82,6 @@ do_install() { | |||
| 82 | install -d ${D}/${sysconfdir}/containers | 82 | install -d ${D}/${sysconfdir}/containers |
| 83 | 83 | ||
| 84 | install ${S}/src/import/bin/skopeo ${D}/${sbindir}/ | 84 | install ${S}/src/import/bin/skopeo ${D}/${sbindir}/ |
| 85 | install ${S}/src/import/default-policy.json ${D}/${sysconfdir}/containers/policy.json | ||
| 86 | } | 85 | } |
| 87 | 86 | ||
| 88 | do_install:append:class-native() { | 87 | do_install:append:class-native() { |