| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
To work with OCI spec v1.0 images/containers we need to update our
tools.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our current version of criu is about a year old and has some
compilation issues with the latest gcc (currently it is
unbuildable). Since the version of criu and the kernel version are
fairly tightly coupled it wouldn't be surprising of this old criu
would also be exhibiting some runtime issues with our fairly new
kernel version.
With the above in mind we uprev to criu v3.4 which was recently
released. This requires several of the patches to be updated (mostly
context). We are able to drop the selinux related change as RSS
prevents the situation this was working around from happenning.
This was validated using https://criu.org/Simple_loop (and a few
variants).
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
This reverts commit 90c1046b58c50f127ea711d83874a1dc4b68f7ed.
|
| |
|
|
|
|
|
|
|
|
| |
While the recipe was functional under an image based on core-image-
full-cmdline, when tested with core-image-minimal runtime issues
appeared: Singularity was unable to create a filesystem within the
container. This change fixes this issue.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
If Bash is not included by any other recipe, the recipe fails at the QA
check. This commit adds Bash to the list of dependencies, preventing
this issue.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Singularity is a container platform built on the principle of mobility
of compute. It is designed to be used on HPC clusters and, unlike
Docker, it does not require root access to mount an image. In addition,
it can use Docker images out-of-the-box and it can pull them from the
Docker Hub. For more information, see singularity.lbl.gov
This recipe enables building the Singularity container platform.
Additionally, it creates a symlink from /usr/bin/python3 to
/usr/bin/python, as well as a symlink to where python3 expects
CA certificates to be.
I have tested it on a Raspberry Pi 3: I successfully built and run
arm32v7 images from Docker Hub. Make sure you have the right image for
your CPU architecture: it defaults to amd64.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru at gmail dot com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-11468 is fixed in this release.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-11468
Release note:
https://github.com/docker/distribution/releases/tag/v2.6.2
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build is failing due to a failing QA check:
ERROR: lxc-2.0.8-r0 do_package_qa: QA Issue:
/usr/lib/lxc/ptest/src/tests/lxc-test-may-control contained in
package lxc-ptest requires /bin/bash, but no providers found in
RDEPENDS_lxc-ptest? [file-rdeps]
Add bash to the the ptest RDEPENDS.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Fix daemonization, align args with docker.service, fix line breaks in
log file - and fix INITSCRIPT_PARAMS (there is no variable
OS_DEFAULT_INITSCRIPT_PARAMS).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Analogously to docker: There is no variable
OS_DEFAULT_INITSCRIPT_PARAMS, just use "defaults".
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To match the docker (moby) and runc updates, we need the latest containerd
from the 0.2.x branch to work in cooperation with the other components.
Note: containerd master won't currently work with docker master, but is
very similar to 0.2.x. The build target varies slightly in master, but
otherwise with these changes to the recipe and build steps we can switch
easily when the time comes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The docker uprev missed the version string which matches the actual
binary being built. With this change, the package now reflects the
correct version.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
The latest oci-runtime-tool builds are throwing the missing GNU_HASH
error during QA checks.
This is common with go applications, and isn't a problem, so for now,
we simply skip the check.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The config.json has elements which have changed in the latest runc.
These changes are not backward compatible with older versions of runc.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The selinux disable patch required changes as more setfilecon
operations were added.
The new upstream work is needed to allow the rootfs specification to
continue working because runc no longer passes the "root" key as a
part of the json configuration which is sent to a hook via stdin.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The build method for docker client changed where by the docker cli is
now required to be pulled in from a separate git tree to be built.
The integration patch to cross compile was also upreved since some
parts of it were accepted upstream while other parts have not been
accepted at this time.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
This allows for setting up a detached session where you do not want to
set the terminal to false in the config.json. More or less this is a
runtime override.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Uprev to pick up latest changes in docker-runc.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following QA warnings:
QA Issue: lxc rdepends on gmp, but it isn't a build dependency,
missing gmp in DEPENDS or PACKAGECONFIG? [build-deps]
QA Issue: lxc rdepends on libidn, but it isn't a build dependency,
missing libidn in DEPENDS or PACKAGECONFIG? [build-deps]
QA Issue: lxc rdepends on gnutls, but it isn't a build dependency,
missing gnutls in DEPENDS or PACKAGECONFIG? [build-deps]
QA Issue: lxc rdepends on nettle, but it isn't a build dependency,
missing nettle in DEPENDS or PACKAGECONFIG? [build-deps]
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix the following QA warning:
QA Issue: /usr/libexec/criu/scripts/systemd-autofs-restart.sh contained
in package criu requires /bin/bash, but no providers found in
RDEPENDS_criu? [file-rdeps]
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix the following QA warning:
QA Issue: criu rdepends on libbsd, but it isn't a build dependency? [build-deps]
This had been fixed by 1fd94d853545b55173b1f0e2cf683a5d21f8cd7b,
but then was overwritten by b9b7ece0cd52966467035fb71ad9ba472bf24b88
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
According to https://github.com/docker/libtrust, this repo is now deprecated
and the library was integrated in the docker-distribution repository.
Signed-off-by: Anselmo L. S. Melo <anselmo.melo@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 7 has a bug:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=11672
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78969
In order to avoid the build failure that this causes we reduce the
range by one. Better to have a slight reduction in the range than
having nobody to be able to build and use lxc.
Once gcc is fixed this can be reverted.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1)Upgrade lxc from 2.0.0 to 2.0.8.
2)Delete two patches, since it is integrated upstream.
Delete Generate-lxc-restore-net-properly.patch,this script has already been rearchitected out of existence by cba98d127bf490b018a016b792ae05fd2d29c5ee
Delete Use-AC_HEADER_MAJOR-to-detect-major-minor-makedev.patch,this script has already been rearchitected out of existence by af6824fce9c9536fbcabef8d5547f6c486f55fdf from git://github.com/lxc/lxc.git
3)Modify two patches, since the data has been changed.
automake-ensure-VPATH-builds-correctly.patch
runtest.patch
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating to the latest oci-image-tools for better support in unpack/creating
runtime bundles.
With this update, we get a single tool with subcommands, versus separate
commands previously.
We also add two proposed (but not merged) patches that can deal with existing
symlinks when unpacking layers. Without this, we fail to unpack many complex
containers due to duplicate files in layers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Historically Yocto installs python modules in ${libdir} and not the
no-arch variant. The criu install was following every other distros
use of the non-arch variant, /usr/lib, which was being picked up by
the QA check. Modify the criu Makefile to enable us to overwrite this
location by using setup.py's install-lib directive.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
To provide hexdump which is used as part of the build process. Resolves
| criu/pie/../../scripts/gen-offsets.sh: line 37: hexdump: command not found
| criu/pie/Makefile:96: recipe for target 'criu/pie/parasite-blob.h' failed
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
I am not sure how the uprev to v2.5 was completed without seeing this
patch failure but regardless the file being patched was moved to the
'criu' directory as part of the v2.5 release. Update the path found in
the patch and update the context in the patch such that it applies.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Continue work to use go infra in oe-core instead of the support for go
previously found in meta-virt. This is a 1:1 drop in replacement and
removes one more go piece from meta-virt in favor of the common
support found in oe-core.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Rather than explicit go-cross DEPENDS, we can inherit go.bbclass and
pick up them automatically.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
This recipe just installs a pair of shell scripts.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Lua support is automatically enabled when configuring LXC if lua is
available in the sysroot. The packaging step will fail since the lua
related files are not in FILES.
This patch explicitly enables/disables lua support using PACKAGECONFIG,
and also adds lua-related files to FILES.
Signed-off-by: Jonatan Pålsson <jonatan.palsson@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
We are using gcc6 now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The docker recipe has some outdated go hacks. While this doesn't remove
them all, it does use more of the oe-core go infrastructure .. and that
results in more consistent builds.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
glibc-utils is only provided by glibc therefore
add it with glibc overrides.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Rather than expliciting depending on go-cross-${TARGET_ARCH}, we
can now simply inherit the oe-core go bbclass. This gets us the
correct go dependencies and other variables properly set.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
We can now use the oe-core go bbclass to get our DEPENDS correct
for building these go packages.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Follow the bouncing docker-registry package. Rather than use the docker hub
registry container, we can have finer grained control if we clone and build
the docker-distribution repository directly.
Since this is distinct from the main docker package/codebase, we break the
registry back out into its own package.
We also create a baseline configuration and .service file that can be the
basis for more complex implementations.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The docker v1 registry has long been depreciated and moved into the
docker distribution library.
The registry is run via the docker CLI and not through a standalone
server.
This change removes the old registry and adds a .service file + package
for docker registry in the main docker recipe. Anyone that wants to
run a local registry can install the docker-registry package and the
service will start.
Note: No full config.yml file is provided, since the default are sane.
If tweaks are required, we can use ENV vars or consider adding a
config overlay.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Most (all) distros package docker-proxy along with the docker CLI
and daemon .. largely due to the fact that it is required to run
the docker registry.
docker-proxy is part of the libnetwork repository, so we add it to
the docker recipe as a separate git repo and integrate it into the
build and packaging process.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since there are two implementations of runc and containerd that may
not always be in sync, the docker variant, and the opencontainers
variable, we create a virtual/* namespace for these components.
Anything requiring runc or containerd should set a preferred provider
to get the desired/tested variant.
We set the default provider to the docker variants, since they are
the primary use case for these components.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Oru existing docker.service file is using an out of date command. We
can use the contrib .service file instead .. and hopefully it will
stay up to date.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment we only use runc in conjunction with docker. In order to
allow docker to function correctly we need to use the version
specified in docker's vendor.conf file. Uprev runc to this version.
NOTE that the docker folks have actually forked runc and I have used
this fork as the SRC_URI. I could have chosen instead to use the old
SRC_URI along with the fork point commit as the SRCREV, and then
applied the 2 commits the docker team have added beyond the fork. I
opted instead to use the fork such that 'docker info' would not
complain about a version mismatch. This also makes it easier to google
for issues since the commit ID matches.
NOTE when we eventually have more users of runc we will have to
determine a strategy to either have them all use the same version or
allow for multiple versions of runc on the system. This is also true
for containerd.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Docker defines required dependency versions in its vendor.conf
file. These can also be validated by running 'docker info' on the
running system. In order to avoid issues, such as the current one
where docker can't run containers, we need to ensure we match these
versions. Uprev containerd to the version defined in docker's
vendor.conf file.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
The oci image tools allow the easy manipulation of containers and
bundles.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
