Mirror of git.yoctoproject.org/meta-virtualization https://git.enea.com/cgit/linux/meta-virtualization.git/atom?h=master-next 2026-03-03T04:36:40+00:00 2026-03-03T04:36:40+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-03-03T04:36:40+00:00 urn:sha1:6aef6e666245999a40d11366d5464b651460fee2 Our runc is now sufficiently far ahead of the oci-image-tools such that they aren't compatible. But They can still be made to work with a runc generated spec. Update the comments to show a flow that works if using runc directly is desired. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-09T03:34:12+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-02-05T21:37:24+00:00 urn:sha1:b4ad3f9eb2f022b6f69b2e78dbca80974d5bf84a Add two enhancements to multi-layer OCI image support: 1. Delta-only copying for directories/files layers: - directories and files layers now only copy content that doesn't already exist in the bundle rootfs from earlier layers - Prevents duplication when a directories layer references paths that were already populated by a packages layer - Logs show "delta: N copied, M skipped" for visibility 2. New 'host' layer type for build machine content: - Copies files from the build machine filesystem (outside Yocto) - Format: name:host:source_path:dest_path - Multiple pairs: name:host:src1:dst1+src2:dst2 - Emits warning at parse time about reproducibility impact - Fatal error if source path doesn't exist - Use case: deployment-specific config, certificates, keys that cannot be packaged in recipes Example: OCI_LAYERS = "\ base:packages:busybox \ app:directories:/opt/myapp \ certs:host:/etc/ssl/certs/ca.crt:/etc/ssl/certs/ca.crt \ " Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-09T03:32:52+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-01-14T20:59:14+00:00 urn:sha1:929d1609efefd3189b650facaaeb3d2a13ffbe1d Add layer caching to speed up multi-layer OCI image rebuilds. When enabled, pre-installed package layers are cached to disk and restored on subsequent builds, avoiding repeated package installation. New variables: - OCI_LAYER_CACHE: Enable/disable caching (default "1") - OCI_LAYER_CACHE_DIR: Cache location (default ${TOPDIR}/oci-layer-cache/${MACHINE}) Cache key is computed from: - Layer name and type - Sorted package list - Package versions from PKGDATA_DIR - MACHINE and TUNE_PKGARCH Cache automatically invalidates when: - Package versions change - Layer definition changes - Architecture changes Benefits: - First build: ~10-30s per layer (cache miss, packages installed) - Subsequent builds: ~1s per layer (cache hit, files copied) - Shared across recipes with identical layer definitions Build log shows cache status: NOTE: OCI Cache HIT: Layer 'base' (be88c180f651416b) NOTE: OCI: Pre-installed packages for 3 layers (cache: 3 hits, 0 misses) Also adds comprehensive pytest suite for multi-layer OCI functionality including tests for 1/2/3 layer modes and cache behavior. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-09T03:32:52+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-01-14T20:58:34+00:00 urn:sha1:4fd9190b7f2f7260b90c7de1609944c96fcf6f64 Add support for creating multi-layer OCI images with explicit layer definitions via OCI_LAYERS variable. This enables fine-grained control over container layer composition. New variables: - OCI_LAYER_MODE: Set to "multi" for explicit layer definitions - OCI_LAYERS: Define layers as "name:type:content" entries - packages: Install specific packages in a layer - directories: Copy directories from IMAGE_ROOTFS - files: Copy specific files from IMAGE_ROOTFS Package installation uses Yocto's package manager classes (RpmPM, OpkgPM) for consistency with do_rootfs, rather than calling dnf/opkg directly. Example usage: OCI_LAYER_MODE = "multi" OCI_LAYERS = "\ base:packages:base-files+base-passwd+netbase \ shell:packages:busybox \ app:packages:curl \ " This creates a 3-layer OCI image with discrete base, shell, and app layers that can be shared and cached independently. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-09T03:32:52+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-01-14T04:45:53+00:00 urn:sha1:b02a9d60012bc4ec556238738ffe5285001e0c59 Add support for multi-layer OCI images, enabling base + app layer builds: Multi-layer support: - Add OCI_BASE_IMAGE variable to specify base layer (recipe name or path) - Add OCI_BASE_IMAGE_TAG for selecting base image tag (default: latest) - Resolve base image type (recipe/path/remote) at parse time - Copy base OCI layout before adding new layer via umoci repack - Fix merged-usr whiteout ordering issue for non-merged-usr base images (replaces problematic whiteouts with filtered entries to avoid Docker pull failures when layering merged-usr on traditional layout) CMD/ENTRYPOINT behavior change: - Add OCI_IMAGE_CMD variable (default: "/bin/sh") - Change OCI_IMAGE_ENTRYPOINT default to empty string - This makes `docker run image /bin/sh` work as expected (like Docker Hub images) - OCI_IMAGE_ENTRYPOINT_ARGS still works for legacy compatibility - Fix shlex.split() for proper shell quoting in CMD/ENTRYPOINT values The multi-layer feature requires umoci backend (default). The sloci backend only supports single-layer images and will error if OCI_BASE_IMAGE is set. Example usage: OCI_BASE_IMAGE = "container-base" IMAGE_INSTALL = "myapp" OCI_IMAGE_CMD = "/usr/bin/myapp" Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2026-02-09T03:32:52+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2026-01-12T20:15:39+00:00 urn:sha1:8b19fa53399cdeb18b1cdd41276ecac5a4f659b0 Automatically embed source and build information into OCI images using standard OCI annotations (opencontainers.org image-spec): - org.opencontainers.image.revision: git commit SHA - org.opencontainers.image.ref.name: git branch name - org.opencontainers.image.created: ISO 8601 build timestamp - org.opencontainers.image.version: PV (if meaningful) New variables: - OCI_IMAGE_REVISION: explicit SHA override (auto-detects from TOPDIR) - OCI_IMAGE_BRANCH: explicit branch override (auto-detects from TOPDIR) - OCI_IMAGE_BUILD_DATE: explicit timestamp override (auto-generated) - OCI_IMAGE_APP_RECIPE: hook for future cross-recipe extraction Set any variable to "none" to disable that specific label. This enables 1:1 traceability between container images and source code, following industry best practices for CI/CD and release management. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2023-11-06T16:21:12+00:00 Joshua Watt JPEWhacker@gmail.com 2023-10-30T19:08:02+00:00 urn:sha1:115f6367f37095415f289fb6981cda9608ac72ff OCI requires that the architecture [1] be a valid GOARCH [2]. To correctly perform this mapping, use the go library code from OE core. [1]: https://github.com/opencontainers/image-spec/blob/main/config.md#properties [2]: https://go.dev/doc/install/source#environment Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2022-07-15T21:14:57+00:00 Vasileios Anagnostopoulos vasileios.anagnostopoulos@siemens.com 2022-07-12T12:26:46+00:00 urn:sha1:fb14913e224ba97786bc9b192a8b6d4a8d1592b9 Add an optional parameter that allows to override the stop signal that is used. Signed-off-by: Vasileios Anagnostopoulos <vasileios.anagnostopoulos@siemens.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2021-08-07T02:27:57+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2021-08-07T02:27:57+00:00 urn:sha1:8106d11f2e492e7da531c5e31dd1d492a956b387 The dependencies of the image-oci class were missed in initial conversions. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2021-08-02T21:17:53+00:00 Bruce Ashfield bruce.ashfield@gmail.com 2021-07-28T18:22:43+00:00 urn:sha1:d876cfc5bfafa516dee55d04b50b319a22165640 OEcore/bitbake are moving to use the clearer ":" as an overrides separator. This is pass one of updating the meta-virt recipes to use that syntax. This has only been minimally build/runtime tested, more changes will be required for missed overrides, or incorrect conversions Note: A recent bitbake is required: commit 75fad23fc06c008a03414a1fc288a8614c6af9ca Author: Richard Purdie <richard.purdie@linuxfoundation.org> Date: Sun Jul 18 12:59:15 2021 +0100 bitbake: data_smart/parse: Allow ':' characters in variable/function names It is becomming increasingly clear we need to find a way to show what is/is not an override in our syntax. We need to do this in a way which is clear to users, readable and in a way we can transition to. The most effective way I've found to this is to use the ":" charater to directly replace "_" where an override is being specified. This includes "append", "prepend" and "remove" which are effectively special override directives. This patch simply adds the character to the parser so bitbake accepts the value but maps it back to "_" internally so there is no behaviour change. This change is simple enough it could potentially be backported to older version of bitbake meaning layers using the new syntax/markup could work with older releases. Even if other no other changes are accepted at this time and we don't backport, it does set us on a path where at some point in future we could require a more explict syntax. I've tested this patch by converting oe-core/meta-yocto to the new syntax for overrides (9000+ changes) and then seeing that builds continue to work with this patch. (Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>