| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The python3-enum package was removed and it is now part of core.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
systemd unit dir can be customized by the distro (e.g. usrmerge), so
make sure the correct unit dir path is set on configure.
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
kube-proxy is required on all kubernetes nodes. Rather than it being
in the catch-all package, we put it in an explicit package.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rebuilding criu would cause the following error.
| make: .gitid: Command not found
| make: *** [Makefile:260: clean-top] Error 127
Fix this problem by setting CLEANBROKEN to "1".
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting to create a container using
lxc-create -t download -n test -- no-validate --dist ubuntu --release \
xenial --arch amd64
the container creation will fail due to missing 'xz' and in the case
of 'tar' due to invalid options if the busybox version of 'tar' is
used.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A while ago changes were merged to meta-openembedded to make
/etc/dnsmasq.d (and specifically the files it contains) referenced
when the main instance of dnsmasq is run (see dnsmasq.service and
commit ba665493a0dd [dnsmasq: allow for dnsmasq instances to reuse
default dnsmasq.conf]).
We, however, continued to modify the global configuration
(/etc/dnsmasq.conf) to keep the main instance of dnsmasq from
attaching to virbr0 and lxcbr0, by using 'bind-dynamic'. This approach
is problematic, since it is common that other instances of dnsmasq
will make use of the global configuration file and may have
incompatible options. We see this for example when attempting to start
lxc-net which will attempt to use 'bind-interface' which is
incompatible with 'bind-dynamic' that we were adding to the global
configuration.
Here we remove our change to the global configuration (leaving it
mostly empty as it should be) and instead have lxc and libvirt
packages instruct the global instance not to bind to virbr0 and lxcbr0
by adding configuration files to /etc/dnsmasq.d (setting
except-interface).
The added benefit to this approach is that if lxc or libvirt are not
part of an image the global configuration will not be modified in such
a way as to expect that they are present.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The runc-docker has all the code in it to properly run a stop hook if
you use it in the foreground. It doesn't work in the back ground
because there is no way for a golang application to fork a child exit
out of the parent process because all the golang threads stay with the
parent.
This patch has three parts that happen ONLY when $SIGUSR1_PARENT_PID
is set.
1) At the point where runc start would normally exit, it closes
stdin/stdout/stderr so it would be possible to daemonize "runc start ...".
2) The code to send a SIGUSR1 to the parent process was added. The
idea being that a parent process would simply exit at that point
because it was blocking until runc performed everything it was
required to perform.
3) The code was copied which performs the normal the signal handling
block which is used for the foreground operation of runc.
-- More information --
When you use "runc run " it is running in the "foreground", in the
sense it takes over your existing terminal.
The runc-docker doesn't have a way to start it with "runc run&" where
you can send it to the background and have everything work. With this
commit, it does allow you to do that and have all the stop hooks fire
at the time what ever runc started exits.
Lets take a quick look at what "runc run" does today:
* Starts a whole pile of threads
* Sets up all name spaces
* Starts child process for container and leaves it paused at image activation
* runs start hooks
* executes "continue" for container process
* waits for container app to exit
* executes stop hooks
Now lets look at "runc create/start" does today:
runc create
* Starts a whole pile of threads
* Sets up all name spaces
* Starts child process for container and leaves it paused at image activation
* exits -- [ NOTE: this is our problem! ]
runc start
* runs start hooks
* executes "continue" for continue process
At this point when the container app exits nothing is waiting for it
to run any kind of hooks.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rdepends on glibc-utils was removed without reason
in the following commit:
"""
e73608d56e498a7075e7a3e5550aafd76987d7aa
lxc: 2.0.0 -> 2.0.8
"""
And it causes failure:
/usr/libexec/lxc/lxc-net: line 125: getent: command not found
So add the dependency back.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
kubelet needs 'tc' at runtime, so we add iproute2-tc to the rdepends
list.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than throwing an error if we can't map a user to a uid,
output a warning. We aren't actually running the code, but are
just extracting it .. so the user not existing isn't an issue.
With this, we avoid the not-so-useful traces like this:
config.User: unsupported format
github.com/opencontainers/image-tools/image.(*config).runtimeSpec
oci-image-tools/0.2.0-dev+gitAUTOINC+4abe1a166f-r0/oci-image-tools-0.2.0-dev+gitAUTOINC+4abe1a16 6f/src/import/vendor/src/github.com/opencontainers/image-tools/image/config.go:109
<...>
src/import/cmd/oci-image-tool/main.go:57
runtime.main /usr/lib64/go/src/runtime/proc.go:185
runtime.goexit /usr/lib64/go/src/runtime/asm_amd64.s:2337
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
If the root name space has additional cgroup mounts, pass them to the
container.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
install needs to go to ${D}, not the host path, so we fix up the
offending install lines.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Ricardo Salveti <ricardo@opensourcefoundries.com> pointed out that
runc-docker was not getting a proper PV due to the use of SRCREV
in the variable.
By switching to SRCPV, we get the right PV for both variants of
runc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
The go bbclass already inherits goarch.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
This variable isn't picked up by the runc Makefile anyway as it isn't exported.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
The "vendor/src" symlink is already created in do_compile in runc.inc.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
The recvtty demo/reference application has cross compilation issues when
targeting aarch64 platforms. As it is just a demo application and is not usually
used, we can just patch the Makefile to disable building this application.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the GOARCH isn't set CGO took the ARCH from the host and tries
to use -m64 flag that isn't available in aarch64 compiler.
...
| # github.com/opencontainers/runc/libcontainer/system
| aarch64-linaro-linux-gcc: error: unrecognized command line option
'-m64'
| # github.com/containerd/console
| aarch64-linaro-linux-gcc: error: unrecognized command line option
'-m64'
| Makefile:60: recipe for target 'shim-static' failed
...
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introducing the kubernets components for container orchestration.
The packaging introduced here creates the framework for more
advanced kubernetes configurations. By itself, it doesn't do much
but it makes the components available to be configured and deployed
as master/worker nodes.
It integrates with the previously introduced cni and cri-o
components available in meta-virt.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
These variables are now set correctly by go.bbclass in oe-core. Changing them to
point at the native sysroot just leads to build errors in some cases, for
example when the target and host have matching GOARCH but not matching c
libraries.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The makefiles for both providers of runc need to be patched in similar ways to
ensure that we use the binaries from go-cross and not go-native.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
This patch hasn't been used in a long time.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
These fixes are needed due to updates to go.bbclass in oe-core. See commit
01a8d4537012ad93dc8510e9b762acdc8c4536c7 for more information.
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Barker <pbarker@toganlabs.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To prepare for native kubernetes support without docker on a target,
we integrate the cri-o incubator project.
cri-o is meant to provide an integration path between OCI conformant
runtimes and the kubelet. Specifically, it implements the Kubelet
Container Runtime Interface (CRI) using OCI conformant runtimes.
The scope of cri-o is tied to the scope of the CRI.
This initial introduction is build + packaging only. It is expected
that configuration and deployment tweaks are done at the distro
level.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following commit:
commit df3a46feb971386f922c7c2c2822b88301f87cb0
Author: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Date: Tue Aug 1 17:39:39 2017 +0800
implement add/set function for hooks items
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Breaks the ability to specify multiple hooks with the same path
(i.e. a shell script that does different things based on arguments).
The author's intent with the change is unclear, so rather than fix
it, we revert it for now.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
This requires some packages as well as the pypi.bbclass from meta-python.
It uses Python 3 as I don't think it makes sense to use Python 2 anymore.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
We want to build in ${S}, so we now require an explicit cd ${S}
to avoid landing in the build directory.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently in the oe-core the go.bbclass changed and requires the
defition of the GO_IMPORT variable. This was intended to simplify how
the compilation works with go packages and it is still a work in
progress.
This patch set makes the recipes compatible to generate the same end
result as before using the new go.bbclass from oe-core.
Any patches that were included in the recipes had to have the paths
adjusted because the new go.bbclass manipulates the notion of S to be
S + "src" + "$GO_IMPORT" internally for the purpose of unpack, patch
and compile.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
| |
To work with OCI spec v1.0 images/containers we need to update our
tools.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our current version of criu is about a year old and has some
compilation issues with the latest gcc (currently it is
unbuildable). Since the version of criu and the kernel version are
fairly tightly coupled it wouldn't be surprising of this old criu
would also be exhibiting some runtime issues with our fairly new
kernel version.
With the above in mind we uprev to criu v3.4 which was recently
released. This requires several of the patches to be updated (mostly
context). We are able to drop the selinux related change as RSS
prevents the situation this was working around from happenning.
This was validated using https://criu.org/Simple_loop (and a few
variants).
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
| |
This reverts commit 90c1046b58c50f127ea711d83874a1dc4b68f7ed.
|
| |
|
|
|
|
|
|
|
|
| |
While the recipe was functional under an image based on core-image-
full-cmdline, when tested with core-image-minimal runtime issues
appeared: Singularity was unable to create a filesystem within the
container. This change fixes this issue.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Jianchuan Wang <jianchuan.wang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
If Bash is not included by any other recipe, the recipe fails at the QA
check. This commit adds Bash to the list of dependencies, preventing
this issue.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
| |
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Singularity is a container platform built on the principle of mobility
of compute. It is designed to be used on HPC clusters and, unlike
Docker, it does not require root access to mount an image. In addition,
it can use Docker images out-of-the-box and it can pull them from the
Docker Hub. For more information, see singularity.lbl.gov
This recipe enables building the Singularity container platform.
Additionally, it creates a symlink from /usr/bin/python3 to
/usr/bin/python, as well as a symlink to where python3 expects
CA certificates to be.
I have tested it on a Raspberry Pi 3: I successfully built and run
arm32v7 images from Docker Hub. Make sure you have the right image for
your CPU architecture: it defaults to amd64.
Signed-off-by: Alexandru Tiniuc <tiniuc.alexandru at gmail dot com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-11468 is fixed in this release.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-11468
Release note:
https://github.com/docker/distribution/releases/tag/v2.6.2
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The build is failing due to a failing QA check:
ERROR: lxc-2.0.8-r0 do_package_qa: QA Issue:
/usr/lib/lxc/ptest/src/tests/lxc-test-may-control contained in
package lxc-ptest requires /bin/bash, but no providers found in
RDEPENDS_lxc-ptest? [file-rdeps]
Add bash to the the ptest RDEPENDS.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Fix daemonization, align args with docker.service, fix line breaks in
log file - and fix INITSCRIPT_PARAMS (there is no variable
OS_DEFAULT_INITSCRIPT_PARAMS).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
Analogously to docker: There is no variable
OS_DEFAULT_INITSCRIPT_PARAMS, just use "defaults".
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To match the docker (moby) and runc updates, we need the latest containerd
from the 0.2.x branch to work in cooperation with the other components.
Note: containerd master won't currently work with docker master, but is
very similar to 0.2.x. The build target varies slightly in master, but
otherwise with these changes to the recipe and build steps we can switch
easily when the time comes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The docker uprev missed the version string which matches the actual
binary being built. With this change, the package now reflects the
correct version.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
The latest oci-runtime-tool builds are throwing the missing GNU_HASH
error during QA checks.
This is common with go applications, and isn't a problem, so for now,
we simply skip the check.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
| |
The config.json has elements which have changed in the latest runc.
These changes are not backward compatible with older versions of runc.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The selinux disable patch required changes as more setfilecon
operations were added.
The new upstream work is needed to allow the rootfs specification to
continue working because runc no longer passes the "root" key as a
part of the json configuration which is sent to a hook via stdin.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
