rootlesskit: introduce linux-native fakeroo using user namespaces

see: https://github.com/rootless-containers/rootlesskit --------- RootlessKit: Linux-native fakeroot using user namespaces RootlessKit is a Linux-native implementation of 'fake root' using user_namespaces(7). The purpose of RootlessKit is to run Docker and Kubernetes as an unprivileged user (known as 'Rootless mode'), so as to protect the real root on the host from potential container-breakout attacks. --------- This is a building block for cross installation of containers and rootless on-target execution. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
author: Bruce Ashfield <bruce.ashfield@gmail.com> 2024-06-04 17:42:44 +0000
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2024-06-04 17:44:50 +0000
commit: e96da98e4038f5388596b4294ac3d8425b2dacb2 (patch)
tree: cb0e734b7e216a5bd28308cdc6d5d4b6779b39f5
parent: aaad95b19197ce1655ceddbe7412d8536df94375 (diff)
download: meta-virtualization-e96da98e4038f5388596b4294ac3d8425b2dacb2.tar.gz
4 files changed, 267 insertions, 0 deletions
diff --git a/recipes-extended/rootlesskit/relocation.inc b/recipes-extended/rootlesskit/relocation.inc
new file mode 100644
index 00000000..02c5c85c
--- /dev/null
+++ b/recipes-extended/rootlesskit/relocation.inc
@@ -0,0 +1,38 @@
+export sites="gotest.tools/v3:gotest.tools/v3:force \
+           golang.org/x/sys:golang.org/x/sys:force \
+           golang.org/x/net:golang.org/x/net:force \
+           github.com/gofrs/flock:github.com/gofrs/flock:force \
+           github.com/google/uuid:github.com/google/uuid:force \
+           github.com/gorilla/mux:github.com/gorilla/mux:force \
+           github.com/moby/vpnkit:github.com/moby/vpnkit:force \
+           github.com/u-root/uio:github.com/u-root/uio:force \
+           github.com/songgao/water:github.com/songgao/water:force \
+           github.com/urfave/cli/v2:github.com/urfave/cli/v2:force \
+           github.com/google/go-cmp:github.com/google/go-cmp:force \
+           github.com/pierrec/lz4/v4:github.com/pierrec/lz4/v4:force \
+           github.com/xrash/smetrics:github.com/xrash/smetrics:force \
+           github.com/sirupsen/logrus:github.com/sirupsen/logrus:force \
+           github.com/josharian/native:github.com/josharian/native:force \
+           github.com/insomniacslk/dhcp:github.com/insomniacslk/dhcp:force \
+           github.com/Masterminds/semver/v3:github.com/Masterminds/semver/v3:force \
+           github.com/cpuguy83/go-md2man/v2:github.com/cpuguy83/go-md2man/v2:force \
+           github.com/moby/sys/mountinfo:github.com/moby/sys/mountinfo/mountinfo:force \
+           github.com/russross/blackfriday/v2:github.com/russross/blackfriday/v2:force \
+           github.com/containernetworking/plugins:github.com/containernetworking/plugins:force"
+do_compile:prepend() {
+    cd ${S}/src/import
+    for s in $sites; do
+        site_dest=$(echo $s | cut -d: -f1)
+        site_source=$(echo $s | cut -d: -f2)
+        force_flag=$(echo $s | cut -d: -f3)
+        mkdir -p vendor.copy/$site_dest
+        if [ -n "$force_flag" ]; then
+            echo "[INFO] $site_dest: force copying .go files"
+            rm -rf vendor.copy/$site_dest
+            rsync -a --exclude='vendor/' --exclude='.git/' vendor.fetch/$site_source/ vendor.copy/$site_dest
+        else
+            [ -n "$(ls -A vendor.copy/$site_dest/*.go 2> /dev/null)" ] && { echo "[INFO] vendor.fetch/$site_source -> $site_dest: go copy skipped (files present)" ; true ; } || { echo "[INFO] $site_dest: copying .go files" ; rsync -a --exclude='vendor/' --exclude='.git/' vendor.fetch/$site_source/ vendor.copy/$site_dest ; }
+        fi
+    done
+}
diff --git a/recipes-extended/rootlesskit/rootlesskit/modules.txt b/recipes-extended/rootlesskit/rootlesskit/modules.txt
new file mode 100644
index 00000000..b38f0371
--- /dev/null
+++ b/recipes-extended/rootlesskit/rootlesskit/modules.txt
@@ -0,0 +1,42 @@
+# github.com/Masterminds/semver/v3 v3.2.1
+## explicit
+# github.com/containernetworking/plugins v1.5.0
+## explicit
+# github.com/gofrs/flock v0.8.1
+## explicit
+# github.com/google/uuid v1.6.0
+## explicit
+# github.com/gorilla/mux v1.8.1
+## explicit
+# github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb
+## explicit
+# github.com/moby/sys/mountinfo v0.7.1
+## explicit
+# github.com/moby/vpnkit v0.5.0
+## explicit
+# github.com/sirupsen/logrus v1.9.3
+## explicit
+# github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
+## explicit
+# github.com/urfave/cli/v2 v2.27.2
+## explicit
+# golang.org/x/sys v0.20.0
+## explicit
+# gotest.tools/v3 v3.5.1
+## explicit
+# github.com/cpuguy83/go-md2man/v2 v2.0.4
+## explicit
+# github.com/google/go-cmp v0.6.0
+## explicit
+# github.com/josharian/native v1.1.0
+## explicit
+# github.com/pierrec/lz4/v4 v4.1.17
+## explicit
+# github.com/russross/blackfriday/v2 v2.1.0
+## explicit
+# github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63
+## explicit
+# github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913
+## explicit
+# golang.org/x/net v0.24.0
+## explicit
diff --git a/recipes-extended/rootlesskit/rootlesskit_git.bb b/recipes-extended/rootlesskit/rootlesskit_git.bb
new file mode 100644
index 00000000..26b4c57c
--- /dev/null
+++ b/recipes-extended/rootlesskit/rootlesskit_git.bb
@@ -0,0 +1,81 @@
+HOMEPAGE = "https://github.com/rootless-containers/rootlesskit"
+SUMMARY =  "RootlessKit: Linux-native fakeroot using user namespaces"
+DESCRIPTION = "RootlessKit is a Linux-native implementation of 'fake root' using user_namespaces(7). \
+The purpose of RootlessKit is to run Docker and Kubernetes as an unprivileged user (known as 'Rootless mode'),\
+so as to protect the real root on the host from potential container-breakout attacks. \
+"
+# generated with:
+# scripts/oe-go-mod-autogen.py --repo  https://github.com/rootless-containers/rootlesskit  --rev c784875ba4ba4c5aaa256f98675fd543b087c900
+DEPENDS = " \
+    go-md2man \
+    rsync-native \
+"
+# Specify the first two important SRCREVs as the format
+SRCREV_FORMAT="rootless"
+SRCREV_rootless = "d942cd5880099d8ce0fddeef051cad4894eba25e"
+SRC_URI = "git://github.com/rootless-containers/rootlesskit;name=rootless;branch=master;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX}"
+include src_uri.inc
+# patches and config
+SRC_URI += "file://modules.txt \
+           "
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+GO_IMPORT = "import"
+S = "${WORKDIR}/git"
+PV = "v2.1.0+git"
+ROOTLESS_PKG = "github.com/rootless-containers/rootlesskit"
+inherit go goarch
+inherit systemd pkgconfig
+do_configure[noexec] = "1"
+EXTRA_OEMAKE = " \
+     PREFIX=${prefix} BINDIR=${bindir} LIBEXECDIR=${libexecdir} \
+     ETCDIR=${sysconfdir} TMPFILESDIR=${nonarch_libdir}/tmpfiles.d \
+     SYSTEMDDIR=${systemd_unitdir}/system USERSYSTEMDDIR=${systemd_unitdir}/user \
+"
+PACKAGECONFIG ?= ""
+include relocation.inc
+do_compile() {
+        cd ${S}/src/import
+        export GOPATH="$GOPATH:${S}/src/import/.gopath"
+        # Pass the needed cflags/ldflags so that cgo
+        # can find the needed headers files and libraries
+        export GOARCH=${TARGET_GOARCH}
+        export CGO_ENABLED="1"
+        export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+        export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
+        export GOFLAGS="-mod=vendor -trimpath ${PIEFLAG}"
+        # our copied .go files are to be used for the build
+        ln -sf vendor.copy vendor
+        # inform go that we know what we are doing
+        cp ${UNPACKDIR}/modules.txt vendor/
+        oe_runmake GO=${GO} BUILDTAGS="${BUILDTAGS}" all
+}
+do_install() {
+        install -d "${D}${BIN_PREFIX}${base_bindir}"
+        for b in rootlessctl  rootlesskit  rootlesskit-docker-proxy; do
+                install -m 755 "${S}/src/import/bin/$b" "${D}${BIN_PREFIX}${base_bindir}"
+        done
+}
diff --git a/recipes-extended/rootlesskit/src_uri.inc b/recipes-extended/rootlesskit/src_uri.inc
new file mode 100644
index 00000000..91385f1f
--- /dev/null
+++ b/recipes-extended/rootlesskit/src_uri.inc
@@ -0,0 +1,106 @@
+#       gotest.tools/v3 v3.5.1
+# [1] git ls-remote https://github.com/gotestyourself/gotest.tools 81cea1abc596b025bf2573c7fdf97740512e4c6c
+SRCREV_gotest.tools-v3="81cea1abc596b025bf2573c7fdf97740512e4c6c"
+SRC_URI += "git://github.com/gotestyourself/gotest.tools;name=gotest.tools-v3;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/gotest.tools/v3"
+#       golang.org/x/sys v0.20.0
+# [1] git ls-remote https://go.googlesource.com/sys 7d69d983c4522784860c781a0d7b80408fdc0cd1
+SRCREV_sys="7d69d983c4522784860c781a0d7b80408fdc0cd1"
+SRC_URI += "git://go.googlesource.com/sys;name=sys;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/golang.org/x/sys"
+#       golang.org/x/net v0.24.0
+# [1] git ls-remote https://go.googlesource.com/net 7bbe32058aba7159e4d273710e6f4f1c16c627fb
+SRCREV_net="7bbe32058aba7159e4d273710e6f4f1c16c627fb"
+SRC_URI += "git://go.googlesource.com/net;name=net;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/golang.org/x/net"
+#       github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63
+# [1] git ls-remote https://github.com/u-root/uio 3e8cd9d6bf6310d57e3e1e95ffda926a4be34cce
+#SRCREV_uio="3e8cd9d6bf6310d57e3e1e95ffda926a4be34cce"
+SRCREV_uio="d2acac8f37018c514adec45c51f58eace3795df4"
+SRC_URI += "git://github.com/u-root/uio;name=uio;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/u-root/uio"
+#       github.com/gofrs/flock v0.8.1
+# [1] git ls-remote https://github.com/gofrs/flock 6f010d1acea74a32f2f2066bfe324c08bbee30e3
+SRCREV_flock="6f010d1acea74a32f2f2066bfe324c08bbee30e3"
+SRC_URI += "git://github.com/gofrs/flock;name=flock;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/gofrs/flock"
+#       github.com/google/uuid v1.6.0
+# [1] git ls-remote https://github.com/google/uuid 0f11ee6918f41a04c201eceeadf612a377bc7fbc
+SRCREV_uuid="0f11ee6918f41a04c201eceeadf612a377bc7fbc"
+SRC_URI += "git://github.com/google/uuid;name=uuid;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/google/uuid"
+#       github.com/gorilla/mux v1.8.1
+# [1] git ls-remote https://github.com/gorilla/mux b4617d0b9670ad14039b2739167fd35a60f557c5
+SRCREV_mux="b4617d0b9670ad14039b2739167fd35a60f557c5"
+SRC_URI += "git://github.com/gorilla/mux;name=mux;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/gorilla/mux"
+#       github.com/moby/vpnkit v0.5.0
+# [1] git ls-remote https://github.com/moby/vpnkit 7f0eff0dd99b576c5474de53b4454a157c642834
+SRCREV_vpnkit="7f0eff0dd99b576c5474de53b4454a157c642834"
+SRC_URI += "git://github.com/moby/vpnkit;name=vpnkit;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/moby/vpnkit"
+#       github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
+# [1] git ls-remote https://github.com/songgao/water 2b4b6d7c09d80835e5f13f6b040d69f00a158b24
+SRCREV_water="2b4b6d7c09d80835e5f13f6b040d69f00a158b24"
+SRC_URI += "git://github.com/songgao/water;name=water;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/songgao/water"
+#       github.com/urfave/cli/v2 v2.27.2
+# [1] git ls-remote https://github.com/urfave/cli a1a099bd1c28a2a6beac29123308e87b9606fcc0
+SRCREV_v2="a1a099bd1c28a2a6beac29123308e87b9606fcc0"
+SRC_URI += "git://github.com/urfave/cli;name=v2;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/urfave/cli/v2"
+#       github.com/google/go-cmp v0.6.0
+# [1] git ls-remote https://github.com/google/go-cmp c3ad8435e7bef96af35732bc0789e5a2278c6d5f
+SRCREV_go-cmp="c3ad8435e7bef96af35732bc0789e5a2278c6d5f"
+SRC_URI += "git://github.com/google/go-cmp;name=go-cmp;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/google/go-cmp"
+#       github.com/pierrec/lz4/v4 v4.1.17
+# [1] git ls-remote https://github.com/pierrec/lz4 d2b3f5d3e4659cc4fd720d1649c39b5627187261
+SRCREV_v4="d2b3f5d3e4659cc4fd720d1649c39b5627187261"
+SRC_URI += "git://github.com/pierrec/lz4;name=v4;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/pierrec/lz4/v4"
+#       github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913
+# [1] git ls-remote https://github.com/xrash/smetrics 5f08fbb34913bc8ab95bb4f2a89a0637ca922666
+SRCREV_smetrics="5f08fbb34913bc8ab95bb4f2a89a0637ca922666"
+SRC_URI += "git://github.com/xrash/smetrics;name=smetrics;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/xrash/smetrics"
+#       github.com/sirupsen/logrus v1.9.3
+# [1] git ls-remote https://github.com/sirupsen/logrus d40e25cd45ed9c6b2b66e6b97573a0413e4c23bd
+SRCREV_logrus="d40e25cd45ed9c6b2b66e6b97573a0413e4c23bd"
+SRC_URI += "git://github.com/sirupsen/logrus;name=logrus;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/sirupsen/logrus"
+#       github.com/josharian/native v1.1.0
+# [1] git ls-remote https://github.com/josharian/native c1e37c09b531b14ae12a501eb6fd529b31cecdaa
+SRCREV_native="c1e37c09b531b14ae12a501eb6fd529b31cecdaa"
+SRC_URI += "git://github.com/josharian/native;name=native;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/josharian/native"
+#       github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb
+# [1] git ls-remote https://github.com/insomniacslk/dhcp 49801966e6cb2cfc58a2bd98f69a9c182c1d4c18
+SRCREV_dhcp="49801966e6cb2cfc58a2bd98f69a9c182c1d4c18"
+SRC_URI += "git://github.com/insomniacslk/dhcp;name=dhcp;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/insomniacslk/dhcp"
+#       github.com/moby/sys/mountinfo v0.7.1
+# [1] git ls-remote https://github.com/moby/sys 4950d7687cf6c9b138dc0e18c2c7351e1f6ed497
+SRCREV_mountinfo="4950d7687cf6c9b138dc0e18c2c7351e1f6ed497"
+SRC_URI += "git://github.com/moby/sys;name=mountinfo;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/moby/sys/mountinfo"
+#       github.com/Masterminds/semver/v3 v3.2.1
+# [1] git ls-remote https://github.com/Masterminds/semver e06051f8fcc4c8b4a4990c337b9862a2448722e5
+SRCREV_v3="e06051f8fcc4c8b4a4990c337b9862a2448722e5"
+SRC_URI += "git://github.com/Masterminds/semver;name=v3;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/Masterminds/semver/v3"
+#       github.com/cpuguy83/go-md2man/v2 v2.0.4
+# [1] git ls-remote https://github.com/cpuguy83/go-md2man d6816bfbea7506064a28119f805fb79f9bc5aeec
+SRCREV_go-md2man-v2="d6816bfbea7506064a28119f805fb79f9bc5aeec"
+SRC_URI += "git://github.com/cpuguy83/go-md2man;name=go-md2man-v2;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/cpuguy83/go-md2man/v2"
+#       github.com/russross/blackfriday/v2 v2.1.0
+# [1] git ls-remote https://github.com/russross/blackfriday 4c9bf9512682b995722660a4196c0013228e2049
+SRCREV_blackfriday-v2="4c9bf9512682b995722660a4196c0013228e2049"
+SRC_URI += "git://github.com/russross/blackfriday;name=blackfriday-v2;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/russross/blackfriday/v2"
+#       github.com/containernetworking/plugins v1.5.0
+# [1] git ls-remote https://github.com/containernetworking/plugins 0259301ae2eab8cb4f5755d790c29cb869765f8a
+SRCREV_plugins="0259301ae2eab8cb4f5755d790c29cb869765f8a"
+SRC_URI += "git://github.com/containernetworking/plugins;name=plugins;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/containernetworking/plugins"
author	Bruce Ashfield <bruce.ashfield@gmail.com>	2024-06-04 17:42:44 +0000
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2024-06-04 17:44:50 +0000
commit	e96da98e4038f5388596b4294ac3d8425b2dacb2 (patch)
tree	cb0e734b7e216a5bd28308cdc6d5d4b6779b39f5
parent	aaad95b19197ce1655ceddbe7412d8536df94375 (diff)
download	meta-virtualization-e96da98e4038f5388596b4294ac3d8425b2dacb2.tar.gz

diff --git a/recipes-extended/rootlesskit/relocation.inc b/recipes-extended/rootlesskit/relocation.inc new file mode 100644 index 00000000..02c5c85c --- /dev/null +++ b/recipes-extended/rootlesskit/relocation.inc
@@ -0,0 +1,38 @@
	1	export sites="gotest.tools/v3:gotest.tools/v3:force \
	2	golang.org/x/sys:golang.org/x/sys:force \
	3	golang.org/x/net:golang.org/x/net:force \
	4	github.com/gofrs/flock:github.com/gofrs/flock:force \
	5	github.com/google/uuid:github.com/google/uuid:force \
	6	github.com/gorilla/mux:github.com/gorilla/mux:force \
	7	github.com/moby/vpnkit:github.com/moby/vpnkit:force \
	8	github.com/u-root/uio:github.com/u-root/uio:force \
	9	github.com/songgao/water:github.com/songgao/water:force \
	10	github.com/urfave/cli/v2:github.com/urfave/cli/v2:force \
	11	github.com/google/go-cmp:github.com/google/go-cmp:force \
	12	github.com/pierrec/lz4/v4:github.com/pierrec/lz4/v4:force \
	13	github.com/xrash/smetrics:github.com/xrash/smetrics:force \
	14	github.com/sirupsen/logrus:github.com/sirupsen/logrus:force \
	15	github.com/josharian/native:github.com/josharian/native:force \
	16	github.com/insomniacslk/dhcp:github.com/insomniacslk/dhcp:force \
	17	github.com/Masterminds/semver/v3:github.com/Masterminds/semver/v3:force \
	18	github.com/cpuguy83/go-md2man/v2:github.com/cpuguy83/go-md2man/v2:force \
	19	github.com/moby/sys/mountinfo:github.com/moby/sys/mountinfo/mountinfo:force \
	20	github.com/russross/blackfriday/v2:github.com/russross/blackfriday/v2:force \
	21	github.com/containernetworking/plugins:github.com/containernetworking/plugins:force"
	22
	23	do_compile:prepend() {
	24	cd ${S}/src/import
	25	for s in $sites; do
	26	site_dest=$(echo $s \| cut -d: -f1)
	27	site_source=$(echo $s \| cut -d: -f2)
	28	force_flag=$(echo $s \| cut -d: -f3)
	29	mkdir -p vendor.copy/$site_dest
	30	if [ -n "$force_flag" ]; then
	31	echo "[INFO] $site_dest: force copying .go files"
	32	rm -rf vendor.copy/$site_dest
	33	rsync -a --exclude='vendor/' --exclude='.git/' vendor.fetch/$site_source/ vendor.copy/$site_dest
	34	else
	35	[ -n "$(ls -A vendor.copy/$site_dest/*.go 2> /dev/null)" ] && { echo "[INFO] vendor.fetch/$site_source -> $site_dest: go copy skipped (files present)" ; true ; } \|\| { echo "[INFO] $site_dest: copying .go files" ; rsync -a --exclude='vendor/' --exclude='.git/' vendor.fetch/$site_source/ vendor.copy/$site_dest ; }
	36	fi
	37	done
	38	}


diff --git a/recipes-extended/rootlesskit/rootlesskit/modules.txt b/recipes-extended/rootlesskit/rootlesskit/modules.txt new file mode 100644 index 00000000..b38f0371 --- /dev/null +++ b/recipes-extended/rootlesskit/rootlesskit/modules.txt
@@ -0,0 +1,42 @@
	1	# github.com/Masterminds/semver/v3 v3.2.1
	2	## explicit
	3	# github.com/containernetworking/plugins v1.5.0
	4	## explicit
	5	# github.com/gofrs/flock v0.8.1
	6	## explicit
	7	# github.com/google/uuid v1.6.0
	8	## explicit
	9	# github.com/gorilla/mux v1.8.1
	10	## explicit
	11	# github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb
	12	## explicit
	13	# github.com/moby/sys/mountinfo v0.7.1
	14	## explicit
	15	# github.com/moby/vpnkit v0.5.0
	16	## explicit
	17	# github.com/sirupsen/logrus v1.9.3
	18	## explicit
	19	# github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
	20	## explicit
	21	# github.com/urfave/cli/v2 v2.27.2
	22	## explicit
	23	# golang.org/x/sys v0.20.0
	24	## explicit
	25	# gotest.tools/v3 v3.5.1
	26	## explicit
	27	# github.com/cpuguy83/go-md2man/v2 v2.0.4
	28	## explicit
	29	# github.com/google/go-cmp v0.6.0
	30	## explicit
	31	# github.com/josharian/native v1.1.0
	32	## explicit
	33	# github.com/pierrec/lz4/v4 v4.1.17
	34	## explicit
	35	# github.com/russross/blackfriday/v2 v2.1.0
	36	## explicit
	37	# github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63
	38	## explicit
	39	# github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913
	40	## explicit
	41	# golang.org/x/net v0.24.0
	42	## explicit


diff --git a/recipes-extended/rootlesskit/rootlesskit_git.bb b/recipes-extended/rootlesskit/rootlesskit_git.bb new file mode 100644 index 00000000..26b4c57c --- /dev/null +++ b/recipes-extended/rootlesskit/rootlesskit_git.bb
@@ -0,0 +1,81 @@
	1	HOMEPAGE = "https://github.com/rootless-containers/rootlesskit"
	2	SUMMARY = "RootlessKit: Linux-native fakeroot using user namespaces"
	3	DESCRIPTION = "RootlessKit is a Linux-native implementation of 'fake root' using user_namespaces(7). \
	4	The purpose of RootlessKit is to run Docker and Kubernetes as an unprivileged user (known as 'Rootless mode'),\
	5	so as to protect the real root on the host from potential container-breakout attacks. \
	6	"
	7
	8	# generated with:
	9	# scripts/oe-go-mod-autogen.py --repo https://github.com/rootless-containers/rootlesskit --rev c784875ba4ba4c5aaa256f98675fd543b087c900
	10
	11	DEPENDS = " \
	12	go-md2man \
	13	rsync-native \
	14	"
	15	# Specify the first two important SRCREVs as the format
	16	SRCREV_FORMAT="rootless"
	17	SRCREV_rootless = "d942cd5880099d8ce0fddeef051cad4894eba25e"
	18
	19	SRC_URI = "git://github.com/rootless-containers/rootlesskit;name=rootless;branch=master;protocol=https;destsuffix=${GO_SRCURI_DESTSUFFIX}"
	20
	21	include src_uri.inc
	22
	23	# patches and config
	24	SRC_URI += "file://modules.txt \
	25	"
	26
	27	LICENSE = "Apache-2.0"
	28	LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
	29
	30	GO_IMPORT = "import"
	31
	32	S = "${WORKDIR}/git"
	33
	34	PV = "v2.1.0+git"
	35
	36	ROOTLESS_PKG = "github.com/rootless-containers/rootlesskit"
	37
	38	inherit go goarch
	39	inherit systemd pkgconfig
	40
	41	do_configure[noexec] = "1"
	42
	43	EXTRA_OEMAKE = " \
	44	PREFIX=${prefix} BINDIR=${bindir} LIBEXECDIR=${libexecdir} \
	45	ETCDIR=${sysconfdir} TMPFILESDIR=${nonarch_libdir}/tmpfiles.d \
	46	SYSTEMDDIR=${systemd_unitdir}/system USERSYSTEMDDIR=${systemd_unitdir}/user \
	47	"
	48
	49	PACKAGECONFIG ?= ""
	50
	51	include relocation.inc
	52
	53	do_compile() {
	54
	55	cd ${S}/src/import
	56
	57	export GOPATH="$GOPATH:${S}/src/import/.gopath"
	58
	59	# Pass the needed cflags/ldflags so that cgo
	60	# can find the needed headers files and libraries
	61	export GOARCH=${TARGET_GOARCH}
	62	export CGO_ENABLED="1"
	63	export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}"
	64	export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}"
	65
	66	export GOFLAGS="-mod=vendor -trimpath ${PIEFLAG}"
	67
	68	# our copied .go files are to be used for the build
	69	ln -sf vendor.copy vendor
	70	# inform go that we know what we are doing
	71	cp ${UNPACKDIR}/modules.txt vendor/
	72
	73	oe_runmake GO=${GO} BUILDTAGS="${BUILDTAGS}" all
	74	}
	75
	76	do_install() {
	77	install -d "${D}${BIN_PREFIX}${base_bindir}"
	78	for b in rootlessctl rootlesskit rootlesskit-docker-proxy; do
	79	install -m 755 "${S}/src/import/bin/$b" "${D}${BIN_PREFIX}${base_bindir}"
	80	done
	81	}


diff --git a/recipes-extended/rootlesskit/src_uri.inc b/recipes-extended/rootlesskit/src_uri.inc new file mode 100644 index 00000000..91385f1f --- /dev/null +++ b/recipes-extended/rootlesskit/src_uri.inc
@@ -0,0 +1,106 @@
	1	# gotest.tools/v3 v3.5.1
	2	# [1] git ls-remote https://github.com/gotestyourself/gotest.tools 81cea1abc596b025bf2573c7fdf97740512e4c6c
	3	SRCREV_gotest.tools-v3="81cea1abc596b025bf2573c7fdf97740512e4c6c"
	4	SRC_URI += "git://github.com/gotestyourself/gotest.tools;name=gotest.tools-v3;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/gotest.tools/v3"
	5
	6	# golang.org/x/sys v0.20.0
	7	# [1] git ls-remote https://go.googlesource.com/sys 7d69d983c4522784860c781a0d7b80408fdc0cd1
	8	SRCREV_sys="7d69d983c4522784860c781a0d7b80408fdc0cd1"
	9	SRC_URI += "git://go.googlesource.com/sys;name=sys;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/golang.org/x/sys"
	10
	11	# golang.org/x/net v0.24.0
	12	# [1] git ls-remote https://go.googlesource.com/net 7bbe32058aba7159e4d273710e6f4f1c16c627fb
	13	SRCREV_net="7bbe32058aba7159e4d273710e6f4f1c16c627fb"
	14	SRC_URI += "git://go.googlesource.com/net;name=net;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/golang.org/x/net"
	15
	16	# github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63
	17	# [1] git ls-remote https://github.com/u-root/uio 3e8cd9d6bf6310d57e3e1e95ffda926a4be34cce
	18	#SRCREV_uio="3e8cd9d6bf6310d57e3e1e95ffda926a4be34cce"
	19	SRCREV_uio="d2acac8f37018c514adec45c51f58eace3795df4"
	20	SRC_URI += "git://github.com/u-root/uio;name=uio;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/u-root/uio"
	21
	22	# github.com/gofrs/flock v0.8.1
	23	# [1] git ls-remote https://github.com/gofrs/flock 6f010d1acea74a32f2f2066bfe324c08bbee30e3
	24	SRCREV_flock="6f010d1acea74a32f2f2066bfe324c08bbee30e3"
	25	SRC_URI += "git://github.com/gofrs/flock;name=flock;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/gofrs/flock"
	26
	27	# github.com/google/uuid v1.6.0
	28	# [1] git ls-remote https://github.com/google/uuid 0f11ee6918f41a04c201eceeadf612a377bc7fbc
	29	SRCREV_uuid="0f11ee6918f41a04c201eceeadf612a377bc7fbc"
	30	SRC_URI += "git://github.com/google/uuid;name=uuid;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/google/uuid"
	31
	32	# github.com/gorilla/mux v1.8.1
	33	# [1] git ls-remote https://github.com/gorilla/mux b4617d0b9670ad14039b2739167fd35a60f557c5
	34	SRCREV_mux="b4617d0b9670ad14039b2739167fd35a60f557c5"
	35	SRC_URI += "git://github.com/gorilla/mux;name=mux;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/gorilla/mux"
	36
	37	# github.com/moby/vpnkit v0.5.0
	38	# [1] git ls-remote https://github.com/moby/vpnkit 7f0eff0dd99b576c5474de53b4454a157c642834
	39	SRCREV_vpnkit="7f0eff0dd99b576c5474de53b4454a157c642834"
	40	SRC_URI += "git://github.com/moby/vpnkit;name=vpnkit;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/moby/vpnkit"
	41
	42	# github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
	43	# [1] git ls-remote https://github.com/songgao/water 2b4b6d7c09d80835e5f13f6b040d69f00a158b24
	44	SRCREV_water="2b4b6d7c09d80835e5f13f6b040d69f00a158b24"
	45	SRC_URI += "git://github.com/songgao/water;name=water;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/songgao/water"
	46
	47	# github.com/urfave/cli/v2 v2.27.2
	48	# [1] git ls-remote https://github.com/urfave/cli a1a099bd1c28a2a6beac29123308e87b9606fcc0
	49	SRCREV_v2="a1a099bd1c28a2a6beac29123308e87b9606fcc0"
	50	SRC_URI += "git://github.com/urfave/cli;name=v2;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/urfave/cli/v2"
	51
	52	# github.com/google/go-cmp v0.6.0
	53	# [1] git ls-remote https://github.com/google/go-cmp c3ad8435e7bef96af35732bc0789e5a2278c6d5f
	54	SRCREV_go-cmp="c3ad8435e7bef96af35732bc0789e5a2278c6d5f"
	55	SRC_URI += "git://github.com/google/go-cmp;name=go-cmp;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/google/go-cmp"
	56
	57	# github.com/pierrec/lz4/v4 v4.1.17
	58	# [1] git ls-remote https://github.com/pierrec/lz4 d2b3f5d3e4659cc4fd720d1649c39b5627187261
	59	SRCREV_v4="d2b3f5d3e4659cc4fd720d1649c39b5627187261"
	60	SRC_URI += "git://github.com/pierrec/lz4;name=v4;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/pierrec/lz4/v4"
	61
	62	# github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913
	63	# [1] git ls-remote https://github.com/xrash/smetrics 5f08fbb34913bc8ab95bb4f2a89a0637ca922666
	64	SRCREV_smetrics="5f08fbb34913bc8ab95bb4f2a89a0637ca922666"
	65	SRC_URI += "git://github.com/xrash/smetrics;name=smetrics;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/xrash/smetrics"
	66
	67	# github.com/sirupsen/logrus v1.9.3
	68	# [1] git ls-remote https://github.com/sirupsen/logrus d40e25cd45ed9c6b2b66e6b97573a0413e4c23bd
	69	SRCREV_logrus="d40e25cd45ed9c6b2b66e6b97573a0413e4c23bd"
	70	SRC_URI += "git://github.com/sirupsen/logrus;name=logrus;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/sirupsen/logrus"
	71
	72	# github.com/josharian/native v1.1.0
	73	# [1] git ls-remote https://github.com/josharian/native c1e37c09b531b14ae12a501eb6fd529b31cecdaa
	74	SRCREV_native="c1e37c09b531b14ae12a501eb6fd529b31cecdaa"
	75	SRC_URI += "git://github.com/josharian/native;name=native;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/josharian/native"
	76
	77	# github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb
	78	# [1] git ls-remote https://github.com/insomniacslk/dhcp 49801966e6cb2cfc58a2bd98f69a9c182c1d4c18
	79	SRCREV_dhcp="49801966e6cb2cfc58a2bd98f69a9c182c1d4c18"
	80	SRC_URI += "git://github.com/insomniacslk/dhcp;name=dhcp;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/insomniacslk/dhcp"
	81
	82	# github.com/moby/sys/mountinfo v0.7.1
	83	# [1] git ls-remote https://github.com/moby/sys 4950d7687cf6c9b138dc0e18c2c7351e1f6ed497
	84	SRCREV_mountinfo="4950d7687cf6c9b138dc0e18c2c7351e1f6ed497"
	85	SRC_URI += "git://github.com/moby/sys;name=mountinfo;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/moby/sys/mountinfo"
	86
	87	# github.com/Masterminds/semver/v3 v3.2.1
	88	# [1] git ls-remote https://github.com/Masterminds/semver e06051f8fcc4c8b4a4990c337b9862a2448722e5
	89	SRCREV_v3="e06051f8fcc4c8b4a4990c337b9862a2448722e5"
	90	SRC_URI += "git://github.com/Masterminds/semver;name=v3;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/Masterminds/semver/v3"
	91
	92	# github.com/cpuguy83/go-md2man/v2 v2.0.4
	93	# [1] git ls-remote https://github.com/cpuguy83/go-md2man d6816bfbea7506064a28119f805fb79f9bc5aeec
	94	SRCREV_go-md2man-v2="d6816bfbea7506064a28119f805fb79f9bc5aeec"
	95	SRC_URI += "git://github.com/cpuguy83/go-md2man;name=go-md2man-v2;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/cpuguy83/go-md2man/v2"
	96
	97	# github.com/russross/blackfriday/v2 v2.1.0
	98	# [1] git ls-remote https://github.com/russross/blackfriday 4c9bf9512682b995722660a4196c0013228e2049
	99	SRCREV_blackfriday-v2="4c9bf9512682b995722660a4196c0013228e2049"
	100	SRC_URI += "git://github.com/russross/blackfriday;name=blackfriday-v2;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/russross/blackfriday/v2"
	101
	102	# github.com/containernetworking/plugins v1.5.0
	103	# [1] git ls-remote https://github.com/containernetworking/plugins 0259301ae2eab8cb4f5755d790c29cb869765f8a
	104	SRCREV_plugins="0259301ae2eab8cb4f5755d790c29cb869765f8a"
	105	SRC_URI += "git://github.com/containernetworking/plugins;name=plugins;protocol=https;nobranch=1;destsuffix=${GO_SRCURI_DESTSUFFIX}/vendor.fetch/github.com/containernetworking/plugins"
	106