linux/meta-virtualization.git/recipes-containers, branch master-next

vcontainer-tarball: add CI-safe environment script for autobuilder

2026-04-28T19:37:47+00:00

The existing environment-setup-* script uses BASH_SOURCE to derive VCONTAINER_DIR, which is empty when parsed by yocto-autobuilder-helper's enable_tools_tarball() since it doesn't evaluate shell expressions. Generate a separate environment-setup-ci with flat export lines using baked-in absolute paths from ${SDKPATH}/${SDKPATHNATIVE}. The AB parser picks these up directly. SDK relocation rewrites the paths at install time. The interactive bash script is unchanged. Co-Authored-By: Claude Opus 4.6 (1M context)

cosign: switch to go-mod-vcs generated license scanning

2026-04-28T18:49:02+00:00

Replace the go-mod-update-modules generated cosign-licenses.inc with go-mod-licenses.inc produced by oe-go-mod-fetcher --scan-licenses. The new file is generated during discover_and_generate alongside the other .inc files. Co-Authored-By: Claude Opus 4.6 (1M context)

cosign: convert to go-mod-vcs hybrid fetch

2026-04-28T14:16:28+00:00

Convert from go-mod + go-mod-update-modules to go-mod-vcs hybrid fetch mode, consistent with other Go recipes in the layer (k3s, nerdctl, docker-compose, etc.). - Replace cosign-go-mods.inc (gomod:// only) with generated go-mod-hybrid-{gomod,git,cache}.inc and go-mod-{git,cache}.inc - Keep cosign-licenses.inc for dependency license tracking (our go-mod-vcs tooling does not yet generate license metadata) - Add GO_MOD_VCS_EXCLUDE for buf.build (no git repo) and software.sslmate.com/src/go-pkcs12 (unreachable commit) - Set GO_MOD_DISCOVERY_SRCDIR to match go.bbclass source layout Signed-off-by: Bruce Ashfield

cosign: add recipe for container signing tool v3.0.6

2026-04-28T11:49:28+00:00

Add cosign [1] recipe for sigstore's [2] container signing, verification and storage tool [3]. Includes auto-generated Go module dependencies and license tracking via go-mod-update-modules. [1] https://github.com/sigstore/cosign/releases/tag/v3.0.6 [2] https://www.sigstore.dev/ [3] https://docs.sigstore.dev/cosign/signing/overview/ Signed-off-by: Tim Orling Signed-off-by: Bruce Ashfield

vcontainer-initramfs-create: fix kernel deploy dependency via do_build

2026-04-28T11:49:28+00:00

On sstate-accelerated builds, the kernel binary (bzImage/Image) was missing from MC_DEPLOY because do_compile depended on the image recipes' do_image_complete, which runs before do_build. The kernel deploy dependency (virtual/kernel:do_deploy) is attached to do_build in image.bbclass, so depending on do_image_complete cut the chain short and virtual/kernel:do_deploy was never guaranteed to have run. Fix by depending on do_build instead of do_image_complete. The image artifacts (cpio.gz, squashfs) are already in DEPLOY_DIR_IMAGE after do_image_complete, so they remain available. do_build additionally ensures virtual/kernel:do_deploy has completed, placing the kernel in MC_DEPLOY for our do_compile to copy. This avoids adding an explicit virtual/kernel:do_deploy dependency which would couple this recipe to the kernel and prevent use cases where the kernel is provided externally. Signed-off-by: Bruce Ashfield

lxc: delete extraneous PACKAGECONFIG[systemd] line

2026-04-28T11:46:04+00:00

The PACKAGECONFIG[systemd] variable is assigned twice, with the second assignment overriding the first. This patch removes the unused assignment to avoid confusion. The duplication was introduced in an August 25, 2022 patch: 05f316f7 lxc: update to 5.x and meson Verfied that the build did not change after this deletion by checking the log files before and after and finding the same message: export systemd_system_unitdir="/usr/lib/systemd/system" export systemd_unitdir="/usr/lib/systemd" export systemd_user_unitdir="/usr/lib/systemd/user" Signed-off-by: Kris Gavvala Signed-off-by: Bruce Ashfield

podman: update version to match golangs version.go

2026-04-28T11:28:03+00:00

The update cycle used the git tags to update the PV version, but when you build podman, the version pulled into the executables is from: version/rawversion/version.go Which currently reports: 5.8.3-dev Bumping the PV to match. Signed-off-by: Bruce Ashfield

podman: update SRC_URI

2026-04-24T01:41:41+00:00

Podman is hosted under github as podman and not libpod. Accessing github.com/containers/libpod automatically forwards to github.com/containers/podman. This commit does not really fix a problem but reflects more the current repository name. Signed-off-by: Patrick Vogelaar Signed-off-by: Bruce Ashfield

podman: update to v5.8.2

2026-04-24T00:43:56+00:00

Bumping libpod to version v5.8.2-5-g88c5aaeec6, which comprises the following commits: 78da75528f Install WiX v5.0.2 to build the Windows installer 7a47175665 Bump Podman to v5.8.3-dev 5b263b5f5b Bump to v5.8.2 884cd28228 Release notes for v5.8.2 6cffe93d88 hyperV: fix powershell path escape f13de01b6d cirrus: bump linux machine aarch64 test timeout d1cf366b0f Remove iptables references in upgrade tests add385e31c bindings: artifact extract reject invalid names a49ad4be81 use chrootarchive over plain archive package 92cd24903f fix symlink handling in checkpoint restore 0fa3043415 add missing O_CLOEXEC to open calls 9c262736e4 Fix Quadlet `Lookup()` stripping unmatched quotes 75820ddac5 Add e2e test for shell driver DriverOpts cross-contamination fix e9fe245626 Fix shell driver DriverOpts cross-contamination in secret creation 7250b06e25 libpod: fix data race on deferredErr in attachExecHTTP 51b5c59310 Consolidate build secret tests and assert no podman-build-secret leak 15a2a7d605 Remote build: `nTar` secrets with relative paths and ignore bypass e5fe3fdf69 api: fix missing return after error in SystemCheck handler c91cd99291 test: relax rootless runc pid namespace assertion 26047f43b5 New images 2026-03-19 d49a9208bd cirrus: ensure NOTIFY_SOCKET is properly unset for all tests 1a9ae9dcba update fedoral base image to 43 and related tests 759df25a88 new image sfx for debian 14 28a39dd1ba libpod: Don't dereference ctrSpec.Linux if it is nil 7f37fbd6af quadlet: allow empty Entrypoint to clear image default 24fd9eb605 [v5.8] Bump Buildah to 1.43.1, c/common v0.67.1, c/image v5.39.2 42ac589e4d bump go-jose/go-jose to v4.1.4 fcc6ae217c [v5.8] Fix `unless-stopped` containers not restarting after ... 6a9ea849a0 Bump Podman to v5.8.2-dev c6077f6457 Bump to v5.8.1 dfe5dae2d6 Release notes for v5.8.1 Signed-off-by: Bruce Ashfield

vcontainer: detach background-process stdio from memres start caller

2026-04-22T20:17:55+00:00

The memres start operation spawns long-running background processes (host-side idle watchdog and Xen domain monitor) that persist beyond the vrunner.sh script. These processes inherited file descriptors 0/1/2 from the parent shell without redirection. When invoked through a harness capturing output via pipes—such as pytest's subprocess.run(..., capture_output=True)—the inherited pipe write-ends kept the caller's read/communicate() operations blocked until memres stop executed, potentially for up to 30 minutes (IDLE_TIMEOUT default). The fix fully detaches stdio from three background spawners: - vrunner.sh: Watchdog subshell now redirects stdin from /dev/null, stdout/stderr to /dev/null, and uses disown - vrunner-backend-qemu.sh: Adds stdin redirection from /dev/null to existing log file redirections - vrunner-backend-xen.sh: Applies same detachment plus disown for daemon mode; redirects stdin for ephemeral-mode console reader From: Tim Orling Signed-off-by: Bruce Ashfield