| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
This is the latest stable release and includes many important bug
fixes as well as CVE fixes such as CVE-2015-1335.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Warnings fixes:
- optional mounts when dirs not available
- busybox dynamically linked
- fstab not available in container
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to poky commit 3d45853eef1269b455d840a60491802251368378
[python3: fix do_configure check platform triplet error] lxc's
configure scripts would fail to find python3 and would therefor
configure with python3 support disabled.
After poky integrated the above commit lxc can, and does, detect
python3 and attempts to configure with python support. Unfortunately
it would detect the host's python3 which it would use to run setup.py
and therefor get the host's include path etc. and ultimately fail to
build.
To fix this we make 'python' support configurable via a PACKAGECONFIG
and we default to not configuring with this support, to match our
previous configuration. We also fix things such that 'python' support
can be enabled in the PACKAGECONFIG and the build will complete
successfully, using our python3 and not the host's.
We might want to eventually enable the python support but since this
not only enables python extensions but even goes as far as turning
scripts like lxc-ls into python scripts, instead of shell scripts,
keeping it disabled for now is the minimally invasive approach.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
These patches address some warnings that LXC throws when running
an application container. They are currently applied in the official
repository.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
go-cross-1.3 is old, and doesn't link properly with the latest 2.26
binutils.
To get things building again, and to start the docker uprev, we simply
depend on go-cross and line docker up with the rest of the go users.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Finding the libprotobuf.* incorrectly if the host have pkgconfig
Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
V1.1.4 includes a fix for CVE-2015-1335:
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container
administrators to escape AppArmor confinement via a symlink attack on a (1)
mount target or (2) bind mount source.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1335
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Some of the cgo variables were pointing to host paths and not target
Fix install rules - binaries can be installed to a subdirectory.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since we need go 1.3 to co-exist with later versions (ie 1.4),
package go-cross_1.3 as go-cross-1.3_1.3.
go 1.3 will be installed to a different path than go-cross, this requires
go packages needing go 1.3 to set its PATH to:
export PATH=${STAGING_BINDIR_NATIVE}/${HOST_SYS}/go-1.3:$PATH
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Add the protobuf's pkgconfig path into PKG_CONFIG_PATH
so that pkg-config can find the protoc from sysroot in the configure process.
And don't conflict even if installing the protobuf in the localhost.
Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: Logs are nice in that they report the source file,
routine, and line number where an issue occurs. But the
file is printed as the absolute filename. Users do not
need to see a long spew of path directory names where the package
just happened to have been built on some host somewhere. It
can be confusing to anyone other than the developer.
Solution: Introduce a configure option to chop off all leading
directories so that just the source filename ie. basename is printed.
[ Upstream status: Not needed. These absolute filenames are a
consequence of poky/bitbake feeding the absolute filenames to
the compiler. If you build lxc outside of poky/bitbake, just
the basenames are fed to the compiler. ]
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Author: Amy Fong <amy.fong@windriver.com>
Date: Wed Sep 16 00:12:10 2015 -0400
docker: update SRC_URI
branch=release is no longer valid in the git tree,
updating the branch to v1.6.2
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Uprev to 1.1.3
Remove Generate-lxc-restore-net-properly.patch since related code
has been removed.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The networking configuration that is part of the lxc-setup package is
not appropriate for all use cases, or init systems.
To avoid having this configuration be pulled in by default, we create
an empty -networking package that handles the configuration. Images
can enable this step by including lxc-networking in the install package
list.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the recent python-simplejson:upgrade 3.6.2->3.7.3, docker-registry
was broken due to unsatisfied dependencies. The docker-registry builds and
passes basic testing with 3.7.3 (verified by jason.wessel@windriver.com),
updating the dependency requirement to >= 3.6.2
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
docbook2man fails to build the man pages in poky
due to missing the ancient Davenport 3.0 DTD.
Poky meta has the Oasis 3.1 version so upgrade
to use that instead.
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
From b101a0c7ce6ef1eb41bef786831e58fa4d1b069f Mon Sep 17 00:00:00 2001
From: Amy Fong <amy.fong@windriver.com>
Date: Mon, 27 Jul 2015 14:10:20 -0400
Subject: [PATCH] golang: use oe-meta-go
Update meta-virtualization to use go package from oe-meta-go.
The package golang-cross is go-cross in the oe-meta-go.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Systemd throws the following warning at boot:
systemd[1]: [/lib/systemd/system/docker-registry.service:10]
Not an absolute path, ignoring: #WORKDIR#
Fix WORKDIR in docker-registry's systemd from #WORKDIR# to
${PYTHON_SITEPACKAGES_DIR}/docker_registry
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This version has better support for unprivileged
containers.
Two patches are deleted as they are now included.
One new patch is introduced to fix a file not found error at
the install build step.
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Docker searching and launch looks for iptables, so we add it to the
rdepends.
To actually launch a container, netfilter nat and dm-think are often
required, so we make those modules rrecommends.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
golang doesn't work with ccache. In the current state, a lot of parsing
happens where it'll grab the first string in CC or LD and uses that for
its builds. When ccache is enabled, it results in trying to do builds
with just ccache.
The brokeness is seen when building with apps that uses cgo, like docker.
To enable ccache to work, some string comparisons and changes to parsing
had to be made.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uprev docker to 1.6.2
go-capability is upreved to a later git commit
go-dbus is upreved to version 2
go-distribution-digest is added as a new dependency. Only the
digest part of go-distribution is needed/kept here,
hence go-distribution-digest
go-logrus is upreved to 0.7.1
Remove PR since it's no longer used
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Add handling for distros with both systemd and sysvinit by passing
multiple init systems to configure with --with-init-script=
Signed-off-by: Erik Botö <erik.boto@pelagicore.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Add command line parameter to create Busybox containers
with OpenSSH support. As a prerequisite, OpenSSH needs
to be installed on the host system.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In yocto builds, preprocessing of binaries can happen after the install
phase. Some of these can modify the size/sha1sum of the binaries.
e.g. A new .gnu_debuglink can happen
docker will not start because of these modifications. Docker initially
does a sha1sum of dockerinit to identify the dockerinit that it was built
with, this is done for security and for compatibility reasons. Since
this checking is disabled, we should rely on rpm tests for validation
of the binary instead.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
If lxc is built not in the source dir, upstart files will fail to be
installed, because of Makefile error.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To generate a proper systemd.service file we should use lxc's builtin
configuration option for the initscript type. To support both sysvinit
and systemd, we trigger off the DISTRO var and enable the proper init
system accordingly.
When properly configured, lxc will create helper scripts and install
the service file, so we can delete the explicit copy of the service
file and let the default rules trigger and install what is needed.
The helper files installed by lxc require a lsb function that is not
commonly available in the 'functions' library: "action". To ensure that
the helper scripts operate, we create a local action() routine with
the expected semantics.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Adding a basic sysvinit script to docker .. for those that still use
sysvinit!
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Upgrade criu from version from 1.2 to 1.4.
criu is the only user of protobuf and only supported on x86 and arm,
so limit protobuf support on x86 and arm too.
Signed-off-by: Nam Ninh <nam.ninh@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The following is the type of error you see when CCACHE is enabled.
| ---> Making bundle: dynbinary (in bundles/1.5.0-dev/dynbinary)
| go build runtime/cgo: no buildable Go source files in /opt/proj/tmp/sysroots/x86_64-linux/usr/lib/x86_64-wrs-linux/go/src/pkg/runtime/cgo
| WARNING: /opt/proj/tmp/work/core2-64-wrs-linux/docker/1.5.0+git2243e32cbbf1c9809c262a7376d34ca43a7a36dc-r0/temp/do_compile/run.do_compile.19967:1 exit 1 from
| DOCKER_GITCOMMIT="2243e32cbbf1c9809c262a7376d34ca43a7a36dc" ./hack/make.sh dynbinary
| ERROR: Function failed: do_compile (log file is located at /opt/proj/tmp/work/core2-64-wrs-linux/docker/1.5.0+git2243e32cbbf1c9809c262a7376d34ca43a7a36dc-r0/temp/do_compile/log.do_compile.19967)
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Docker's build process will clone missing dependencies which
circumvents the bitbake fetcher. This is a bad thing in many ways, for
example this will not respect BB_NO_NETWORK and DL_DIR settings. To
work around this we are able to provide recipes for each of the
missing dependencies.
The dependencies are all in GO and are required to be added to the
sysroot such that the docker build can find them via GOPATH at build
time. The docker recipe was updated to add these new packages as
dependencies and the explicit clone of go-cli was removed.
After these change we are able to complete the build with networking
disabled after completing a fetchall. Docker functionality was tested
on an image built with these changes and it functions as it did
before.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
| |
|
|
|
|
| |
Light-weight package to set up cgroups at system boot
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
| |
|
|
|
|
| |
Provides repositories of docker images
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
| |
|
|
|
|
| |
Adding docker (Linux container runtime)
Signed-off-by: Amy Fong <amy.fong@windriver.com>
|
| |
|
|
|
|
|
| |
Update the LXC recipe with the upstream-applied version of the patch.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the necessary bits to enable seccomp support for LXC running on PPC
architectures. libseccomp added support for PPC [1], yet to be applied to
Yocto/meta-security.
[1] https://github.com/seccomp/libseccomp/tree/working-ppc64
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Busybox powered containers rely on a different signal for reboot - SIGTERM,
rather than the default SIGINT.
Apply the upstream support adding the infrastructure for defining a custom
reboot signal for a container, and default this signal to SIGTERM for Busybox
containers. The original patches have been applied on the upstream master LXC
branch, and required a minor backport.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Now that we have a lxc-setup package, we can start to define networking
and other out of the box configuration details for those that opt to
install it.
These are by no means complete, and won't work for everyone, but they are
a start.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
lxc comes with sysvinit and systemd initscripts that autostart
containers and check for required services. So we should be installing
and enabling them.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
lxc 1.0.7 is available, and integrates two patches that we were carrying
against 1.0.6 .. so we do the update, and drop the two busybox patches.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add PACKAGECONFIG for 'selinux', otherwise there would be warnings like
below:
WARN: lxc: lxc rdepends on libselinux, but it isn't a build dependency?
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Integrate 2 upstream patches that enable creating unprivileged Busybox
containers.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Rework patch 5b57bf462b41142deae0479c06f4da8e0b66bb7e [lxc: fixup VPATH builds]
since the new version of LXC refactored one of the files and it no longer
applies. Provide a fix for what's left.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
Also remove patch file that no longer applies.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
