cri-o: uprev from 1.15 to 1.17

Uprev to the latest release of cri-o to pick up some fixes and CVEs. Makefile updates along with updates to the go.bbclass allow us to remove most of the do_compile() tweaks that were in place. To test that these removals are sane builds were done for x86_64 and arm64 in docker containers with network=none, no issues were found. Quite a few runtime tests were done as well since we are stepping up 2 releases, and we also just uprev'd 'cni' and wanted to validate its runtime as well. Once the system is started and cri-o is given time to start you can use the new 'crio-status info' command to retrieve the runtime status of cri-o: root@qemux86-64:~# crio-status info cgroup driver: cgroupfs storage driver: storage root: /var/lib/containers/storage default GID mappings (format <container>:<host>:<size>): 0:0:4294967295 default UID mappings (format <container>:<host>:<size>): 0:0:4294967295 Additionally 'crictl' was installed (the recipe will be submitted shortly) and the cri-o Tutorial found here was run (https://github.com/cri-o/cri-o/blob/master/tutorials/crictl.md) In order to run the tutorial /etc/cni/net.d/99-loopback.conf and /etc/containers/policy.json were taken from ./contrib/cni/99-loopback.conf and ./contrib/policy.json in the cri-o src repo. The sandbox_config.json and container_redis.json were taken from https://github.com/cri-o/cri-o/blob/master/test/testdata (note: using core-image-minimal with systemd enabled I had to remove "cpu_period": 10000 and "cpu_quota": 20000 to get the tutorial to work). We are not able to use the loopback networking to telnet to the redis container, but we can use other techniques to validate that it is running. root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock ps CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID 72718714360ef quay.io/crio/redis:alpine 47 seconds ago Running podsandbox1-redis 0 38b97e5a7bb99 root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock exec -i 72718714360ef cat /etc/issue Welcome to Alpine Linux 3.7 Kernel \r on an \m (\l) The CRIO_BUILD_CROSS approach was no longer valid and was dropped. There is most likely some other cleanup we can do but this gets us to a good state on the latest release. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
author: Mark Asselstine <mark.asselstine@windriver.com> 2020-03-06 16:54:08 -0500
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2020-03-13 21:53:26 -0400
commit: 685d518eb75f02ddd8f4ca7a7d35b72d924f5487 (patch)
tree: 30486b2534e3606fa68811ebf496e963995fa83b /recipes-containers/cri-o/cri-o_git.bb
parent: e57cf80d54ad929db7e4e677fbbd9e5a3dee22fe (diff)
download: meta-virtualization-685d518eb75f02ddd8f4ca7a7d35b72d924f5487.tar.gz
1 files changed, 14 insertions, 60 deletions
diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb
index 4fee3856..ebf5bab3 100644
--- a/recipes-containers/cri-o/cri-o_git.bb
+++ b/recipes-containers/cri-o/cri-o_git.bb
@@ -14,9 +14,9 @@ At a high level, we expect the scope of cri-o to be restricted to the following
 - Resource isolation as required by the CRI \
 "
-SRCREV_cri-o = "f61719a88b7de10a88c50e35640f4a7f1f53fbab"
+SRCREV_cri-o = "6d0ffae63b9b7d8f07e7f9cf50736a67fb31faf3"
 SRC_URI = "\
-        git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.15;name=cri-o \
+        git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.17;name=cri-o \
        file://0001-Makefile-force-symlinks.patch \
        file://crio.conf \
        "
@@ -27,7 +27,7 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c2
 GO_IMPORT = "import"
-PV = "1.15.0+git${SRCREV_cri-o}"
+PV = "1.17.0+git${SRCREV_cri-o}"
 DEPENDS = " \
    glib-2.0 \
@@ -62,7 +62,7 @@ python __anonymous() {
 PACKAGES =+ "${PN}-config"
 RDEPENDS_${PN} += " virtual/containerd virtual/runc"
-RDEPENDS_${PN} += " e2fsprogs-mke2fs"
+RDEPENDS_${PN} += " e2fsprogs-mke2fs conmon util-linux iptables conntrack-tools"
 inherit systemd
 inherit go
@@ -70,63 +70,14 @@ inherit goarch
 inherit pkgconfig
 EXTRA_OEMAKE="BUILDTAGS=''"
-CRIO_BUILD_CROSS ?= "1"
 do_compile() {
        set +e
-        export GOPATH="${S}/src/import:${S}/src/import/vendor"
-        # link fixups for compilation
-        rm -f ${S}/src/import/vendor/src
-        ln -sf ./ ${S}/src/import/vendor/src
-        mkdir -p ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o
-        ln -sf ../../../../cmd ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/cmd
-        ln -sf ../../../../test ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/test
-        ln -sf ../../../../oci ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/oci
-        ln -sf ../../../../server ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/server
-        ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/pkg
-        ln -sf ../../../../libpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libpod
-        ln -sf ../../../../libkpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libkpod
-        ln -sf ../../../../utils ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/utils
-        ln -sf ../../../../types ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/types
-        ln -sf ../../../../version ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/version
-        ln -sf ../../../../lib ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/lib
-        rm -f ${S}/src/import/src
-        ln -sf ./ ${S}/src/import/src
-        mkdir -p ${S}/src/import/src/github.com/cri-o/cri-o/cmd
-        ln -sf ../../../../cmd/crio-config ${S}/src/import/src/github.com/cri-o/cri-o/cmd
-        ln -sf ../../../lib ${S}/src/import/src/github.com/cri-o/cri-o/lib
-        ln -sf ../../../oci ${S}/src/import/src/github.com/cri-o/cri-o/oci
-        ln -sf ../../../pkg ${S}/src/import/src/github.com/cri-o/cri-o/pkg
-        ln -sf ../../../utils ${S}/src/import/src/github.com/cri-o/cri-o/utils
-        ln -sf ../../../version ${S}/src/import/src/github.com/cri-o/cri-o/version
-        ln -sf ../../../server ${S}/src/import/src/github.com/cri-o/cri-o/server
-        ln -sf ../../../types ${S}/src/import/src/github.com/cri-o/cri-o/types
-        # fixes the bin/crio build of oe_runmake binaries below
-        ln -sf ../../../../cmd/crio ${S}/src/import/src/github.com/cri-o/cri-o/cmd/
-        # workaround `use of vendored package not allowed' failure
-        mv ${S}/src/import/vendor/golang.org  ${S}/src/import/
        cd ${S}/src/import
-        if [ "${CRIO_BUILD_CROSS}" = "1" ]; then
+        oe_runmake local-cross
-            # New: using the -cross target. But this doesn't build conmon and pause. So
+        oe_runmake binaries
-            #      keeping the old parts around if someone yells.
-            oe_runmake local-cross
-        else
-            # Build conmon/config.h, requires native versions of
-            # cmd/crio-config/config.go and oci/oci.go
-            (CGO_ENABLED=0 GO=go GOARCH=${BUILD_GOARCH} GOOS=${BUILD_GOOS} oe_runmake conmon/config.h)
-            rm -f bin/crio-config
-            rm -rf vendor/pkg
-            oe_runmake binaries
-        fi
 }
 SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
@@ -141,6 +92,7 @@ do_install() {
    install -d ${D}/${libexecdir}/crio
    install -d ${D}/${sysconfdir}/crio
    install -d ${D}${systemd_unitdir}/system/
+    install -d ${D}/usr/share/containers/oci/hooks.d
    install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf
@@ -149,19 +101,21 @@ do_install() {
    install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/
    install ${S}/src/import/bin/crio.cross.linux* ${D}/${localbindir}/crio
+    install ${S}/src/import/bin/crio-status ${D}/${localbindir}/
-    if [ "${CRIO_BUILD_CROSS}" = "1" ]; then
+    install ${S}/src/import/bin/pinns ${D}/${localbindir}/
-        install ${S}/src/import/bin/conmon ${D}/${localbindir}/crio
-        install ${S}/src/import/bin/pause ${D}/${localbindir}/crio
-    fi
    install -m 0644 ${S}/src/import/contrib/systemd/crio.service  ${D}${systemd_unitdir}/system/
    install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service  ${D}${systemd_unitdir}/system/
+    install -m 0644 ${S}/src/import/contrib/systemd/crio-wipe.service  ${D}${systemd_unitdir}/system/
 }
 FILES_${PN}-config = "${sysconfdir}/crio/config/*"
 FILES_${PN} += "${systemd_unitdir}/system/*"
 FILES_${PN} += "/usr/local/bin/*"
+FILES_${PN} += "/usr/share/containers/oci/hooks.d"
+# don't clobber hooks.d
+ALLOW_EMPTY_${PN} = "1"
 INSANE_SKIP_${PN} += "ldflags already-stripped"
author	Mark Asselstine <mark.asselstine@windriver.com>	2020-03-06 16:54:08 -0500
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2020-03-13 21:53:26 -0400
commit	685d518eb75f02ddd8f4ca7a7d35b72d924f5487 (patch)
tree	30486b2534e3606fa68811ebf496e963995fa83b /recipes-containers/cri-o/cri-o_git.bb
parent	e57cf80d54ad929db7e4e677fbbd9e5a3dee22fe (diff)
download	meta-virtualization-685d518eb75f02ddd8f4ca7a7d35b72d924f5487.tar.gz

diff --git a/recipes-containers/cri-o/cri-o_git.bb b/recipes-containers/cri-o/cri-o_git.bb index 4fee3856..ebf5bab3 100644 --- a/recipes-containers/cri-o/cri-o_git.bb +++ b/recipes-containers/cri-o/cri-o_git.bb
@@ -14,9 +14,9 @@ At a high level, we expect the scope of cri-o to be restricted to the following
14	- Resource isolation as required by the CRI \	14	- Resource isolation as required by the CRI \
15	"	15	"
16		16
17	SRCREV_cri-o = "f61719a88b7de10a88c50e35640f4a7f1f53fbab"	17	SRCREV_cri-o = "6d0ffae63b9b7d8f07e7f9cf50736a67fb31faf3"
18	SRC_URI = "\	18	SRC_URI = "\
19	git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.15;name=cri-o \	19	git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.17;name=cri-o \
20	file://0001-Makefile-force-symlinks.patch \	20	file://0001-Makefile-force-symlinks.patch \
21	file://crio.conf \	21	file://crio.conf \
22	"	22	"
@@ -27,7 +27,7 @@ LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c2
27		27
28	GO_IMPORT = "import"	28	GO_IMPORT = "import"
29		29
30	PV = "1.15.0+git${SRCREV_cri-o}"	30	PV = "1.17.0+git${SRCREV_cri-o}"
31		31
32	DEPENDS = " \	32	DEPENDS = " \
33	glib-2.0 \	33	glib-2.0 \
@@ -62,7 +62,7 @@ python __anonymous() {
62	PACKAGES =+ "${PN}-config"	62	PACKAGES =+ "${PN}-config"
63		63
64	RDEPENDS_${PN} += " virtual/containerd virtual/runc"	64	RDEPENDS_${PN} += " virtual/containerd virtual/runc"
65	RDEPENDS_${PN} += " e2fsprogs-mke2fs"	65	RDEPENDS_${PN} += " e2fsprogs-mke2fs conmon util-linux iptables conntrack-tools"
66		66
67	inherit systemd	67	inherit systemd
68	inherit go	68	inherit go
@@ -70,63 +70,14 @@ inherit goarch
70	inherit pkgconfig	70	inherit pkgconfig
71		71
72	EXTRA_OEMAKE="BUILDTAGS=''"	72	EXTRA_OEMAKE="BUILDTAGS=''"
73	CRIO_BUILD_CROSS ?= "1"
74		73
75	do_compile() {	74	do_compile() {
76	set +e	75	set +e
77	export GOPATH="${S}/src/import:${S}/src/import/vendor"
78
79	# link fixups for compilation
80	rm -f ${S}/src/import/vendor/src
81	ln -sf ./ ${S}/src/import/vendor/src
82
83	mkdir -p ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o
84	ln -sf ../../../../cmd ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/cmd
85	ln -sf ../../../../test ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/test
86	ln -sf ../../../../oci ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/oci
87	ln -sf ../../../../server ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/server
88	ln -sf ../../../../pkg ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/pkg
89	ln -sf ../../../../libpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libpod
90	ln -sf ../../../../libkpod ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/libkpod
91	ln -sf ../../../../utils ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/utils
92	ln -sf ../../../../types ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/types
93	ln -sf ../../../../version ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/version
94	ln -sf ../../../../lib ${S}/src/import/vendor/github.com/kubernetes-sigs/cri-o/lib
95
96
97	rm -f ${S}/src/import/src
98	ln -sf ./ ${S}/src/import/src
99	mkdir -p ${S}/src/import/src/github.com/cri-o/cri-o/cmd
100	ln -sf ../../../../cmd/crio-config ${S}/src/import/src/github.com/cri-o/cri-o/cmd
101	ln -sf ../../../lib ${S}/src/import/src/github.com/cri-o/cri-o/lib
102	ln -sf ../../../oci ${S}/src/import/src/github.com/cri-o/cri-o/oci
103	ln -sf ../../../pkg ${S}/src/import/src/github.com/cri-o/cri-o/pkg
104	ln -sf ../../../utils ${S}/src/import/src/github.com/cri-o/cri-o/utils
105	ln -sf ../../../version ${S}/src/import/src/github.com/cri-o/cri-o/version
106	ln -sf ../../../server ${S}/src/import/src/github.com/cri-o/cri-o/server
107	ln -sf ../../../types ${S}/src/import/src/github.com/cri-o/cri-o/types
108
109	# fixes the bin/crio build of oe_runmake binaries below
110	ln -sf ../../../../cmd/crio ${S}/src/import/src/github.com/cri-o/cri-o/cmd/
111
112	# workaround `use of vendored package not allowed' failure
113	mv ${S}/src/import/vendor/golang.org ${S}/src/import/
114		76
115	cd ${S}/src/import	77	cd ${S}/src/import
116		78
117	if [ "${CRIO_BUILD_CROSS}" = "1" ]; then	79	oe_runmake local-cross
118	# New: using the -cross target. But this doesn't build conmon and pause. So	80	oe_runmake binaries
119	# keeping the old parts around if someone yells.
120	oe_runmake local-cross
121	else
122	# Build conmon/config.h, requires native versions of
123	# cmd/crio-config/config.go and oci/oci.go
124	(CGO_ENABLED=0 GO=go GOARCH=${BUILD_GOARCH} GOOS=${BUILD_GOOS} oe_runmake conmon/config.h)
125	rm -f bin/crio-config
126	rm -rf vendor/pkg
127
128	oe_runmake binaries
129	fi
130	}	81	}
131		82
132	SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"	83	SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
@@ -141,6 +92,7 @@ do_install() {
141	install -d ${D}/${libexecdir}/crio	92	install -d ${D}/${libexecdir}/crio
142	install -d ${D}/${sysconfdir}/crio	93	install -d ${D}/${sysconfdir}/crio
143	install -d ${D}${systemd_unitdir}/system/	94	install -d ${D}${systemd_unitdir}/system/
		95	install -d ${D}/usr/share/containers/oci/hooks.d
144		96
145	install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf	97	install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf
146		98
@@ -149,19 +101,21 @@ do_install() {
149	install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/	101	install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/
150		102
151	install ${S}/src/import/bin/crio.cross.linux* ${D}/${localbindir}/crio	103	install ${S}/src/import/bin/crio.cross.linux* ${D}/${localbindir}/crio
152		104	install ${S}/src/import/bin/crio-status ${D}/${localbindir}/
153	if [ "${CRIO_BUILD_CROSS}" = "1" ]; then	105	install ${S}/src/import/bin/pinns ${D}/${localbindir}/
154	install ${S}/src/import/bin/conmon ${D}/${localbindir}/crio
155	install ${S}/src/import/bin/pause ${D}/${localbindir}/crio
156	fi
157		106
158	install -m 0644 ${S}/src/import/contrib/systemd/crio.service ${D}${systemd_unitdir}/system/	107	install -m 0644 ${S}/src/import/contrib/systemd/crio.service ${D}${systemd_unitdir}/system/
159	install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service ${D}${systemd_unitdir}/system/	108	install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service ${D}${systemd_unitdir}/system/
		109	install -m 0644 ${S}/src/import/contrib/systemd/crio-wipe.service ${D}${systemd_unitdir}/system/
160	}	110	}
161		111
162	FILES_${PN}-config = "${sysconfdir}/crio/config/*"	112	FILES_${PN}-config = "${sysconfdir}/crio/config/*"
163	FILES_${PN} += "${systemd_unitdir}/system/*"	113	FILES_${PN} += "${systemd_unitdir}/system/*"
164	FILES_${PN} += "/usr/local/bin/*"	114	FILES_${PN} += "/usr/local/bin/*"
		115	FILES_${PN} += "/usr/share/containers/oci/hooks.d"
		116
		117	# don't clobber hooks.d
		118	ALLOW_EMPTY_${PN} = "1"
165		119
166	INSANE_SKIP_${PN} += "ldflags already-stripped"	120	INSANE_SKIP_${PN} += "ldflags already-stripped"
167		121